The CyberWire Daily Podcast 3.23.16
Ep 62 | 3.23.16

Inspiration in info ops. Processing unstructured data. Ethics & standards of care.


Dave Bittner: [00:00:03:02] Investigation of the Brussels attack reveals plenty of jihadist inspiration, but as of yet no significant insights into direction. Finland's Ministry of Defense sustains a denial-of-service attack. A CAPTCHA cross-side scripting bug appears and there's an Android exploit in the wild. Ransomware may be developing an ability to spread through networks. The insurance and cyber sectors work toward a common understanding of risk. And we talk about handling and securing unstructured data with Accenture's Malek ben Salem.

Dave Bittner: [00:00:33:16] This CyberWire podcast is made possible by the Johns Hopkins University Information Security Institute, providing the technical foundation and knowledge needed to meet our nation's growing demand for highly skilled professionals in the field of information security, assurance and privacy. Learn more on-line at

Dave Bittner: [00:00:55:23] I'm Dave Bitner in Baltimore with your CyberWire summary for Wednesday, March 23rd, 2016.

Dave Bittner: [00:01:02:15] Investigations into yesterday's jihadist massacres in Belgium are still in their early stages, and the command-and-control mechanisms the killers may have used remain matters of speculation. Newsweek describes "jihadi cool," and cautions against attribution of attacks to ISIS, if only because they might give ISIS more credit as a menace than it deserves. But it's worth noting that ISIS has always operated, at least in the West, more through inspiration than by direction. And that, of course, is consistent with Jihadi Cool's importance as a theme in the Caliphate's information operations.

Dave Bittner: [00:01:35:00] A number of encryption-sympathetic observers have noted that there's no evidence the murderers in Brussels used encrypted communications to organize their coordinated bombing. In this case, however, absence of evidence isn't yet evidence of absence. Because investigations remain in their preliminary phase, it's too early to tell how the jihadists communicated. But there is some news out of France concerning the November mass murder in Paris. Those jihadists appear not to have made much, if any, use of encrypted comms, relying instead on simple, disposable, pre-paid "burner" phones of the kind long favored by street criminals.

Dave Bittner: [00:02:08:22] Elsewhere in Europe, Finland's Defense Ministry sustained a distributed denial-of-service attack yesterday during a Presidential summit with Russia. That may or may not be coincidental. Cross-border cooperation was under discussion, as were Russian military operations in Syria and Ukraine. In any event, there's no attribution so far.

Dave Bittner: [00:02:27:14] We're all familiar with CAPTCHAs, the images whose correct interpretation is used to distinguish human beings from bots. German security firm RedTeam Pentesting found and disclosed a cross-site-scripting vulnerability in Securimage's CAPTCHA software. Securimage patched the bug promptly.

Dave Bittner: [00:02:45:08] Mobile security firm Zimperium finds a rooting application in the wild that's targeting Nexus Android devices. This is not the Stagefright vulnerability Zimperium discovered last year. Instead it's a local privilege escalation vulnerability patched two years ago in the Linux kernel, but left open in Android. Zimperium privately disclosed the issue to Google last week, and Google has patched. We'll be hearing from Zimperium on some of their work in this Friday's Week-in-Review podcast.

Dave Bittner: [00:03:12:01] Palo Alto tracks Darkleech through its evolution into Pseudo-Darkleech and beyond. Sucuri discovered Darkleech infecting WordPress sites in 2015, and its infestations continue today. Palo Alto notes that recently the Darkleech and Pseudo-Darkleech have been distributing the Angler exploit kit, which itself is delivering a ransomware payload. TeslaCrypt is particularly common. The researchers note that both Darkleech and Angler change their patterns of behavior often, the better to avoid detection.

Dave Bittner: [00:03:43:05] Several observers note a new and disturbing crimeware trend, ransomware that spreads through the network to infect peripherals, including devices used to back up files. Reports indicate that Samas ransomware, described earlier this month by Microsoft, may now spread into networks from infected devices. The FBI has also taken notice of the trend.

Dave Bittner: [00:04:02:24] Enterprises are finding according to surveys that security assumptions and practices among their employees appear to be in decline, which has substantially increased the enterprise's vulnerability to insider threats. A variety of training, education, policy, and technical approaches to the problem are on offer, but this trend surely contributes to increasing interest in anomaly detection and its application to enterprise security.

Dave Bittner: [00:04:26:10] In industry news, analysts hope cyber insurance will drive better practices and help establish standards of care, but the sector remains too immature, with pricing being set by the market as opposed to being keyed to sound estimates of risk. Good risk estimation has, historically, shaped best practices and led to their widespread adoption. If insurance is to play the kind of role in cyber standards of care it historically played in the development of fire codes and automobile safety, it will have to collect and process more historical actuarial data, or at least some credible surrogate for such data.

Dave Bittner: [00:04:58:20] Standards of care and the ethics of securing data concern various professionals that handle large quantities of sensitive customer information. Healthcare and law are prominent among those professions. Ransomware and simple data loss dominate healthcare cyber concerns. The legal profession confronts a less mature set of expectations than those HIPAA has set for medical professionals. In particular, migrating data to the cloud raises ethical issues attorneys are now beginning to grapple with.

Dave Bittner: [00:05:25:00] How to secure such data is always problematic. Accenture's Malek Ben Salem spoke with us about an interesting technical issue. With so much important data being unstructured data, how should those data be processed and protected? We'll hear from her after the break.

Dave Bittner: [00:05:38:22] Finally, the Anonymous-affiliated hacktivist crews New World Hacking and AnonCorruption claim to have downed NASA email servers to punish NASA for keeping secrets about ISIS. But observers aren't finding much evidence the attack actually occurred. Either nothing much happened or whatever did was quickly remediated. But why NASA? What secrets about ISIS would NASA be hoarding? Roswell, sure, okay, but space jihad? In this case perhaps the hacktivists have confused a four-letter space agency with a three-letter intelligence agency. It's happened before. After all, they're only a letter apart. In any case, the truth is out there…somewhere.

Dave Bittner: [00:06:24:04] This CyberWire podcast is brought to you through the generous support of Betamore, an award-winning coworking space, incubator and campus for technology and entrepreneurship located in the Federal Hill neighborhood of downtown Baltimore. Learn more at

Dave Bittner: [00:06:43:20] One challenge we see is that companies want to protect their sensitive data and that data often comes in in an unstructured format. Malek ben Salem is the R&D manager for security at Accenture Technology Labs, one of our academic and research partners. That's something that you all are working on.

Malek ben Salem: [00:06:59:01] Yes, absolutely. A number of companies are dealing with growing unstructured data. In a lot of environments it comes in in text format and employees are creating new documents every day and sometimes when they create that content they don't label it appropriately. They don't label it as confidential or sensitive. So companies cannot apply the right security and data protection controls to it. So what we're doing to address this problem is to build a tool that would automatically classify documents as sensitive or not sensitive.

Dave Bittner: [00:07:40:20] So give me an idea how that works?

Malek ben Salem: [00:07:43:06] So we're collaborating with the Data Science Institute at Columbia University to build a machine learning tool that would learn what constitutes sensitive documents versus non-sensitive documents. It will extract features from the sensitive text documents and will look for similar features for new documents that are unclassified. One challenge with this type of classification is that typically the data sets that we use for training the classifiers do not appropriately match or reflect what we see in real world environments or that we don't have enough data that is sensitive to build an accurate classifier or that the variety of non-sensitive data prevents us from predicting what is non-sensitive. So we're trying to come up with new machine learning algorithms that address these types of learning challenges.

Dave Bittner: [00:08:47:08] And is this a situation where for example the type of automation that would be required say for a law firm would be different than a company that was doing scientific research?

Malek ben Salem: [00:08:57:17] Absolutely, yeah. So the, the-- as the data changes the classifiers would change. Also another aspect is perhaps, and this is something we're experimenting with, as a language changes, the right algorithms may have to change or the right document representation may have to change. So we're experimenting with different domains, with different even companies within the same domain and with documents in different languages.

Dave Bittner: [00:09:29:02] Malek ben Salem, thanks for joining us.

Dave Bittner: [00:09:35:12] And that's the CyberWire. For links to all of today's stories, along with interviews, our glossary, and more, visit and if you enjoy our show, please share it with your friends. You can write a review on iTunes or subscribe on iTunes. They all help us spread the word. Our editor is John Petrik and I'm Dave Bittner. Thanks for listening.