Election Eve cyber threat roundup. Retail bank Tesco stops online banking after wave of fraud.
Dave Bittner: [00:00:03:16] On Election Day Eve, a round-up of current cyber tensions, especially between the US and Russia, influence operations for sure, disruption possibly, vote manipulation maybe, but probably not. UK retail bank Tesco shuts down on line operations due to a wave of fraud. And Indian police say a rival service seems responsible for a July DDoS attack in Mumbai.
Dave Bittner: [00:00:32:05] Time to take a moment to tell you about our sponsor CyberSecJobs. If you're an information security professional seeking your next career, or your first career, checkout cybersecjobs.com and find your future. CyberSecJobs is a veteran owned career site and job fair company for information security professionals and students. If you're a job seeker, you can create a profile, upload your resume and search and apply for thousands of jobs. And if you're a recruiter, it's great for you too. If you're looking to source information security professionals, you should contact CyberSecJobs about their flexible recruitment packages designed to meet your needs. To learn more visit cybersecjobs.com. That's cybersecjobs.com. And we thank CyberSecJobs for sponsoring our show.
Dave Bittner: [00:01:29:01] I'm Dave Bittner, in Baltimore, with your CyberWire summary for Monday, November 7th, 2016.
Dave Bittner: [00:01:34:21] You may have heard that widespread concern about the prospects of Russian intelligence services hacking elections has prompted authorities to take measures they hope will contribute to securing the vote. Indeed this is the case. Government officials in Montenegro have begun to upgrade the security of that country's voting apparatus as suspicions arise that Russian operations have been interfering with election sites. Oh, and there's also this election going on in the United States tomorrow. The Americans too seem to have the same case of the willies as the Montenegrins about Russian security services. That is, the APTs known as Cozy Bear and, especially, Fancy Bear.
Dave Bittner: [00:02:13:01] The most commonly voiced concerns fall into three categories. First, there's the prospect of direct manipulation of vote tallies by enemies both foreign, that would be the Russians, and domestic. Choose your own poison on this one, partner. Despite recent proofs-of-concept by Cylance and others, direct hacking of votes, wholesale election theft on a scale not seen since the good old days of the Chicago machine, is generally regarded as unlikely. The second category of concern involves disruption of voting. Distributed denial-of-service attacks that might impede voting or delay counting are thought somewhat more likely, especially in the wake of the recent Mirai-enabled DDoS attacks that have put so many on their guard against this particular threat.
Dave Bittner: [00:02:56:17] On this second class of threat, the Mirai botnet provides a cautionary example. It now appears that last week's incident in Liberia was less devastating than initially reported, but botnet-driven DDoS remains a matter of concern. Andrew Howard, Chief Technology Officer for Kudelski Security, told the CyberWire, "This growing problem goes beyond unchanged default passwords left on devices. There is an urgent need for proven security tactics and technology for the IoT space. Companies of all types need to ensure customer devices and systems meet desired security levels at all stages of their life cycle." "Without taking such steps," Howard said, "companies run the risk of leaving the door open to attackers."
Dave Bittner: [00:03:41:19] Returning to election fears, there's the prospect of information operations designed to discredit the US electoral system. These operations are widely believed to be well underway, and all signs in this regard point to Russia. Guccifer 2.0, the shadowy gadfly of the Democratic National Committee, who's generally regarded as a sockpuppet for probably the GRU, has called upon his fellow hacktivists to monitor the US elections. And we repeat, it's unlikely in the extreme that Guccifer 2.0 is a hacktivist along the lines of Guccifer 1.0. The call for monitoring carries a special sting for American targets, since good government election monitoring abroad has long been a traditional staple of US public diplomacy.
Dave Bittner: [00:04:26:23] Guccifer 2.0, by the way, isn't the only nominal hacktivist out there doxing world leaders. Ukrainian hackers have released documents from a second email account linked to Putin aide Vladislav Surkov. The same guy Mr. Putin says doesn't even use email. Like earlier leaks, they purport to show aggressive Russian designs against Ukraine.
Dave Bittner: [00:04:49:02] WikiLeaks released another tranche of leaked emails over the weekend. They continue to be more of the bad looking stuff that's emerged from the Democratic National Committee and Clinton campaign accounts. WikiLeaks itself claimed it experienced a DDoS attack shortly after it released the latest set of emails, but the site appeared to be up and functioning as of this morning. Twitter also experienced an outage earlier today, but that appears to have been an engineering error, and not an attack, despite the initial paranoid reactions across the Internet.
Dave Bittner: [00:05:19:21] And the FBI over the weekend announced that it's looked through Anthony Weiner's laptop, his laptop computer, that is, and not so far found anything that would lead it to recommend indicting Hillary Clinton for mishandling classified information.
Dave Bittner: [00:05:34:11] There have been various dark hints in recent weeks about planned, or at least possible US retaliation, against any Russian electoral hacking. And senior US officials and industry figures have certainly discussed retaliatory options in the event of a clearly attributed cyberattack. Over the weekend, the Russian press has reported US penetration of Russian critical infrastructure networks, and the Russian government has demanded an explanation. There's been no public US response beyond continuing efforts on the part of state governors and the Department of Homeland Security to reassure the public of the integrity of the voting system.
Dave Bittner: [00:06:11:16] Forcepoint, who's been following election related chatter closely, noted to us late this afternoon that, influence operations aside, the FBI has found, "Malicious actor scanning and probing state voter databases for vulnerabilities." The actors were operating from servers hosted by a Russian company, but the probes and scans aren't, so far at least, being attributed to the Russian government.
Dave Bittner: [00:06:36:13] Election hacking aside, authorities are following Internet chatter by al-Qaeda and other jihadist groups that appears intended to inspire physical attacks on locations associated with voting. State and Federal authorities are on their guard, and pursuing several lines of investigation.
Dave Bittner: [00:06:53:19] It is with somber relief that we turn to ordinary cyber crime, which is bad enough, but seems somehow more tractable than election influence. Tesco Bank, a major consumer bank in the UK, halted online transactions after at least 20,000 customers were hit with fraud, and a further 40,000 experienced attempted fraud. It's a big enough caper, with enough lessons to be learned, that we offer some of the reactions we've received from security experts.
Dave Bittner: [00:07:20:22] Shane Stevens, from VASCO Data Security, told the CyberWire, this demonstrates the need for banks to, "take a step back and assess their endpoint access and all their layers of security."
Dave Bittner: [00:07:32:13] Mark Wilson, Director of Product Management at STEALTHbits Technology, framed the issue for us this way. "The big question is, how did the perpetrator get access to 40,000 accounts? Internet Banking utilizes multi-factor authentication. Were two-factor authentication tokens compromised? If so, that could cast a shadow across the whole online banking and finance sector." He also noted that Tesco isn't just a retail bank, it's also the largest grocery retailer in the UK, and it offers a range of services including mobile telecommunications, Internet services, insurance, and credit services. Wilson said that, "Unless Tesco segregates those platforms, it stands to reason that they may also be at risk, or perhaps already compromised."
Dave Bittner: [00:08:20:09] Kunal Anand, CTO and Co-Founder of Prevoty, said to the CyberWire, "It's one thing to steal your identity, it's another thing to steal your money. There is even more pressure on financial services organizations like Tesco to have more controls within their network, endpoints and applications, including RASP, to monitor and protect against fraud. The raw data from these controls, combined with anomaly detection, could allow organizations to react faster and help reduce overall fraud." He thinks Tesco has some investigation and remediation left to do.
Dave Bittner: [00:08:54:09] One final note on cyber crime and prospective punishment comes from India, where police in Mumbai have concluded that a DDoS attack on a major Internet service provider wasn’t the work of criminal gangs or foreign security services after all. It seems instead, a rival ISP mounted the attack. That rival is so far unnamed, but stay tuned.
Dave Bittner: [00:09:20:10] It's time to tell you about one of our sponsors E8 Security. And let me ask you a question. Do you fear the unknown? Lots of people do, of course. Mummies, werewolves, stuff like that. But, we're not talking about those. We're talking about real threats, unknown unknowns lurking in your network. The people at E8 have a White Paper on hunting the unknowns with machine learning and big data analytics that go beyond the old school legacy signature matching and human watch standing. Go to e8security.com/dhr and download their free White Paper, Detect, Hunt, Respond. It describes a fresh approach to the old problem of recognizing and containing a threat no one has ever seen before. The known unknowns, like Plan 9 from outer space and the Creature from the Black, Lagoon, they're nothing compared to the unknown unknowns out there in the wild. See what E8's got to say about them. E8security.com/dhr and download that White Paper. And we thank E8 for sponsoring our show.
Dave Bittner: [00:10:21:18] Joining me once again is Ben Yelin. He's a Senior Law and Policy Analyst with the University of Maryland Center for Health and Homeland Security. Ben, it seems like our election here in the United States is right around the corner and I wanted to check in with you to see what do we know, if anything, about our two major candidates, Hillary Clinton and Donald Trump, about their positions when it comes to cybersecurity and things like surveillance?
Ben Yelin: [00:10:44:24] Well, Dave, we actually know relatively little. It hasn't played a huge role in the campaign. I know it actually came up at the first debate. Donald Trump famously said that his son Barron was very proficient at computers and that was sort of a segway into talking about the importance of cybersecurity. I think on the electronic surveillance side, both Secretary Clinton and Donald Trump would be more favorable to some of the bulk electronic surveillance programs of the Obama administration. It's worth pointing out the Obama administration was actually quite favorable to electronic surveillance. For example, after the 2015 San Bernardino attacks, Secretary Clinton called for an intelligence surge and for increased monitoring on social media for suspected terrorists. Again, all things that the Obama administration has done. But, you know, I haven't seen her comment some of the Edward Snowden divulged information, such as the phone records program or the collection of the content of online communications under the FISA Amendments Act.
Ben Yelin: [00:11:49:16] So, it'll be interesting to see if either of the candidates take a firm policy stance on that. I think a lot of it will be determined by what happens in Congress. Certainly, generally Democratic lawmakers are slightly more eager to chip away at some of the excesses of the electronic surveillance programs, but there was a bi-partisan coalition to pass the USA Freedom Act, which ended the NSA's collection of book metadata back in 2015. That was really the first time since 9/11 that such a program had been curtailed in that way. So, I think it's certainly something worth paying attention to. It's such a critical and important issue and has played such a small part in our presidential campaign. So, it's certainly something to pay attention to.
Dave Bittner: [00:12:34:13] Alright. Ben Yelin, time will tell. Thanks for joining us.
Dave Bittner: [00:12:40:10] And that's the CyberWire. I want to send out a sincere thank you to all of you who listen every day and welcome our new listeners as well. The number of people listening and downloading our show continues to grow every month, and October was no exception. We hope you'll recommend our show to your friends and co-workers and consider rating the show and writing a review on iTunes, it really does help new people find the CyberWire. So, thanks. All of us here truly appreciate your support.
Dave Bittner: [00:13:05:06] For links to all of today's stories, along with interviews, our glossary, and more, visit thecyberwire.com. Thanks to all of our sponsors, who make the CyberWire possible. The CyberWire podcast is produced by Pratt Street Media. Our editor is John Petrik. Our social media editor is Jennifer Eiben, and our technical editor is Chris Russell. Our executive editor is Peter Kilpe and I'm Dave Bittner. Thanks for listening.