The CyberWire Daily Podcast 10.22.18
Ep 709 | 10.22.18

Russian indicted in US midterm election influence conspiracy case. Styles and goals of info ops. Cyber deterrence. DPRK petty crime. Alt-coin scammer. Spy chip story remains unconfirmed, unretracted.

Transcript

Peter Kilpe: [00:00:04] A Russian accountant is indicted for conspiring to influence U.S. midterm elections. Different nations have different styles of information operations because they have different goals. Technology shifts, but underlying principles of propaganda remain. The EU barks cyber deterrence but doesn't bite yet. North Korea's petty cybercrime wave. A scammer is after altcoin enthusiasts. And there's neither confirmation nor retraction for Bloomberg's spy chip story.

Dave Bittner: [00:00:36] Now I'd like to share some words about our sponsor Cylance. AI stands for artificial intelligence, of course. But nowadays, it also means all image or anthropomorphized incredibly. There's a serious reality under the hype. But it can be difficult to see through to it. As the experts at Cylance will tell you, AI isn't a self-aware Skynet ready to send in the terminators. It's a tool that trains on data to develop useful algorithms. And like all tools, it can be used for good or evil. If you'd like to learn more about how AI is being weaponized and what you can do about it, visit threatvector.cylance.com and check out their report "Security: Using AI for Evil." That's threatvector.cylance.com. We're happy to say that their products protect our systems here at the CyberWire. And we thank Cylance for sponsoring our show.

Peter Kilpe: [00:01:33] Major funding for the CyberWire is provided by Cylance. From the CyberWire studios at DataTribe, I'm Peter Kilpe, executive editor, sitting in for the vacationing Dave Bittner with your CyberWire summary for Monday, October 22, 2018. Late Friday, the U.S. Department of Justice announced the indictment of a Russian national on charges of attempting to interfere with the approaching midterm elections. Elena Alekseevna Khusyaynova of St. Petersburg, Russia, was charged with conspiracy to influence U.S. elections. She is alleged to have been active in the 2016 election cycle as well, but her indictment marks the first charges brought in connection with the 2018 vote.

Peter Kilpe: [00:02:10] Her role is an interesting one. She's an accountant. And she's charged with managing the finances for Project Lakhta, an influence campaign directed toward the now-familiar goal of inflaming existing American political and cultural fissures. As has been the case with other Russians indicted in the U.S., Ms. Khusyaynova isn't in custody. If she ever faces trial, she could face five years imprisonment.

Peter Kilpe: [00:02:31] The techniques Project Lakhta used are also interesting. There were, of course, the familiar trolls right off the St. Petersburg farm. But these inauthentic identities weren't the whole of the operation by a long shot. The troll masters also sought, with some success, to rope unwitting Americans into the op, often by forming and moderating groups on social media.

Peter Kilpe: [00:02:51] U.S. authorities continue to express concern over influence operations not only by Russia but by China and Iran as well. Many security firms say that they're not seeing much evidence of operations by China and Iran, but they acknowledge that they could be missing something. It's worth noting that the sorts of activities the three countries are known for differ in important ways.

Peter Kilpe: [00:03:11] In the case of China, while much cyber espionage has been directed toward the theft of trade secrets, the influence operations reported have, for the most part, consisted of working to influence policy in certain specific directions. Thus, Beijing has, for example, funded various think tank programs as well as cultural centers at universities.

Peter Kilpe: [00:03:31] Iran's influence operations have consistently sought to push specific narratives to gain favor and support specific foreign policy objectives. In this, they resemble those mounted by Saudi Arabia. We'll hear more about Saudi influence operations in a moment. Thus, both China and Iran have tended toward positive goals - that is, positive from their point of view. Russian information operations have, in contrast, been negative. Their goal has been opportunistic disruption. In the case of election influence attempts, Moscow doesn't particularly care who gets elected as long as Americans grow to hate and mistrust one another.

Peter Kilpe: [00:04:04] As the Justice Department points out in its comments on the Khusyaynova indictment, quote, "the conspirators’ alleged activities did not exclusively adopt one ideological view; they wrote on topics from varied and sometimes opposing perspectives." unquote. This kind of influence operation is inherently opportunistic and inherently easier to pull off than campaigns that have specific positive goals.

Peter Kilpe: [00:04:26] What's seen as relatively new in these operations is the weaponization of advertising technology that's grown up with the internet. And indeed, the same rifle-shot accuracy that can be used to send your ads about airfares and nutritional supplements can be readily adapted to manipulating opinions and beliefs in other areas. But it's worth recalling the underlying principles haven't changed that much. With apologies to Professor McLuhan, sometimes the message stays the same whether it's delivered by graffiti, pamphlet, broadsheet, loudspeaker truck, radio, television or tweet.

Peter Kilpe: [00:04:58] As The Grugq points out in his underground tradecraft blog, quote, "people keep rediscovering the basic principles of propaganda that were documented a century ago. It's basically like every new technology demonstrates the old maxim, six months in the laboratory can save an afternoon in the library," unquote.

Peter Kilpe: [00:05:15] Saudi influence operations and social media draw attention as the kingdom continues to vigorously and implausibly spin its role in the murder of journalist Jamal Khashoggi at Saudi Arabia's Istanbul Consulate. Twitter's banned inauthentic accounts pushing the kingdom's official line. The New York Times also reports that Saudi intelligence services attempted to infiltrate Twitter by compromising an employee back in 2015.

Peter Kilpe: [00:05:39] The European Union concluded its meetings last week with gruff noises about cyber deterrence but did not finally enact the sanctions against Russia the U.K. and Netherlands advocated. Kaspersky says it's detected DarkPulsar malware infections in Russia, Iran and Egypt. DarkPulsar is one of the alleged NSA Equation Group hacking tools the Shadow Brokers dumped back in the spring of 2017.

Dave Bittner: [00:06:07] And now a bit about our sponsors at VMware. Their trust network for Workspace ONE can help you secure your enterprise with tested best practices. They've got eight critical capabilities to help you protect, detect and remediate. A single open-platform approach, data loss prevention policies and contextual policies get you started. They'll help you move on to protecting applications, access management and encryption. And they'll round out what they can do for you with microsegmentation and analytics. VMware's white paper on "A Comprehensive Approach to Security Across the Digital Workspace" will take you through the details and much more. You'll find it at thecyberwire.com/vmware. See what Workspace ONE can do for your enterprise security - thecyberwire.com/vmware. And we thank VMware for sponsoring our show.

Peter Kilpe: [00:07:03] When people talk about security, the conversation often touches on network segmentation. Dave was fortunate to sit down with Joe Carrigan from the Johns Hopkins Information Security Institute to talk about that very subject.

Dave Bittner: [00:07:15] And I'm pleased to be joined once again by Joe Carrigan. He's from the Johns Hopkins University Information Security Institute. Joe, I was speaking to a security researcher recently who was talking about people's ability to hack into TVs. And one of the things he brought up was this notion of, within your home network, basically segmenting it, having a separate Wi-Fi network for your IoT devices...

Joe Carrigan: [00:07:37] Right.

Dave Bittner: [00:07:37] ...Versus, you know, your regular - your laptops, your phones, your regular web browsing. What's your take on that?

Joe Carrigan: [00:07:43] I think it's a great idea. I do see one issue with it. And it's not something that - the only issue I see with it is it's not something every layman is going to have the ability to do. It's going to...

Dave Bittner: [00:07:54] Right.

Joe Carrigan: [00:07:54] You know, it might be out of reach of guys or girls like my parents, for example. You know?

Dave Bittner: [00:07:58] Sure, sure. Yeah.

Joe Carrigan: [00:08:00] They're probably not going to be able to do this. And my parents actually do have a smart TV in their house. It would be nice to be able to segment it. So it would be simple enough to do. You could either have a piece of equipment that can handle the VLAN or perhaps have a guest network segmentation. Or you can actually buy two pieces of hardware and have one piece of hardware handle the "internet of things" products in your house, like your TVs, your thermostat or whatever, and have the other piece of hardware that you control handle your Wi-Fi network for, you know, your family's devices.

Dave Bittner: [00:08:35] Yeah. You know, this is something we did in our house for a while just sort of to control access for the kids, you know...

Joe Carrigan: [00:08:42] Right.

Dave Bittner: [00:08:42] ...To keep them from being on the network at all hours of the day and night. We had a separate network set up for them that had time restrictions on it, and then one for my wife and I that was unrestricted.

Joe Carrigan: [00:08:53] Right.

Dave Bittner: [00:08:54] That was actually hidden. It didn't broadcast its name, so they didn't even know it was there.

Joe Carrigan: [00:08:59] (Laughter) That's great, perfect.

Dave Bittner: [00:09:00] Yeah, because if they knew it was there, they would certainly crowdsource a solution to hack into it (laughter).

Joe Carrigan: [00:09:04] Right, absolutely (laughter). So I've been thinking about doing this as well simply because, you know, my ISP is Verizon. And I think last time we were talking and you asked if I had any IoT devices in my house. And my immediate response was, oh, no, I don't have any of those. And then you...

Dave Bittner: [00:09:21] (Laughter).

Joe Carrigan: [00:09:21] ...Asked, well, what about your cable boxes? And I went, oh, yeah. Those are essentially just little Linux boxes that sit on my network.

Dave Bittner: [00:09:27] They creep in.

Joe Carrigan: [00:09:28] Exactly. And so, you know, these things - you don't even think about what you have as an IoT device.

Dave Bittner: [00:09:34] Right. We have a television that...

Joe Carrigan: [00:09:36] Right.

Dave Bittner: [00:09:37] ...Can run Netflix, can run, you know, Spotify. And it can run apps, so it - and it's on the Wi-Fi network.

Joe Carrigan: [00:09:42] That's right. And, you know, my daughter has one of those as well that she uses as a streaming device and a computer monitor.

Dave Bittner: [00:09:49] So again, as it - as we talk about - you know, you and I talk about over and over again is attack surface.

Joe Carrigan: [00:09:54] Exactly.

Dave Bittner: [00:09:54] And so if you can separate the attack surface of all these IoT devices...

Joe Carrigan: [00:09:58] Right. And now if somebody compromises one of your IoT devices - and these things never get updated.

Dave Bittner: [00:10:03] Right.

Joe Carrigan: [00:10:03] Right?

Dave Bittner: [00:10:03] Right.

Joe Carrigan: [00:10:04] And that's the problem with them. So now if I compromise - if somebody compromises my IoT device, it's isolated on a network. And the only thing it's going to have access to is other IoT devices, things that I might not consider to be critical. I'm not - I'm certainly not going to store my data on that part of the network.

Dave Bittner: [00:10:22] Right. All right, Joe Carrigan, thanks for joining us.

Joe Carrigan: [00:10:24] My pleasure.

Peter Kilpe: [00:10:28] What's Pyongyang's quiet crime wave? Gaming hacks, says Recorded Future. High-profile hacks have tended to serve as misdirection for the persistent, low-level cybercrime North Korea uses to fill its sanctions-and-mismanagement-depleted treasury. Stealing and reselling in-game purchases would seem to be the very definition of petty crime. But it apparently pays Pyongyang to play.

Peter Kilpe: [00:10:49] And, of course, ordinary criminals remain busy, too. Antivirus company Dr. Web is tracking one hood who's actively pursuing people interested in cryptocurrencies. The scammer goes by the noms de hack Investimer, Hyipblock and Mmpower. As Bleeping Computer notes, the crook works by setting up quite convincing websites that pose as legitimate exchanges. His bogus sites also run phony lotteries, rent coin mining tools that don't exist or even, in a twist on a mystery shopper scam, offers altcoins just for browsing the web. His goal is usually to find crypto wallets and relieve them of their contents. So if you must fiddle with altcoins, fiddle with care.

Peter Kilpe: [00:11:28] Finally, we follow up on the controversial Bloomberg story on Chinese spy chips allegedly found in motherboards. The news is there is no news. Apple's CEO Cook told Bloomberg at the end of last week that Bloomberg owed the world a retraction. But so far, Bloomberg hasn't offered one. No one else has been able to confirm the story. And so the grain of rice-sized malicious chips remain as ghostly and as elusive as ever. Consensus is rapidly moving toward the conclusion that there's nothing there at all.

Peter Kilpe: [00:11:59] And that's the CyberWire. For links to all the stories mentioned in today's podcast, check out our daily news brief at thecyberwire.com. Thanks to all of our sponsors for making the CyberWire possible, especially to our sustaining sponsor, Cylance. To find out how Cylance can protect you using artificial intelligence, visit cylance.com. And Cylance is not just a sponsor. We actually use their products to help protect our systems here at the CyberWire. Thanks to our supporting sponsor VMware, creators of Workspace ONE intelligence. Learn more at vmware.com.

Peter Kilpe: [00:12:29] The CyberWire podcast is proudly produced in Maryland out of the startup studios of DataTribe, where they're co-building the next generation of cybersecurity teams and technology. CyberWire editor is John Petrik, social media editor Jennifer Eiben, technical editor Chris Russell. And I'm Peter Kilpe, sitting in for Dave Bittner. He'll be back next week. Thanks for listening.