Dave Bittner: [00:00:03:18] The US Intelligence Community releases its report on Russian election hacking and influence operations. Election hacking, not really, but influence operations? You betcha. European authorities worry about Russia inserting itself into 2017 elections. Law, and order, torts and Twitter. And a note on she-who-must-not-be-named (our listeners in San Diego will know exactly whom we mean).
Dave Bittner: [00:00:33:11] It's time to take a moment to tell you about our sponsor CyberSecJobs. If you're an information security professional seeking your next career or your first career, check out cybersecjobs.com and find your future. CyberSecJobs is a veteran-owned career site and job fair company for information security professionals and students. Job seekers can create a profile, upload their resume and search and apply for thousands of jobs.
Dave Bittner: [00:00:58:18] And it's great for recruiters too. If you're an employer looking to source information security professionals, contact CyberSecJobs about their flexible recruitment packages designed to meet your needs. To learn more, visit cybersecjobs.com, that's cybersecjobs.com, and we thank CyberSecJobs for sponsoring our show.
Dave Bittner: [00:01:28:13] Major funding for the CyberWire podcast is provided by Cylance. I'm Dave Bittner, in Baltimore with your CyberWire summary for Monday, January 9th, 2017.
Dave Bittner: [00:01:38:18] The US Intelligence Community on Friday released its promised report on Russian election hacking. The report had been expected some time this week, but it was issued soon after the President-elect was briefed on its contents. The work of the CIA, FBI, and NSA, the report as expected is longer on conclusions than it is on evidence, evidence usually being more sensitive than conclusions, because it's likelier to reveal sources and methods.
Dave Bittner: [00:02:05:12] Those conclusions are that the Russian government sought to influence the US presidential election, with a goal of ensuring that either major candidate would wind up either compromised, indebted, or damaged. The analysis holds that President-elect Trump was the Russians' preferred candidate, although their efforts were for some time premised on the assessment that former Secretary of State Clinton would be the eventual winner.
Dave Bittner: [00:02:28:18] The Senate Select Committee on Intelligence will begin an investigation tomorrow. Initial reactions range from outrage against Russia's activities to skepticism concerning evidence in the analysis. The analysis is brief and worth reading.
Dave Bittner: [00:02:42:16] Two mild surprises: part of the Russian motivation seems to have been retaliation for embarrassment by the World Anti-Doping Agency, and the UK's GCHQ may have tipped US intelligence off to some Russian activity. Something that's not surprising, RT is basically a Russian government mouthpiece. Lots of people have been shocked, shocked at this, but where have they been? Our staff reads RT with pleasure, but they understand what they're getting.
Dave Bittner: [00:03:10:15] The European Commission and the French government are taking a perceived Russian threat to 2017 elections seriously, looking to shore up defenses. Presumably those defenses will include a counter narrative to expected influence operations. US officials are mulling their options in this respect as well.
Dave Bittner: [00:03:29:10] We checked in with Robert M Lee, CEO of the industrial cybersecurity firm Dragos Incorporated, for his reaction to the declassified report.
Robert M. Lee: [00:03:38:11] So they intended to understand, did Russia attempt to influence the election? Did this originate from Putin, and what was his motivation if so? But they said right up front, our intention is not to understand if there were manipulations of votes, if it actually resulted in an impact that changed the election, or any of those other hot topic items that were by their very nature, very political.
Robert M. Lee: [00:04:07:08] That, to me, was probably the best thing they could start off with, to note that the intelligence community is apolitical. They are not in favor of any party and serve, and have served, under many parties. So it is just about intelligence assessments itself.
Robert M. Lee: [00:04:22:23] The piece that probably gave some folks confusion, I think there were probably two things in there, was the fact that when there was an assessment by the FBI, the NSA and the CIA, there was a difference in their assessment confidence levels. The CIA and FBI came out with a high confidence assessment, whereas the NSA came out with a moderate confidence assessment.
Robert M. Lee: [00:04:45:07] But there's an important clarification there to understand. Number one, they were talking about the motivation ascribed to the Russian state. There was no difference amongst anybody involved in this in the fact that Russia attempted to influence the election. The confidence ratings was around why Putin attempted to do this.
Robert M. Lee: [00:05:06:00] The second thing to know about that is the CIA, NSA and FBI obviously focus on very different data sets, where NSA is intercepting communications and CIA would have human contacts, and be much more close to these type of discussions. But the single most important thing about these different confidence levels is, when I sought this, it made me very excited to see the difference, because it showed this independence of thought process between the CIA and NSA, and that there wasn't this political agenda, there wasn't this attempt to try to calm the public. If you were writing this report for the purpose of just convincing the public of an argument, you would have a combined front, very simply.
Robert M. Lee: [00:05:50:18] But the fact that they actually had a rigorous approach to this, exactly like you would expect any other intelligence report and have independent judgment and independent thought, really made me proud of the intelligence community actually.
Dave Bittner: [00:06:03:17] Is it unusual to see this kind of unanimous agreement in a joint report like this?
Robert M. Lee: [00:06:10:10] Absolutely. I think it's fair to say that there is some inner agency rivalry, and for the NSA and CIA to really agree on anything it is pretty outstanding. These are very strong-willed groups that are arguing with each other, but the competitive nature between the two ensures that the intelligence that gets to the president is as best as it can be. So, for them to come out and have the same assessments, and have a moderate to high level confidence on even things such as motive, it is pretty significant.
Robert M. Lee: [00:06:52:01] The last thing I would say about the document is, we will undoubtedly see folks that come out and say, "Look, this isn't convincing," and to that effect I would say that the intelligence community really isn't in the business of convincing the American public of anything, especially when it comes to this debate which has been very emotional for folks. I don't know what evidence there would be or what smoking gun there even could be that would actually turn people's minds or change their opinions. Instead they just held their ground and said, "You know what, we're not going to burn a bunch of trade craft, we're not going to burn a bunch of sensitive sources to try to make an argument to potentially an audience that may not really want to listen anyway because of the political situation. So we're just going to come out and be professionals and make our assessment and take it or leave it." I think it was a very appropriate way to handle that.
Dave Bittner: [00:07:44:06] That's Robert M. Lee from Dragos Security.
Dave Bittner: [00:07:49:01] In other news, it's not all Russian cyber attacks. The Baltic News Agency, which reports on Latvia, Lithuania, and Estonia, sustained a denial-of-service attack late Friday, which, come to think of it, might be a Russian cyber attack after all. Vlad? Anything to say?
Dave Bittner: [00:08:06:22] The DragonOK APT group, linked to China's PLA, is said to be newly active against Tibetan and Russian targets.
Dave Bittner: [00:08:15:11] A couple of bits of legal or quasi legal news. This guy who says he invented email is suing Techdirt for saying "No he didn't invent email." The suit may be worth watching, if only because the plaintiff's attorney is the guy who represented Hulk Hogan against Gawker.
Dave Bittner: [00:08:31:13] Finally, we've been following some horrifying IoT Frankensteins, most disturbingly the Rhode Island School of Design's slaving of Billy the Big-Mouthed Bass to Amazon's Alexa smart home system. There's more. Mattel has announced "Aristotle," a voice-activated hub for a children's smart-room. It's based on Microsoft Cognitive Services and secured by Qualcomm and Silk Labs. So far, so good; we just hope Aristotle's peripatetic ways don't take him down the sad path trodden by Tay. It shouldn't, Aristotle ought to be old enough to know better.
Dave Bittner: [00:09:07:11] But there's more, and henceforth we're going to refer to Alexa as "She Who Must Not Be Named," for reasons that will immediately be clear. A San Diego TV news program was covering a cute, kids-do-the-darndest-things human interest story about a little girl who made a wish to She Who Must Not Be Named, answered, to the parents' discomfiture, by Amazon's delivery of a Sparkle Mansion dollhouse and one hundredth of a hackerweight of sugar cookies. The new anchor gushed about the cuteness, saying "I love the little girl, saying 'She Who Must Not Be Named ordered me a dollhouse'."
Dave Bittner: [00:09:42:19] Sure enough, dollhouses were soon ordered throughout the viewing area. Did we mention that Echo enables Amazon ordering by default? We didn't know that, either. So in case She Who Must Not Be Named is listening, this podcast is not ordering Sparkle Mansions, Care Bears, My Little Ponies, or any zombie-themed toys. We're a family show, but come on, there are limits.
Dave Bittner: [00:10:12:12] Time for a moment from our sponsor, Netsparker. You know, web applications can have a lot of vulnerabilities - of course you do, you're a regular listener to this podcast - and, of course, every enterprise wants to protect its website, but if you have a security team you know how easy it is for them to waste time culling out false positives.
Dave Bittner: [00:10:29:09] You need to check out Netsparker. Their technology not only automatically finds vulnerabilities in web applications, but it automatically exploits them too and even presents a proof of exploit. Netsparker cloud scales easily; you can use it automatically scan thousands of websites in just a few hours.
Dave Bittner: [00:10:46:12] Learn more at Netsparker.com, but don't take their word for it. Go to netsparker.com/cyberwire for a free 30-day fully functional trial of Netsparker desktop or cloud. Scan your websites with Netsparker for a month, no strings attached. That's netsparker.com/cyberwire, and we thank Netsparker for sponsoring our show.
Dave Bittner: [00:11:13:15] Joining me once again is Emily Wilson, she's the Director of Analysis for Terbium Labs. Emily, we talk about the dark web you and I, and I'm curious to know what is law enforcement's relationship to this community? What's the expectation for people online that law enforcement is lurking around or keeping an eye on things?
Emily Wilson: [00:11:32:24] There's definitely an expectation that law enforcement will be around and will be watching, I think especially when you're dealing with something that's a little bit more high profile. You know, we saw many of the major markets pull weapons from their listings after the terrorist attacks last fall, for example, both in reaction to the horrific acts, and also wanting to reduce the likelihood of law enforcement digging into these marketplaces.
Emily Wilson: [00:11:56:08] But yes, people definitely expect law enforcement to be around. I think especially when you get a really obvious question in a forum, people are quick to 'spot the Fed', as it were.
Dave Bittner: [00:12:06:19] How much has this changed people's behavior, this notion that someone's watching?
Emily Wilson: [00:12:10:00] People are definitely a little bit more sensitive, I think especially for more seasoned users to avoid giving away too much information. I think this is both personal information - you don't want to say too much about yourself or your home life or your location or occupation - and I think also when you're dealing with something like people discussing where they might have a source of stolen cards or reviewing a drug purchase, you want to make sure that you can avoid giving away too much information that might help law enforcement.
Emily Wilson: [00:12:44:01] So you may, for example, say, "The stealth was fantastic on this packaging, it took me 20 minutes to find the pills," but I'm not going to go into more detail because law enforcement may be watching.
Dave Bittner: [00:12:53:08] Are there occasions where there's a major bust and something goes down, someone gets busted and the community reacts to that?
Emily Wilson: [00:13:02:20] Yes, definitely. I think especially when you see stories in the news about someone being caught with an inordinate amount of drugs, or people with a huge number of credit cards in their possession, or someone who has 5500 social security numbers at their house in Florida. People are quick to say, "Well, clearly they were on the dark web." But the community finds it funny. They like to laugh at it because of the absurdity of someone who clearly wasn't managing things well.
Emily Wilson: [00:13:27:06] There are of course also more serious take-downs. People are concerned, major busts of big vendors who have retired and then have been outed in an investigation.
Dave Bittner: [00:13:36:13] So it's really a cat and mouse game, where you may not even know that law enforcement is shutting things down or putting a stop to things?
Emily Wilson: [00:13:46:00] Yes, and I made the joke earlier, this 'spot the Fed'. For every obvious question that you see, there are also so many people who are working tirelessly behind the scenes for years on end, to help put an end to some of these things that do happen on the dark web. Exploitation, for example, the big shutdowns we've seen in recent years of some of these sites and the community is equally happy to see those kinds of horrific acts being stopped.
Dave Bittner: [00:14:10:23] Emily Wilson, thanks for joining us.
Dave Bittner: [00:14:15:05] That's the CyberWire. For links to all of today's stories, along with interviews, our glossary, and more, visit thecyberwire.com.
Dave Bittner: [00:14:21:23] Thanks to all of our sponsors, who make the CyberWire possible and special thanks to our sustaining sponsor, Cylance. Learn more about how Cylance prevents cyber attacks at cylance.com.
Dave Bittner: [00:14:32:05] The CyberWire podcast is produced by Pratt Street Media. The editor is John Petrik. Our social media editor is Jennifer Eiben, and our technical editor is Chris Russell. Our executive editor is Peter Kilpe and I'm Dave Bittner. Thanks for listening.