Learn more about your ad choices. Visit megaphone.fm/adchoices
you're listening to the cyberwire network powered by N2k this is the energy of electrification available type S high performance variant nearly 500 horsepower and 278 mile EPA range range choose from our complimentary charging packages so you can charge how you want the all-electric Acura ZDX this is the energy of innovation Acura precision crafted performance this your local accurate dealer to lease the all-electric ZDX for three hundred eighty nine dollars a month hey everybody Dave here I want to talk about our sponsor legal zoom you know I started my first business back in the early 90s and oh what I would have done to have been able to have the services of an organization like legal zoom back then just getting all of those business ducks in a row all of that technical stuff the legal stuff the registrations of the business so the taxes all of those things that you need to go through when you're starting a business the hard stuff the stuff that sucks up your time when you just want to get that business launched and out there well legal zoom has everything you need to launch run and protect your business all in one place and they save you from wasting hours making sense of all that legal stuff launch run and protect your business to make it official today at legal zoom calm you can use promo code cyber 10 to get 10% off any legal zoom business information product excluding subscriptions and renewals that expires at the end of this year get everything you need from set up to success at legal zoom calm and use promo code cyber 10 that's legal zoom calm and promo code cyber 10 legal zoom provides access to independent attorneys and self-service tools legal zoom is not a law firm and does not provide legal advice except where authorized through its subsidiary law firm lz legal services LLC consensus emerges over December cyber attack on the power grid in western Ukraine US policymakers look for technical fixes to jihadist information operations but the jihadists message is also being carried on dead trees some major vendors patch their products but remember support for older versions of Microsoft's internet explorer ends tomorrow I'm Dave Bittner in Baltimore with your cyberwire daily podcast for Monday January 11th 2016 as expected the emerging consensus over late December's rolling blackouts in western Ukraine moved decisively towards the conclusion initially reached by ESET and eyesight partners that the affected Oblast grid sustained a cyber attack the sands institute's influential industrial control systems blog says we assess with high confidence based on company statements media reports and first-hand analysis that the incident was due to a coordinated intentional attack the blackouts appear to have been accomplished by malware that enabled attackers to access breaker control systems turning them on and off at will other bits of malware including the much commented on kill this component of the black energy kit and other attacks like the telephony denial of service the affected utility suffered served as misdirection Ukraine's government expects to comment on the power grid hack after it finishes its investigation which it expects to complete on January 18th if indeed this incident represents a state-mounted cyber attack what sort of response would be proportionate and justified this question arises when considering many incidents take for example the recently discovered Iranian incursion into damn control systems in ryan new york just security from the center for human rights and global justice at new york university school of law considers whether that episode should be considered an act of war the short answer is no but the question is as they say complicated the talon manual which has emerged as an influential guide to nato thinking on the matter holds that a cyber attack need not be physically destructive to constitute quote use of force but also stop short of drawing any bright lines in the matter and so the conclusion in the just security pieces that the ryan said it wasn't an act of war but that it also could warrant what lawyers call retortion a response that said once unfriendly and lawful perhaps comparable cyber reconnaissance German intelligence services resume cooperation with u_s_ services after an interruption brought on by objections to u_s_ electronics surveillance of german and other friendly european targets a group of jihadi's based in germany have begun publishing a magazine devoted to cryptography while explicitly denying adherence to ices the publishers nonetheless expect their work to be useful to colleagues in cyber jihadi the focus of such jihadi continues to remain inspiration which falls within the realm of information operations and how to counter the ices narrative remains a conundrum for opposing security services counter narrative operations appear on early reports to have been a point of interest in friday's white house outreach to silicon valley with particular emphasis on denying ices inspiration its platform in social media but it may be wayward to conceive of this is principally a technical challenge the daily beast for one points out that the decidedly old-school dead tree ices magazine that beak enjoys a wide following the message in this case seems to trump the medium among social media firms twitter especially find itself between a free speech rock and a counter terror hard place its contra temps with turkeys government overt Kurdish pro-independent tweets shows the practical impossibility of accommodating irreconcilable interests nothing new over the weekend from anonymous and its declared war on ices but the anarchist collective did find time to hit nigerian government sites to protest what anonymous views is that government's corruption in the u_k_ labor opposition leader jeremy corbin's twitter account was briefly hijacked to express a range of purial semi obscene commentary on the news of the day corbin and labor have since rested control of the account the robin x trojan continues to worry japanese banks that nation's distinctive language no longer serving as an effective linguistic moat around its financial system other countries go on their guard against similar robin x infestations g_p_s_ the global positioning system managed by the united states as long enjoyed a security advantage over the competing glonas and galileo systems but an increase in g_p_s_ blocking and spoofing tools has begun to erode that security passcode reports on plans to shore up g_p_s_ through development of backup systems users of social media are again cautioned against oversharing which can render them vulnerable to social engineering password a security question guessing and other threats and a long piece in the new york are on confidence games offers an occasion for reflection on how very old forms of fraud find new outlets and cyberspace brian crebs takes an interesting look inside the boiler rooms of cyber criminals call centers fluency in the mark's native language is that a premium juniper networks is dropping its reliance on a week back doored encryption scheme mozilla deals with the consequences of to hasty s h a one deprecation consequences which google in contrast seems to have anticipated v_m_ where an apple both issue security upgrades and tomorrow marks the end of microsoft support for versions eight nine and ten of internet explorer the u_s_ national highway traffic safety administration finishes its study of last year's proof-of-concept hack of jeep vehicles they conclude that only jeeps were vulnerable but car manufacturers continue to show increased sensitivity to hacking general motors has asked security researchers to help it look for and fix automotive software bugs in legal news Romanian police with an assist from europe all take down a major a_t_m_ hacking gang in the u_s_ there's more trouble over the classification of former secretary of state clinton's emails judges find lack of precedent complicating the sentences they hand down for convicted hackers lack of precedent seems to trouble the courts in a way analogous to that in which lack of actuarial data troubles insurance companies trying to price cyber risk transfer this episode is brought to you by shopify do you have a point of sale system you can trust or is it a real p_o_s_ you need to shopify for retail from accepting payments to managing inventory shopify p_o_s_ has everything you need to sell in person go to shopify dot com slash system all lowercase to take your retail business to the next level today that's shopify dot com slash system and now a word from our sponsor no before it's all connected and we're not talking conspiracy theories when it comes to info sec tools effective integrations can make or break your security stack the same should be true for security awareness training no before provider of the world's largest library of security awareness training provides a way to integrate your existing security stack tools to help you strengthen your organization security culture no before's security coach uses standard a p_i_s to quickly and easily integrate with your existing security products from vendors like microsoft crowd strike in sisco thirty-five vendor integrations and counting security coach analyzes your security stack alerts to identify events related to any risky security behavior from your users use this information to set up real-time coaching campaigns targeting risky users based on those events from your network and point identity or web security vendors then coach your users at the moment the risky behavior occurs with contextual security tips delivered via microsoft teams slack or email learn more at no before dot com slash security coach that's no before dot com slash security coach and we thank no before for sponsoring our show how about listening to the sounds of Istanbul beautiful isn't it but you can't discover the coolest city in the world just by listening check Istanbul dot go turkey a dot com now and plan your Istanbul trip today imagine this your primary identity provider goes down whether it's a cloud outage network issue or even a cyber attack suddenly your business grinds to a halt but what if it didn't have to meet identity continuity from strata the game-changing solution that keeps your business running smoothly no matter what whether your cloud IDP crashes or your on-prem system faces a hiccup identity continuity seamlessly shifts authentication to a secondary or even tertiary IDP automatically and without disruption powered by the maverick's identity orchestration platform identity continuity uses smart health checks to monitor your IDP's availability and instantly activates failover strategies tailored to your needs when the coast is clear it's a seamless switchback no more downtime no lost revenue no frustrated customers just continuous secure access to your critical applications every single time protect your business from the high costs of IDP outages with identity continuity from strata downtime is a thing of the past visit strata.io/cyberwire to learn how strata's identity continuity can provide seamless enhanced capabilities to your existing identity fabric and receive a free set of AirPods Pro joining me is John Patrick editor of the cyberwire John I know we go through our days and we don't really think about GPS the global positioning system it's just become a part of our everyday lives but it hasn't really been around that long no it's new that the first real operational use of the global positioning system was by the United States military in the first Gulf War in today's cyberwire there was information about passcode reporting on plans to shore up a GPS developing backup systems for it why is that important and how does that relate to cybersecurity it's important because of all the things we use GPS for it not only provides you with driving directions but it provides geolocation information for Google Maps for all kinds of applications that we don't even think about anymore just give us a rundown what is GPS and how does it work a good way of thinking about GPS is to think of it as an artificial form of celestial navigation that the GPS system orbits 31 satellites in a constellation and each one of those satellites carries a highly precise highly synchronized atomic clock and they're constantly sending out a signal from that clock so the GPS receiver in your car system or in your phone is getting the signal from four satellites it's comparing time of transmission to time of arrival and it's deriving from that your location on the ground your location on the surface of the earth in much the same way that celestial navigators back in the age of sail would have kept a highly precise chronometer synchronized with the Royal Observatory at Greenwich's chronometer to enable them to determine latitude and longitude by taking a variety of celestial observations and all this is being done automatically for you and it the ability to do that depends upon your ability to receive unblocked signals from those satellites so why would someone go about blocking the signals or spoofing them people do that for all kinds of reasons there might do it for all kinds of reasons there was a case in Newark New Jersey that Pasco talks about in which the Newark airport was finding that the GPS signals were being blocked at unusual intervals around the airport so what was it at first they thought it was an equipment failure but no it wasn't an equipment failure nor was it some kind of natural interference it turned out that there are little blockers that you can buy to block a GPS signal locally the guy in this case was found to be blocking it was a guy who was driving a truck for an engineering firm who really didn't want his boss's tracking what he was doing and where he was going during the day so that was the cause of the problem in that case so he this guy is just just trying to get a little private time and in the meantime he's he's endangering aircraft at an airport yeah evidently that's what the case was so what people are thinking about is they're thinking about because GPS is so valuable and so pervasive and more reliable candidly than the alternatives like the Russian GLONOS system or the European Space Agency's Galileo system what can we do to have a backup for it well you could boost the signal strength boosting signal strength is one common way of just burning through jamming you could develop an alternative backup system that would provide insurance if GPS were generally blocked or jammed there's an old legacy terrestrial system called Loran that old sailors would be familiar with Loran is one possible alternative if you upgraded Loran that might serve to back up GPS both the British and the Republic of Korean governments have spent some money backing up Loran as an alternative to GPS the US had plans for doing something similar but cut that for budgetary reasons recently so we'll see how that develops and see what comes in future all right John Patrick thanks for joining us the IT world used to be simpler you only had to secure and manage environments that you controlled then came new technologies and new ways to work now employees apps and networks are everywhere this means poor visibility security gaps and added risk that's why cloud flare created the first ever connectivity cloud visit cloud flare dot com to protect your business everywhere you do business this episode is brought to you by FedEx FedEx knows running a small business is hard enough without the hassle of shipping that's why there's FedEx one rate with FedEx one rate you can ship your holiday packages cheaper than the post office for as low as 1450 for small boxes visit FedEx dot com slash one rate for details exclusion supply valid through January 19 2025 FedEx one rate two-day retail shipping one flat rate and that's the cyberwire we are proudly produced in Maryland by our talented team of editors and producers I'm Dave Bitner thanks for listening and now a word from our sponsor NordPass NordPass is an advanced password manager from the team behind Nord VPN designed to help keep your business safe from data leaks and cyber threats it gives your IT professionals control over who has access to your company's data and makes it easy for everyone else on your team to use strong passwords right now you can go to www.nordpass.com/cyberwire for 35% off the NordPass business yearly plan don't miss out on that (gentle music) (gentle music)