The CyberWire Daily Podcast 1.19.16
Dave Bittner: [00:00:03:04] Ukraine blames Russia as cyberattacks down systems at Kiev airport. US authorities urge heightened vigilance around critical infrastructure. Patriotic cyber rioting flares in Southeast Asia. ISIS supporters conduct the first known cyber attack against a Chinese target. Liability increasingly shapes corporate cyber security strategies and the plaintiff's bar is shaping cyber insurance coverage. The Crackas With Attitude poke at the White House Science Advisor. And if you've got a job in a power plant, here's a word to the wise: knock off the workplace selfies.
Dave Bittner: [00:00:36:12] This CyberWire podcast is made possible by the Johns Hopkins University Information Security Institute, providing the technical foundation and knowledge needed to meet our nation's growing demand for highly skilled professionals in the field of information security, assurance and privacy. Learn more online at isi.jhu.edu.
Dave Bittner: [00:00:59:10] I'm Dave Bittner in Baltimore with your CyberWire summary for Tuesday, January 19th, 2016.
Dave Bittner: [00:01:06:02] Ukraine suffers another wave of cyber attacks out of Russia. This past weekend's attacks took down systems at the Kiev airport. Like the December power grid incidents, the airport hack was associated with BlackEnergy malware.
Dave Bittner: [00:01:19:02] Meanwhile the US Department of Homeland Security encourages US utilities to shore up their security and in the wake of the hacks in Ukraine and amid reports of upward trends in attacks against industrial control systems, the Christian Science Monitor's Passcode publishes some advice anyone who works in critical infrastructure might take to heart. Quote, "No SCADA selfies," end quote. Too much information appears in the background and why should you make the hackers' task easier? Especially if your workplace is the kind of space where people display credentials and other critical data. Experts advise against letting the trappings of physical security lull you into a false sense of cyber security.
Dave Bittner: [00:01:56:24] Tensions between Russia and its neighbors continue to be attended by patriotic hacktivism, much of it state-inspired if not state-directed. Ukrainian authorities regard recent incidents in their country as directed by Russia. Hacktivists elsewhere in the near abroad have pushed back at Russia, most recently from Azerbaijan, where hackers recently defaced the website of Russia's embassy in Israel in solidarity with Turkey. Turkey and Russia have been at loggerheads over intervention in Syria.
Dave Bittner: [00:02:23:17] ISIS sympathizers conduct what appears to be the group's first action against a Chinese target. The website of Tsinghua University was defaced with video and messages calling for jihad. The university confirms that the incident occurred but has declined further comment.
Dave Bittner: [00:02:38:04] ISIS messaging showed signs of becoming shakier last week. Not only is rivalry with Al-Qaeda for jihadi mindshare increasing but also signs appear that sympathizers are losing patience with the mismatch between the Caliphate's aspirational rule of justice and the realities on the ground in the territories it controls.
Dave Bittner: [00:02:55:13] From the police blotter, digital currency exchange Cryptsy is looted of some US $6,000,000 worth of bitcoin.
Dave Bittner: [00:03:02:19] Hyatt releases results of its investigation into point-of-sale hacks, mostly in restaurants, that the chain experienced between August and December of last year. Payment card data including cardholder name, card number, expiration date and internal verification codes are said to be at risk. Many of the affected locations are reported to be in the Middle-East and Africa.
Dave Bittner: [00:03:22:07] Security analysts in Australia note a surge in PayPal "zero-dollar" invoice spam, interesting because it fails to trip any of the usual spam filters.
Dave Bittner: [00:03:32:02] More DDoS attacks appear, independently striking a large torrent service and a South Korean entertainment agency. The former attack's motivation and attribution remain unclear. The latter looks like another instance of patriotic hacktivism, motivated in this case by the Korean agency's desire to downplay their K-pop singer's waving of Taiwan's flag at an event. The agency wishes to avoid offending its large Chinese market. Neither incident so far appears to be serving as misdirection for larger campaigns.
Dave Bittner: [00:04:00:02] Considerations of liability for cyber incidents continue to shape corporate security strategies. The precise nature of such liability remains in flux. The US and the European Union continue to work toward a successor to the Safe Harbor regime. US surveillance policy remains a sticking point for the Europeans and the US seems all but certain to overhaul its implementation of the Wassenaar cyber export control agreement. In the US, the Securities and Exchange Commission plans to tighten up enforcement of cyber regulations relevant to investor protection. The SEC says it intends to focus on prevention. The Food and Drug Administration proposes standards for the cyber safety and security of medical devices.
Dave Bittner: [00:04:39:08] Nor has the plaintiff's bar been idle in contributing to the development of cyber standards of care. Several noteworthy cases currently being litigated will affect the cyber insurance market as firms sue insurance carriers for failure to pay for damages sustained in what the hacked companies consider covered incidents. And Affinity Gaming, a casino operator, is suing cyber security provider, Trustwave, alleging failure to contain the breach it was hired to remediate.
Dave Bittner: [00:05:05:24] In policy news, the French government decides against mandating crypto backdoors. The US government continues to court Silicon Valley for a technical fix to the tension between security and privacy. Observers remain skeptical that such a fix exists.
Dave Bittner: [00:05:20:13] On Friday the US National Security Agency released its regular transparency report as required by the US Freedom Act. The full text of the report is available online at "IC on the Record."
Dave Bittner: [00:05:31:19] And finally Motherboard continues its ongoing contact with people claiming to be the Crackas With Attitude, pro-Palestinian and increasingly anti-Israeli hacktivists, who've doxxed both US Director of Central Intelligence, John Brennan, and Director of National Intelligence, James Clapper. The Crackas claimed another virtual victim over the weekend, this one being White House Director of Science and Technology Policy, John Holdren. The declared motive remains the same and the self-proclaimed Crackas remain at large.
Dave Bittner: [00:06:02:13] This CyberWire podcast is made possible by the generous support of Recorded Future, the real-time threat intelligence company whose patented web intelligence engine continuously analyzes the entire web to help information security analysts stay ahead of cyber attacks. Learn more at recordedfuture.com.
Dave Bittner: [00:06:25:01] Joining me is Joe Carrigan. He's a senior security engineer at the Johns Hopkins Information Security Institute, they're one of our academic and research partners. Joe, let's talk about DDoS attacks. Give us an idea what is a DDoS attack?
Joe Carrigan: [00:06:38:05] A DDoS attack is a Distributed Denial of Service attack, that's what DDoS stands for. It's where a group of computers that are on the Internet are infected with some kind of malware, some kind of bot and there is a command and control server that tells those bots what to do. That command and control server can target a single entity on the Internet with a bunch of requests from the botnet and that botnet can be huge and can be thousands of computers. If you imagine one web server trying to respond to thousands of computers at a time, or even millions of computers at a time, that web server can't handle the load and thus people who actually need to access the web server cannot get to it, therefore they are denied the service.
Dave Bittner: [00:07:26:09] DDoS stands for Distributed Denial of Service but my understanding is that originally it was not a distributed attack. Is that correct?
Joe Carrigan: [00:07:33:17] Early on, that's right. Bandwidth is cheap right now - I have 75 megabits at my house - but back when companies paid huge amounts of money for an ISDN line to run a web-server on, it wouldn't take much to flood that; you didn't need to distribute the attack, you could do it with one attacker.
Dave Bittner: [00:07:52:01] Why would someone launch a DDoS attack against someone?
Joe Carrigan: [00:07:56:00] There's lots of reasons. First off, just the fact that you can do it, that leads a lot of people to be able to do it. Then there's always the political reason or the financial motivation.
Dave Bittner: [00:08:05:10] I'm shutting someone down, is there any danger of doing real damage or is this more of just a nuisance?
Joe Carrigan: [00:08:11:19] It depends on the attack. Generally you're not trying to gain access to their system so you're not talking about real damage in terms of leaking data or doing damage to a company's reputation, aside from the fact that you're making their services unavailable to people who legitimately need them. For example, if I have an e-commerce site and that starts getting hit with a denial of service attack, then my customers can't actually purchase things from me and that becomes more than a nuisance.
Dave Bittner: [00:08:38:12] Alright, Joe Carrigan from Johns Hopkins University Information and Security Institute, thanks for joining us.
Dave Bittner: [00:08:45:02] And that's the CyberWire. This podcast marks our official launch and we'd like to officially welcome you aboard. The CyberWire daily podcast will be out each weekday afternoon in time for US East Coast drive-time, and in addition our week in review podcast will post Friday afternoons. We'll be bringing you news and expert commentary from throughout the cyber security community.
Dave Bittner: [00:09:06:10] For links to all of today's stories, along with interviews, our glossary and more, visit the CyberWire.com. The CyberWire podcast is produced by CyberPoint International and our editor is John Petrik. Thanks for listening.