The CyberWire Daily Podcast 8.24.16
Ep 170 | 8.24.16

It walks, it talks, it reports back to Moscow. (Other news, too, gamers.)


Dave Bittner: [00:00:03:17] Russian hackers go after New York Times reporters, and the FBI investigates. Exploits in the Shadow Brokers teaser are being test-driven in the wild. Op-eds call for a mole hunt at Fort Meade. A familiar banking Trojan moves from Poland to Germany. British universities are targeted by ransomware. Researchers give victims of WildFire ransomware some relief in the form of a decryptor. Gaming sites come under attack. There's a new push to restrict encryption in the EU. And Texas brings us a fourth grade steely-eyed missile man.

Dave Bittner: [00:00:39:04] It's time to take a moment to tell you about our sponsor, Recorded Future. Recorded Future is the real-time threat intelligence company whose patented technology continuously analyzes the entire web to develop information, security, intelligence that gives analysts unmatched insight into emerging threats. And when analytical talent is as scarce and pricey as it is today, every enterprise can benefit from technology that makes your security teams more productive than ever. We at the CyberWire have long been subscribers to Recorded Future's Cyber Daily, and if it helps us, we're confident it will help you too. Subscribe today and stay a step or two ahead of the threat. Go to to subscribe for free threat intelligence updates from Recorded Future. That's And we thank Recorded Future for sponsoring our show.

Dave Bittner: [00:01:36:13] I'm Dave Bittner, in Baltimore, with your CyberWire summary for Wednesday, August 24th, 2016.

Dave Bittner: [00:01:42:10] Add the New York Times to the list of enterprises known to have been targeted by Russian government hackers. The paper acknowledged the attempts yesterday, they occurred earlier this month, but said there was as yet no evidence that the attacks against its internal networks had been successful. Reporters were targeted directly, ostensibly, through their email accounts, which, since the Times outsources email services to Google, wouldn't count as internal. The Times' Moscow Bureau was most directly affected. Reports suggest other news agencies may also have received the attentions of Russian intelligence services, but so far no one seems able to say who those other news organizations are. The FBI is investigating.

Dave Bittner: [00:02:21:10] More developments in the Shadow Brokers incident. Both Cisco and FireEye say they've seen signs that some of the exploits leaked, especially Extrabacon, which exploits a Cisco firewall zero-day, are being test-driven in the wild. A number of attempts have hit the honeypot Cisco established to help keep an eye on things.

Dave Bittner: [00:02:39:17] Apparently, it doesn't take a great deal of skill to use the exploits. The Chief of FireEye’s iSIGHT Intelligence Team assessed the degree of difficulty as low. Exploitation should be accessible to "Just about anyone with a college computer science degree," as he put it, on FedScoop. The Chief of Cisco's Product Security Incident Response Team told FedScoop, "As you can imagine, we have all hands on deck for this," and yes, we can all well imagine that. Good luck to Cisco, Fortinet, and Juniper Networks.

Dave Bittner: [00:03:10:08] We might also say "good luck" to Huawei. Comae, which has been poring over the Shadow Brokers teasers on behalf of Motherboard, says it's found stuff suggesting that Huawei products were also targeted by the authors of the exploits the Shadow Brokers got their hands on.

Dave Bittner: [00:03:25:20] As far as we've been able to determine, no one's come within an order of magnitude of the Shadow Brokers half billion dollar plus asking price for the stolen files. The bidding was stalled yesterday a little north of a thousand, and there are no obvious signs of movement yet. Understand, though, that we keep such auction sites at arm's length. They amount to a bad virtual neighborhood.

Dave Bittner: [00:03:46:15] There's much further speculation about how Shadow Brokers got the files. A few people, notably James Bamford, are arguing that there's a second Snowden responsible for the leaks. In favor of this, they cite material in the teasers they believe could only have been accessible from inside a US Government secure facility. More shakily, they think it unlikely that a hostile government, say, Russia, just for the sake of argument, would have revealed its intelligence success. This second bit of reasoning is considerably less convincing, if only because it overlooks the obvious information operational dimension of international conflict.

Dave Bittner: [00:04:21:09] Snowden himself has said for some time, he thinks there's another person inside NSA stealing sensitive data. And the Observer runs an op-ed by John Schindler, who argues that there probably is mole at Fort Meade. He reviews some history of counterintelligence failures going back some seventy years and finishes with a cri-de-coeur calling for better internal security. He also describes Snowden as a patsy, presumably of some other, better placed penetration agent.

Dave Bittner: [00:04:48:18] In any case, whoever the Shadow Brokers are, they're clearly no Edward Snowden. There's not much of the whistleblower about their revelations, and the Hollywood dialect of their communiqués is too over-the-top for credibility. Boris, Natasha, and Fearless Leader were all more convincing.

Dave Bittner: [00:05:05:07] Turning, we admit with a sigh of relief, to more conventional cybercrime, we hear that the GozNym banking Trojan is moving west. Recently active in Poland, it's now turning up in German banking networks.

Dave Bittner: [00:05:17:13] CryptXXX continues to be widely traded in the black market and used in the wild. There is some good news on ransomware to balance all this, however. WildFire, a strain that's been particularly active in the Netherlands, can now be defeated without payment. Intel Security and Kaspersky Labs have released a decryptor. So, bravo Kaspersky and Intel Security.

Dave Bittner: [00:05:37:18] Gaming sites have come under attack this week. First, the Epic Games Forum was compromised, with about 800,000 users' credentials exposed. At midweek, we learn that Blizzard Entertainment and Grand Theft Auto have also come under attack.

Dave Bittner: [00:05:51:13] Cybersecurity Ventures estimates that cybercrime damages will exact a global cost of some six trillion dollars by 2021. Plixer's Mike Patterson told the CyberWire that he agrees the problem is growing. “I have no doubt that the cost of Cybercrime is going to rise dramatically. Malware has proven that it often cannot be detected until the crime is underway or until after it has been completed. Consumers, manufacturers and financial institutions are not ready to accept that some services should not be tied to the Internet." He sees the problem as fundamentally being one of risk estimation and management. People and businesses are too willing to purchase convenience with a significantly increased risk.

Dave Bittner: [00:06:33:01] In patching news, VMware Identity Manager and vRealize Automation have received updates that VMware says address multiple security issues.

Dave Bittner: [00:06:43:11] Looking at the policy world, the crypto wars are heating up in Europe. France and Germany, feeling pressure from increased terrorist activity, are both pushing for more European Union restrictions on encryption.

Dave Bittner: [00:06:55:09] Finally, a fourth-grader in Pflugerville, Texas, has demonstrated what all of us admit in our heart of hearts: none of us actually, really, read the terms and conditions. According to KXAN, young Master Evan Robertson, who the news station describes as "kind of a big deal," set up a wi-fi hotspot in a mall, wrote not-so-lengthy terms and conditions for its use. They included, "If you are still reading this you should definitely not connect to this network," as the fourth from the last sentence, and then waited to see what would happen. 76 people connected, fully 40 of whom accepted the terms and conditions, even though, as Evan put it, “We made it so no one in the universe would agree to it." Kind of a big deal, KXAN says? Well, the CyberWire says, you, Master Robertson, are one steely-eyed missile man.

Dave Bittner: [00:07:47:10] Time for another word from our sponsor, Recorded Future. Threat intelligence enthusiasts will be joining Recorded Future in Washington DC this October 5th and 6th. This annual conference, now in its fifth year, brings together the analysts and operational defenders who apply real-time threat intelligence to out-innovate the adversaries. So, come meet the Recorded Future team. They love chatting with new and old friends. Recorded Future cordially invites its customers, partners and all threat intelligence mavens to RFUN 2016. Share tips, insights and challenges, improve your analytical skills, hear from industry leaders and learn from the best. Heck, teach the best if you've got a mind to do so. Find out about the latest threat intelligence techniques and best practices. Register now at That's And did we mention, it's free. So, check it out. And we thank Recorded Future for sponsoring our show.

Dave Bittner: [00:08:48:14] And joining me once again is Malek Ben Salem. She's the R&D Manager at Accenture Technology Labs. Malek, we talk a lot about Cloud Computing, but there's another term that's floating around and that's Fog Computing. Tell us what do we need to know about Fog Computing?

Malek Ben Salem: [00:09:02:20] Fog Computing, in a nutshell, is a system level architecture that extends a complete network and storage capabilities at the Cloud to the edge of the IoT network. And it can be exclusively located at the edge of the network, or it can be a combination between those capabilities at the edge, as well as extended all the way to the Cloud. One of the key characteristics of Fog Computing is that it lowers the latency of transactions. And that's the reason behind moving this intelligence and this computer networking capability closer to the edge, so that you can offer services with very low latency. Also, a great advantage of the Fog Computing model is that the jitter is very low, as opposed to the jitter within the Cloud Computing model. And jitter basically is a variation in delay of the received package. So, the quality of the service is much better in Fog Computing.

Malek Ben Salem: [00:10:08:12] Now, because all of these services are closer to the edge, the data does not have to travel a long distance to the Cloud and back, so the exposure of that data is limited, and therefore there is greater privacy if it's protected correctly and the attack surface is smaller. So, there are some security benefits.

Dave Bittner: [00:10:31:22] Are there any downsides to it?

Malek Ben Salem: [00:10:33:23] The downside is that, let me give an example of one application of Fog Computing. Let's think about Smart Cities, and managing traffic within Smart Cities. You can think of the connected vehicles and the traffic signs, signals and well as traffic light signals, as building a fog of their own where they can communicate together to manage traffic, to manage the flow of the traffic, and that's a local application. But, you can also have a Cloud level application where you look at that traffic over longer periods of time, over the entire city, to make policy recommendations about how to route traffic or where to build new roads. The downside is that you may have to make assumptions about the status of the underlying network, and particularly the status of the network connections between those devices at the edge. Because it's highly mobile, because these devices are highly mobile, and because, in many cases, it relies on wireless networking, then connectivity is not always available.

Dave Bittner: [00:11:51:05] I see. And is this something that's actually being put into use now? Are there Fog networks in use or is this something that we expect to see growing in the future?

Malek Ben Salem: [00:12:00:07] This is something that we expect to see in the future mostly, yeah. There are consortium's being created around this concept to define the Fog Architecture that is open, but it's a model that we'll see more of in the future. One major benefit of this is that it will push a lot of the network traffic to the edge, so the major back hall networks will see some relief.

Dave Bittner: [00:12:29:20] Ah, interesting. Alright, Malek Ben Salem, thanks for joining us.

Dave Bittner: [00:12:49:11] And that's the CyberWire. Thanks to all of our sponsors who make the CyberWire possible. Our ad space is filling up fast through this fall and into next year. So, if you want to reserve a spot on our show or Daily News Brief, don't delay. We've got a limited number of spots, and according to our advertisers, they get results. Visit to learn more.

Dave Bittner: [00:13:12:06] The CyberWire Podcast is produced by Pratt Street Media. The editor is John Petrik. Our Social Media Editor is Jennifer Eiben and our Technical Editor is Chris Russell. Our Executive Editor is Peter Kilpe. And I'm Dave Bittner. Thanks for listening.