The CyberWire Daily Podcast 1.4.16

Dave Bittner: [00:00:03:16] ISIS remains undeterred and defiant in cyberspace. Anti-ISIS hacktivists strike BBC and Trump's campaign. Turkish hacktivist versus Russia, Russian cyber operators versus Ukraine's power grid, and intelligence services seek to improve cooperation against terrorist threats.

Dave Bittner: [00:00:22:15] This CyberWire podcast is made possible by the Johns Hopkins University Information Security Institute, providing the technical foundation and knowledge needed to meet our nation's growing demand for highly-skilled professionals in the field of information security, assurance and privacy. Learn more online at isi.jhu.edu.

Dave Bittner: [00:00:44:09] I am Dave Bittner in Baltimore with your CyberWire summary for Monday, January 4th, 2016.

Dave Bittner: [00:00:50:06] ISIS returns to the internet with defiant videos showing no signs of having been slowed down in cyberspace by either government action or worldwide revulsion. They have also got a new spokesman, who's said to be menacing, and they have increased the presence of children in their inspirational and recruiting clips.

Dave Bittner: [00:01:07:05] Twitter's crackdown on hate-Tweet is surely directed in part against Daesh, but ISIS social media operators have shown considerable resilience in the past, with the ability to cycle rapidly through accounts.

Dave Bittner: [00:01:17:13] Governments are experiencing some success in criminal investigations of ISIS inspired terror as the UK convicts some plotters.

Dave Bittner: [00:01:26:16] The US arrests an alleged adjunct to the San Bernardino massacre. French authorities appear to derive significant clues about the Paris attacks from phone data.

Dave Bittner: [00:01:33:07] Security services in Europe, led by German police and intelligence agencies, continue to pursue closer collaboration. They face, among other challenges, analytical ones. As obvious as the ISIS general line may be, analysts are finding it difficult to reach ground truth in the details of jihadi plans and policies. Bogus leaks seem to be clouding the operational picture.

Dave Bittner: [00:01:55:18] Some ISIS sympathizers are attempting to use PayPal vulnerabilities to channel funds to Daesh. Security researcher Brian Krebs is among those noticing attempts of their accounts.

Dave Bittner: [00:02:06:07] Anti-ISIS hacktivists continue to display either scattershot aim or willingness to attack a diverse set of targets. One group, New World Hacking, possibly aligned with Anonymous, claims responsibility for last week's DDoS operations against both the BBC and Donald Trump's campaign for the US presidency.

Dave Bittner: [00:02:24:16] The BBC operation was, they say, just a test with no harm intended. The Trump attack was directed against his rhetoric, specifically those statements New World Hacking regards as anti-Muslim. Both attacks were short lived in their effects.

Dave Bittner: [00:02:38:12] Turkish hackers, either patriotic hacktivists or state sponsored actors, probably the former, deface Russian foreign ministry accounts as tensions between the two countries remain high.

Dave Bittner: [00:02:49:00] Ukraine investigates a cyber campaign against its electric grid, which Ukrainian intelligence services unambiguously blame on Russia. ESET links the hacks to BlackEnergy, especially its KillDisk tool.

Dave Bittner: [00:03:01:00] Joining other tech leaders, Microsoft announces it will henceforth warn users of state sponsored activity it detects around their accounts.

Dave Bittner: [00:03:11:07] This CyberWire podcast is brought to you by the Digital Harbor Foundation, a non-profit that works with youth and educators to foster learning, creativity, productivity and community through technology education. Learn more at digitalharbor.org.

Dave Bittner: [00:03:31:18] Joining me is John Petrik, editor of the CyberWire. John, let's talk hacktivism. It comes up in the CyberWire fairly regularly, so what is hacktivism?

John Petrik: [00:03:39:24] Well, you know what hacking is, right?

Dave Bittner: [00:03:41:09] Of course.

John Petrik: [00:03:42:01] Well, a hacker is someone who looks for and exploits weaknesses in computer systems or networks and typically someone who does it illegitimately or illegally. That's a hacker. That's hacking. Now there can be white hat hackers, who are legitimate vulnerability researchers and there are going to be black hat hackers. Usually when people say hacker they're typically talking about a black hat.

John Petrik: [00:04:07:12] So, what's a hacktivist? There are all kinds of people that take action against computer systems and networks, and they can be distinguished and classified by their motivations. So, for example, a state intelligence service might hack for purposes of espionage. A cyber criminal has obvious criminal motives. What are they doing? They're looking to steal identities, they're looking to steal money, they're looking to extort ransoms, things like that. A hacktivist is someone who isn't motivated by money and who's not directed by a state. So a true hacktivist is motivated by political or religious or ideological considerations. That's a hacktivist.

Dave Bittner: [00:04:49:07] What's the general view of hacktivists? Are they looked upon as being a force for good or a force for bad, or does it depend?

John Petrik: [00:04:58:18] It depends on what you mean. If you look around the world, you'll see different hacktivist riots, cyber riots going on all the time. There is a lot of cyber rioting for example in South Asia and you see what people call patriotic hacktivism going on with people swapping hacks, between Armenian and Azerbaijani..

Dave Bittner: [00:05:19:20] Describe to me what do you mean by a cyber riot. What is that?

John Petrik: [00:05:22:01] A cyber riot is like a riot in physical space except it's conducted in cyberspace. So, what's a riot like? It's when you've got a lot of disorganized people running around breaking things, looting, causing disorder. That's a riot. A cyber riot is doing that in cyberspace. So if you've got a lot of people all of a sudden defacing websites, breaking into databases, things like that, and they're not doing it for any kind of obvious criminal motivation or under any kind of obvious central state direction, that's probably a cyber riot. It's blurry because, just as you have people who riot to protest or to break things, you've also inevitably got the people who are running along behind the other rioters looting from stores. The same thing happens in cyber rioting.

Dave Bittner: [00:06:10:04] Is the mission to do harm or is the mission to get attention generally?

John Petrik: [00:06:15:02] Classically the mission is to get attention. So, a very common form of hacktivism is the website defacement. When people talk a lot about ISIS as a cyber threat, it's not really a high grade cyber threat. It's very unlikely that ISIS for example is going to break into the American electrical power grid and shut down a bunch of nuclear power generation stations. That's really unlikely in the extreme. What does happen is you find small, poorly protected targets, that someone who's sympathetic to ISIS will deface a web page and it will say "hacked by ISIS" or "We support the Caliphate", some message like that. That's a typical kind of hacktivist move. That explains also why so many small media markets and municipalities in the American midwest seem to have attracted the attention of ISIS hacktivists. Why? Because they're lying in fruit. They generally tend to be not particularly well resourced, and not particularly strongly defended.

Dave Bittner: [00:07:14:10] So, John, what's the history on hacking? When we look back to the beginning, are there any notable stories that stand out?

John Petrik: [00:07:24:11] Hacker or hacking, or hack in the broader sense, is something that refers to somebody who attains a detailed inside working understanding of how some software or hardware works. People years ago used to call that a hack if you figured out how to do something with a piece of hardware or software, and that usage persists today. You see it even in extended usage in things like “life hacking.” The guy who will post a video to YouTube showing you how you can take your microwave popcorn bag and turn it into a bowl so you don't need a bowl to serve your popcorn, well that's a life hack, and there are people who talk about that.

John Petrik: [00:08:01:24] But as far as an operation against a non-cooperating information technology system, I think you go back to the 1970s, when there were the famous 'phone phreaks' at that time, spelled with a PH. And these were people who figured out ways of manipulating the early telecommunications switches through making certain tones and the urban legend that may, for all I know, be true that if you blew the toy whistle from a Cap'n Crunch cereal box into your telephone, the Bell system would let you make a long distance phone call for free. That's an example of phone phreaking. And if you look at today's hackers, they're probably the lineal, spiritual descendants of the old phone freaks from the '70s.

Dave Bittner: [00:08:46:21] Interesting. John Petrik, editor of The CyberWire. Thanks for joining us. We'll talk again soon.

Dave Bittner: [00:08:53:22] And that's The CyberWire. For links to all of today's stories, along with interviews, our glossary and more, visit thecyberwire.com. The CyberWire podcast is produced by CyberPoint International and our editor is John Petrik. Thanks for listening.