Confidence building. Offensive cyber ops. M&A notes.
Dave Bittner: [00:00:00:14] Hi everybody, Dave here. Before we begin, I'd like to share some special news of our own. Today marks a transition for the CyberWire itself. On Friday we spun off from our long-time corporate parents, CyberPoint International, and we set up on our own. The name of our new parent business is Pratt Street Media, but the CyberWire will remain as you've known it. We'll continue to operate from our Baltimore offices, and if you're in the neighborhood, please stop by and say hello. Thanks to CyberPoint for the good launch, and best wishes for our parents' future.
Dave Bittner: [00:00:28:17] We'll be here every work day as always with the CyberWire daily news brief and podcast. And thanks again to all of you for reading and listening. Now here's the show.
Dave Bittner: [00:00:40:24] The Swedish air traffic control outage may have been due to solar flares, not Russian attack.
Dave Bittner: [00:00:46:05] The US and Russia meet in Geneva to work out confidence-building mechanisms for reducing tensions in cyberspace.
Dave Bittner: [00:00:52:10] The cyber war against ISIS picks up its pace.
Dave Bittner: [00:00:55:03] Cisco warns of JBoss server vulnerabilities.
Dave Bittner: [00:00:58:03] Details are published purporting to describe how the Hacking Team was hacked.
Dave Bittner: [00:01:02:08] In industry news, we hear of some new acquisitions, and we learn of a strange marketing wheeze.
Dave Bittner: [00:01:10:06] This podcast is made possible by the Economic Alliance of Greater Baltimore. Helping Maryland lead the nation in cyber security, with a large highly-qualified workforce, 20,000 job openings, investment opportunities and proximity to key buyers. Learn more at greaterbaltimore.org.
Dave Bittner: [00:01:32:20] I'm Dave Bittner in Baltimore with your CyberWire summary for Monday, April 18th, 2016.
Dave Bittner: [00:01:39:10] Sweden’s civil aviation administration, the LFV, is now saying that the disruptions that country’s air traffic control system sustained back in November, were the result of unusual solar activity. That makes the incident a natural phenomenon, and not as earlier suspected, Russian jamming conducted in conjunction with cyber operations as a coordinated attack. Some ambiguity remains, but for now, at least, the verdict appears to be sun spots.
Dave Bittner: [00:02:05:21] Russian cyber operators were frisky enough late last year, just ask utility customers in Western Ukraine. But the possibilities of mistaken intentions and erroneous attribution in cyberspace are real problems. Senior US and Russian officials are meeting in Geneva this week to develop confidence-building measures analogous to those that evolved during the Cold War.
Dave Bittner: [00:02:27:23] The US is increasing the scope and tempo of cyber operations directed against ISIS. Sources in the Department of Defense have told the Daily Beast and other media outlets, that they have moved beyond the initial phase of blocking and disrupting ISIS online command and control, into a spyware campaign designed to identify individuals and networks engaged in the conduct of ISIS’s war against its many enemies. Much of this information is said to be fed to targeting cells planning lethal attacks on ISIS leaders and units.
Dave Bittner: [00:02:58:15] The US is also said to have moved Marine Corps EA-6B electronic warfare aircraft into the area of operations. The venerable EA-6B Prowler, now operated only by the Marines, has received upgrades, making it an effective airborne platform for cyber operations, as well as more conventional electronic warfare.
Dave Bittner: [00:03:20:05] German intelligence officers, RT surprisingly reports, are looking at the Snowden leaks and answering the question, who stands to gain with “Russia.” They don’t suggest that Snowden was a Russian agent, but they do think the leaks were managed in such a manner as to do maximal damage to relations between the US and its allies. RT’s full name is “Russia Today,” and the story amounts almost to an admission against interest. Maybe.
Dave Bittner: [00:03:48:18] Researchers at PortSwigger have reported finding an XSS filter bypass vulnerability in Microsoft’s Edge browser. The flaw is thought to reside in code imported from Edge’s ancestor, Internet Explorer. A patch is not yet out. PortSwigger says it disclosed the issue to Microsoft, but has received no timeline for patching.
Dave Bittner: [00:04:09:15] Cisco’s Talos group has again warned of the risks facing users of out-of-date JBoss servers. JBoss ransomware is active in the wild, and K-12 schools are thought particularly vulnerable.
Dave Bittner: [00:04:23:11] Someone using the alias, “Phineas Fisher” has published an account on Pastebin, of how he hacked Hacking Team last July. Hacking Team was much derided at the time for an executive’s password choice. The ridiculously easy to guess “P4ssword,” with the letter “a” in “password” changed to a number “4” in a bit of low security cunning. But this isn’t, says Mr. Fisher, the way he got in at all, and his drawing attention to the p4ssword was misdirection. Instead, he found an exploitable vulnerability in an embedded device. Speculation is that it may have been a switch, and he worked his way in from there. Once in, he was able to exploit unencrypted backups. All in all, the hack seemed to not have been a trivial one, and needed much more than skid skills to accomplish. Hacking Team also looks, retrospectively, a bit less ill-defended than originally suggested.
Dave Bittner: [00:05:15:23] And by the way, Mr. Fisher’s “Phineas Fisher”, is an homage to another lawful intercept shop, Gamma Group, one of whose products is the FinFisher surveillance tool. You can read his interesting account of the exploit in his Pastebin post. We have a link in the CyberWire Daily News Brief.
Dave Bittner: [00:05:33:01] Softpedia thinks a bit about the Tor browser exploit the US Federal Bureau of Investigation deployed a few months ago, to reel in some child pornographers. And Softpedia thinks the episode suggests that the Bureau is sitting on a Firefox zero-day. The online publication predicts a wave of FBI-Mozilla litigation over Firefox security.
Dave Bittner: [00:05:53:22] Three acquisitions in the security sector are being discussed as the week begins. Magic Leap, a US virtual and augmented reality startup, has bought Israeli security shop BitNorth. Their intention, they say, is to ensure that their products ship with the best possible security built-in. Alert Logic has bought Click Security, augmenting its analytics and threat intelligence capability.
Dave Bittner: [00:06:16:02] And finally, French company Orange Cybersecurity has acquired Lexsi, a threat intelligence services shop.
Dave Bittner: [00:06:22:23] We close with an adventure in marketing, and a riddle. When is a catastrophic data loss not a catastrophic data loss? Answer, When it’s a hoax. Italian funster Marco Marsala, who also owns a web-hosting company, posted this message to Stack Overflow’s Server Fault forum last week, saying he accidentally deleted his whole company with some wayward bash script. But it turns out the whole thing was a gag, a marketing stunt to promote his business. How that might work as marketing is unclear. But what fun, huh?
Dave Bittner: [00:06:55:09] Did you find Mr. Marsala's gag funny? Well neither did Stack Overflow. They've communicated their displeasure.
Dave Bittner: [00:07:07:24] This CyberWire podcast is brought to you by SINET ITSEF, the IT Security Entrepreneurs Forum, meeting in Mountain View, California, April 19th-20th, 2016. Bridging the gap between Silicon Valley and the Beltway, by bringing together the innovators, entrepreneurs, investors and policymakers, who are shaping the next generation of security solutions. Learn more at: security-innovation.org.
Dave Bittner: [00:07:42:05] Joining me once again is Joe Carrigan, from the Johns Hopkins University Information Security Institute, one of our Academic and Research Partners. Joe we were both traveling recently, we came back from the Women in Cyber Security Conference. And my flight was delayed, I was sitting in the airport in Dallas, and wondering if I should jump on the airport Wi-Fi. Good idea or not?
Joe Carrigan: [00:08:02:20] I think it's a bad idea [LAUGHS].
Dave Bittner: [00:08:05:01] Okay.
Joe Carrigan: [00:08:05:09] I'm just gonna say that any of these public Wi-Fi access points, particularly if they're unencrypted, are generally a bad idea. There could be anything else on the network. You may not even actually be connecting to a Wi-Fi access point that's controlled and operated by an airport, or by some trusted entity. It could just be a rogue access point that looks like an airport, or Starbucks or McDonald's Wi-Fi access point.
Dave Bittner: [00:08:34:02] So all of my data in that case, could be flowing through to some bad actor, and they're analyzing it, pulling out all my personal information. And to me, it looks like I'm on just a regular public Wi-Fi.
Joe Carrigan: [00:08:46:16] Yes, if you're not paying attention, it will look like you could be subjected to a man in the middle attack very easily.
Dave Bittner: [00:08:52:20] So what's a way around it? Are they ways, even with public Wi-Fi, that I can do what I need to do and be secure about it?
Joe Carrigan: [00:08:59:11] You can reduce your risk, by using a commercial VPN product. A VPN is a Virtual Private Network. It creates a tunnel connection to their service. And this would be a service that you trust. I use one which costs about $30 a year. The encrypted tunnel is from my computer to their computer, and then they access the Internet on my behalf.
Dave Bittner: [00:09:21:02] So that connection is fully encrypted. So even in the traffic going over the public Wi-Fi, no one can see inside of it?
Joe Carrigan: [00:09:29:01] That's correct.
Dave Bittner: [00:09:30:01] Alright, good advice. Joe Carrigan, thanks for joining us.
Joe Carrigan: [00:09:32:19] It's my pleasure.
Dave Bittner: [00:09:36:02] And that's the CyberWire. For links to all of today's stories, visit thecyberwire.com. And while you're there, subscribe to our popular daily news brief. Our editor is John Petrik. I'm Dave Bittner. Thanks for listening