The CyberWire Daily Podcast 8.3.17
Ep 405 | 8.3.17

WikiLeaks dumps Dumbo dox. HBO's hack gets bigger. Group IB outs the United Islamic Cyber Force. Cerber goes after Bitcoin. Lawsuits over NotPetya; more companies warn. Election fraud in Venezuela.


Dave Bittner: [00:00:01:00] It's time to break out that corporate credit card and use some of your discretionary budget to help support the CyberWire. Check it out at

Dave Bittner: [00:00:12:14] WikiLeaks dumps the Dumbo project. Separation of agencies as a way of rendering leaks less likely. HBO's hack is getting bigger, apparently. Group IB outs members of the United Islamic Cyber Force to Interpol. Cerber goes after Bitcoin. WannaCry ransom payments are being moved, perhaps laundered. Lawsuits loom over NotPetya as more companies warn the malware had a material effect. The FBI says, you can't exercise your right to be forgotten by DDoS. Election fraud in Venezuela. And your guests can eavesdrop on you through your Amazon Echo, but why would you have those people over anyway.

Dave Bittner: [00:00:52:23] Now, some news from our sponsor, Cylance. Cylance has integrated its artificially intelligent Cylance protect engine into VirusTotal. You'll know VirusTotal as the free online service that analyzes files and URLs to identify viruses, worms, Trojans, and the other kinds of badness antivirus engines and website scanners pick up. Well, Cylance has pledged to help VirusTotal in its mission of making the security industry more perceptive and the Internet a safer place. It's like public health for cyberspace. Free tools and services help keep everyone's risk down. Cylance sees their predictive approach to security as a contribution to the fight against cyber attacks, and they're now fully integrated as one of the analysis engines available in VirusTotal. Visit, and look at their blog for more on their contribution to our on-line immune system. We thank Cylance for sponsoring our show.

Dave Bittner: [00:01:56:02] Major funding for the CyberWire podcast is provided by Cylance. I'm Dave Bittner in Baltimore with your CyberWire summary for Thursday, August 3rd, 2017.

Dave Bittner: [00:02:06:06] In a now familiar weekly ritual, WikiLeaks has dumped more alleged CIA documents from its Vault7. These purport to describe the "Dumbo" project, which is said to be a program that compromised webcams and microphones. Dumbo appears designed more to facilitate and conceal physical access than to serve as a set of collection tools. How WikiLeaks, and others, get their material remains a matter of investigation and concern to intelligence services. A study the U.S. government accountability office released this week concluded that separating NSA and U.S. Cyber Command may make it less likely that cyber tools leak.

Dave Bittner: [00:02:44:13] The HBO hack seems to be getting bigger: seven times as big as the Sony hack observers say, apparently taking quantity of lost data as their yard stick. HBO says, its email system wasn't compromised as some had feared, but fears that more shoes will drop remain. HBO has retained Mandiant to help mop up. Mandiant is of course the same company called in to help Sony.

Dave Bittner: [00:03:08:22] Russian security firm Group-IB, working with Interpol, has identified a number of the skids who make up the United Islamic Cyber Force, the UICF. A crew of ISIS aligned nuisance-level on-line vandals. It's not yet known what Interpol intends to do with the information, but the UICF operators are said to reside in Algeria, Indonesia, Kosovo, Morocco, Nigeria and Pakistan. They're mostly known for web-site defacements.

Dave Bittner: [00:03:37:18] From Germany, comes warning against a new form of spearphishing. No links, no attachments, just an email apparently from a colleague suggesting you look into the subject. Googling that subject takes you to an infected site. Personnel and at least three German government agencies have received the plausible and innocent looking spearphishing. Security experts advise email-users to treat the subjects of emails from colleagues with suspicion.

Dave Bittner: [00:04:03:12] Crypto currencies are now attracting criminals on the Willie Sutton-esque grounds that, well, that's where the money is. In addition to the initial coin offering theft we've seen over the last two weeks, the familiar ransomware strain Cerber has undergone an evolution. It now has functionality that enables it to loot Bitcoin wallets.

Dave Bittner: [00:04:22:24] Some of WannaCry's victims tried to recover their data by paying the demanded Bitcoin ransom despite the apparent botch WannaCry's masters made over their payment system. The amounts paid weren't in the aggregate large, but about $140,000 have been moved from the wallets to other locations presumably by the criminals with access to the accounts.

Dave Bittner: [00:04:43:11] Merck has warned that its manufacturing operations were severely impeded by NotPetya, that the incident will have material effect on their earnings, and that they haven't fully yet recovered. Merck will not be the last company to warn. Beiersdorf, which manufactures Nivea cosmetics, is still investigating and recovering from NotPetya, but the company has reported that 35 million Euros in sales will be delayed into the next quarter. There may be other effects as well. As was the case with Merck, Beiersdorf is working first on remediation and restoration of operations. The Beiersdorf CFO said, "There is a cost and there will be a cost associated with this. We are still working our way through it. Our focus so far has been on recovery."

Dave Bittner: [00:05:27:05] Six major international corporations, four in Europe, two in Russia, who have disclosed NotPetya infestations are due to report results this month.

Dave Bittner: [00:05:36:24] The plaintiff's bar has predictively taken note of NotPetya. A Ukrainian law firm, Juscutum Attorneys Association, is assembling injured companies to join in a lawsuit against Intellect-Service LLC, the company whose M.E.Doc accounting software was the patient zero of the NotPetya pandemic.

Dave Bittner: [00:05:56:05] Taking a look at our CyberWire event tracker, the Chertoff Group has an event coming up, August 23, 2017 in Palo Alto, California. It's called, "Security in the Boardroom". We spoke with Jim Pflaging from the Chertoff Group about the event and about evolving attitudes of board members when it comes to cyber security.

Jim Pflaging: [00:06:13:02] People have now realized that security is a business risk. It's no longer just a technical risk, and for many it's a top business risk. However, what's also beginning to emerge is that security is an opportunity. It's an opportunity to build trust with your stake-holders. It's an opportunity to create competitive advantage and ultimately growth, and so we see that as a really interesting dynamic to play out through boards, because if you get down to it, boards I think really care about three things, and as a board member it's risk management, financial risk, operational risk, reputational risk, and cyber risk of course, and there's others. So, risk management, value creation, and then ultimately metrics. How do we measure and know we're on course? So, it's in that lens of we think now that if security is both a risk and an opportunity, it really widens the aperture of what board members should be thinking about: what C-level executives should think about, and it was with that impetus that we said, we think there's some room to both add value to how you should do this, and that's partly what we're doing here in the series.

Dave Bittner: [00:07:28:07] So, where do you think security fits in within boardroom priorities?

Jim Pflaging: [00:07:33:00] I would say that there is growing recognition of the board that this is a top business risk, and for large, public companies it's a robust part of their agenda. There's many statistics from leading insurers, and others, who would say cyber has jumped up to near the top. However, when you look at the broader population of boards, and this would reflect the boards that I'm on, is that cyber is far from a boardroom competency. In fact, through the turn-off group research, two-thirds of directors that we spoke to report having little or no cyber knowledge, and 35 percent said, we leave cyber off the board agenda because of this lack of expertise and comfort. Finally, when you ask them, well, how would you learn about this, board members learn from other board members. So, they network. Board members learn from relevant stories, and we're finding successful approaches from CESOS of sharing those stories that might just be topical in the news: sharing stories that might be relevant because it pertains to the industry that you're in, or share stories that could present a clear and present danger to the firm you're in. So, it's becoming known as a top business risk, but what we need to move it to is a boardroom competency, and that's what the overall objective of the security series is all about.

Dave Bittner: [00:09:01:22] That's Jim Pflaging from the Chertoff group. Their event, "Security in the boardroom" is coming up, August 23, 2017, in Palo Alto, California. To find out more about upcoming events and to find out how to list your event on our CyberWire event tracker, visit the

Dave Bittner: [00:09:19:06] A gentleman from Seattle is currently enjoying a sabbatical in jail as he awaits U.S. Federal hacking charges. The FBI says, the defendant, Kamyar Jahanrakhshan, undertook a distributed denial-of-service campaign against in 2015. Mr Jahanrakhshan identified himself to as being from "Anonymous" and told the legal services web-site he would shut them down if they didn't remove case citations concerning his prior criminal conduct. They didn't, and on January 24, 2015 he was as good as his word and commenced DDoSing. The attack stopped as soon as took down the material he found objectionable. The suspect will face a judge later this month.

Dave Bittner: [00:10:02:23] You may have heard about this election hacking and influence stuff? Investigation proceeds in the U.S. and elsewhere, but if you really want to get a look at what a hacked election looks like cast your eyes towards Venezuela where the Chavista government seems to have gone on a ballot-stuffing spree that would make a healer from Chicago's Tenth Ward blush. Some one million votes are said to have been invented in a claimed land-slide that brings in a temporary parliament to perfect the constitution in place of the National Assembly. President Maduro's government claims a turnout of eight million voters in Sunday's election, that's about 41 percent, but the opposition says the actual turnout was on the order of 12 percent. The company that provides the voting machines used in Venezuela, Smartmatic, says, it knows with certainty that the election was rigged. Their CEO told the London Times, "Based on the robustness of our system, we know without any doubt that the turnout of the recent election for a national constituent assembly was manipulated. We estimate the difference between the actual participation and the one announced by authorities is at least one million votes."

Dave Bittner: [00:11:08:00] Most observers see this as a step towards a one party state, with a dictatorship that suggests, but President Maduro says, there's nothing to see here so just move on: that is move on with him to a brighter, more peaceful, more Bolivarian future, and so on.

Dave Bittner: [00:11:25:24] Finally, researchers at MWR InfoSecurity warn that your house guests could use your Amazon Echo to bug you. We suggest this remediation, stop having creepy people over to your place.

Dave Bittner: [00:11:43:09] A quick note about some research from our sponsor, Cylance. The hoods at Shell Crew, an organized cyber crime gang, are using and improving a family of malware Cylance calls StreamX. Unfortunately, StreamX flies below the radar of conventional signature-based antivirus solutions, and when it gets in all kinds of bad things follow. Shell Crew can modify your file system, or registry, create system services, enumerate your resources, scan for security tools, change browser settings and of course execute remote commands. StreamX is being served up by some legitimate web-sites, mostly Korean. It's a nasty rat you want nothing to do with. To get the information on StreamX, go to and check out the paper on Shell Crew. That's While you're there find out how to defend yourself from this, and other threats with Cylance Protect. We thank Cylance for sponsoring our show.

Dave Bittner: [00:12:41:21] Joining me once again is Markus Rauschecker. He's the cyber security program manager at the University of Maryland Center for Health and Homeland Security. Markus, welcome back. I saw an interesting story come by from Wired. It was called, "Digital privacy is making antitrust exciting again," and really the notion here is that we have these large companies, like Google, like Facebook, who are amassing these giant piles of data about their customers, and they might be bumping into some anti-trust issues.

Markus Rauschecker: [00:13:10:24] It's a very interesting question that's being raised more and more. I think the first thing we have to do is take a look at what antitrust laws are supposed to do, and really there are two prongs to this which is to, one: promote competition, and two: to limit barriers for entry for new companies to get into the market. I think, seeing these large companies that have such a great presence and such a big influence, I think most would agree that is somewhat difficult for new companies to get in on this market, and to be a serious competitor to some of these established companies out there.

Dave Bittner: [00:13:50:16] And, yet, how would one even go about breaking up a company like this, or is it a matter of simply waiting for time to pass, and perhaps waiting for the next big thing to come along?

Markus Rauschecker: [00:14:02:10] With this question that's being raised in the article about whether or not antitrust regulators should be looking at privacy issues, consumer privacy issues, I think that's a really important piece. Historically, regulators have been looking at consumer welfare and what that really means is the price, right? The price of a product. Would the price of a product go up because of a certain business deal? If the answer to that is yes then there might be some anti-trust issues there. Now we're seeing these companies offer a lot of their services for free which means that there really isn't the price to look at to see whether or not there's a negative effect on the market or an antitrust issue. So, some are suggesting that antitrust regulators look at some other factors, and one of those factors might be consumer privacy. These large companies are collecting more and more data, and that's really where their value is at, right? The data they hold can be monetized. It's incredibly valuable to have all this data on consumers and on users. Some are suggesting that antitrust regulators really should be looking at some of these other factors other than just price to see whether or not business practice is anti-competitive and bad for the market.

Dave Bittner: [00:15:16:07] So, as it is now, I mean, are these discussions more philosophical than anything? There's no major push to break up Facebook, or break up Google right now.

Markus Rauschecker: [00:15:27:10] Yeah. You're absolutely right. I think a lot of these new ideas are more philosophical or academic at this point, but we'll see how that develops. I think there are some legitimate arguments to be made, and certainly should be explored more. We'll just see how that develops in the time coming.

Dave Bittner: [00:15:46:24] Markus Rauschecker, as always, thanks for joining us.

Dave Bittner: [00:15:51:04] That's the CyberWire. Thanks to all of our sponsors who make the CyberWire possible especially to our sustaining sponsor, Cylance. To find out more about Cylance, and how they can help protect you using artificial intelligence, visit

Dave Bittner: [00:16:03:18] The CyberWire podcast is produced by Pratt Street Media. Our editor is John Petrik, social media editor is Jennifer Eiben, technical editor is Chris Russell, executive editor is Peter Kilpe, and I'm Dave Bittner. Thanks for listening.