The CyberWire Daily Podcast 4.14.16
Ep 78 | 4.14.16

Info ops for and against ISIS. Industry notes.


Dave Bittner: [00:00:02:24] The US steps up its cyber operations against ISIS, and ISIS returns to information operations in a newly disturbing way. Ransomware remains a major threat, and it's showing some new geolocation chops in its phishing.

Dave Bittner: [00:00:16:03] And when you're online, you shouldn't neglect old-school threats either. This week has seen patches from Cisco and Google as well as Microsoft.

Dave Bittner: [00:00:23:18] In industry news, some cyber companies seek, others delay, IPOs.

Dave Bittner: [00:00:28:03] The debate over privacy, security, and transparency continues, and takes a few surprising twists as the Panama Papers meets iPhone hacking.

Dave Bittner: [00:00:39:00] This CyberWire podcast is brought to you by SINET ITSEF, the IT Security Entrepreneurs Forum, meeting in Mountain View, California, April 19th-20th, 2016. Bridging the gap between Silicon Valley and the Beltway, by bringing together the innovators, entrepreneurs, investors and policymakers who are shaping the next generation of security solutions. Learn more at:

Dave Bittner: [00:01:07:05] I'm David Bittner in Baltimore, with your CyberWire summary for Thursday, April 14th, 2016.

Dave Bittner: [00:01:14:07] The US steps up its cyber offensive against ISIS with the general approval and concurrence of the civilized world. China seems to be taking related, albeit probably less discriminating, steps. Earlier this week, several Chinese companies announced their cooperation with the government to help mute extremist inspiration online. Twitter continues to try to block the Islamic State from making continued use of that social media platform, but its success at doing so remains mixed: ISIS adherents continue to keep pace with the blocking by the simple expedient of creating new accounts.

Dave Bittner: [00:01:47:21] ISIS itself - big ISIS we might call it - has returned to information operations this week. Its familiar inspirational trope - death to apostates and crusaders - now disturbingly begins to name names. The group's online publication, Dabiq, is running a theological argument for the execution of those it calls "the Imams of Kufr". That is, Muslim leaders in non-Muslim countries who say it's possible to live a Muslim life in places like the United States. This, Dabiq argues, is tantamount to apostacy. There's also a longish list of "overt crusaders" that's mostly comprised of non-Muslim political figures. Authorities are reported to be on the alert.

Dave Bittner: [00:02:29:01] In conventional cyber crime news, you may have heard that ransomware is on the way out, being replaced by old-school device-locking malware, and even more primitive scareware. But not so. Ransomware is as virulent as ever. What some researchers have observed is a return of earlier, easier-to-execute attacks. The commodity malware is less challenging for less skilled criminals, and it works often enough to make it worth a shot. But it's not time to let down your defenses against ransomware.

Dave Bittner: [00:02:57:05] One creepy development in ransomware has been observed by Sophos. They've found samples of phishing emails bearing, as an attachment, the customary ransomware payload in the customary bogus invoice. What's creepy is the phishbait's new-found geolocation capabilities. Some of the samples show the addressee's actual, physical, brick-and-mortar home address. The email has other implausibilities in diction and usage, but it nails the mailing address. So don't let your address cause you to drop your guard, whether you live in Oxfordshire, England or Gravel Switch, Kentucky.

Dave Bittner: [00:03:30:15] Researchers warn that some Samsung Galaxies can be exploited to call or text even when they're locked. Exposed USB modems provide the attack surface.

Dave Bittner: [00:03:41:03] This week's patches include the usual run from Microsoft. They also include a Cisco fix for the company's Unified Computing System (UCS), Central Software, and Google has published an update to the Chrome browser.

Dave Bittner: [00:03:53:20] In industry news, investment analysts continue to sniff around the opportunities presented by publicly traded companies. Optiv, formed in last year's merger of Accuvant and FishNet Security, is rumored to be preparing an initial public offering sometime in 2016. Optiv this week announced its acquisition of identity and access management firm, Advancive. On the other hand, Tenable, unicorn though it's being called, doesn't want an IPO yet. It feels the market's not quite ready.

Dave Bittner: [00:04:22:17] Underwriters Laboratories, the venerable safety standards organization best known for the UL stickers affixed to electrical equipment, is now certifying Internet-of-things devices under its UL 2900 standard. Security researchers are both miffed and baffled by UL's refusal to share its new cybersecurity standards with them.

Dave Bittner: [00:04:42:22] The new Privacy Shield system, set to replace the old trans-Atlantic Safe Harbor Agreement, is running into problems in the EU. Privacy advocates argue that not enough is being done to address their concerns about data sharing.

Dave Bittner: [00:04:55:15] Privacy concerns also come to the fore as the US Senate deliberates the proposed Burr-Feinstein legislation that would require companies to decrypt content when law enforcement authorities present them with a proper request to do so. The ongoing Apple-Department of Justice dispute is informing the debate.

Dave Bittner: [00:05:14:03] Another matter with implications for privacy and transparency is, of course, the Panama Papers. Those curious about what Mossack Fonseca, the law firm at the center of the uproar, might say on the incident may now consult the firm's comprehensive "Statement Regarding Media Coverage." Mossack Fonseca is especially concerned to dispel "supposition and stereotypes," educating the public on the nature of their business and its implications for privacy.

Dave Bittner: [00:05:39:17] That very business prompts some interesting reflection from an attorney on the DoJ side of the Apple-FBI encryption dispute. Apple, he suggests, is acting more like an offshore bank than a disinterested civil-libertarian.

Dave Bittner: [00:05:52:21] Finally, as we read the Cornish Guardian this morning - and we do try to keep up with the local papers - we saw that hackers had redirected the website of a dental surgeon in Newquay so that it displayed what we've learned to call with some delicacy, "an adult site." There's, of course, no obvious motive in the North Cornwall hack but we're pretty sure we saw something like this on an episode of "Doc Martin." Didn't we? Anyone?

Dave Bittner: [00:06:21:22] This CyberWire podcast is brought to you through the generous support of Betamore, an award-winning co-working space, incubator and campus for technology and entrepreneurship, located in the Federal Hill neighborhood of downtown Baltimore. Learn more at

Dave Bittner: [00:06:44:15] Joining me is Dale Drew, he's Chief Security Officer at Level Three Communications, one of our academic and research partners. Dale, welcome to the CyberWire.

Dale Drew: [00:06:52:20] Thank you very much for having me.

Dave Bittner: [00:06:54:19] Level Three is our newest academic and research partner. And I thought, by way of introduction, maybe we could start it by just having you give us an overview of Level Three's Threat Research Labs?

Dale Drew: [00:07:03:23] Level Three is a global telecommunications provider, one of the world's largest internet backbone networks. We operate one of the largest voice networks, and content delivery networks. We decided pretty early on that we had access to a lot of data that we could help better protect the internet backbone in our customers' network.

Dale Drew: [00:07:27:22] And so we've taken that data and we've created a Threat Research Lab. Now when we originally created this function, we did it for our own situation awareness. We did it about four years ago and we took our netflow data, which is our information on what IP packets are traversing our network, and our D&S data and we analyzed that data to be able to do live patterns of malicious activity: phishing attacks, malware attacks, and command control centers.

Dale Drew: [00:08:02:11] We did that to see who the bad guys were, who they were attacking, how often they were doing it, and what their goals were. So the Threat Research Lab has been developed for the purposes of better understanding those threats as well as identifying and stopping those threats when we detect them.

Dave Bittner: [00:08:22:09] And why do you think it's important for a lab like yours to share their findings with the rest of the industry?

Dale Drew: [00:08:27:19] The faster that we can respond as an industry to make it more expensive for the bad guys to operate, the more leverage we have in being able to force the bad guys to come up with different ways of running their business. We recently identified a fairly large industry botnet called "The Angler" botnet. It was making the bad guys about $90 million a year in fraud.

Dale Drew: [00:09:02:06] When we shut that botnet down, we blocked it on our backbone network which protected our customers and, for the most part, protect the global internet. We removed $90 million in revenue from an organized crime syndicate. We think that making it more expensive for the bad guys to operate, more challenging for them to create capability gives the industry the space and time it needs to better protect their infrastructure.

Dave Bittner: [00:09:33:15] Dale Drew, from Level Three Communications, welcome to the CyberWire, and thank you for joining us.

Dave Bittner: [00:09:40:05] And that's the CyberWire. For links to all of today's stories, visit the and, while you're there, subscribe to our popular daily news brief. Our editor is John Petrik. I'm Dave Bittner. Thank you for listening.