John Petrik: [00:00:03:16] Chinese cyber operations seek both Russian and US targets. Investigation into FBI and Department of Homeland Security doxing continues. A cyber gang may have manipulated a regional currency exchange in Russia. Some cyber story stocks recover a bit in a down market, and venture interest in the sector remains high. Yesterday was Patch Tuesday, we go over that. The proposed US Federal budget includes a lot of spending on cyber, and the White House announces a "National Cyber Security Action Plan."
Dave Bittner: [00:00:34:00] This CyberWire podcast is made possible by the Johns Hopkins University Information Security Institute providing the technical foundation and knowledge needed to meet our nation's growing demand for highly skilled professionals in the field of information security, assurance and privacy. Learn more online at isi.jhu.edu.
John Petrik: [00:00:56:16] This is John Petrik, the CyberWire's editor, in Baltimore filling in for Dave Bittner with your CyberWire daily podcast for Wednesday, February 10th, 2016.
John Petrik: [00:01:05:11] Nation-state hacking continues to roil international relations. China, in what Kaspersky thinks is a pivot toward Russian target sets, possibly inspired by Sino-American cyber negotiations, appears to be going after more Russian enterprises. In any case, Russia's apparently seeing a lot more "Chinese-speaking APTs" nowadays.
John Petrik: [00:01:23:20] For all that apparent pivot, US Director of National Intelligence Clapper says Chinese cyber espionage against American targets continues unabated. He characterizes the data theft as a "hemorrhage."
John Petrik: [00:01:35:00] Investigation into the doxing of the US FBI and Department of Homeland Security continues, but without, so far, too much information about either damage or attribution. Motherboard seems to have a source among those responsible, but little is known about them beyond their public adherence to Palestinian causes.
Dave Bittner: [00:01:52:20] This CyberWire podcast is brought to you through the generous support of Betamore, an award winning co-working space, incubator and campus for technology and entrepreneurship located in the Federal Hill neighborhood of downtown Baltimore. Learn more at betamore.com.
John Petrik: [00:02:12:24] The CyberWire recently spoke with Joe Carrigan of the Johns Hopkins University's Information Security Institute about the implications of such breaches for privacy. Here's what he had to say.
Dave Bittner: [00:02:22:16] Once again, I'm joined by Joe Carrigan from Johns Hopkins Information Security Institute, they're one of our academic and research partners. Joe, we see an endless stream of data breaches, and the famous ones like OPM and Target. Is giving up our privacy, is that just a cost of being online these days in the digital age?
Joe Carrigan: [00:02:39:18] A cost of being online? I don't know. A cost of doing business with people, probably. Think about the Office of Personnel Management breach. This is something that people really didn't expect to have happen to them. You know, they have-- their-- this is all their information when they apply for security clearance. You'd expect that information to be secure and it just wasn't. With Target, you're talking about the breach of credit card information. That's not so damaging, the credit cards can be replaced.
Joe Carrigan: [00:03:06:19] But then you start talking about, like, Anthem Health, when they got breached and all the personal information. That's, that's much more damaging, those kind of breaches, OPM, healthcare information getting leaked out, because healthcare information generally contains all the information I need to steal someone's identity.
Joe Carrigan: [00:03:21:02] I thought something that was interesting that happened right after the breach of OPM was made public was the breach of Ashley Madison was made public.
Dave Bittner: [00:03:30:02] Right.
Joe Carrigan: [00:03:30:14] And if I was the intelligence agency that had all of the OPM records, I would be doing everything I could to get a hold of all the Ashley Madison records and to find the intersection of those two record sets.
Dave Bittner: [00:03:46:00] Why?
Joe Carrigan: [00:03:46:02] Because that is your high-value intelligence target, right there. This is people who I know have security clearances. There was a story that came out that said there were, there were about 14,000 matches.
Dave Bittner: [00:03:56:08] Wow.
Joe Carrigan: [00:03:57:01] What, what's really important is that you have a secret that's exploitable, that someone can say, "If you don't give me these-- this classified information, I'm going to let your wife know that you had an Ashley Madison account." That makes the person vulnerable, and that might cost them their clearance.
Dave Bittner: [00:04:12:09] Alright, Joe Carrigan, thanks for joining us.
John Petrik: [00:04:16:17] Returning to cybercrime news, the Russian hackers behind a wave of ATM heists are now thought to have been responsible for exchange rate manipulation at a Russian regional bank last year. The group, thought to be the gang known as "Metel," seem to have gained access to trading system terminals at Energobank. This enabled them to manipulate the bank's ruble-dollar exchange rates for their profit. It's worth noting that this hack was local, and didn't involve manipulation of global exchange rates or currency trading as a whole.
John Petrik: [00:04:44:16] Ransomware, that is CryptoWall and its sisters in crime, continues to plague businesses, particularly small and mid-sized firms. Compromised websites are serving up both CryptoWall and the Angler exploit kit. Heimdal says the sites are, quote, "scattering" the malware, which seems a fair characterization of the indiscriminate way such commodity crimeware is spreading.
John Petrik: [00:05:04:08] Law firms find themselves being targeted by Skype malware, the T9000 backdoor described recently by Palo Alto Networks. The attackers' aim appears to be to establish persistence in attorneys' networks with a view to harvesting sensitive information. Some observers are calling the campaign a criminal form of e-discovery.
John Petrik: [00:05:21:23] Yesterday of course was Patch Tuesday. Adobe, Google, and Microsoft all issued fixes. Microsoft alone published thirteen patches, six of them for critical remote-code execution vulnerabilities.
John Petrik: [00:05:33:01] There's considerable investor news today about the cyber sector. Analysts look at recently depressed share prices of cyber security firms, and most of them chalk the drop up to a mixture of general market nerves, some specific disappointing notes, and, above all, collateral damage from a pullback in related IT sectors. There are however some encouraging signs. FireEye, the story stock whose price drops have attracted considerable attention over recent weeks, is up sharply as we speak. Seeking Alpha attributes the rise to a pre-earnings upgrade by BTIG and also to analysts' sense that the company is turning around both cash-flow and cost-control.
John Petrik: [00:06:07:19] A number of unicorns, demi-unicorns, and aspiring unicorns also continue to draw strong support from venture capitalists. Hexadite attracts $8,000,000 in Series A funding. Tenable Network Security pulls in a $250,000,000 Series B round, Tanium gets $120,000,000, and Cloudflare nets $110,000,000. Fireglass emerges from stealth, and Code DX is rumored to be an acquisition target. The venture capital tracker CB Insights says that 332 cyber security firms received funding last year, and there's a great deal of money being chased. Estimates of the expanding global market for cyber range from $75 billion in 2015 to 170 billion by 2020.
John Petrik: [00:06:51:15] In policy and legislative news, the pending Snooper's Charter in the UK receives mixed, but perhaps unexpectedly positive, reviews for its balancing of privacy and security. And in the UK current counter-extremism measures raise worries about profiling. It's unclear whether those worries will outweigh concerns over the threat radicalization is seen to pose, particularly radicalization of the young.
John Petrik: [00:07:13:21] Moving back to the US, despite reports that the FBI has still been unable to unlock a phone associated with the San Bernardino jihadist massacre, and despite an ISIS video that uses clips of Edward Snowden to boost ISIS sympathizers' awareness of the importance of encryption, Congressional appetite for restricting encryption appears to be waning a bit. Senator McCain remains a bit of a backdoor hawk, but there's a newly introduced bipartisan bill before the House that would pre-empt the states from doing anything to weaken encryption. Both New York and California state legislators have recently proposed such laws, and the House measure seems to be a response to those moves.
John Petrik: [00:07:49:08] The President's budget, that is, the draft spending the Executive is proposing to Congress, has now been out long enough for analysts to pore over. They deploy their usual hermeneutical skills in close-reading the document, and they see big increases in cyber spending across Federal agencies. Of particular note are strong support for cyber in defense science and technology spending plans, new funds to bring US Cyber Command fully into battery, and an increase in funding for military cyber training.
John Petrik: [00:08:15:24] The White House has also proposed a "National Cyber Security Action Plan," and done so to generally favorable reviews. The White House describes the plan as "bold," but the observers who like it see rather sensible continuity with past administrations, a commitment to modernization of IT systems, a new Federal CISO position, and some common-sense user education. Sometimes you don't have to be bold to do some good.
John Petrik: [00:08:40:24] Finally, dost thou dwell in Hearthstone? Have a care, Sirrah, lest thy churlish greed run thee into darkness deep. And on reflection, that news would have sounded funnier if my accent were more Jersey than New Jersey, but then you've gotta play the hand you're dealt. Anyway, it seems someone's written a cheat that claims to enable players of the online fantasy game Hearthstone to break the rules by enabling them to spin gold and other valuables out of nothing. In fact the cheat's just malware, so if you break the rules, you infect your device. So, come on, wizards, any archmages worth their staff should've seen that one coming. Varlets. Forget about it.
John Petrik: [00:09:20:09] And that's the CyberWire for Wednesday, February 10th, 2016.
John Petrik: [00:09:23:13] For links to all of today's stories, along with interviews, our glossary, and more, visit thecyberwire.com. The CyberWire podcast is produced by CyberPoint International, and this is the editor, John Petrik. We'll welcome our regular host, Dave Bittner, back from his vacation next week and until then, I'll be filling in. Thanks for listening.