The CyberWire Daily Podcast 1.2.18
Ep 506 | 1.2.18

ISIS claims responsibility for bombing in Russia. Iranian unrest involves Telegram, Instagram. Proposed FERC reporting standards. YouTube gone bad, and an arrest in a horrific swatting prank.


Dave Bittner: [00:00:00:24] Thanks again to all of our listeners who have also become supporters. You can find out how at Patreon dot com slash the CyberWire.

Dave Bittner: [00:00:11:15] ISIS claims responsibility for the St. Petersburg shopping center bombing. UK authorities seek to think ahead about cyber terror. US standards bodies propose more stringent mandatory reporting of cyber incidents at electrical utilities. Unrest in Iran prompts a government crackdown on the Internet. A YouTube celebrity learns something of the limits of the funny, and a Los Angeles man is arrested in a horrifying SWATTING attack that killed an utterly uninvolved bystander.

Dave Bittner: [00:00:45:15] Now I'd like to share some words about our sponsor Cylance. You know you've got to keep your systems patched, right? Patching is vital and WannaCry, which hit systems that hadn't been patched against a known vulnerability, well that's exhibit A. But you also know that patching is always easier said than done. Cylance has some thoughts about how you can buy yourself time and breathing room if you went for modern endpoint protection. Think about protecting the end points from the threats you never see coming. Cylance endpoints security solutions will do exactly that. Fend the bad stuff off and do your patching quickly, but systematically. It's artificial intelligence and it's a natural for security. Check out the Cylance blog "Another day, another patch" at Cylance dot com. And we thank Cylance for sponsoring the CyberWire. That's Cylance dot com, for cyber security that predicts, prevents and protects.

Dave Bittner: [00:01:45:14] Major funding for the CyberWire podcast is provided by Cylance. I'm Dave Bitter with your CyberWire summary for Tuesday, January 2nd, 2018. Happy New Year, everyone.

Dave Bittner: [00:01:57:03] ISIS, now effectively without a territory to call a Caliphate, returns to its roots and claims responsibility online for the December 27th St. Petersburg supermarket bombing that wounded fourteen. Russian President Putin has promised a quick and ruthless response to future acts of terror. ISIS claimed responsibility on December 29th. Although ISIS has continued to show little ability to commit cyberattacks, a shortfall that contrasts sharply with its record of success at online inspiration. Policymakers in the UK mull approaches to defending against ISIS cyberattacks. The model from which they're starting is the British response to IRA terror in the late 20th Century. The IRA used bombs,; the possibilities authorities in the UK are now considering involve cyberattacks. The one being discussed for purposes of illustration involves the remote re-routing of commuter trains onto tracks where they would crash in lethal collisions.

Dave Bittner: [00:02:55:24] In the US, the Federal Energy Regulatory Commission has proposed modifying reporting requirements that would make it mandatory for electrical utilities to report any attempted intrusion into a utility's networks, not just those that result in a compromise of critical operations. The proposed rule would require the North American Electric Reliability Corporation to submit modifications to its Critical Infrastructure Protection Reliability Standards. Comments on the new draft rule will be accepted until February 26th.

Dave Bittner: [00:03:28:05] Current growing unrest in Iran seems driven significantly by Instagram and especially the secure messaging app Telegram. The troubles began last Thursday, with street protests and some rioting. Authorities in the Islamic Republic are cracking down on Internet use generally and on Telegram channels in particular. The country's Information and Communications Technology Minister, Mohammad-Javad Azari Jahromi, preceded the shutdown with a direct tweet at Telegram's founder Pavel Durov. His tweet read: "A Telegram channel is encouraging hateful conduct, use of Molotov cocktails, armed uprising, and social unrest. Now is the time to stop such encouragements via Telegram." The channel in question is run by exiled dissident journalist Roohallah Zam, who denies fomenting violence, but who has published images of disturbances and planned times for demonstrations. But the nation's leadership is showing signs of hesitancy, with President Hassan Rouhani acknowledging that some allegations of corruption may have at least a partial point even as he promises to punish those damaging property and defaming the Islamic Republic.

Dave Bittner: [00:04:40:13] The head of Iran's Passive Defense Organization, Brigadier General Gholamreza Jalali on December 31st spoke about the country's cyber defenses as being its guarantor of "security and independence" against US aggression, but Iran's capabilities seem likelier to be used domestically, at least in the near term. Those who recall the "Green" protests after the disputed 2009 elections will remember the role Twitter played in sustaining dissent, a false dawn of hope for both Iranian reform and positive grassroots social media interactions. Reports suggest that some thirteen people have been killed in the disturbances so far.

Dave Bittner: [00:05:22:20] We close this first podcast of the new year, unfortunately, with two stories that turn on the familiar disinhibition that appears to seize people when they go online. Both stories are sad and tragic. One is also horrifying. The first story involves YouTube celebrity Logan Paul. Paul has some fifteen million followers and produces content posted in YouTube's paid Red service. In the video that's attracted much adverse attention, Paul and some collaborators went to Japan's notorious Aokigahara "suicide forest," a place where many have gone to take their life, in a search for a suicide. The video, entitled, "We found a dead body in the Japanese Suicide Forest," was up for less than twenty-four hours before it was removed. The thumbnail image showed Logan Paul standing in front of a hanged man (his body blurred out). According to accounts in TechCrunch and elsewhere, as Paul stood beside the body (face still blurred), one of his collaborators expressed discomfort at the discovery of the suicide victim. Paul asked, with a laugh, "You never stand next to a dead guy?"

Dave Bittner: [00:06:29:08] The video produced, predictably, an overwhelmingly negative reaction, although it seemed to take Mr. Paul by surprise. Paul retrospectively pleaded a misguided attempt to raise awareness of suicide, in the hopes of dissuading others from taking their life, but few commentators seem to be buying that apology. He also said, truly enough, that he's human and makes mistakes, but pleaded overwork in mitigation: "I've made a 15 minute TV show EVERY SINGLE DAY for the past 460+ days." Few seem disposed to accept that, either. A sad case, perhaps, of the morally coarsening effects of living too much of a life online.

Dave Bittner: [00:07:11:03] The other tragic case is far more shocking and horrifying. The night of December 28th, a 28-year-old man, Andrew Finch, was shot and killed by a police SWAT team in Wichita, Kansas. The Wichita man was killed by police in a swatting that arose from an unusually pointless dispute among Call of Duty players (pointless even by the feckless standards of online gaming. He was not only innocent, but completely uninvolved. The alleged swatter has been arrested in Los Angeles. He's 25-year Tyler Barris. The local ABC affiliate, KABC, notes parenthetically that someone of the same name was arrested in Glendale for making a bomb threat against the station in 2015.

Dave Bittner: [00:07:54:19] Here is what's thought to have happened. Two people playing the online game Call of Duty got into a dispute over a buck-fifty bet. One of them is said to have contacted Mr. Barris and asked him to swat the other. Swatting, for those unfamiliar with the term, is the practice of spoofing a call to 911 in order to have a SWAT team sent to an address to frighten the people who live there. The gamer is said to have provided an address in Wichita. The address had no connection with anyone involved in the dispute or even the game. Barris is alleged to have called Wichita authorities and told an elaborate story with fabricated details of a dangerous hostage situation that had already produced one murder. Police responded and Mr. Finch was shot when he opened his door to see what the ruckus outside was about. Those interested in more of the sad details can find a full account, which we recommend, at KrebsOnSecurity. In the meantime, here's a New Year's resolution for all: remember that online play and chatter can have the saddest kinetic consequences. Stay safe.

Dave Bittner: [00:09:05:20] And now a moment to tell you about our sponsor Control Risks. Control Risks is a specialist risk consulting firm that helps its clients seize opportunities, while being secure, compliant and resilient. They believe that taking and managing risks is essential to success. So Control Risks provides the insight and intelligence you need to realize business growth and support critical decision making. They enable senior executives to build organizations that operate securely, are truly compliant and have the resilience to manage the challenges of a rapidly changing global marketplace. And they ensure that the challenges global organizations face, including acute security problems, major regulatory issues, investigation and litigation, reputational harm and other crises, can be managed and resolved effectively. From the board room to remote locations, Control Risks has developed and unparalleled ability to bring order to chaos and reassurance to anxiety. Find out more at Control Risks dot com slash CyberWire. That's Control Risks dot com slash CyberWire. And we thank Control Risks for sponsoring our show.

Dave Bittner: [00:10:21:04] And I'm pleased to be joined by Yossi Oren. He's a senior lecturer at the department of Software and Information Systems Engineering at Ben-Gurion University. He's also a member of BGU's Cybersecurity Research Center. Welcome, Yossi. I want to introduce you to our audience and just start with some general introductory stuff. Tell us a little bit about yourself, how you came to be there at BGU.

Dr. Yossi Oren: [00:10:43:01] After I finished my PhD in Tel Aviv University, I went to train at the Network Security Lab in Colombia University in New York, and I was very, very happy that when Ben Gurion University in Israel were building up their cyber center, they invited me to join. And I joined there two years ago. It's a wonderful place to be and I'm very, very pleased to talk about the things we're doing here.

Dave Bittner: [00:11:04:10] We'll dig into some of the topics in future segments, but what are the types of research that you in particular are interested in?

Dr. Yossi Oren: [00:11:10:21] Okay, so my training is not actually in computer science, but rather in electrical engineering. And my kind of security research is what's called Implementation Security, and this is kind of a cheating way of doing security. So you might have a system which does encryption and has also some protection and software, and if you're a really clever cryptographer or mathematician, you might look at the math or the algorithms, you might look at kind of, you know, look at the source code and try to find some exploits or bugs, but what we do is we just cheat, and that means that we take these devices, that could be a phone, it could be a sensor, it could be a computer, and we put it in environments where it's not really supposed to be, for example, we might heat it, we might submit it to some vibrations, we might put it under some radiation, and when this happens, the device malfunctions, and if we do it very gently, these malfunctions can tell us a lot about the device. Sometimes you don't have to really put it in the microwave. You can really just listen very carefully actually with a microphone to the clicks and buzzes the device is doing, as it's processing all sorts of secrets, and you can learn all sorts of stuff. And it's fascinating because the implementation of the algorithm could be completely perfect and secure and the best thing math can find, but the way you implement it exposes you to all sorts of risks.

Dave Bittner: [00:12:30:06] All right, well we look forward to hearing from you. Welcome to the CyberWire, Yossi Oren.

Dave Bittner: [00:12:37:18] And that's the CyberWire. Thanks to all of our sponsors for making the CyberWire possible, especially to our sustaining sponsor Cylance. To find out how Cylance can help protect you, through the use of Artificial Intelligence, visit Cylance dot com. And thanks to our supporting sponsor E8 Security. Follow the behavior, find the threat. Visit E8 Security dot com to learn more. Don't forget to check out the Grumpy Old Geeks podcast, where I contribute to a regular segment called "Security Huh?" I join Jason and Brian on their show for a lively discussion of the latest security news every week. You can find Grumpy Old Geeks, where all the fine podcasts are listed, and check out the Recorded Future podcast, which I also host. The subject there is Threat Intelligence, and every week we talk to interesting people about timely cybersecurity topics. That's at Recorded Future dot com slash podcast. The CyberWire podcast is proudly produced in Maryland out of the start up studios of DataTribe, where they're co building the next generation of cybersecurity teams and technology. Our show is produced by Pratt Street Media, with editor John Petrik, social media editor Jennifer Eiben, technical editor Chris Russell, executive editor Peter Kilpe, and I'm Dave Bittner. Thanks for listening.