The CyberWire Daily Podcast 2.1.16
Ep 26 | 2.1.16

The CyberWire Daily Podcast 2.1.16


Dave Bittner: [00:00:03:15] Distributed denial-of-service attacks are rising. They're cheap to mount, and they can pay off in several ways. Dr. Web warns of Trojanized games in the Google Play store. Safe Harbor's no more. And we take a quick look at the sudden decline and strange story of threat intelligence media darling Norse Corporation.

Dave Bittner: [00:00:22:08] This CyberWire podcast is made possible by the Johns Hopkins University Information Security Institute, providing the technical foundation and knowledge needed to meet our nation's growing demand for highly skilled professionals in the field of information security, assurance and privacy. Learn more online at

Dave Bittner: [00:00:45:00] I'm Dave Bittner in Baltimore with your CyberWire summary for Monday, February 1st, 2016.

Dave Bittner: [00:00:51:16] Some of today's more interesting news comes from industry. Norse Corporation seems to be on its way out. A threat intelligence shop which even casual cyber watchers have gotten to know for its eye-catching and widely linked threat map, not to mention its Viking helmet tradeshow swag. Norse apparently began winding down operations over the weekend. Its sites are down today, including that famous threat map. Brian Krebs reports that the company seems to be "imploding." CEO Sam Glines was deposed this weekend, and there's speculation that the company's remaining assets will be folded into SolarFlare, which shares some investors with Norse. But this remains speculation. No one in a position to know is offering comment.

Dave Bittner: [00:01:30:23] Norse's threat map, whose look recalled the WOPR's nuclear-exchange simulations from the movie "War Games," was surely a very compelling contributor to the company's rise. As a threat intelligence operation, Norse relied on widespread deployment of honeynet sensors. Its critics tended to regard its use of such sensors as uncritical and prone to representing reconnaissance, and even entirely innocent crawling and searching, as attack traffic.

Dave Bittner: [00:01:54:19] Krebs traces the company's troubles back through some ventures its leadership had been involved with through the 1990s. Norse went through a round of layoffs at the beginning of this January, and one of the laid-off, former Chief Architect Jason Belich, rises to the company's defense in Krebs's comments and elsewhere. Belich disputes what he reads as Krebs's imputations of a connection between ancestor-ventures and Norse itself. Krebs stands by his reporting. Perhaps the last word for now should go to blogger Robert M. Lee, who, while offering his own opinions concerning Norse's intelligence products, reminds everyone following the story that many of those who worked at Norse were talented and serious professionals. May those who merit a soft-landing receive one, as swiftly and softly as possible.

Dave Bittner: [00:02:38:11] Moving back to threats, a guilty plea in a doxxing case against a Kosovar ISIS-sympathizer arouses new concerns that ISIS has acquired personally identifying information on US military and government personnel. ISIS has made it known that it has what it calls "crusaders" on its watch list.

Dave Bittner: [00:02:55:10] In a different doxxing operation, this one by hacktivists evincing animus against US police department, emails and other information exchanged by members of police unions are exposed to inspection.

Dave Bittner: [00:03:06:06] Patriotic cyber-rioting continues to flare in the Caucasus, as Armenian and Azerbaijani hacktivists strike at their antagonists' governments. Some of the more recent incidents involve Armenian hackers affiliated with the "Monte Melkonian Cyber Army" observed their national Army Day last week with a denial-of-service campaign against multiple government agencies in Azerbaijan. They followed this up with a doxxing operation that pulled information from compromised Azerbaijani official sites.

Dave Bittner: [00:03:34:09] The Caucasus is not the only place where DDoS is a problem. It's a mounting challenge everywhere. British bank HSBC recovered over the weekend from a distributed-denial-of-service attack that disrupted month-end payrolls and tax filing, and this incident was no outlier. DDoS attacks continue to proliferate. They're relatively inexpensive to mount, they can deliver either a direct extortion payoff or serve as a misdirection for more serious attacks, and the growing Internet-of-things offers opportunities for botnet wranglers. Hence, as a Chicago Tribune headline puts it, "Forget power stations, worry about toasters."

Dave Bittner: [00:04:09:24] Those who like their games, take heed. While Google monitors and controls access to Google Play, an app's appearance there is no infallible sign that the app is safe. Researchers at Dr. Web warn that they've found more than 60 Trojanized games in the store.

Dave Bittner: [00:04:25:09] In industry news not connected to Norse's fortunes, Symantec closed the Veritas sale as it continues to refocus on its core security business. Fortinet's good earnings tide last week lifted the share-price boats of CyberArk and Palo Alto Networks, too.

Dave Bittner: [00:04:39:24] And finally, there was no happy landfall in any Atlantic Safe Harbor. The agreement between the US and the EU has lapsed. National European privacy authorities are expected to announce their next move this Wednesday.

Dave Bittner: [00:04:55:01] This CyberWire podcast is brought to you by the Digital Harbor Foundation, a non profit that works with youth and educators to foster learning, creativity, productivity and community through technology education. Learn more at

Dave Bittner: [00:05:15:08] I'm joined by Joe Carrigan, he's a senior security engineer with the Johns Hopkins Information Security Institute, they're one of our academic and research partners. Joe, obviously one of the missions of Johns Hopkins is, is training our next generation of cybersecurity professionals. I'm curious, what are the, the types of opportunities that you all are seeing demand for, as people are coming to the university for training?

Joe Carrigan: [00:05:36:02] Well, there's demand for a lot of things. At, at the University we prepare people for leadership positions in the cybersecurity field but that doesn't have to be where everybody goes in, in cybersecurity. There's actually a lot of demand for a lot of people with skills and it doesn't take a mas-- Master's degree, in a lot of cases it doesn't even take a Bachelor's degree.

Dave Bittner: [00:05:56:00] Really?

Joe Carrigan: [00:05:56:14] Get a couple of certifications, like an A+ or Security+ certification and a certification in some security product, and you can actually start working managing that product right off the bat.

Dave Bittner: [00:06:08:17] Now, I remember when the CSI television show started coming out, that there was a flood of people going to universities to learn to be, you know, forensic people and then, and then there was a flood of, of people looking for those jobs, and the jobs weren't available. Is that the situation in cyber? Cyber's certainly hot right now.

Joe Carrigan: [00:06:26:19] Yes, I don't see any slow down in the demand for people in cybersecurity. It's going to be big as long as companies are losing money to cybersecurity events.

Dave Bittner: [00:06:37:11] So for the person coming out of high school who's maybe considering a career in cybersecurity, what kinds of things should they be considering as they're looking for where to get their next round of education?

Joe Carrigan: [00:06:47:22] Well, it depends on what their goals are, but let's, let's take someone who's, who's college bound. I would recommend that they, that they major in computer science and focus as much as they can on security during the course of their education at whatever institution it is they're going to.

Dave Bittner: [00:07:04:24] Joe Carrigan, thanks for joining us.

Dave Bittner: [00:07:08:16] And that's the CyberWire. For links to all of today's stories along with interviews, our glossary and more, visit If you enjoy the CyberWire podcast, please go on iTunes and review the show. It really does make a difference and helps us spread the word. Thanks.

Dave Bittner: [00:07:23:14] The CyberWire podcast is produced by CyberPoint International, and our editor is John Petrik. Thanks for listening.