The CyberWire Daily Podcast 12.28.15

Dave Bittner: [00:00:02:24] Anonymous claims Turkish DDoS. Opponents mull responses to ISIS in cyberspace. Governments' involvement in Juniper backdoor? And Iranian group claims hack of downstate New York dam.

Dave Bittner: [00:00:17:03] This CyberWire podcast is made possible by the Johns Hopkins University Information Security Institute, providing the technical foundation and knowledge needed to meet our nation's growing demand for highly skilled professionals in the field of information security, assurance and privacy. Learn more on line at ISI.JHU.EDU.

Dave Bittner: [00:00:40:04] I'm Dave Bittner in Baltimore with your CyberWire summary for Monday, December 28th, 2015.

Dave Bittner: [00:00:46:10] A large distributed denial-of-service campaign continues to disrupt Turkey's servers. Online banking has been worrisomely affected, with other sectors sustaining various degrees of disruption. The .tr domain has been under attack since around December 14th, and Turkey's government has resorted to blocking inbound foreign traffic in an effort to mitigate the campaign's effects. Anonymous claims credit for the operation, which it maintains is retaliation for Turkish support of ISIS. Turkey naturally denies supporting ISIS.

Dave Bittner: [00:01:17:01] Anonymous also claims to have averted a significant terrorist action in Italy through its infiltration of ISIS communications, perhaps, the hacktivists darkly suggest, shared with various governments. Italian authorities have nothing to say on the matter.

Dave Bittner: [00:01:31:21] ISIS/Daesh over the weekend posted a new video mocking the Saudi-led coalition against extremism. ISIS sympathizers also took a poke at university websites in New Jersey and small business in Texas.

Dave Bittner: [00:01:45:07] The fight against ISIS makes for strange bedfellows: Russian intelligence services are said to be cooperating closely with Afghanistan's Taliban against Daesh.

Dave Bittner: [00:01:54:19] No government seems to have an answer to Daesh recruiting and inspirational chatter. Frustration moves some officials and policy wonks in the US to talk up measures to restrict strong encryption or access to jihadist websites. And China enacts a law that mandates backdoors, but these measures are overdetermined, they would have been attractive modes of social control in any case.

Dave Bittner: [00:02:16:13] A nominally independent Iranian group claims credit for the New York dam hack. Downstate officials continue to press the Feds for details, and cast doubt on the effectiveness of cyber threat intelligence sharing measures.

Dave Bittner: [00:02:28:10] The recently disclosed Juniper Networks issues remain under investigation. Many observers perceive some government's hand in the matter. Which government (or governments) remains a matter of dispute.

Dave Bittner: [00:02:40:18] This CyberWire podcast is brought to you through the generous support of Betamore, an award winning co-working space, incubator and campus for technology and entrepreneurship, located in the Federal Hill neighborhood of downtown Baltimore. Learn more at Betamore.com.

Dave Bittner: [00:03:01:23] Joining me once again is John Petrik, editor of the CyberWire. John let's talk about information operations. In particular what have they got to do with cybersecurity? I know the conventional wisdom is that information ops have nothing to do with hacking, viruses, Trojans and things like that?

John Petrik: [00:03:18:17] Well as usual the conventional wisdom has the details right but it's got the big picture wrong. And of course information operations need have nothing at all to do with hackers, ABTs, viruses or malware of any kind. They're much broader than that. I think a good way to approach them is by understanding US Military doctrine and in that doctrine and here I'll quote Joint Pub 3-13. "Information operations include strategic communications, public affairs. They're the integrated employment, the manual says, of electronic warfare, computer network operations, psychological operations, military deception and information security, in concert with specified supporting and related capabilities. To end, this is the key point: influence, disrupt, corrupt, or usurp adversary of human and automated decision making while protecting our own." That's the US Department of Defense.

Dave Bittner: [00:04:13:23] Okay but once again, how does cyberspace figure into information ops?

John Petrik: [00:04:19:08] So, once again I think we can return to the Department of Defense doctrine. And on that topic it says, "Cyberspace capabilities, when they're in support of information operations, deny or manipulate adversarial potential, adversarial decision making through targeting an information medium, such as wireless access point in the physical dimension. The message itself, an encrypted message in the information dimension. Or what they call a cyber persona, that is an online identity that facilitates communication, decision making in the influencing of audiences in the cognitive dimension. When employed in support of information operations, cyberspace operations, the manual says generally focus on the integration of offensive and defensive capabilities, exercise gained through cyberspace in concert with other measures and coordination across multiple lines of operations and lines of effort."

John Petrik: [00:05:10:08] So, to step away from the full language of doctrine for a minute, if you're familiar with online marketing, you think of cyber information operations as online marketing and battles risk. But the target demographic isn't customers here, its adversary.

Dave Bittner: [00:05:23:12] And so are we seeing the bad guys engaging in information operations?

John Petrik: [00:05:28:09] Yes we are indeed. And in fact, in the case of ISIS, it's their stock in trade. A few governments worry about ISIS hacking very much in the classical sense of hacking, in that their technical operations conducted against non co-operating systems. ISIS really isn't showing much ability in that regard. However much they'd like to, we haven't seen reports of ISIS sympathizers establishing persistent presence in networks, shutting down systems, corrupting data or even stealing data. We have seen some website defacements and we saw some late last week, essentially cyber vandalism. The governments still worry about ISIS in cyberspace. And they're concerned because ISIS recruits its members online, and it does with considerable success.

John Petrik: [00:06:09:06] They're also concerned because ISIS uses the Internet to inspire acts of terrorism. They may also use it to some extent to co-ordinate a controlled terrorist action. They get their successful aspiration of terrorists there's no doubt.

Dave Bittner: [00:06:21:19] So, if you could summarize, why is this of concern for those of us in the cyber security world?

John Petrik: [00:06:27:24] Yes. Today information is carried, it's stored, it's transmitted, it's even created largely in cyberspace. And what happens in cyberspace under opposition, is a security matter. Because unfortunately what happens in cyberspace doesn't stay in cyberspace. And that makes it cybersecurity.

Dave Bittner: [00:06:46:03] Alright, John Petrik. Once again, thanks for joining us. John is the editor of the CyberWire.

Dave Bittner: [00:06:52:08] A note to our listeners, we're back today, but the CyberWire will be taking this Thursday and Friday off for the New Year holidays. We'll be back as usual on Monday, January 4th. And that's the CyberWire.

Dave Bittner: [00:07:03:17] For links to all of today’s stories, along with interviews, our glossary, and more, visit thecyberwire.com. The CyberWire podcast is produced by CyberPoint International, and our editor is John Petrik. Thanks for listening.