The CyberWire Daily Podcast 10.18.16
Ep 207 | 10.18.16

Assange still has asylum, but not so much connectivity. RT's banking woes. US-Russian cyber relations continue to worsen. General (ret.) Cartwright pleads guilty to lying about Stuxnet leaks. Email server controversy gutters on.


Dave Bittner: [00:00:02:22] Political hacking the US elections. What's up with WikiLeaks and Russia today? The US continues to make noises about retaliation against Russian hackers. Russia sheds crocodile tweets. A retired general pleads guilty to lying to the FBI. The shadow broker say really they want someone to bid or else. Level 3 keeps score on the Mirai botnet. And fellow youths, you may, after all, the weakest link.

Dave Bittner: [00:00:34:18] Time to take a moment for our sponsor, E8 Security. And, let me ask you a question. Do you fear the unknown? Lots of people do of course, BigFoot, the Yeti, stuff like that. But, we're not talking about those. We're talking about real threats. Unknown unknowns lurking in your network. The people at E8 have a white paper on hunting the unknowns with machine learning and big data analytics that go beyond the old school legacy signature matching and human watch standing. Go to E8 and download their free white paper Detect, Hunt, Respond. It describes a fresh approach to the old problem of recognizing and containing a threat no-one has ever seen before. The known unknowns like crop circles and what happened to Amelia Earhart they're nothing compared to the unknown, unknowns out there in the wild. See what E8's got to say about them. and check out that white paper. And we thank E8 for sponsoring our show.

Dave Bittner: [00:01:39:00] I'm Dave Bitner in Baltimore with your cyberwire summary for Tuesday October 18th 2016.

Dave Bittner: [00:01:45:18] Today's cyber security news combines the odd, the unseemly and the lurid which isn't surprising since so much of it turns on politics and great power competition.

Dave Bittner: [00:01:56:03] After much speculation yesterday that the US had hacked him, WikiLeaks confirmed that Julian Assange's internet connectivity has indeed been cut. And it's still apparently down. But, that it wasn't cut by the United States. Instead the Ecuadorian government is said to be responsible for the outage. Assange, as we know, is currently enjoying asylum in Ecuador's embassy in London. He's wanted in Sweden for indecent assault, a charge he denies. Ecuador's government was silent on connectivity issues but did indicate they will continue to extend Assange asylum.

Dave Bittner: [00:02:31:22] Also yesterday RT, Russia Today, a news outlet closely aligned with President Putin's government, has had some of its assets in the UK frozen. It's British bank, Nat West, says it's closing RT's accounts. That the decision is not up for negotiation and that it wasn't taken lightly. RT has since been shedding crocodile tweets on behalf of freedom of speech.

Dave Bittner: [00:02:55:15] The connections between the stories are as follows. Both WikiLeaks and Russia Today have been closely involved with respectively releasing and reporting on documents related to the campaign of US Presidential candidate Clinton. Those documents are, as one would expect, not reflecting great credit upon the candidate or her associates. We note in passing that it's very difficult to look good in email.

Dave Bittner: [00:03:18:23] The Clinton campaign has responded by suggesting that the doxed emails may have been altered by the Russians. Corruption of data is obviously a very real possibility, especially in information operations mounted by the Russian government. And the US government agrees that Russia is behind most of the election related hacking seen this season.

Dave Bittner: [00:03:39:04] But, the suggestion that emails were hoaxed stopped short even of denial. Even the none denial, denial. And amounts to a kind of counsel of a priority caution. This could happen don't you know. And they also point out that paying attention to these kinds of revelations merely plays into the hands of the Russians, who would like to play king maker in next month's US elections.

Dave Bittner: [00:04:02:10] The US has blamed Russia's government for the hacks that compromised the files now being published. It's also promised some unspecified form of retaliation and President Putin has noted with sadness that this amounts to an American admission at a high level that it engages in state sponsored hacking. Mr Putin clearly has Vice President Biden's remarks about retaliation in mind here.

Dave Bittner: [00:04:25:23] That the US has conducted offensive cyber operations in the past would seem to receive some confirmation from the guilty plea, retired US General Cartwright entered yesterday. He allocated as they say on law and order, to lying to the FBI about having discussed Stuxnet with reporters.

Dave Bittner: [00:04:43:12] The New York Times has expressed some muted disapproval of the prosecution's First Amendment implications. General Cartwright also said that he was not the original source of the leaks. But in the case of Fancy Bear and Cozy the promised US response remains unspecified. It is, however, supposed to be a lulu, something that will send a message that Russia's President cannot misread. Russian spokesmen have expressed both outrage at the state of US intentions and scorned for the capabilities the US darkly hints it may deploy.

Dave Bittner: [00:05:16:13] There's much speculation but little direct evidence that both NatWest Bank and the Government of Ecuador maybe responding to US inducements to act against Russian interests and those of Julian Assange.

Dave Bittner: [00:05:27:20] Speaking of Mr. Assange, the Twitter verse was much agitated by rumors that he had died. Either conventionally assassinated or done to death by a tainted vegan meal, Baywatch alumni Pamela Anderson is said to have taken him over the weekend. In any case, he's fine. The furore seems to have been ignited over some ambiguous tweets with numerical sequences in them, WikiLeaks broadcast after Assanges lost connectivity in his embassy quarters. Those were interpreted as a kind of dead man's switch. But whatever they were, and again, and Mr. Assange appears to be okay.

Dave Bittner: [00:06:03:16] Other documents these released and not leaked suggest that former Secretary of State Clinton may have shared classified information with uncleared consigliere Sidney Blumenthal over her now famous private email server. Other material disclosed from the FBI investigation of said server appear to suggest a senior state department official asked for retrospective declassification of some material in exchange for his good offices in expediting FBI diplomatic assignments to hitherto unavailable embassy posts.

Dave Bitner: [00:06:36:22] The Velock strain of ransomware continues to be a threat. We spoke with Ravi Balupari from Netskope on what they're seeing Velock in the wild.

Ravi Balupari: [00:06:45:18] What we have observed is some of the latest variance are exhibiting a new propagation vector which equates to creating a cloud malware fan out effect.

Dave Bittner: [00:06:59:15] Okay, so take us through that, how are these new variations of Veerlock affecting things in the cloud?

Ravi Balupari: [00:07:05:17] So let's walk through one scenario. Like let's say you have an enterprise with, you know hundred soft users and they are using a cloud application let's say, a cloud storage application such as Bots. Now, in a typical enterprise people collaborate on documents. So, the User A is actually not sharing the document with you User B. And the user being done can share it with multiple other users. The User B can also share other documents with other users. But, in the warlock in all ransomware the pan out affect...let's say the User A's device is infected with ransomware especially with warlockThe documents on his machine get synced to the cloud. Once the documents are synced to the cloud those documents in the cloud would get synced to all the users with whom the document is shared.

Ravi Balupari: [00:08:01:02] Now since the user is infected with warlock, the warlock infected document is sent to a cloud. The same document is getting back on the User B's machine. And, User B, you know, inadvertently clicks open the document, he would in fact get re-infected with warlock and then all the documents on his mission would get encrypted with warlock. And if he has shared other documents with other users they will again get sent to the cloud and then they will go back to the other users machines. So, as you can notice there's a part in here where the infection is growing through the enterprise. You can think of it more like a worm where warlock virus ransomware is spreading through the network.

Dave Bittner: [00:08:55:14] That's Ravi Balupari from Netskope.

Dave Bittner: [00:09:00:06] The shadow brokers still haven't got any real bids on their auction of Equation Group tools. They tell anyone who may still believe this is a real auction that they've now had it. As the Register puts it in an homage to Blazing Saddles, pay the brokers ten bitcoin "or the code gets it."

Dave Bittner: [00:09:18:07] Level 3 has been working on the Mirai internet-of-things botnet. They've developed a list of indicators of compromise and believe that almost 500,000 bots, most of them in the US, Colombia, and Brazil are being herded via Mirai malware. Level 3 concludes from this that "a lot of DVRs and IP-cameras owned by consumers and small businesses" are being herded. And that a large number of bots are being deployed against single victims. What can you do? Level 3 recommends the "Two Ps." Patches and passwords.

Dave Bittner: [00:09:49:14] Finally my fellow youths I have some news we'd like to hip you to. The younger crowd likes to think that it's mostly geezers and has-beens who fall for the tech support scam, where someone calls you up and says your "computer" has a problem and that they fix it if you give them control by handing over your password. But, it turns out it's not the gray headed duffers who swallow the bait, hook line and sinker. It's Millennials. A study by Microsoft and the National Cyber Security Alliance finds that half, that's right, half, of the marks who fall for this hoary con are between the ages of 18 and 35. So, be careful, youths, what you tell the strangers who call. And while you're at it, get off my lawn!

Dave Bittner: [00:10:37:17] Time for a message from our sponsor If you're a cyber security professional and you're looking for a career opportunity you need to check out the free Cyber Job Fair on the first day of Cyber Maryland, Thursday October 20th at the Baltimore Hilton hosted by They are a better known specialist at matching security professionals with rewarding careers. The Cyber Job Fair is open to all cyber security professionals, both cleared and non cleared. It's open to college students in cyber security programs too. You'll connect face to face to face with over thirty employers like SWIFT, DISA and the Los Alamos National Laboratory. You can also tune up your resume and get some career coaching. All of it's free from career expert and air force veteran Patra Frame. To learn more visit and click job fairs in the main menu. Remember that's and we'll see you in downtown Baltimore. And we thank for sponsoring our show.

Dave Bittner: [00:11:38:15] Joining me once again is Markus Rauschecker, he's the cyber security program manager at the University of Maryland Center for Health and Homeland Security. Marcus saw an article in Wired Magazine about New York cracking down on Mattel and Hasbro for tracking kids online. What can you tell us about the regulations when it comes to tracking our kids?

Markus Rauschecker: [00:11:58:14] Yes, so in this day and age I think most of us take it for granted that when we go online a lot of information is collected about us in terms of where we go to shop, what we buy, what sites we visit. All that is being tracked constantly as we're surfing the web. And, for the most part I think we've kind of accepted that and we're okay with that. But, it seems that we're not okay with that when it comes to our kids. And, there is actually a law in place, the Children's Online Privacy Protection Act which helps parents protect their kids when information is collected about them online. Parents want to know that their kids are protected when they are online. And this law COPA for short allows parents to be reassured when it comes to letting their kids surf online.

Markus Rauschecker: [00:12:51:12] Basically what the law says, what COPA says is that websites that are specifically targeted to kids need to have policies in place and terms of servers in place that allow parents to know exactly what kind of information the website would be collecting about their kids when their kids are on the website. This is specifically for kids under the age of thirteen.

Dave Bittner: [00:13:15:12] I see a lot of television commercials for products that say visit our website, but when they are kids products they often say, ask your parents before you visit our website and I guess that ties into this?

Markus Rauschecker: [00:13:26:17] Right, so whenever a product or a website is targeted specifically for kids under the age of thirteen there's going to need to be some parental notification there as well, so that parents will make the decision about whether or not their kids will be able to go on that website and interact with the website.

Dave Bittner: [00:13:48:09] In this case, New York decided that both Mattel and Hasbro were not up to the standards of the law and they got hit with some pretty hefty fines?

Markus Rauschecker: [00:13:57:22] Right, so the penalties can be pretty hefty when a company doesn't follow the law in this case. I think that's understandable and that most of us would want to make sure that our kids are protected to the greatest extent possible. So, the fines are pretty hefty for any violations of these rules accordingly.

Dave Bittner: [00:14:17:10] Yes, according to the article in Wired, they paid a combined total of 835,000 dollars in fines. That will buy a lot of Barbies. All right, Markus, thanks for joining us.

Markus Rauschecker: [00:14:33:14] Thank you very much.

Dave Bittner: [00:14:37:07] And that's the CyberWire. Thanks to our sponsors for making the CyberWire possible. The CyberWire podcast is produced by Pratt Street Media. Our Editor is John Petrik. Our Social Media Editor is Jennifer Eiben and our Technical Editor is Chris Russell. Our Executive Editor is Peter Kilpie and I'm Dave Bittner. Thanks for listening.