Learn more about your ad choices. Visit megaphone.fm/adchoices
you're listening to the cyberwire network powered by N2k this is the energy of electrification available type S high performance variant nearly 500 horsepower and 278 mile EPA range range choose from our complimentary charging packages so you can charge how you want the all-electric Acura ZDX this is the energy of innovation Acura precision crafted performance this your local accurate dealer to lease the all-electric ZDX for three hundred eighty nine dollars a month hey everybody Dave here I want to talk about our sponsor legal zoom you know I started my first business back in the early 90s and oh what I would have done to have been able to have the services of an organization like legal zoom back then just getting all of those business ducks in a row all of that technical stuff the legal stuff the registrations of the business of the taxes all of those things that you need to go through when you're starting a business the hard stuff the stuff that sucks up your time when you just want to get that business launched and out there well legal zoom has everything you need to launch run and protect your business all in one place and they save you from wasting hours making sense of all that legal stuff launch run and protect your business to make it official today at legal zoom calm you can use promo code cyber 10 to get 10% off any legal zoom business information product excluding subscriptions and renewals that expires at the end of this year get everything you need from set up to success at legal zoom calm and use promo code cyber 10 that's legal zoom calm and promo code cyber 10 legal zoom provides access to independent attorneys and self-service tools legal zoom is not a law firm and does not provide legal advice except where authorized through its subsidiary law firm LZ legal services LLC ISIS remains undeterred and defiant in cyberspace anti-ISIS hacktivist strike BBC and Trump's campaign Turkish hacktivist versus Russia Russian cyber operators versus Ukraine's power grid and intelligence services seek to improve cooperation against terrorist threats I'm Dave Bittner in Baltimore with your cyberwire summary for Monday January 4th 2016 ISIS returns to the Internet with defiant videos showing no signs of having been slowed down in cyberspace by either government action or worldwide revulsion they've also got a new spokesman who said to be menacing and they've increased the presence of children in their inspirational and recruiting clips Twitter's crackdown on hate tweet is surely directed in part against dash but Isis social media operators have shown considerable resilience in the past with the ability to cycle rapidly through accounts governments are experiencing some success and criminal investigations of Isis inspired terror as the UK convicts some plotters the US arrests and alleged adjunct to the San Bernardino massacre French authorities appear to derive significant clues about the Paris attacks from phone data security services in Europe led by German police and intelligence agencies continue to pursue closer collaboration they face among other challenges analytical ones as obvious as the Isis general line may be analysts are finding it difficult to reach ground truth in the details of jihadi plans and policies bogus leaks seem to be clouding the operational picture some Isis sympathizers are attempting to use PayPal vulnerabilities to channel funds to dash security researcher Brian Krebs is among those noticing attempts on their accounts anti Isis hacktivist continue to display either scatter shot aim or willingness to attack a diverse set of targets one group new world hacking possibly aligned with anonymous claims responsibility for last week's DDoS operations against both the BBC and Donald Trump's campaign for the US presidency the BBC operation was they say just a test with no harm intended the Trump attack was directed against his rhetoric specifically those statements new world hacking regards as anti-muslim both attacks were short lived in their effects Turkish hackers either patriotic hacktivist or state sponsored actors probably the former deface Russian foreign ministry accounts as tensions between the two countries remain high Ukraine investigates a cyber campaign against its electric grid which Ukrainian intelligence services unambiguously blame on Russia ESET links the hacks to black energy especially its kill disk tool joining other tech leaders Microsoft announces it will henceforth warn users of state sponsored activity it detects around their accounts this episode is brought to you by JCPenney the holiday season is here and at JCPenney everybody gets more like for your loved one designer perfumes from Versace or Carolina Herrera or the exclusive messy fragrance for the foodie in your life a cast iron Dutch oven or cured coffee maker or for the kids all the toys they love from Disney Barbie lego and more JCPenney make it count shopping store or online and now a word from our sponsor no before it's all connected and we're not talking conspiracy theories when it comes to info sec tools effective integrations can make or break your security stack the same should be true for security awareness training no before provider of the world's largest library of security awareness training provides a way to integrate your existing security stack tools to help you strengthen your organization security culture no before's security coach uses standard API's to quickly and easily integrate with your existing security products from vendors like Microsoft CrowdStrike and Cisco 35 vendor integrations and counting security coach analyzes your security stack alerts to identify events related to any risky security behavior from your users use this information to set up real-time coaching campaigns targeting risky users based on those events from your network endpoint identity or web security vendors then coach your users at the moment the risky behavior occurs with contextual security tips delivered via Microsoft Teams slack or email learn more at no before dot com slash security coach that's no before dot com slash security coach and we thank no before for sponsoring our show shopping Black Friday this year make sure you stack 5% cash back on top of those deals with your PayPal debit card is this TV still on sale thank you before you shop pick your monthly category in the app I'm picking tech but you can pick from others like clothing or beauty when you shop you can get 5% cash back on top of the discounts you're already getting in your monthly category up to $1,000 spent it's pretty wild turn Black Friday into Stack Friday this year with PayPal terms and limits apply c terms PayPal dot com slash rewards pal the PayPal debit MasterCard is issued by the Bank Corp Bank NA pursuant to a license by MasterCard International Incorporated imagine this your primary identity provider goes down whether it's a cloud outage network issue or even a cyber attack suddenly your business grinds to a halt but what if it didn't have to meet identity continuity from strata the game-changing solution that keeps your business running smoothly no matter what whether your cloud IDP crashes or your on-prem system faces a hiccup identity continuity seamlessly shifts authentication to a secondary or even tertiary IDP automatically and without disruption powered by the maverick's identity orchestration platform identity continuity uses smart health checks to monitor your IDP's availability and instantly activates fail over strategies tailored to your needs when the coast is clear it's a seamless switch back no more downtime no lost revenue no frustrated customers just continuous secure access to your critical applications every single time protect your business from the high costs of IDP outages with identity continuity from strata downtime is a thing of the past visit strata.io/cyberwire to learn how strata's identity continuity can provide seamless enhanced capabilities to your existing identity fabric and receive a free set of AirPods Pro Join me is John Patrick editor of the Cyberwire John let's talk hacktivism it comes up in the cyberwire fairly regularly so what is hacktivism well you know what hacking is right of course so hacking is what well hacker is someone who you know looks for and exploits weaknesses and computer systems or networks and typically someone who does that illegitimately or illegally okay that's a hacker that's hacking now there can be white hat hackers who are legitimate vulnerability researchers and they're gonna be black hat hacker is usually when people say hacker they're typically talking about a black hat so what's a hacktivist the role kinds of people who take action against computer systems and networks and they can be distinguished classified by their motivations so for example a state intelligence service might hack for purposes of espionage a cyber criminal has obvious criminal motives what are they doing they're looking to steal identities they're looking to steal money they're looking to extort ransoms things like that a hacktivist is someone who isn't motivated by money and who's not directed by a state so a true hacktivist is motivated by political or religious or ideological considerations that's a hacktivist what's the general view of hacktivist are they looked upon as being a force for good or or or good force for bad or does it depend it depends on what you mean and if you look around the world you'll see different hacktivist riots cyber riots going on all the time there are a lot of there's a lot of cyber writing for example in South Asia and you see what people call patriotic hacktivism going on with people swapping hacks between Armenian and Azerbaijan II. Discard me what do you mean by a cyber riot what is that? A cyber riot is when you have it's like a riot in physical space except it's conducted in cyberspace so what's a riot like it's when you've got a lot of disorganized people running around breaking things looting causing disorder that's a riot and a cyber riot is doing that in cyberspace so if you've got a lot of people all of a sudden defacing websites breaking to databases things like that and they're not doing it for any kind of obvious criminal motivation or for any kind of obvious under any kind of obvious central state direction that's probably a cyber riot and it's blurry because just as you have people who riot to protest or to break things you've also inevitably got the people who are running along behind the other rioters looting from stores the same thing happens in cyber rioting. Is the mission to do harm or is the mission to get attention generally? Classically the mission is to get attention so a very common form of hacktivism is the website to facemit when people talk a lot about ISIS as a cyber threat it's not really a high-grade cyber threat it's very unlikely that ISIS for example is gonna break into the American electrical power grid and shut down a bunch of nuclear power generation stations that that's really unlikely in the extreme what does happen is you find small poorly protected targets that someone who's sympathetic to ISIS will deface a web page and it will say hack by ISIS or we support the Khalifa some message like that that's a typical kind of hacktivist move and that explains also why so many small media markets and municipalities in the American Midwest seem to have attracted the attention of ISIS hacktivists why because they're low-hanging fruit they generally tend to be not particularly well-resourced and not particularly strongly defended so John what's the history on hacking I mean when we look back to to do the beginnings is there are there any are there any notable stories that that stand out you know hacker hacking or a hack in the broadest sense is something that refers to somebody who attains a detailed inside working understanding of how some software hardware works so people years ago used to call that a hack if you figured out how to do something with a piece of hardware software and that usage persists today you see it even an expanded usage in things like life hacking the guy who will post a video to YouTube showing you how you can take your microwave popcorn bag and turn it into a bowl so you don't need a bowl to serve your popcorn well that's a life hack and there are people who talk about that but as far as an operation against a non-cooperating information technology system I think you go back to the 1970s when there were the famous phone freaks at that time spelled with a pH and these were people who figured out ways of manipulating the early telecommunications switches through making certain tones and the urban legend that may for alino be true that if you blew the toy whistle from a cap and current cereal box into your telephone the bell system would let you make a long distance phone call for free that's an example of phone freaking and if you look at today's hackers they're probably the lineal spiritual descendants of the old phone freaks from the 70s interesting John Patrick editor of the cyberwire thanks for joining us we'll talk again soon the IT world used to be simpler you only had to secure and manage environments that you controlled then came new technologies and new ways to work now employees apps and networks are everywhere this means poor visibility security gaps and added risk that's why cloudflare created the first ever connectivity cloud visit cloudflare.com to protect your business everywhere you do business. The Yeti store has so many great gifts we had to hire a catal auctioneer to make the most of these next 30 seconds. Alright folks let's get started with the Eddie French Press and George Calvin there's days high for hours in a French press 34 ounce for you 64 for the cruise the Eddie French press but mixed waterproof bags bags waterproof some merciful waterproof doubles waterproof bag bags for us most of the waters to get a waterproof Yeti bag I smell something cooking all new cast iron skillets made to be passed down like mama's recipes take a steak corn big cottage by pine potatoes next level with three sizes yeti cast iron skillets gear gifts and product experts visit the Yeti store at Cherry Creek North today and that's the cyberwire we are proudly produced in Maryland by our talented team of editors and producers I'm Dave Bittner thanks for listening and now a word from our sponsor NordPass NordPass is an advanced password manager from the team behind Nord VPN designed to help keep your business safe from data leaks and cyber threats it gives your IT professionals control over who has access to your company's data and makes it easy for everyone else on your team to use strong passwords right now you can go to www.nordpass.com/cyberwire for 35% off the NordPass business yearly plan don't miss out on that (gentle music) [BLANK_AUDIO]