The CyberWire Daily Podcast 12.10.18
Ep 741 | 12.10.18

A bail hearing in Vancouver. The prospect of indictments in IP theft cases. Kubernetes vulnerabilities. Russia and Ukraine swap hacks? An advance fee scam asks for help getting out of jail.


Dave Bittner: [00:00:03] Huawei's CFO awaits her immediate fate in a Vancouver detention facility, where she faces possible extradition to the U.S. on a sanctions violation beef. Huawei itself receives hostile scrutiny from the Five Eyes, the EU and Japan. U.S. indictments are expected soon in other IP theft cases involving China. Russia and Ukraine swap cyberattacks in their ongoing hybrid war. And an advanced fee scam promises not only money, but maybe love, too.

Dave Bittner: [00:00:39] A few words from our sponsor, Cylance. They're the people who protect our own endpoints here at the CyberWire, and you might consider seeing what Cylance can do for you. You probably know all about legacy antivirus protection. It's very good, as far as it goes. But guess what? The bad guys know all about it, too. It will stop the skids, but to keep the savvier hoods' hands off your endpoints, Cylance thinks you need something better. They've just introduced version 2.3 of CylanceOPTICS. It turns every endpoint into its own security operation center. CylanceOPTICS deploys algorithms formed by machine learning to offer not only immediate protection, but security that's quick enough to keep up with the threat by watching, learning and acting on systems behavior and resources. Whether you're worried about advanced malware, commodity hacking or malicious insiders, CylanceOPTICS can help. Visit to learn more. And we thank Cylance for sponsoring our show.

Dave Bittner: [00:01:42] Major funding for the CyberWire podcast is provided by Cylance. From the CyberWire studios at DataTribe, I'm Dave Bittner with your CyberWire summary for Monday, December 10, 2018. China has summoned the U.S. ambassador to demand an explanation for the arrest in Canada of Huawei CFO Meng, promising severe, if unspecified, consequences should she not be promptly released. U.S. Ambassador Branstad was called in by China's vice foreign minister, who, as the official Xinhua news service said, lodged solemn representations and strong protests against Ms. Meng's detention. Currently in Canadian custody, Ms. Meng faces a Vancouver court's decision on whether she will be granted bail. That decision could come as early as this afternoon or evening. Canadian prosecutors have argued that Ms. Meng represents a flight risk. Her attorneys deny this, saying she will not flee while she awaits a separate decision on the U.S. request to extradite her.

Dave Bittner: [00:02:43] The U.S. has indicted Meng on charges related to fraudulently conspiring to evade sanctions against Iran. According to The Wall Street Journal, the U.S. alleges that a Hong Kong-registered company, Skycom, was effectively an informal subsidiary of Huawei and that Huawei used Skycom to persuade several banks into facilitating illegal trade with Iran. Huawei became aware in April 2017 it was the subject of a U.S. criminal investigation. A warrant for Ms. Meng's arrest was issued in New York on August 22 of this year. The charges Meng faces could bring significant prison time should she be tried and convicted. Multiple charges of conspiracy to commit fraud could bring 30 years each. U.S. companies are jittery about possible retaliation.

Dave Bittner: [00:03:30] Bloomberg reports that Cisco, for one, moved to restrict nonessential employee travel to China. Other companies are thought likely to become similarly cautious. The lawfare may grow sharper. The U.S. is said to be preparing to unseal a number of additional indictments of Chinese nationals, perhaps as early as this week. The Wall Street Journal reports that federal prosecutors have been making a case against Chinese nationals. The Journal describes them as hackers linked to the Chinese government on charges of industrial espionage. These would be straightforward cases of electronic spying and theft of intellectual property, not the sort of sanctions violations alleged against Huawei. The group involved in the hacking is said to be APT10, also known as Cloud Hopper. The companies Cloud Hopper is said to have targeted are service providers who offer infrastructure management or cloud service to corporations and government agencies.

Dave Bittner: [00:04:28] Australia, New Zealand and the U.S. have all imposed bans on the use of Huawei products in their networks. Much of the concern in these three countries has focused on the potentially problematic role Huawei might play in building out 5G networks. The Australian Signals Directorate has warned that problems that affect 5G networks would not be confined to telecommunications with the attendant possibility of their exploitation for espionage or disruption. There would also be a risk, ASD's head remarked, to critical infrastructure, including water and power distribution.

Dave Bittner: [00:05:02] The U.K. has been somewhat less vocal on the subject of the Chinese hardware, but the National Cybersecurity Center, in meeting with Huawei leaders last week, extracted agreements from the company to make certain unspecified security changes in their equipment. BT has announced the possibility that it might pull Huawei gear from its existing 4G network, and MI6 is asking, with the force of suggestion and recommendation, whether it wouldn't be best to simply boot Huawei equipment from the U.K. altogether.

Dave Bittner: [00:05:32] Canada is the last of the Five Eyes to take action against Huawei, although willingness to arrest the company's CFO during a Vancouver stopover suggests that policy and sentiment are hardening there, as well. David Vigneault, director of the Canadian Security Intelligence Service, took the occasion of his first public speech last week to warn of the risk of espionage being carried out over 5G networks. This is, of course, an oblique reference to Huawei. The EU is considering similar restrictions of Huawei, and Japan has decided to exclude both Huawei and its smaller competitor, ZTE, from government work.

Dave Bittner: [00:06:11] The Kubernetes privilege escalation vulnerabilities recently revealed continue to pose a very widespread risk to users of the popular container technology. Fortunately, as Dark Reading points out, there are solutions. Users can upgrade Kubernetes instances to the latest ones, and most major cloud providers say they've done so. Or they can apply mitigations that have been made generally available. Those mitigations may come at some cost in operational smoothness, so an upgrade would seem to be the better option.

Dave Bittner: [00:06:42] Russia's recent escalation of its hybrid war against Ukraine does, indeed, seem to have had a strong cyber component. According to Defense One, researchers at Stealthcare report that Russia's seizure of three Ukrainian vessels in the Kerch Strait at the end of November was preceded by coordinated cyber operations directed against Ukrainian government assets. The threat groups involved include the usual suspects of Carbanak and the less familiar but still notorious FSB-associated Gamaredon. The campaign is thought to have aimed at developing intelligence for the anticipated naval operation. Stealthcare also reads the attack on FSBI Polyclinic No. 2, a hospital connected to Russia's presidential administration, as probably Ukrainian retaliation for the naval action in the Sea of Azov. Expect more thrust and repost in the weeks to come.

Dave Bittner: [00:07:37] Predictably, Huawei's troubles and Ms. Meng's detention have prompted advance fee scams. These are, of course, the work of ordinary criminals and are not connected with either Huawei or its CFO. A message circulating in WeChat says that there's this crooked Canadian jail guard. OK. And so he'd let Ms. Meng escape if he were bribed a couple thousand dollars - U.S. greenbacks and not Canadian loonies. The message, which purports to be from Ms. Meng herself, says she doesn't have the cash on hand. But she'll repay you with 200,000 shares of Huawei stock if you'll help her out of her jam. Also, as a sweetener, she says, if you are single, we can also discuss the important thing in life, which our lonely hearts desk reads as a veiled offer of marriage. So hop to it, world. Love and money can be yours or not.

Dave Bittner: [00:08:38] It's time to tell you about our sponsor ThreatConnect. With ThreatConnect's in-platform analytics and automation, you'll save your team time while making informed decisions for your security operations and strategy. Find threats, evaluate risk and mitigate harm to your organization. Every day, organizations worldwide leverage the power of ThreatConnect to broaden and deepen their intelligence, validate it, prioritize it and act on it. ThreatConnect offers a suite of products designed for teams of all sizes and maturity levels. Built on the ThreatConnect platform, the products provide adaptability as your organization changes and grows. Want to learn more? Check out their newest white paper titled "Threat Intelligence Platforms: Open Source vs. Commercial." As a member of a maturing security team evaluating threat intelligence platforms or TIP, you may be asking yourself whether you should use an open-source solution, like a malware information sharing platform or MISP, or by a tip from one of the many vendors offering solutions. In this white paper, ThreatConnect explains the key technical and economic considerations every security team needs to make when evaluating threat intel solutions to help you determine which is right for your team. To read the paper, visit That's And we thank ThreatConnect for sponsoring our show.

Dave Bittner: [00:10:14] And joining me once again is Emily Wilson. She's the fraud intelligence manager at Terbium Labs. Emily, it's great to have you back. You and I have talked before about the importance of diversity in our industry. But I think we've also shared some frustration that sometimes, we can do diversity for diversity's sake. And you recently attended a conference, and you thought they did a good job with this. Share with us. Where were you?

Emily Wilson: [00:10:38] Well, this is my second one. But I was in New York for the Lesbians Who Tech Leadership Summit. I attended their San Francisco summit in the spring, which was excellent enough that I immediately signed up for the next one that was stateside. And I do think they get it right. And here's why. You know, we have talked before about the fact that diversity at conferences can be performative. It's an opportunity to say, hey, look at us. You know, we got a female keynote speaker. And we have a panel of people talking about, you know, what it's like to be a woman in tech. And that can get very frustrating because...

Dave Bittner: [00:11:14] Right? We're good, right? We're good. We're good.

Emily Wilson: [00:11:17] We didn't check the box. Aren't you happy?

Dave Bittner: [00:11:19] Yeah.

Emily Wilson: [00:11:19] Please stop sending us angry emails. No, the answer is no, I won't stop. So what I think is different here - you know, I'm a woman in tech. And I'm a queer person in tech. And it can be very frustrating to go to these conferences and feel like someone is trying to cater to me in a way that's most comfortable for them, which is to say, here. I'm going to give you a platform to talk about diversity, and then we're done. What's different about Lesbians Who Tech is that this is a conference, this is an organization where yes, it's a diverse group. Yes, we are minorities in our field. But we're also just doing our jobs, and we're very good at our jobs. And we're there to talk about doing our jobs. And that's what's nice.

Emily Wilson: [00:12:00] It is Lesbians Who Tech. But the emphasis, you know, on the content of these conferences is the tech. We're not all sitting around talking about diversity all the time. Those conversations come up because they come up naturally. That's part of our, you know, navigation of the professional world. But we're talking about cybersecurity. We're talking about blockchain. We're talking about AI and machine learning. We're talking about data science and analytics. We're talking about how we can get young people into the field. We're talking about the impact of media on tech. You know, we're here talking about our jobs. And that's very refreshing because it seems like in mainstream conferences, we never actually get around to being able to talk about what we're good at.

Dave Bittner: [00:12:42] And what about the fact that you are among like people, so you - you're not the only girl in a room full of boys.

Emily Wilson: [00:12:52] That's true. I am not the only woman in a room full of men. I am - I'm around like-minded people. I am around people who already, at first glance, share so many of my experiences in the industry. And that's everything from frustration about trying to convince people to use two-factor to, you know, the difficulties of getting harassed at a conference, to trying to figure out where you want to go next in your career, to, you know, trying to reconcile the world that we're in now and the lack of security. And that's very refreshing because, honestly, it makes it easier to just get to the root of the problems at work. It makes it easier to problem-solve or say, I'm having this problem with a team or this problem, you know, rolling out a product. You know, how can you help? You know, everyone is there. Everyone is ready to network. Everyone is ready to help.

Emily Wilson: [00:13:44] And also, you know, we get to bring in incredible speakers. You know, Hillary Clinton was at this one in New York; Megan Smith again; of course, Kara Swisher. You get to see very powerful people in this field, people like you, who are ready to share their lessons and ready to help you out. And that's something we've lost, I think, at a lot of tech conferences.

Dave Bittner: [00:14:07] What would your advice be to the other tech conferences? Based on what you've learned from this conference doing it right, what are some of the lessons you wish the other conferences could take away?

Emily Wilson: [00:14:18] I mean, the first and most obvious one - which I've said before and I'm going to say again because you asked - is that I think other conferences can look at this and immediately just shred all of their excuses about not being able to find a more diverse speaker group. We're talking about hundreds of speakers, all of whom are, you know, women or queer people, 50 percent of whom are people of color. There you go. If you're looking for speakers, pull from that list. You know, these are people who are good at their jobs. We're here. We're in the industry. All you have to do is ask. I think that works well. I also think, you know, something that this conference does well is it gives people from all different backgrounds and all different levels of experience a platform to come and talk.

Emily Wilson: [00:15:04] So maybe this is your first year as an engineer. Maybe you've been doing this for three or four decades. You know, we're hearing both voices. We're hearing about people who came to tech naturally, or those who ended up there later. We're talking about people who are tech adjacent, or people who are, you know, realizing that their field has become a tech field, you know. Everything is tech now. I think it also creates a situation where people can have honest conversations, which is hard to do when we are, at so many of these conferences, we're focused on vendor materials or pitches disguised as keynotes. Right? This is actually just a community coming together to learn, and to share information, and to mentor and to help and to connect. And we need to do more of that.

Dave Bittner: [00:15:50] Do you find that the opportunity for learning is better just from, I imagine, not having to have your guard up?

Emily Wilson: [00:15:59] You don't have your guard up. That's true. It's a little bit different because you do know that you're in a safe space. Right? And that certainly helps. But I think also it's the concentration of subsets of these communities where, again, you already know that you have so much in common with these people. You know, most of you have faced a lot of the same challenges in your career. You know, most of you continue to be the minority in your office, or even in your city. Right? And so I think that that certainly helps. But there are other things like that that we can pull from in the mainstream industry, right? There are other ways that we can group people together, get smart people in a room thinking about problems together.

Emily Wilson: [00:16:41] Lesbians Who Tech manages to bring together very smart people from all over the world, put them in a room and get them excited about their industry. They bring in powerful speakers from all walks of life. They ask the hard questions because we're already here asking hard questions day to day. We're already trying to speak up. We're already trying to figure out how to navigate this world. And I think that getting those voices involved in more mainstream communities can bring so much more talent, so many more experiences, if you just tap into these networks of people. We're here. Right? We've been doing this.

Emily Wilson: [00:17:26] You know, Megan Smith gave a keynote talking about the history of women in tech, and she reminded us we've been here the whole time. It might not be in the history because look at who's writing the history. But we've been here the whole time. When you bring those voices in, when you get that many people in the room, solving problems is second nature. Right? Sharing information, connecting people, building networks, finding new jobs is second nature because everyone is there and ready to help. Imagine if you brought that group of people to your conferences. Imagine if you made those people speakers. Imagine if you hired those people to work at your organization. These are creative people. These are hard workers. You know, we've had to work hard to get here, anyway. We've had to overcome a lot to get here, anyway. That makes us an incredible resource for these industries to tap into.

Dave Bittner: [00:18:22] Emily Wilson, thanks for joining us. And that's the CyberWire. Thanks to all of our sponsors for making the CyberWire possible, especially to our sustaining sponsor Cylance. To find out how Cylance can help protect you using artificial intelligence, visit And Cylance is not just a sponsor. We actually use their products to help protect our systems here at the CyberWire.

Dave Bittner: [00:18:48] And thanks to our supporting sponsor, VMware, creators of Workspace ONE Intelligence. Learn more at

Dave Bittner: [00:18:57] Don't forget to check out the "Grumpy Old Geeks" podcast, where I contribute to a regular segment, called, "Security, Ha." I join Jason and Brian on their show for a lively discussion of the latest security news every week. You can find "Grumpy Old Geeks" where all the fine podcasts are listed. And check out the "Recorded Future" podcast, which I also host. The subject there is threat intelligence, and every week we talk to interesting people about timely cybersecurity topics. That's at

Dave Bittner: [00:19:25] The CyberWire podcast is proudly produced in Maryland out of the startup studios of DataTribe, where they're co-building the next generation of cybersecurity teams and technology. Our CyberWire editor is John Petrik; social media editor, Jennifer Eiben; technical editor, Chris Russell; executive editor, Peter Kilpe. And I'm Dave Bittner. Thanks for listening.