The CyberWire Daily Podcast 8.15.16
Ep 163 | 8.15.16

Cryptocoin for DDoS? ISIS info ops more murderous as territory shrinks.


Dave Bittner: [00:00:03:18] Russian hackers are revealed to have been fairly impartial with respect to USA political parties. Republicans, as well as Democrats, receive their attentions. So too, apparently, have Olympic doping whistleblowers. ISIS works on its inspiration to murder as it seeks to recoup flagging jihadist mindshare. The Taliban and Al-Qaeda continue to compete with the Caliphate. Some policy analysts see Iran as a potential ally of an anti-ISIS online coalition. The MICROS point-of-sale system hack appears to underlie credit card compromises. Secure Boot's golden key is seen as a cautionary example against implementing backdoors. We have got some security industry M&A and IPO notes. And, for some reason, researchers develop a proof-of-concept for a DDoS-based cryptocurrency.

Dave Bittner: [00:00:53:06] Time to take a moment to tell you about our sponsor, Cylance. Are you looking for something beyond legacy security approaches? If you are, and who isn't, you're probably interested in something that protects you at machine speed and that recognizes malware for what it is no matter how the bad guys have tweaked the binaries or cloaked their malice in the appearance of innocence. Cylance knows malware by its DNA. Their solution scales easily and it protects your network with minimal updates, less burden on your system resources and limited impact on your network and your users. Find out how Cylance is revolutionizing security with artificial intelligence and machine learning. It may be artificial intelligence but it's real protection. Visit to learn more about the next generation of anti-malware. Cylance: artificial intelligence, real threat protection and we thank Cylance for sponsoring our show.

Dave Bittner: [00:01:49:05] I'm Dave Bittner, in Baltimore, with your CyberWire summary for Monday, August 15th, 2016.

Dave Bittner: [00:01:55:23] Russian hackers apparently did, in fact, turn their attention to Republicans as well as Democrats—both US parties have now seen major figures targeted. Observers have been sifting through emails dumped by DC Leaks at the end of June, and they've noticed emails from the staffs of Senators McCain and Graham. At the time the documents were posted, most attention was drawn to emails from former senior NATO commander, General Breedlove, that appeared to seek a harder NATO line toward Russia. Elsewhere, documents purporting to depict an off-the-books payment from Ukraine's former, pro-Russian, government to Paul Manafort, a senior advisor to Republican presidential candidate Trump. Manafort has had international clients, including former Ukrainian President Yanukovych; he denies receiving off-the –books payments.

Dave Bittner: [00:02:42:24] Senior Democrats are suffering from loss of personal contact information, which has exposed them to various forms of harassment. The upshot of this is that interest in, and intrusion into, the electronic presence of US political figures is on the upswing. Consensus continues to regard Russian intelligence services as the source of the incidents. Former Secretary of Defense Panetta weighed in at week's end on the controversy over emails suggesting influence from the Clinton Foundation over the State Department. He doubts there's much to see there, and notes that posturing about influence is part of the daily coin transacted in Washington.

Dave Bittner: [00:03:19:24] In other Russia-connected news, this one with a connection to the Olympics, the World Anti-Doping Agency says that the electronic account Russian whistleblower,Yuliya Stepanova, holds with the agency has been "illegally accessed through a cyber attack." Stepanova and her family are said to be in hiding. The most recent disqualification of a Russian athlete for alleged doping took place this Saturday.

Dave Bittner: [00:03:43:07] ISIS struggles to recoup its flagging influence as competing jihadist factions make inroads into the Caliphate's mindshare. It continues to turn to the disaffected and its online messaging grows sharper, at least in Europe and Africa: those who adhere to the Caliphate's authority should kill Christians. Some observers wonder whether this is a kind of information-ops bankshot, seeking to provoke a Crusader backlash, which would, in turn, spur the Ummah to a more militant piety. Others see the message as both obvious and direct—the goal is what it's said to be: death to unbelievers.

Dave Bittner: [00:04:17:21] Some policy wonks see Iran as a natural ally of the US against ISIS, at least online. Others think social media companies "will be judged" on their inability to interdict jihadist messaging.

Dave Bittner: [00:04:29:18] Iran is reported, by the way, to have just concluded an agreement with Robert Mugabe's regime in Zimbabwe to supply that country with a broad range of cyber security tools.

Dave Bittner: [00:04:39:22] Visa warned late Friday that some cardholder's information may have been compromised through vulnerabilities in Oracle's MICROS point-of-sale system.

Dave Bittner: [00:04:48:20] Giovanni Vigna, PhD, Lastline Co-founder and CTO, and also Professor in the Department of Computer Science at the University of California Santa Barbara, offered this comment to the CyberWire: "The security of a system as a whole is as strong as the strength of its weakest link. That’s why complex systems that handle sensitive information should have multiple levels of protections to ensure that no device can be infected. Point-of-sale malware is particularly hard to detect because often point-of-sale systems do not have in-host endpoint protection. In these cases, network-level protection systems become paramount."

Dave Bittner: [00:05:26:08] Krebs On Security says the Eastern European cyber gang, Carbanak, is behind the compromises, and that it appears credentials stolen from Oracle's MICROS system may have been used to plant malicious code on point-of-sale terminals that may, in turn, have been used to harvest credit card information.

Dave Bittner: [00:05:43:04] In industry news, Palantir buys data visualization startup Silk, and KBR announced Friday it had agreed to acquire Maryland-based Honeywell Technology Solutions for $266 million. Honeywell Technology Solutions offers a broad array of services, including security services, to US Defense and Intelligence Community customers. Carbon Black, formerly Bit9, is expected to issue its initial public offering next month, which will be an outlier in this year's unusually slow IPO market. Tanium remains a favorite unicorn, receiving press coverage that says it aspires to be "the Google of cyber security". And speculators look at the fall in FireEye's stock price, post-results, and, looking at layoffs and other cost-cutting, expect FireEye's valuation to bounce back.

Dave Bittner: [00:06:32:09] Concerns continue about backdoors as Microsoft works to recover from the exposure of the Secure Boot "golden key." Since this leak has implications for the security of backdoors as a technique that might balance privacy and security, many observers see this as a cautionary tale for policymakers.

Dave Bittner: [00:06:49:18] We heard from Ray Rothrock, CEO of RedSeal, about what lessons this episode might hold for backdoors generally considered. “We recently saw the Neoteris firewall (Juniper) backdoor key published in the hash code, live and public on the Internet. Backdoors are secrets that only a few know, and they're bad ideas. This is another example where backdoor access found its way to the market, except this more broadly impacts security. While backdoors are sometimes essential for “saving” things in certain situations, giving the capability of backup, rebuilding, imaging and such, these days I have a hard time thinking backdoors were required at all. Things happen and people make mistakes, as in this case. Even though the authors of the backdoor thought this would never happen — it did. Backdoor designers should rethink their use of such mechanisms.”

Dave Bittner: [00:07:40:04] And finally, University of Colorado researchers demonstrate, for reasons no-one can really seem to grasp, a proof-of-concept cryptocurrency that would let participants mine currency by participating in denial-of-service attacks. Let's hope we don't see similar proof-of-concepts from other Colorado institutions of higher learning, like, for example, the Colorado School of Mines, the only US college or university to offer a major in demolition.

Dave Bittner: [00:08:11:19] Time to take a moment to tell you about our sponsor, Recorded Future. You have probably heard of Recorded Future, the real-time threat intelligence company. Their patented technology continuously analyses the entire web to give info-sec analysts unmatched insight into emerging threats. Here at the CyberWire we subscribe to and read their Cyber Daily. They do some of the heavy lifting and collection and analyst that frees you to make the best informed decisions possible for your organization. Sign up for the Cyber Daily email and every day you'll receive the top results for trending technical indicators that are crossing the web. Cyber news, targeted industries, threat actors, exploitable vulnerabilities, malware and suspicious IP addresses. Subscribe today and stay ahead of the cyber attacks. Go to to subscribe for free threat intelligence updates from Recorded Future. It's timely, it's solid and the price is right and we thank Recorded Future for sponsoring our show.

Dave Bittner: [00:09:12:15] And I'm pleased to be joined once again by Dale Drew, he's the Chief Security Officer at Level 3 Communications. Dale, I've been hearing a lot about machine to machine learning. It's a buzz word that's gaining popularity. Let's start at the beginning here, explain for our listeners what are we talking about when we say machine to machine learning?

Dale Drew: [00:09:29:10] What we really mean here is we mean computer programs or algorithms that is analyzing network traffic, analyzing machine log data and learning behavior of those systems. Beginning to learn what is legitimate and also having algorithms to discover things that it knows is not legitimate and then being able to report those. We have seen a significant advantage in being able to monitor systems, most systems today, most security systems today are really geared for detecting bad activity, so you have to know what bad is. As attacks evolve and change, your understanding of what the bad activity is has to be as up-to-date as the bad guys are, and that's why the security community has to be so response to bad guys as opposed to proactive to bad guys. Machine learning provides the ability for us to be able to detect what we know to be good and then look for things that fall outside that normal good behavior and everything else could be bad and that allows us to identify emerging attacks, new techniques and other activity that we would otherwise not have been able to detect. I think that it's going to change and revolutionize our security industry in ways that we've never seen before.

Dave Bittner: [00:10:55:11] Is this in part dealing with the velocity, the rate of change, that the machines can adapt faster than, say, humans monitoring the situation?

Dale Drew: [00:11:06:14] Absolutely. It is just like your credit card monitoring company, right? What they're doing is they're monitoring your credit card purchasing history, where and when you typically buy products and how often you travel, and it's looking for deviations in that behavior. When it sees those deviations it flags that transaction and contacts the owner and says "is this you?" This is really us supplying that exact same sort of time-tested technique to the cyber security industry, and tracking what normal behavior looks like and then identifying when we see deviations in it, reaching out and making sure that we understand if that's a false posit or not.

Dave Bittner: [00:11:47:19] Alright, Dale Drew, thanks for joining us.

Dave Bittner: [00:11:52:07] And that's the CyberWire. For links to all of today's stories, along with interviews, our glossary, and more, visit Thanks to all of our sponsors, who make the CyberWire possible. Our ad space is filling up fast through this fall and into next year, so if you want to reserve a spot on our show or daily news brief, don't delay. We've got a limited number of spots, and according to our advertisers, they get results. Visit to learn more.

Dave Bittner: [00:12:17:08] The CyberWire podcast is produced by Pratt Street Media. The editor is John Petrik. Our social media editor is Jennifer Eiben, and our technical editor is Chris Russell. Our executive editor is Peter Kilpe and I'm Dave Bittner. Thanks for listening.