The CyberWire Daily Podcast 7.17.17
Ep 392 | 7.17.17

Qatar accuses UAE of disinformation, hacking campaign. Other international cyberconflict. Ransomware and clickfraud in one campaign. Banking credential-stealing malware vs. Macs.


Dave Bittner: [00:00:00:10] Over the weekend we passed the two million downloads mark for the CyberWire Podcast. Thanks to all of you for being a part of that. You can find out how to support us at

Dave Bittner: [00:00:15:02] Qatar accuses the United Arab Emirates of a hacking and disinformation campaign. Russia's Foreign Ministry says it was hacked. Russia experts in the US were said to be receiving unwelcome attention from possible state intelligence services. Deterrents and confidence building measures remain works in progress in cyberspace. Ransomware and click-fraud are combined in a single criminal campaign. Macs attacked by banking credential stealing malware. Twitter bots are driving traffic to dodgy adult sites, and Ashley Madison proposes a settlement for 2015 breach.

Dave Bittner: [00:00:53:20] Now I'd like to tell you about an opportunity from our sponsors Cylance. If you're going to be in Las Vegas for this year's Black Hat, be sure to stop by booth 716, and let Cylance show you how artificial intelligence and machine learning power technology that can predict attacks and prevent them before they can execute. They'll show you how CylanceOPTICS with its prevention based endpoint detection and response detects hard to find threats across the enterprise. See what this new technology can do to give your team the insight security analysts need to take corrective action fast. What goes on in Vegas shouldn't in this case stay in Vegas. Once you see it you'll want to take CylanceOPTICS home with you. Visit for more on end point detection and response and write down booth 716. And we thank Cylance for sponsoring our show.

Dave Bittner: [00:01:51:10] Major funding for the CyberWire Podcast is provided by Cylance, we'll be hearing a lot from them over the next couple weeks. I'm Dave Bittner in Baltimore, with your CyberWire Summary for Monday, July 17th, 2017.

Dave Bittner: [00:02:03:09] The Washington Post citing anonymous sources within the US Intelligence Community in a report claiming that the United Arab Emirates was responsible for hacking Qatari news and information sources with fake stories expressing sympathy for Iran, Israel, and ISIS. The FBI, which assisted Qatar's investigation had earlier attributed the attack to Russian actors, possibly criminals, freelancers, or hired guns. The incident involved clear disinformation and had serious diplomatic effects. On May 24th of this year hackers took over the feed of the Qatar News Agency and disseminated stories that attributed strongly pro-Iranian and pro-Zionist statements to Qatari leaders. There's an obvious degree of implausibility of any Arab leader holding such essentially incompatible views, but the planted remarks were incendiary enough to exacerbate tensions between Qatar and its Arab neighbors, especially such other members of the Gulf Cooperation Council as Saudi Arabia and the United Arab Emirates.

Dave Bittner: [00:03:05:15] This resulted in a diplomatic rupture and an ongoing regional crisis that has among other things, seriously impeded US efforts to intervene against ISIS and the Assad regime in Syria's multipartite civil war. Thus seems a clear case of disinformation, black propaganda disseminated in cyberspace.

Dave Bittner: [00:03:26:06] While the FBI initially attributed the operation to Russian operators, the Post's anonymous sources are telling it that UAE authorities discussed the operation on May 23rd, the day before it took place Those same sources say the attacks originated specifically in Abu Dhabi, and that it's unclear whether they were carried out by the government directly, by contractors, or by some other hired third party. Qatar has denounced the United Arab Emirates, citing the Post's story as unequivocally proving that this hacking crime took place. They characterize the incident as a violation of international law.

Dave Bittner: [00:04:03:02] The United Arab Emirates denies any involvement in the hacking and disinformation and insists the real story is Qatar's sympathy for terrorist organizations. At the root of the tensions among the Gulf States lie divergent views about a proper role for the Muslim Brotherhood and the legitimate sources of Islamic temporal authority in the region. Qatar has said Saudi Arabia and the UAE feel themselves threatened by Qatar's relative liberalism, a distinction perhaps more visible from within the three monarchies than it is from without. The story is developing, we'll be following it over the course of the week.

Dave Bittner: [00:04:39:02] Russia's Foreign Ministry said Friday that it had been the victim of a protracted and damaging cyberattack. The Ministry says its email servers were hacked with grave consequences. The attacks are said to have taken place last month and originated in Hungary and Iran. But a lot of other countries are mentioned in dispatches: China, India, the European Union, and especially, the US. The Moscow Times cited a Ministry spokeswoman who said that "88 percent of all visits to the Foreign Ministry's site were cyber-villains with U.S. IP addresses."

Dave Bittner: [00:05:15:23] There are also reports of doxing attempts, some successful, against online accounts of US experts on Russia, which are seen as potential battlespace preparation for ongoing information operations. No attribution, but Russian intelligence services are suspected. The presumed goal is the preemptive discrediting of potentially unsympathetic experts during future confrontations in cyberspace. Such confrontations seem inevitable. The possibility of Russo-American cooperation against cyberthreats briefly floated by US President Trump at the end of the G20 meetings is long gone, and lasted less than a day. But the US unsurprisingly remains open to negotiations that might build confidence and reduce tension in cyberspace. The model for such efforts would be Cold War era arms control regimes, or at least that's the working model most people thinking about the matter, appear to bring with them.

Dave Bittner: [00:06:11:04] Such agreements would also seem to depend upon the emergence of some reliable model of deterrence, which is also in its infancy. A number of states are taking public steps toward increasing their cyber capability. Japan is the most recent power to announce such a move, and the US is beginning the long-planned process of separating Cyber Command from the National Security Agency.

Dave Bittner: [00:06:33:23] Turning to conventional cybercrime, NemucodAES ransomware and Kovter click-fraud exploits are being distributed in the wild by a common campaign. The SANS Institute's Internet Storm Center says that it's noticed an uptick in spam carrying malicious .zip archives with JavaScript files designed to download and install both NemucodAES ransomware and Kovter click-fraud malware on Windows PCs.

Dave Bittner: [00:07:01:09] Check Point reports a campaign against Mac systems that uses certificates to bypass Mac Gatekeeper. The malware, OSX/Dok , is distributed in a phishing campaign. It's goal seems to be theft of banking credentials.

Dave Bittner: [00:07:16:22] Social media security firm ZeroFOX has been tracking Twitter bots luring people, men only, the reports say. With adult themed tweets that link them back to dating sites owned by Deniro Marketing. The same company that spambots drove traffic to earlier this year. ZeroFOX has been keeping an eye on this since February. The company says they think the bot controllers are probably affiliates of Deniro, and not Deniro itself.

Dave Bittner: [00:07:43:20] And finally you've probably familiar with the hanky-panky brokers at Ashley Madison. Only through legitimate research of course. Well Ashley Madison was breached in 2015, with some thirty-seven million records on customers exposed in the incident. A hacking group calling itself the Impact Team threatened to release the illicitly obtained information unless Ashley Madison shut down, and when the service refused to do so, the hackers made good on their threat, with sad consequences that allegedly included incidents of blackmail and possibly at least one suicide. The adultery-facilitation service has reached a proposed settlement with its affected customers, the total it's proposing is eleven million two hundred thousand dollars in compensation. Ashley Madison denies any wrongdoing. But says it wishes to avoid the expense, inconvenience, and uncertainty of protracted litigation.

Dave Bittner: [00:08:42:15] Now another message about some research from our sponsor Cylance. You know good policy is informed by sound technical understanding. The crypto wars aren't over. Cylance would like to share some thoughts from ICIT on the surveillance state in censorship, and the conundrum of censorship legislation. They've concluded that recent efforts by governments to weaken encryption, introduce exploitable vulnerabilities, and applications, and develop nation state Dragnet surveillance programs will do little to stymie the rise in terrorist attacks. These efforts will be a detriment to natural security and only further exhaust law enforcement resources and obfuscate adversary communiques within a massive cloud of noise.

Dave Bittner: [00:09:25:22] Backdoors for the good guys means backdoors for the bad guys, and it's next to impossible to keep the lone wolves from hearing the howling of the pack.

Dave Bittner: [00:09:34:06] Go to and take a look at their blog, for reflections on surveillance, censorship, and security. That's And we thank Cylance for sponsoring our show.

Dave Bittner: [00:09:51:19] Joining me one again is Joe Carrigan, he's from the Johns Hopkins University Information Security Institute. Joe welcome back.

Joe Carrigan: [00:09:57:09] Thanks Dave.

Dave Bittner: [00:09:58:06] I wanted to talk today about jobs.

Joe Carrigan: [00:10:01:02] Right.

Dave Bittner: [00:10:01:16] And we have this ongoing jobs overage, too many jobs, not enough people to fill them.

Joe Carrigan: [00:10:08:00] It's a big problem.

Dave Bittner: [00:10:08:18] And you all, obviously Johns Hopkins, a well respected university. You all are kind of on the front lines with that? Trying to get people prepared.

Joe Carrigan: [00:10:16:03] We are involved with a couple of large efforts. One is the National Initiative for Cybersecurity Education. That's run out of NIST. It's NICE it was something that President Obama established. We also are involved with the Centers for Academic Excellence which is run out of the NSA. And it's a program for academic institutions at various levels of education. To carry their certification as a Center of Academic Excellence recognized by the NSA. And you apply for this. I work closely with some people at the NSA to try to get some of these applications approved. Particularly the two year institution level. We're talking about community colleges, that have cybersecurity programs.

Dave Bittner: [00:10:54:17] They were a four year institution with a masters degree program. So I work on the two year applications, so there's no conflict of interest. I'm not keeping other people out of the market.

Dave Bittner: [00:11:03:23] Right, you're not competing for the same students who would be sure.

Joe Carrigan: [00:11:06:02] Right, exactly. We also work with Hagerstown Community College. We have a class every year, once during the fall, it's coming up again this fall, we've just had a meeting with that. Where we go out and we talk to the students there. They're just learning about some of the research projects that we do. And one of the things that I tell the students when I teach my one class there. It's just one lecture that I give, is there's lots of different things you can do in the field. So if you go to a two year institution, you can immediately leave a two year institution and get into the cybersecurity field. Or you can transfer into a four year institution then go into the cybersecurity field. Or you can go into an advanced degree, get a masters degree, or even a PhD. Generally I've talked with our executive director Tony Deborah and other faculty. They think that it's better to get a computer science advanced degree, with a focus on security, especially if you're for a PhD. For a masters degree we have the MSSI degree and there other degree available from other institutions that are focused on cyber security as well.

Joe Carrigan: [00:12:07:17] But you don't need all that, if you just are a high school graduate. I'm not saying that these things are bad, of course they're great if you get the PhD and the master degree.

Dave Bittner: [00:12:16:00] Sure.

Joe Carrigan: [00:12:16:08] But if you're just a high school graduate and don't have you know, time or funds to get even into a community college, then there is a certification called Security Plus. TIAA, I think is the organization that offers that. And that's the minimum requirement to work on a federal contract where you are doing any kind of network administration.

Dave Bittner: [00:12:35:20] And the demand is so high that there is no shortage of opportunities for people who want to get in the field. I mean they're desperate to get qualified people out there in the field.

Joe Carrigan: [00:12:45:04] That's right. It's a great opportunity to get in.

Dave Bittner: [00:12:47:15] Alright. Good information, Joe Carrigan, thanks for joining us.

Joe Carrigan: [00:12:50:15] My pleasure.

Dave Bittner: [00:12:53:20] And that's the CyberWire. For links to all of today's stories along with interviews, our glossary and more, visit Thanks to all of our sponsors who make the cyberwire possible especially to our sustaining sponsors Cylance. To find out how Cylance can help protect you using artificial intelligence, visit

Dave Bittner: [00:13:10:24] Thanks once again to all of our supporters on Patreon. And to find out how you can contribute to the CyberWire go to The CyberWire Podcast is produced by Pratt Street Media, our editor is John Petrik, social media editor is Jennifer Eiben, and our technical editor is Chris Russell. Our executive editor is Peter Kilpe, and I'm Dave Bittner. Thanks for listening.