The CyberWire Daily Podcast 2.9.16
Ep 32 | 2.9.16

The CyberWire Daily Podcast 2.9.16


John Petrik: [00:00:03:14] Adapting cyber espionage tools for cyber crime. ISIS announces new targets in France. Security and law enforcement authorities seek to turn social media information into actionable intelligence but many challenges remain to be overcome. Support for weaker crypto weakens in the US Congress. And NSA makes grants to support undergraduate participation in cyber research.

Dave Bittner: [00:00:27:12] This CyberWire podcast is made possible by the Johns Hopkins University Information Security Institute, providing the technical foundation and knowledge needed to meet our nation's growing demand for highly skilled professionals in the field of information security, assurance and privacy. Learn more online at

John Petrik: [00:00:51:02] This is John Petrik, the CyberWire's editor, in Baltimore, filling in for Dave Bittner with your CyberWire daily podcast for Tuesday, February 9th, 2016.

John Petrik: [00:00:59:06] Kaspersky's been noticing increased adoption of cyber espionage tools by financial criminals. One group, the Russian gang using the "Metel" crimeware package, has been able to establish the sort of complex persistence APT groups commonly achieve, and it's been using them for, among other things, raiding ATMs.

John Petrik: [00:01:17:22] ISIS has announced that its principal targets in France will henceforth be demonstrations protesting immigration from the Middle East. Note that the targets announced are demonstrations not groups, which suggests that physical violence against demonstrators is envisioned. It seems worth mentioning in this context that refugees' flight from the Middle East to Europe has been largely driven by ISIS itself.

John Petrik: [00:01:38:19] The UN Secretary General, Ban Ki-moon, reported last week that some 34 groups, as he calls them, have in some fashion aligned themselves with ISIS. Police raids in Spain and Germany pull in suspected supporters of violent jihad, and another sometime Londoner is identified as the Western-pointing face of atrocity in Syria. US authorities appear to have turned one Jesse Morton into a snitch. Morton was the former proprietor of "Revolution Muslim," an al-Qaeda recruiter and inciter of violence against unbelievers and blasphemers. Morton has been released early from prison and is now reported to be following the path trod earlier by LulzSec's Sabu, helping the Feds build cases against his one-time clients and allies.

John Petrik: [00:02:19:17] Intelligence services would like very much to be able to mine social media for threat indicators and warnings, but data in social media are in many ways resistant to such analysis. The Baltimore Sun publishes notes on research efforts underway in DARPA and elsewhere designed to make the analytical problem more tractable. Part of the challenge lies in distinguishing bots from bods. More difficult still is distinguishing rants from serious threats, irony from earnestness, and so on, as researchers grapple with the long-recognized murkiness and fecundity of logical intentionality. Well, Willard van Orman Quine called the intentions "creatures of darkness" at least half a century ago, and creatures of darkness they remain and, in some ways, that's probably a good thing.

John Petrik: [00:03:01:21] Twitter, like Google, is showing a tentative private-sector contribution to combating radicalization. In Google's case, it's a display of counter-terrorist messages alongside search results that seemed prompted by extremist leanings on the part of the searcher. With Twitter, on the other hand, it's deletion of accounts judged as belonging to extremists. There's still nothing to suggest that the private sector has a technical solution to the problems security services, and their research arms, continue to grapple with.

Dave Bittner: [00:03:32:12] This CyberWire podcast is brought to you through the generous support of Betamore, an award-winning coworking space, incubator and campus for technology and entrepreneurship, located in the Federal Hill neighborhood of downtown Baltimore. Learn more at

John Petrik: [00:03:52:11] The role Federal law enforcement and intelligence organizations should play in cybersecurity continues to evolve in the United States. The Director of NSA is considering reorganizing his own agency for greater efficiencies and effectiveness. The Department of Homeland Security, which owns responsibility for the dot gov domain, among other things, is another significant player in Federal cybersecurity. We spoke recently with the University of Maryland's Markus Rauschecker, who gave us an overview of the Department's roles and missions.

Dave Bittner: [00:04:19:08] Joining me is Markus Rauschecker, from the University of Maryland's Center for Health and Homeland Security. They are one of our academic and research partners. Markus, the Department of Homeland Security, what are their roles and responsibilities in cybersecurity?

Markus Rauschecker: [00:04:32:15] The Department of Homeland Security plays a lead role in cybersecurity. It is one of the agencies that is charged with a tremendous amount of roles and responsibilities, when it comes to cybersecurity. One of those important roles is the coordination of all of the cybersecurity efforts that are going on. So DHS will help coordinate a lot of the efforts on the Federal side. It'll work with State and local partners to use all the resources available to make sure that the country as a whole has a good cybersecurity strategy.

Dave Bittner: [00:05:04:02] It's my understanding that their role is expanding with new cyber legislation?

Markus Rauschecker: [00:05:08:12] Absolutely. So DHS's role is going to become ever more important, especially now that we have new cybersecurity legislation. DHS will essentially be the portal for all of the cyber threat information that the private sector is going to start sharing with Federal government. All of the information that the private sector wants to share with the Federal government is going to go through DHS.

Dave Bittner: [00:05:29:06] So why DHS? Why specifically is their role expanding?

Markus Rauschecker: [00:05:33:13] So I think DHS's role is expanding for a couple of reasons. First, they have traditionally been the agency that has done a lot of the coordination of cybersecurity information, cyber threat information, on the civilian side. It was also very important for privacy groups, and civil liberties groups, when the Cyber Information Sharing Act was being formulated, that all the information going from private sectors should be going to a civilian agency and, of course, DHS was the natural choice.

Dave Bittner: [00:06:03:17] Markus Rauschecker, thanks for joining us.

John Petrik: [00:06:07:20] Legislation aimed at limiting access to strong encryption seems to be losing momentum in the US Congress, as policymakers explore alternative approaches to law enforcement and intelligence collection.

John Petrik: [00:06:17:16] The recently concluded US-EU Privacy Shield data transfer accord still needs to be worked out in practice. European mistrust of US surveillance capabilities and presumed intentions are in conflict with US and in truth European desire for more threat information sharing. EU officials think details of implementation will be firmer in about two months. In the meantime, observers warn companies not to misread Privacy Shield as an agreement with only regional implications. It's expected to have far-reaching effects on how data are handled, especially in clouds.

John Petrik: [00:06:49:15] Some new educational initiatives are out, and they're worth watching. NSA has made research grants to two universities: Marshall University of Huntington, West Virginia, and East Tennessee State of Johnson City, Tennessee. Both institutions are located in Appalachia. The NSA grants would support research that involved some significant undergraduate participation, with the additional goal of bringing members of under-represented regional groups into the cyber workforce.

John Petrik: [00:07:15:05] That's the CyberWire for Tuesday, February 9th, 2016.

John Petrik: [00:07:19:17] For links to all of today's stories, along with interviews, our glossary and more, visit the The CyberWire podcast is produced by CyberPoint International, and this is the editor, John Petrik. Our regular host, Dave Bittner, will be back from his travels sometime on the 16th. Until then I'll be filling in, and thanks for listening.