The CyberWire Daily Podcast 2.1.17
Ep 277 | 2.1.17

Bear prints around the Czech Foreign Ministry. Tinker, tailor, soldier, hacker, Humpty Dumpty. Gamer forum breaches. Where in the world is Phineas Phisher?


David Bittner: [00:00:03:19] Bear prints in the Czech Foreign Ministry. Tinker, tailor, soldier, hacker in Moscow with a side of Humpty Dumpty. Gamer forum data breaches go undetected for 17 months. Credential reuse in the limitations of human memory are seen as a big threat to security. And IBM's study throws up its hands over the state of healthcare Cyber Security. And Phineas Phisher, depending on whom you believe is either under arrest or still at large.

David Bittner: [00:00:35:01] And now a quick thank you to our sponsor, Palo Alto Networks. You can visit them at Businesses and their data are heading to the cloud in record numbers making the cloud an integral part of almost every enterprise level organization. Palo Alto Networks understands this, along with the fact that your data and applications are distributed across the private cloud, the public cloud, software as a service environment and any number of configurations in between. Make sure that your data and apps are secure and protected wherever they may be. Palo Alto Networks delivers the broadest most comprehensive cybersecurity for private cloud, public cloud and software as a service environment. Remember, secure clouds are happy clouds. Find out how to secure yours. You can get started today at And we thank Palo Alto Networks for sponsoring our show.

David Bittner: [00:01:39:12] Major funding for the CyberWire podcast is provided by Cylance. I'm Dave Bittner in Baltimore with your CyberWire summary for Wednesday, February 1st, 2017. International conflict in cyberspace raises a few interesting stories today. The latest government to experience what has the signs of a Fancy Bear visitation, that is attention from Russia's GRU, is the Czech Republic's. The country's Foreign Ministry disclosed that its email system has been illicitly accessed. Foreign Minister, Lubomir Zaoralek said the intrusion appeared to be the work of a nation state. He didn't say which nation state, but he pointedly observed that the incident looked a lot like last year's email doxing of the US Democratic National Committee. General consensus among observers and there's not much dissent in evidence on the matter, is that it's probably the work of Russian intelligence services.

David Bittner: [00:02:31:02] We've seen reports that ISIS information campaigns suggest that the Caliphate is beginning to splinter. Whether this foreshadows a terrorist diaspora or tighter centralized control is still unknown. But it appears that the fissures are due to military pressure in the Caliphate's core claimed territories. Thus, it seems to be kinetic and not information operations that are hurting ISIS. US Central Command's WebOps information campaign against ISIS is drawing poor reviews from both observers and whistleblowers. Bloomberg characterizes WebOps as a botched operation. Critics allege WebOps has been a slipshot effort marred by indifferent linguistic skills, tendentious self-assessments and cronyism. The campaign prominently featured engagement with ISIS adherents and potential adherents in social media. But critics see such engagement as defeated by poor mastery of Arabic vocabulary, let alone idiom, by the operators.

David Bittner: [00:03:29:00] The FSB officers arrested by Russia are now being officially accused of ties to the US CIA, so there clearly is an espionage dimension to the scandal. That doesn't of course, rule out criminal corruption as well, especially given the inter-penetration of cybercrime and cyber espionage, researchers see in Russian practice. Bloomberg columnist Leonid Bershidsky wrote about the FSB that, "Parallel to their official duties, officers often run private security operations involving blackmail and protection." Apparently, the online gadflies of Shaltai Boltai really have put a burr under the Russian leadership's saddle. The big wigs are particularly exercised over its revelation of discreditable communications among Kremlin insiders. This gives the affair some symmetry with corresponding American uneasiness over the role WikiLeaks has played in shaping public opinion. According to Radio Free Europe/Radio Liberty, Vladimir Anikeev, Shaltai Boltai's founder, has also been arrested but hasn't been charged with espionage.

David Bittner: [00:04:34:17] An article in the Moscow Times suggests that the incident represents characteristically fierce in-fighting among security agencies and that in particular the FSB's Information Security Center may have grown too powerful for the liking of its rivals. And those rivals are now being permitted to purge it. Two of those arrested, Colonel Sergei Mikhailov and Major Dmitry Dokuchaev belonged to the Information Security Center. It wouldn't be the first time in Russian history that one intelligence organization has purged another.

David Bittner: [00:05:06:12] The news isn't all tinker, tailor, soldier, hacker. More conventional forms of cyber threat of course persist. It appears that personal information of about two and a half million PlayStation and Xbox gamers have been exposed in a hack of gaming for a Xbox 360 ISO and PSP ISO. The hack occurred in 2015, but its details are just now coming to light.

David Bittner: [00:05:30:24] One of the challenges facing cybersecurity professionals is the proper allocation of resources. You've got a budget and a team but how do you decide how much of those precious resources get channeled toward any particular task or threat? Trustwave just published a survey report titled Money, Minds and the Masses, a study of cybersecurity resource limitations and we spoke with Trustwave's Chris Schueler about what they found.

Chris Schueler: [00:05:53:23] The very deep and wide chasm that CISOs and VP of security have to go fill and to get funding to fill all the various voids and gaps, it can be very expensive. The challenge is what we're seeing and the report does back it up. We're trying to conquer the achievable and that's the low hanging fruit and going after the end points, going after email, web filtering. Those are probably the most heavily utilized in an organization. They're getting funding for those items but they're not getting funding for the rest of the items. Many of those items are the ones that they probably the most focus on. Because they're going to find that's the nastiest stuff that would impact their environment.

David Bittner: [00:06:50:21] I was interested to see the report found that turnover was a particular problem.

Chris Schueler: [00:06:56:03] Turnover's been a very big challenge in the industry. And predominantly, it's because when you look at the skills required in IT security, there's been huge evolution for us. Our understanding of various attacks against organizations, we've quickly realized there's a lot of positions that needed laser focus for those challenges. Ten years ago, the generic IT security admin or engineer, the skill level was a five out of ten. In the last decade, our understanding of the attacks, and the way that cybercrime organizations and government nation states, have become much more sophisticated. So subsequently the skills required for the good guys have become more challenging. You have people that have entered the security space at the lower level and saw that they had an expertise in a given area.

Chris Schueler: [00:08:10:08] Maybe it's pen testing, incident response, deep threat research. The challenge is that a lot of private organizations, get their ability to fund that growth as a challenge for those individuals. Anybody with a high demand skill, are going to look out in the market, see if anyone's willing to pick them up as a threat researcher for example. And People do.

David Bittner: [00:08:40:15] That's Chris Schueler from Trustwave. cybersecurity in the health care sector continues to prompt eye rolling from industry observers. In the UK, half the National Health Service Trusts only scan their web applications for vulnerabilities annually, if that often. Looking at the sector as a whole, IBM offers some despairing lyricism. It's a leaky vessel in a stormy sea.

David Bittner: [00:09:06:15] Finally, Spanish police say they've nabbed Phineas Phisher, famous for hacking the controversial lawful intercept tool providers Gamma Group and Hacking Team. But Mr. Phisher has since communicated that he's safe and still at large.

David Bittner: [00:09:25:22] Time for a shout out to our sponsor CyberArk. The riskiest vulnerability any organization has lies in its privileged accounts. When those who wish you ill gain privileged access to your enterprise, they can do almost anything they want. They own you. CyberArk is the only security company focused on eliminating the cyber threats that turn insider privileges against the enterprise. CyberArk stops those attacks before the attacks stop your business. Consider ransomware, a billion dollar criminal market. CyberArk labs tested more than 23,000 real world ransomware samples and found that by removing local administrator rights and implementing application control policies, none of those ransomware samples could encrypt files.

David Bittner: [00:10:07:08] To learn more about CyberArk's research and the ransomware they studied, visit to download the free report. Secure your privileged accounts from endpoint to cloud with CyberArk. That's And we thank CyberArk for sponsoring our show.

David Bittner: [00:10:30:08] And joining me once again is Emily Wilson, she's the Director of Analysis at Terbium Labs. Emily, doxing, you wanted to make the point that doxing is becoming more of a common thing to see online, particularly in the Dark Web world.

Emily Wilson: [00:10:46:18] I think that's definitely the case. Doxing has been around for a long time. When you think of doxing in its original form, what you see is people taking revenge on hackers, gamers or people in an online community. This is becoming a much more common thing being used for people in the media that you don't like, or politicians that you don't like, or executive at companies you disagree with. It's become much more fair game. It's no longer something that crosses a line. This is part of the normal play book. I don't like you, or you said something I disagree with, I'm going to expose your personal information or your spouse or your kids, here's where you went to high school, here's your next door neighbor. This is becoming part of the way things work.

David Bittner: [00:11:42:13] Are you seeing availability of doxing as a service?

Emily Wilson: [00:11:47:19] Doxing as a service isn't quite what we see presented. You'll see things where someone will provide a list of targets and say have fun. It's much less, hey I'm here to dox anyone that you need, it does exist but it's more, here's a list a names, let's have fun. Or sometimes much more personally, this is my ex-girlfriend, make her life miserable.

David Bittner: [00:12:14:20] Rather than having a book or gaming club, people gather around virtually and come at people for sport?

Emily Wilson: [00:12:24:24] Yes. In some cases, it's groups against other groups. Here's anonymous attacking a trade association they disagree with. But in some cases, it's a group of individuals gathering around another individual for sport. Creepy is the word that comes to mind.

David Bittner: [00:12:46:12] From your point of view, monitoring this sort of thing, are there indicators where you can point out, there's a group starting to gather information on you. Or is it more spontaneous than that?

Emily Wilson: [00:13:00:12] It depends. There are times when a group or individual is making a shift to a new industry or a new interest or a hey, watch this space and you know that that actor tends to be focused on, so you have a sense. In other cases, it's a bit more spontaneous, whatever is in the news cycle, politicians during the election or certain information during the Dakota pipeline situation, or even law enforcement in the wake of a police shooting for example. There are certain things like that where you imagine this has happened and someone's going to get doxed, not sure who, but there are obvious choices.

David Bittner: [00:13:48:07] Alright, interesting stuff, Emily Wilson thanks for joining us. And that's the CyberWire. For links to all of today's stories, along with interviews, our glossary and more, visit Thanks to all of our sponsors for making the show possible especially to our sustaining sponsor Cylance. For more information about how Cylance can help protect you, visit The CyberWire podcast is produced by Pratt Street Media. The Editor is John Petrik. Our Social Media Editor is Jennifer Eiben and our Technical Editor is Chris Russell. Our Executive Editor is Peter Kilpe and I'm Dave Bittner. Thanks for listening.