Cybersecurity on US Election Day. OPERA1ER threat activity. Insider threats. Hacktivist auxiliaries: influence operators in the hybrid war. And Mr. Hushpuppi is back in the news.
Dave Bittner: A look at cybersecurity on U.S. Election Day. Details on the OPERA1ER threat activity. Seasonal and secular trends in insider threats. A look at influence operators in the hybrid war. Ben Yelin reviews election security and misinformation. Ann Johnson from "Afternoon Cyber Tea" speaks with Dr. Ryan Louie about the growing issue of mental illness among cybersecurity professionals. And hey, everybody, Mr. Hushpuppi is back in the news and back in the slammer, the hoosgow, the big house. You get the picture. Sabbatical at Club Fed.
Dave Bittner: From the CyberWire studios at DataTribe, I’m Dave Bittner with your CyberWire summary for Tuesday, November 8, 2022.
Cybersecurity on US Election Day.
Dave Bittner: Today is Election Day in the U.S. Have you voted, Americans? In most places, you've been able to vote early or even vote by mail. But traditionalists and procrastinators, suddenly seized by a sense of civic responsibility, have been schlepping to the polls since early this morning.
Dave Bittner: CISA went into the final day of voting with confidence that the elections wouldn't be disrupted by cyberattacks that sought to directly attack voting. CISA is holding a series of updates for the media throughout the day, and we're sitting in on them. But as we publish this daily podcast, no unusual or dangerous threats have emerged. There are, of course, scattered reports of a machine not working or a poll watcher's tablet going down. But these are all well down in the ordinary noise of accidents and not the result of any attack on voting systems.
Dave Bittner: On the other hand, influence operations, of course, continue. The AP reports that the increasingly high-profile Russian oligarch Yevgeny Prigozhin, proprietor of both the troll-farming Internet Research Agency and the mercenary army that does business as the Wagner Group, said yesterday, gentlemen, we have interfered, are interfering and will interfere carefully, precisely, surgically and in our own way as we know how to do. It's an unusually frank avowal of what U.S. sources have long charged. But come on, Yevgeny Viktorovich. This isn't really what you'd call news. You could save it for TASS or RT.
Dave Bittner: The White House press secretary dismissed Mr. Prigozhin's remarks yesterday, saying that they do not tell us anything new or surprising, surely the most undeniably true thing ever uttered in a press conference. How effective such influence operations will be remains to be seen, and they can be counted on to continue long after the election is over. Their goal, remember, is fundamentally to demoralize, sow confusion and widen pre-existing fissures in civil society.
Details on the OPERA1ER threat activity.
Dave Bittner: Group-IB has published a detailed account of the threat group OPERA1ER - that's operator, but instead of a T, there's a number one - which has used off-the-shelf tools to steal between $11 million and $30 million from its victims, mostly located in Francophone regions of Africa since 2019. The researchers include advice on defense, and their accounts afford an interesting look at what a determined criminal operator can do with commodity tools traded in the C2C market.
Insider threats: seasonal and secular trends.
Dave Bittner: Researchers at DTEX have published a study on insider threats, finding that unsanctioned third-party work on corporate devices has risen by nearly 200% over the past 12 months. The researchers warned that workforce engagement declines by up to 50% in the weeks before the holiday season. Engagement also remains affected during the first week back after the holidays. Departing employees represent a distinct challenge. DTEX observed that research and creation of resignation letters increased by 20% in the first half of 2022, increasing the potential for disgruntled employees to cause harm to the business. The study also found that 12% of departing employees take sensitive information with them when they leave the company. So HR departments, look to your off-boarding. Another pro tip - we're just spitballing here - but maybe firing people by email is not the best approach.
Killnet's targeting and the effects achieved.
Dave Bittner: We come now to the tale of two cyber auxiliaries in the ongoing hybrid war Russia is waging against Ukraine. We've seen the U.S. Federal Bureau of Investigation's assessment last week of Russia's Killnet hacktivist auxiliary as posing more of a psychological than a tangible threat to the networks it hits with distributed denial-of-service attacks. Yesterday, the Record by Recorded Future offered some notes on Killnet's interests and targeting. The threat actor is mostly interested in hostile nations found in the near abroad, now-independent former Soviet republics, especially Estonia and Moldova, and former members of the defunct Soviet-led Warsaw Pact, in particular Bulgaria and Poland. Officials in those countries essentially agree with the FBI - Killnet's operations were punitive in their intent. And while the group crowed high in its social media channels, the actual effects they achieved didn't rise above the now-familiar nuisance level. That probably doesn't matter, and so needn't be regarded as a failure. At this point in the hybrid war, these sorts of cyberattacks are best regarded as a form of influence operation, intended more to menace and intimidate than to hobble or disrupt.
The IT Army claims to have hit Russia's Central Bank.
Dave Bittner: And things seem similar on the Ukrainian side. The Record also reports that Ukraine's auxiliary IT Army claims to have successfully breached databases belonging to Russia's Central Bank. The Central Bank itself has said publicly that the data breach is all hooey. As quoted in Positive Technologies' Security Lab Blog, the bank said, not a single information system of the Bank of Russia has been hacked. The material the IT Army dumped online, the Central Bank claimed, was all anodyne, publicly available information. If the Central Bank isn't fibbing, and they may not be, then the IT Army is doing something the FBI says Killnet's been doing for some time - boasting in a way calculated to mess with its audience's mind. In its Telegram channel, the IT Army explained its objective in hacking Russian banks, stating the goal remains the same as for all banks, to create problems in the processing of payments, to delay the fulfillment of financial obligations under contracts and to sow doubts among those who receive payments through it. So like the activities of their Russian counterparts, the IT Army in this campaign seems interested principally in influence.
Ray Hushpuppi, we hardly knew ye.
Dave Bittner: And finally, hey, everybody, do you remember Ramon Abbas? Probably not, but you may remember him under his influencer persona, Ray Hushpuppi. Anyhoo (ph), Mr. Hushpuppi, a Nigerian citizen, was sentenced to 11 years in a federal prison on charges related to his money laundering activities. The judge also ordered him to pay $1.7 million in restitution to two fraud victims. In his salad days, Mr. Hushpuppi called himself the Billionaire Gucci Master, according to Forbes. After getting his criminal start as what the Nigerians call a yahoo boy, engaging in romance scams, he began to flaunt his wealth as a social media flexer (ph), prancing and dancing his way into the hearts and wallets of many who wished that they, too, might live the life of villas, supercars, fine jewelry and designer clothes Mr. Hushpuppi displayed.
Dave Bittner: Sure, flexing on Instagram isn't the best way of flying under the Feds' radar, but on the other hand, people are drawn to that sort of thing in the vague hope that some of the magic might rub off. Mr. Hushpuppi’s later crimes involve laundering money on behalf of North Korean threat actors who engage in fraud on behalf of their cash strapped pariah government. The BBC reports that two Nigerian imams wrote letters asking for leniency on Mr. Hushpuppi's behalf, noting his generosity to widows, orphans and food banks. And Mr. Hushpuppi himself expressed his regrets and contrition. Come what may, the judges still gave him 135 months in Club Fed, plenty of time to repent at his own leisure.
Dave Bittner: Coming up after the break, Ben Yelin reviews election security and misinformation. Ann Johnson from the "Afternoon Cyber Tea" podcast speaks with Dr. Ryan Louie about the growing issue of mental illness among cybersecurity professionals. Stay with us.
Dave Bittner: Ann Johnson from Microsoft is the host of the "Afternoon Cyber Tea" podcast. And in a recent episode, she speaks with Dr. Ryan Louie about the growing issue of mental illness among cybersecurity professionals.
Ann Johnson: I know our listeners are curious to learn about the link between psychiatry and cybersecurity. And to bring us along on the journey, can you talk a little bit about your background? When and why did this interest begin for you? How did you land on cybersecurity - and I love that, cyber with a P-S-Y as a focus area - and can you break it all down for us?
Ryan Louie: Yes. So I'm a psychiatrist, so my main work is working with patients in the clinic setting. I treat patients' conditions such as depression, bipolar disorder, PTSD, anxiety, several other types of mental health conditions. Before this clinic work, I used to work in a downtown San Francisco hospital, an inpatient locked psychiatric unit. I learned a lot from that patient population because they taught me a lot of things. They said that once they left the safety of the hospital, they were kind of on their own. There was a lot of things they didn't know where to go to, a lot of different things that were - might have been dangerous or not safe. And I would ask them, what's your safety plan? Where do you go for help? If you need assistance, who'd you go to? It got me thinking about the bigger picture of what it means to be mentally well and to be safe.
Ryan Louie: I love technology, and as I started seeing how technology is so interwoven into everyday life, I started to think about that - a person's safety and security in terms of their mind and their well-being is actually closely linked to the technology they use. So hence, I was thinking about cybersecurity in the traditional sense, with a C-Y for cyber, into a P-S-Y, being psychiatry in cybersecurity. And I started to merge the two and think about it in that way.
Ann Johnson: So can you unpack some of the issues commonly seen and what aspects of cybersecurity are contributing to them, and how unique are they to this industry?
Ryan Louie: Definitely the COVID-19 pandemic has amplified everything that was already existing, both in terms of the stressors in cybersecurity and also the stressors in mental health. COVID-19 and the pandemic made everything that much more magnified and intense. So in thinking about this question, I oftentimes compare the world of cybersecurity with people in health care. Both of our fields - in the medical fields and the cybersecurity fields - share a lot of things in common. For instance, we often work under extreme time pressure. We don't have a lot of information all the time. We have to make decisions without all the information or things we wanted to know about, but we - it demands a decision, so we have to decide. It can be very stressful. Oftentimes there are limited resources, limited time, limited staff, and there are things from left field that we may not even know about. We always have to deal with those situations. And for cybersecurity professionals and people in health care, there's the constant need to want to be a team player.
Ann Johnson: So with all that baseline, let's pivot a bit and talk about how we can better take care of ourselves and our teams. And if we could start with leaders - when it comes to identifying someone who might be struggling, what signs should leaders look out for, and what can leaders do to best support the mental health and wellbeing of their teams?
Ryan Louie: In thinking about what leaders can do, I think back to this time when I was a medical student doing a rotation in one of my clinical clerkships. On the first day of orientation, all the interns and the residents and the medical students like myself gathered around in a circle with our attending physician, who was the head and who would be writing our recommendation and our - giving our grades. He said right at the outsets, I said, we work as a team. If anyone feels overwhelmed, there's too much stuff on their plate, I want you to just freely say - raise your hand and say, hey, I got too much. I need some help. There will be no penalties for doing that. It's not going to show up on your grade sheet or your letter or your evaluation. And just like that, he lifted up that onus of pressure from everyone. And we worked really well. We worked great as a team.
Dave Bittner: That's Ann Johnson from Microsoft, host of the "Afternoon Cyber Tea" podcast. You can hear more of this interview and the entire "Afternoon Cyber Tea" collection of shows here at thecyberwire.com.
Dave Bittner: And joining me once again is Ben Yelin. He's from the University of Maryland Center for Health and Homeland Security and also my co-host over on the "Caveat" podcast. Hello, Ben. Welcome back.
Ben Yelin: Hello, Dave.
Dave Bittner: So it is Election Day as we record this and air this. I voted this morning. I believe you have - you voted ahead of time.
Ben Yelin: I did. I voted by mail - always a satisfying feeling to fill out your ballot, put it in the drop box and know that you've made a difference. It sounds corny, and it is very corny.
Dave Bittner: Yeah.
Ben Yelin: But I love voting.
Dave Bittner: Yes.
Ben Yelin: I think it's actually fun even though it's also a civic duty.
Dave Bittner: I agree. And it does sound corny, but I do get a nice little feeling of civic pride when I do it every time. And I think it's important. So let's talk about security here. I mean, where - as we go through Election Day, where are we finding ourselves? We've heard from many of the agencies who keep track of these things. Where do we stand?
Ben Yelin: So I think when people think about election security issues, they think about corrupted voting systems. They think of potential cyberattacks on voter rolls from illicit foreign actors or agents of these foreign enemies - the Chinese government, the Russian government. From what our federal agencies have said, our election systems are relatively safe, are quite safe. Largely that's due to the work of agencies like CISA, and you certainly give them credit for it. But largely it's due to the decentralized nature of our election system. It might be easy or doable to hack into a single county's election system or a single jurisdiction, but we run elections through 50 states, a bunch of different counties. It is a very decentralized process, so it would be hard to alter the results on such a scale when you would have to penetrate a bunch of different security protocols in order to make a difference in an election.
Dave Bittner: Yeah.
Ben Yelin: So I think we do have a good degree of confidence in the integrity of our voting systems. The problem is this scourge of misinformation. And I understand why misinformation exists on this subject. We don't actually see our ballots getting counted at a clerk's office. They don't do that on TV. So we kind of have to have a level of trust in the system that our votes are going to be counted, that everybody's votes are going to be counted, that we're going to have a fair and equitable election - one person, one vote. We're going to end up at a fair outcome.
Ben Yelin: People take cues from their political leaders. And when elite political actors cast doubt on the integrity of our elections, that ends up kind of causing the system to collapse on itself. And one of the ways these political actors do that is to take relatively normal things and make them seem conspiratorial. So, for example, we saw in 2020, it was a pandemic. A lot of people voted by mail. And in several states, particularly in the Midwest, the election clerks were barred by law from opening up mail ballots until election day. So the first ballots counted were ballots from people who voted on Election Day itself. And most people who voted on Election Day were voting for Donald Trump, largely because he told his voters to vote on Election Day.
Dave Bittner: Right.
Ben Yelin: So there was this mirage that he was ahead. And really, that was just because mail votes hadn't been counted. At a certain point in the middle of the night, they did count the mail-in ballots. And, you know, we know from all available evidence that there was nothing nefarious about it. There were a big batch of mail ballots. They fed them into the machine.
Dave Bittner: Yeah.
Ben Yelin: But a lot of political leaders tried to imply that these were vote dumps in the middle of the night even though it was literally just counting ballots.
Dave Bittner: And it was all happening according to the rules that had been agreed to ahead of time.
Ben Yelin: Right. So there's a more sophisticated critique that says, well, these state legislatures changed rules in the middle of an election season because of the pandemic, or state courts intervened to change the rules. Those certainly might have some legitimacy, although that needs to be fought out in a court of law, not in the court of public opinion.
Dave Bittner: Right.
Ben Yelin: But very simple things like the fact that mail-in ballots were counted later than Election Day ballots - that can lead people to conspiratorial thinking. And it's, I think, the duty of our political leaders to ensure trust in our electoral system and not to sow doubts based on something that's really rather unremarkable. I mean, in all elections, there have been differing modes of voting. And certain precincts are counted before other precincts. That's just the way we count votes.
Dave Bittner: Yeah.
Ben Yelin: So this scourge of misinformation and conspiracy, I think, ends up having a really detrimental effect because people lose faith in our electoral system.
Dave Bittner: Well, that's the local stuff or the provincial stuff - the call that's coming from inside the house. I think we've also seen stories that the international actors who are looking to stir things up here in the U.S., they really fired up their engines over the past week or so as well to send out their own brand of disinformation.
Ben Yelin: Right. I mean, we had a - was it a Russian oligarch or somebody involved with the Kremlin admit that Russia has resumed efforts at trying to influence U.S. elections? There are ways they can influence elections through social media. We heard a lot about that in 2016 - just by sowing discord, posting provocative memes that might turn people against certain candidates or certain causes.
Dave Bittner: Right.
Ben Yelin: It's hard to really measure how much of an effect that actually has. And then there are larger scale disinformation efforts, the most notable being hacking into the Democratic National Committee's emails in 2016.
Dave Bittner: Yeah.
Ben Yelin: So that is a risk that certainly is still present and out there. I almost think it's more important for us to fix the problems within our own house before we worry about what happens with foreign actors, just because I think we have to restore trust in our electoral system and trust that federal agencies are going to be looking out for these foreign actors and threats, and that it's our responsibility to have faith in the integrity of our system.
Dave Bittner: Yeah. Well, get out there and vote, right? (Laughter).
Ben Yelin: Absolutely. By the time you hear this, the polls might already have closed.
Dave Bittner: Right.
Ben Yelin: But if not, if you are a on-time daily CyberWire podcast listener, you might still have a couple of hours. So get out there.
Dave Bittner: That's right. Do your civic duty. All right. Ben Yelin, thanks for joining us.
Ben Yelin: Thank you.
Dave Bittner: And that's the CyberWire. For links to all of today's stories, check out our Daily Briefing at thecyberwire.com. The CyberWire podcast is a production of N2K Networks, proudly produced in Maryland out of the startup studios of DataTribe, where they're co-building the next generation of cybersecurity teams and technology - also, apparently drilling holes and pulling cables. Our amazing CyberWire team is Elliott Peltzman, Tre Hester, Brandon Karpf, Eliana White, Puru Prakash, Liz Irvin, Rachel Gelfand, Tim Nodar, Joe Carrigan, Carole Theriault, Maria Varmazis, Ben Yelin, Nick Veliky, Gina Johnson, Bennett Moe, Catherine Murphy, Janene Daly, Chris Russell, John Petrik, Jennifer Eiben, Rick Howard, Peter Kilpe, Simone Petrella, and I'm Dave Bittner, desperate for a proper recording studio. Thanks for listening, everybody. We'll see you here tomorrow.