The CyberWire Daily Podcast 3.24.16
Ep 63 | 3.24.16

Collection outstrips analysis & dissemination. When an air-gap...isn't.


Dave Bittner: [00:00:03:18] Why do inspired cells need electronic command-and-control? It seems they may not. Meeting face-to-face may be all that's required. The FBI adds Syrian Electronic Army operators to its Most Wanted list. Infrastructure hacks return to the news as indictments of Iranian operators are expected today. Water utilities move front and center ahead of electrical power grids. The FBI may be unlocking the San Bernardino jihadist's county-issued iPhone with some NAND mirroring and a little help from the Bureau's friends at Cellebrite. The University of Maryland's Ben Yelin talks with us about privacy rights in cyberspace.

Dave Bittner: [00:00:40:06] This CyberWire podcast is made possible by the Johns Hopkins University Information Security Institute, providing the technical foundation and knowledge needed to meet our nation's growing demand for highly skilled professionals in the field of information security, assurance and privacy. Learn more on line at

Dave Bittner: [00:01:02:22] I'm Dave Bittner in Baltimore with your CyberWire summary for Thursday, March 24th, 2016.

Dave Bittner: [00:01:08:15] ISIS claims, online as usual, responsibility for the Brussels massacres. This comes as no surprise, since the caliphate's adherents have been celebrating the murders through their social media accounts since Tuesday. Also as expected, ISIS welcomes all the media coverage it's receiving, even when that coverage condemns jihad, as of course throughout the civilized world it does. ISIS believes that its messaging, including especially its propaganda-of-the-deed, reliably inspires recruits and fighters.

Dave Bittner: [00:01:37:07] Thus the turn of ISIS information operations toward more inspiration of the disaffected and the criminal who find themselves residing abroad. Such recruits are easily organized, indeed, easily self-organized, into small cells whose coordinated actions are sufficiently local to require little more command-and-control than that which what face-to-face word-of-mouth can provide.

Dave Bittner: [00:01:59:03] European authorities are here recognizing the old, familiar lesson in the guerrilla war they're now fighting. Intelligence collection easily outstrips analysis and dissemination. National intelligence and security services in the European Union lament the difficulty of sharing actionable intelligence across borders, and between intelligence services and their counterparts in the judicial system.

Dave Bittner: [00:02:21:20] Since inspiration seems to have replaced command-and-control in ISIS operations, counter-ISIS information operations take on new urgency. But the jihadist movement may be showing early signs of moving into a phase in which organized crime becomes a significant player. The reported involvement of Italy's Camorra gangs in rendering material support to jihadists in Europe evokes in some respects the decades-long rise of narco-terrorism in the New World.

Dave Bittner: [00:02:47:24] The convergence of the political and the criminal, of the warrior and the gang member, is also seen among regional opponents of ISIS. The US FBI has added two members of the Assad regime's Syrian Electronic Army to its most-wanted list. Crooks, patriots, skids, or soldiers, it’s even harder to tell with the SEA than it is with ISIS.

Dave Bittner: [00:03:08:13] In legal news, Preet Bharara, US Attorney for the Southern District of New York, announced late this morning that seven Iranian nationals have been indicted for hacking a flood control dam in Rye, New York, in August and September of 2013. The indictment names 34 year old Hamid Firoozi as the attack's leader. Firoozi and his co-conspirators worked for two Iranian firms, ITSecTeam, also known as "ITSEC", and the Mersad Company. Both companies are alleged to be cat's paws for the Iranian Revolutionary Guard Corps. The dam's control systems happened to have been disconnected for maintenance while the attack was ongoing. At least one question remains. Why Rye, New York? What about the system or its network made it an attractive or accessible target? In any case, there's a reward out for information leading to the apprehension and prosecution of Mr. Firoozi and his associates. If you know anything, the US Attorney for the Southern District of New York and the FBI will be glad to hear from you.

Dave Bittner: [00:04:07:02] Much attention has focused, in recent months, on cyber threats to the electrical power grid, with the rolling blackouts in Western Ukraine endured last December drawing considerable interest and provoking considerable alarm. And the results of continuing investigation of that incident suggest that the attackers were more patient and better prepared than previously suspected.

Dave Bittner: [00:04:27:12] But now threats to water systems are eclipsing those faced by the grid. Verizon's March 2016 breach digest reports that company's RISK team's engagement with a water utility. The utility, given the pseudonym "Kemuri Water Company" or "KWC", believed itself to be secure, but Verizon found various "critical vulnerabilities" often exploited in the wild. Verizon also found that the utility was running a very dated 1988 IBM AS400 SCADA platform with multiple insecure network connections. Worse yet, it appeared that the utility's managers were aware of anomalous events that suggested unauthorized access to control systems. Unexplained manipulation not only of flow rates but of chemical treatment of water running through the system. The public health hazard of chemical treatment manipulation is particularly disturbing.

Dave Bittner: [00:05:19:01] Ransomware and healthcare hacking generally are increasing to the point where alarmists are prepared to declare an epidemic. There is, however, some good news. The good actors at Emsisoft have released another free decryption tool. This one works on Nemucod's CRYPTED ransomware. Once again, we say, bravo, Emsisoft.

Dave Bittner: [00:05:37:20] Consensus among observers is now that the alternative method the FBI's come up with to open the San Bernardino jihadist's county-issued iPhone involves NAND mirroring. The "third-party" who's helping the Bureau is said to be Israeli cybersecurity firm Cellebrite.

Dave Bittner: [00:05:53:20] Finally, there's a new malware variant out there. Once again ESET, those boys and girls from Bratislava and San Diego, this American patriot reminds our Slovak allies, have discovered another USB-based threat. This one's an information-stealing Trojan that's currently active in the wild, loaded into USB drives strewn around parking lots, workplaces, and trade shows. Its multistage malware leaves no traces on the victim's computer, the one the victim's plugged the drive into, so they may never know their data have been copied and exfiltrated. Some are calling this an attack that overcomes air gaps, which in a sense, we suppose, it does. But really, if you've plugged something in, where's the gap? So…don't plug.

Dave Bittner: [00:06:43:06] This CyberWire podcast is brought to you through the generous support Betamore, an award-winning coworking space, incubator and campus for technology and entrepreneurship located in the Federal Hill neighborhood of downtown Baltimore. Learn more at

Dave Bittner: [00:07:02:21] And I'm joined once again by Ben Yelin. He's a Senior Law and Policy Analyst at the University of Maryland Center for Health and Homeland Security. Ben, you're an expert when it comes to electronic surveillance and the fourth amendment. Where do we stand right now in terms of what's been established in terms of our right to privacy in the cyber domain?

Ben Yelin: [00:07:21:17] The Fourth Amendment obviously was written before we could have considered any of the threats in electronic surveillance. Electronic surveillance, it has been determined does come under the umbrella of the Fourth Amendment even though it's not a physical intrusion and the reason it does is because the courts have said that we have a reasonable expectation of privacy when we make any sort of electronic communication, whether it's by telephone, email, Internet or even some of the apps that we use. So that's good, I mean, that's a very-- it's very strong to have Fourth Amendment protection. It means that in order for the government to get that information they need a warrant which is a pretty good standard for someone. That warrant has to be based on probable cause. The bad news for people who are civil libertarians is that the courts have acknowledged a national security exception and a foreign intelligence exception to the Fourth Amendment, meaning in many cases you actually don't need a warrant because the government has such a strong security interest that the Fourth Amendment doesn't apply to certain electronic communications if national security is implicated. So I think on a case by case basis the court frequently waives the national security interest at stake against the privacy interest at stake and can come to different conclusions depending on what the facts of the case are. Really we're going to be having this battle between privacy and security. We've been having it in the physical world for over 200 hundred years. We're going to continue to have it. I think it was sort of a fight that was reignited after 9/11, after the Patriot Act passed, after the Snowden Disclosures. I don't think we're going to come to any solution anytime soon because I think the issues are so complicated but it's good to know from a privacy perspective that electronic communications are subject in general to those Fourth Amendment protections.

Dave Bittner: [00:09:16:09] Alright, Ben Yelin, thanks for joining us.

Ben Yelin: [00:09:18:22] Thank you.

Dave Bittner: [00:09:26:04] And that's the CyberWire. For links to all of today's stories, visit and while you're there subscribe to our daily news brief. The CyberWire's editor is John Petrik and I'm Dave Bittner. Thanks for listening.