Dave Bittner: [00:00:02:07] No word yet on how ISIS terrorists coordinated this morning's bombings in Brussels. Anonymous intervenes again in US Presidential campaigns, this time against Senator Cruz. Apple issues multiple patches. The Department of Justice has told the Magistrate, "Thanks very much but we don't need Apple's help to crack the San Bernardino jihadist's iPhone." And we talk about the Apple-FBI case with the Johns Hopkins University's Joe Carrigan.
Dave Bittner: [00:00:29:16] This CyberWire podcast is made possible by the Johns Hopkins University Information Security Institute, providing the technical foundation and knowledge needed to meet our nation's growing demand for highly skilled professionals in the field of information security, assurance and privacy. Learn more on line at isi.jhu.edu.
Dave Bittner: [00:00:52:07] I'm Dave Bittner in Baltimore with your CyberWire summary for Tuesday, March 22nd, 2016.
Dave Bittner: [00:00:58:18] Three bombs hit targets in Brussels, Belgium, this morning, one in a metro station, the other two in the airport. One of the airport bombings was a suicide attack. At least 34 victims were killed and an additional 170 people are reported wounded. Many ISIS-linked accounts on social media have praised the massacres, and thus they seem to serve as an inspiration for jihad. "What will be coming is worse," says one tweet widely circulated among jihadist adherents. So far there have been no credible claims of direct responsibility.
Dave Bittner: [00:01:29:21] The attacks appeared to have been coordinated, but how coordination and control were achieved remains unknown. The metro station attacked is near a core European Union facility. The bombs at the airport were detonated near airline ticket counters and a coffee shop. As the investigation proceeds security services will be looking closely at ISIS-sympathizing chatter and for signs of coordination by phone and Internet. That said, it's worth recalling the many low-tech, even no-tech, means of coordination available to terrorists.
Dave Bittner: [00:01:59:16] Returning to the US, there have been developments in the case of the jihadist massacre in San Bernardino. The Department of Justice yesterday asked the Federal Magistrate presiding over its All Writs Act demand that Apple help unlock the iPhone used by one of the shooters to cancel today's hearing. The FBI says it believes it now has a way of accessing the phone that won't require Apple's production of what the company has been calling "Government OS." The government said, quote, "On Sunday, March 20, 2016, an outside party demonstrated to the FBI a possible method for unlocking Farook’s iPhone. Testing is required to determine whether it is a viable method that will not compromise data on Farook’s iPhone," end quote. How the FBI may think it can get into the iPhone has not been revealed, nor has the identity of that outside third-party. US Magistrate Sherri Pym agreed to cancel the hearing and temporarily rescinded the earlier order to Apple that required it to render assistance. She's told the Justice Department to get back to her by April 5.
Dave Bittner: [00:02:59:19] Public, especially industry, reaction to the case has continued to run largely in Apple's favor. We spoke with the Johns Hopkins University's Joe Carrigan about the issues in the case. We'll hear from him after the break.
Dave Bittner: [00:03:11:09] Senators Burr and Feinstein, respectively chair and ranking member of the Senate Intelligence Committee, have circulated a draft of legislation that would address encrypted systems when they become of interest in law enforcement investigations. Their proposed bill would give Federal judges power to compel companies to help law enforcement officials gain access to encrypted data, but without specifying how that might be done. Penalties for non-compliance are left up to the judges issuing the order to render assistance. Observers conclude that, for all its failure to gain traction with the public, and especially with industry, the Justice Department's contention that terrorists and criminals will soon be able to evade detection by going dark is finding an increasingly sympathetic audience in Congress.
Dave Bittner: [00:03:53:22] Ongoing concerns about jihadist threats are also lending urgency to counter-messaging information operations and official programs designed to pre-empt radicalization. The FBI's "Don't be a puppet" video and curriculum campaign is directed at teenagers, high schoolers and middle schoolers, and is foreseeably drawing civil libertarians' ire. The State Department is in the process of standing up its "Global Engagement Center." The Center's intention is to "shift focus on countering violent extremist messaging away from direct messaging and toward a growing emphasis on empowering and enabling partners, both government and non-government, across the globe," quote, for nominally more collaborative and thus presumably more credible messaging, end quote.
Dave Bittner: [00:04:35:17] Apple has issued a number of patches and upgrades to the security of its products. One of them closes a flaw in iOS messaging encryption. This is not, apparently, the flaw the FBI thinks it can exploit to gain access to the San Bernardino iPhone.
Dave Bittner: [00:04:49:05] Anonymous turns from Presidential candidate Trump to Presidential candidate Cruz, telling the Texas Senator to get out of the race "or else." What else is the threatened release by the hacktivist collective of what the man in the Guy Fawkes mask says is evidence of shameful conduct.
Dave Bittner: [00:05:05:07] Ransomware remains a growing problem, but Recorded Future offers some qualified good news. Applying one Microsoft Silverlight and three Adobe Flash Player patches can substantially blunt many users vulnerability to drive-by ransomware infections.
Dave Bittner: [00:05:19:18] In industry news, Goldman Sachs initiates coverage of a number of cyber stocks with a moderately bullish take on the sector. More money managers are taking out cyber insurance policies to transfer risk, but Fitch Ratings warns insurance companies that they should think hard about "loading up" on cyber risk. They've probably already got some exposure to that risk in other policies, and there's still too much uncertainty surrounding cyber risk underwriting, however attractive the premiums may be.
Dave Bittner: [00:05:46:11] Finally, we note with respect the passing of a Silicon Valley giant. Long-time Intel leader Andy Grove died yesterday at the age of 79. Our condolences to his family, friends, and colleagues, and our thanks for his contributions to our industry and society.
Dave Bittner: [00:06:07:02] This CyberWire podcast is brought to you through the generous support of Betamore, an award-winning coworking space, incubator and campus for technology and entrepreneurship located in the Federal Hill neighborhood of downtown Baltimore. Learn more at betamore.com.
Dave Bittner: [00:06:27:00] Joe Carrigan joins me again. He's from the Johns Hopkins University Information Security Institute, one of our academic and research partners. Joe, there's continuing intrigue with the Apple versus FBI case. Today the FBI are saying they don't think they need Apple's help in unlocking the phone. I'm curious, what's your take on the case overall?
Joe Carrigan: [00:06:43:18] I am conflicted. I, I don't know how I feel about it, I haven't reached a definitive conclusion about it yet. On one hand I absolutely agree with Apple that, that there's a real chance that the FBI is looking for a way to break the encryption system and there was an article in the Guardian I think last week that even-- where the director of the FBI even admitted as much, that this would set a legal precedent. I'm not sure how happy I am with, with the FBI trying to compel Apple to develop software that breaks this for them. I don't think that's, that's a good precedent to set. But at the same point in time I kind of think I want to know, and the vast majority-- well, not the vast majority but a majority of Americans I think want to know if, if these people who committed this act were associated with anybody else that might be like-minded enough to commit another act of this nature.
Dave Bittner: [00:07:40:04] And, and to be clear, I mean, Apple has been, has been cooperative with law enforcement in the past when they've been presented with warrants. They've turned over the information that they've been able to turn over.
Joe Carrigan: [00:07:49:18] Correct, yeah, as, as have most of the ISP's and phone companies. They turn over what they can turn over, that's right. But the difference here is that Apple is being asked to actively defeat encryption that they've included on the devices.
Dave Bittner: [00:08:04:17] Encryption which is completely legal?
Joe Carrigan: [00:08:06:19] Correct, yeah, absolutely, and protects anybody that has an Apple phone. So my real concern is if the FBI were able to break the-- or the US government, whatever, any organization or any foreign government or any government entity or even any non-government entity that might have sufficient enough resources, if the encryption could be broken what does that do to the rest of the universe of iPhone users? How does that impact them? And, and my guess is that it impacts them very adversely.
Dave Bittner: [00:08:38:05] Police can serve warrants, they can search your home, they can search your possessions, and so is-- at the core of the question I think is, is it okay for encryption to empower us to have things that cannot be unlocked?
Joe Carrigan: [00:08:52:19] Well, that's, that's an ethical question or a moral question. I like to think that it does. [LAUGHS]. You know, I, I like the idea of being secure in my, in my papers as the Fourth Amendment says, right? It's securing my property and papers.
Dave Bittner: [00:09:06:18] Joe Carrigan, thanks again for joining us.
Dave Bittner: [00:09:12:12] And that's the CyberWire. For links to all of today's stories, visit thecyberwire.com. The CyberWire is a production of CyberPoint International. Our editor is John Petrik. I'm Dave Bittner. Thanks for listening.