Dave Bittner: [00:00:03:19] Updates on Tick. Pwnedlist might be pwnable. Responsible disclosure seems to be working for Microsoft, Valve, and the US Department of Defense. North Korean jamming prompts South Korea to look for a GPS alternative. IBM defines blockchain security standards for the cloud. Ransomware infestations continue. And someone claims, again, that, no, really, he's Satoshi Nakamoto.
Dave Bittner: [00:00:28:03] This CyberWire Podcast is made possible by the generous support of Cylance, offering cybersecurity products and services that are redefining the standard for enterprise endpoint security. Learn more at Cylance.com.
Dave Bittner: [00:00:44:19] I'm Dave Bittner in Baltimore with your CyberWire summary for Monday, May 2nd, 2016.
Dave Bittner: [00:00:51:04] Tick, the cyber espionage group Symantec's been tracking, has been particularly active against Japanese targets. The attackers work with drive-bys to deliver Gofarer malware, which in turn installs the Daserf backdoor on victim systems. Tick, says Symantec, has been careful, evasive, and given to using well-crafted exploits. The group has taken a particular interest in Japanese companies engaged in ocean engineering, broadcasting, and information technology.
Dave Bittner: [00:01:20:00] KrebsOnSecurity reports that InfoArmor's Pwnedlist, a service that lets you monitor credentials for exposure in public places like Pastebin, itself may be vulnerable to parameter tampering. The service is designed to let you monitor accounts you own, but Krebs reports that it's possible to see credentials for accounts belonging to any number of other users. The two step authentication process involved in adding an item to one's watchlist apparently doesn't verify that you've got the rights to that item.
Dave Bittner: [00:01:49:09] Microsoft's Office 365 was reported at the end of last week to be susceptible to exploitation by unauthorized outsiders who could gain access to users' files. But it's important to note that Redmond has already closed this particular hole, and that the episode is an encouraging case study in how responsible disclosure can work. The flaw lay in buggy implementation of the Security Authentication Markup Language server. The vulnerability was discovered and disclosed earlier this year by two independent researchers, and Microsoft is said to have fixed it within seven hours.
Dave Bittner: [00:02:22:16] Another bit of responsible disclosure has enabled Valve to fix a crypto flaw in Steam that exposed passwords. In this case, the problem was found and reported by a student, and he's been appropriately rewarded by Valve.
Dave Bittner: [00:02:35:15] You may wish to dust off a bit of electronic warfare vocabulary as we watch the continuing convergence of EW with cybersecurity. The word of the day is "meaconing," which means the interception of navigational signals and their replacement by deceptive signals which are rebroadcast, usually at greater power, to deceive the recipients. Well-known for its long-time use against old radio navigation systems, meaconing has begun to reappear in the GPS world. It will come as no surprise that the world's leading meaconing power appears to be, you guessed it, the Democratic People's Republic of Korea, which has been engaged in fiddling with GPS to lure South Korean fishing vessels into disputed waters. South Korea is working on a more deception-resistant navigational alternative to GPS, perhaps an enhanced version of eLORAN.
Dave Bittner: [00:03:26:08] We've seen some important threat summaries published recently. Last week we spoke to Verizon about their Data Breach Report. Today we hear from Forcepoint's Bob Hansmann, who takes us through some of the highlights of his company's threat report.
Bob Hansmann: [00:03:37:07] The report covers areas of insider threat, which is something a lot of companies have overlooked, mainly with the focus on blocking an external attack, where 80-85% of the money seems to be being spent. We see a need to start considering what happens, not if I've been breached or when I've been breached, but what can I do to find out if I've already been breached?
Dave Bittner: [00:04:01:13] The report includes an analysis of a new bot net campaign that Forcepoint has named Jaku, that was discovered by their special investigations team.
Bob Hansmann: [00:04:10:24] Jaku is an aggregate threat. Rather than a new botnet, a new zero-day attack, it is actually a name given to an aggregation of a variety of threat components used to execute a particular attack. In this case, they're using botnet servers in a variety of countries to attack specific victims, they're very targeted, as well as using the exact same network to do consumer level attacks. It's very persistent and it also uses a great deal of evasive techniques. Rather than just the one or two we'll see in a normal attack, this one actually uses evasive techniques from stages four through seven of the traditional kill chain.
Dave Bittner: [00:04:55:03] Hansmann says the report emphasized the need for defensive systems to work together in a more collaborative way.
Bob Hansmann: [00:05:01:15] Security solutions need APIs. They need to be able to share information, not just bubble it up to a sim, but can they receive or exchange guidance with something else? We need these solutions to start working together because the attackers are working together. Jaku is a poster child for that.
Dave Bittner: [00:05:19:09] That's Bob Hansmann from Forcepoint. We'll hear more from him on tomorrow's show about the threat of accidental insiders and how IT can improve their reputation. Their website is forcepoint.com.
Dave Bittner: [00:05:30:22] US surveillance policy has been influenced by the leaks provided by Edward Snowden, who teleconferenced into a debate over encryption that aired yesterday. His views on encryption were unsurprising, he's for it, and for it everywhere, but he did make the interesting point that on this issue he "stands shoulder to shoulder" with former NSA Director Michael Hayden, who's also weighed in on the pro-encryption side of the crypto wars.
Dave Bittner: [00:05:56:00] In industry news, some analysts, notably at Seeking Alpha, advise investors to look beyond IBM's recent results to its story, and think that the story is more compelling than the performance. In particular, they see a future in IBM's shift in emphasis toward AI, security, cloud services and, perhaps surprisingly, blockchain. On Friday, IBM announced a framework for using blockchain networks securely, while remaining compliant with applicable privacy and security regulations. Finance and healthcare organizations are expected to be among the principal users of the framework.
Dave Bittner: [00:06:30:21] Blockchain, of course, is the enabling technology beneath Bitcoin, and over the weekend Australian Craig Wright has again outed himself as Bitcoin creator Satoshi Nakamoto. The BBC and The Economist are running with the story, basically as Mr. Wright has been telling it. The reporters who are buying his claims note that the evidence Wright offers “sounds convincing” but is “hard to follow.”
Dave Bittner: [00:06:53:18] We don't want to be unduly skeptical, but Wright has made these claims before, and any who find themselves reluctantly moved to continuing doubt should be forgiven. And if we hear that Mr. Wright may be son of Grand Duchess Anastasia, we'll really know where we are. In any case, if the real Satoshi Nakamoto is out there and listening, give us a call. Even if, especially if, you're Mr. Wright.
Dave Bittner: [00:07:22:19] This CyberWire podcast is made possible by the generous support of Wide Angle Youth Media, a non-profit that provides free media education to Baltimore youth to tell their own stories and become civic leaders. Learn, watch and connect at Wideanglemedia.org.
Dave Bittner: [00:07:42:13] Joining me is Ben Yelin, senior law and policy analyst at the University of Maryland Center for Health and Homeland Security. Ben, Edward Snowden was making the rounds this past weekend, appearing in interviews on cable news, and he is, of course, famous for his leaks of classified documents for which some consider him a traitor, some consider a hero, and many put him somewhere in between. But there's no denying that his leaks had an effect on the way the government collects data. I'm curious, what are these effects, these so-called Snowden remedies?
Ben Yelin: [00:08:10:04] Sure. So I think the main one was the passage of the USA Freedom Act that passed last June, and it replaced the Call Details Records Program that Snowden uncovered. The program officially ended in November and it's been replaced with something that I think is more palatable to civil libertarians. Instead of the information being routinely handed over from the telecommunications companies, now the telecommunications companies themselves hold onto the data and the government needs a court order to collect some of the data. So I think that was a major and important change that was the direct result of this disclosure, and I think even folks with the NSA would admit that the disclosure itself played a large part in ending that program.
Dave Bittner: [00:08:56:04] What is the NSA's position on this? Are these changes that they support and they can live with?
Bob Hansmann: [00:09:02:02] They are. The NSA has been very supportive of it. They were actually critical of the phone records program, even though they were the ones taking it on. Several NSA officials have said that the program was ineffectual. A couple of commissions that were appointed by the President, the Privacy and Civil Liberties Oversight Board, and the President's own commission have said that the program was ineffectual and bordered on being unconstitutional. So I think the NSA itself was supportive of the legislation. They encouraged President Obama to sign it, and he did, and I think they're quite pleased with the outcome.
Dave Bittner: [00:09:39:13] Ben Yelin, thanks for joining us.
Dave Bittner: [00:09:43:15] That's the CyberWire. For links to all of today's stories, visit thecyberwire.com and, while you're there, subscribe to our popular Daily News Brief. Our editor is John Petrik, I'm Dave Bittner. Thanks for listening.