Julian Assange is out of the embassy and in custody. Pyongyangs HOPLIGHT. Operations SneakyPastes. Incident response planning blues. High school jam.
Julian Assange is out of the Ecuadoran embassy and in British custody. He's been found guilty of bail jumping and will face extradition to the US on charges related to conspiracy to release classified material hidden Cobra is back with the new Trojan hop light. Kaz Persky describes operation sneaky pastes. IBM security finds organizations don't exercise incident response plans and to New Jersey high school boys are in trouble for jamming Secaucus, highs wifi. And now a word from our sponsor extra hop the enterprise, cyber analytics company, delivering security from the inside out prevention based tools leave you blind to any threats inside your network by adding behavioral base network. Traffic analysis to your sock you can find and stop attackers before they make their move. Extra hop illuminates. The dark space with complete visibility at enterprise scale detects threats up to ninety five percent faster with machine learning and guided investigations that helped tier one analysts perform like seasoned threat, hunters, visit extra hop dot com slash cyber to learn why the sans institute calls extra fast and amazingly thorough a product with which many sock teams could hit the ground running. That's extra hop dot com slash cyber. And we thank extra for sponsoring our show. Round the cyber wire studios data tribe. I'm Dave bittner with your cyber wire summary for Thursday, April eleventh twenty nineteen the big story today is about WikiLeaks founder Julian Assange Ecuador ejected him from its London embassy early this morning, citing repeated violations to international conventions and daily life protocols. The international conventions Ecuador says he violated involve abuse of their hospitality to engage in actions. Ecuador says are designed to undermine its government the complaint about daily life protocols involves ways in which the embassy staff increasingly found, Mr Assange pain to live with during his seven years in residence. The years have no doubt been difficult ones in certain respects. That's what Mr. Sanjay's colleagues at WikiLeaks, say confinement lack of sun few visitors and so on and indeed he didn't look. Good. When London police escorted him in handcuffs from the embassy grounds. He now sports big Saint Nicholas style white beard for one thing. But then he is older and time is the fire in which all of us burn. He gamely smiled for the cameras and gave the reporters a big thumbs up. And he also held a copy of gore Vidal's history of the national security state. Mr Assange was arrested by the metropolitan police for bail jumping homeland secretary. Sajid JV tweeted, quote, I can confirm Julian Assange is now in police custody and rightly facing Justice in the UK other official British reaction has been equally starchy foreign secretary. Jeremy hunt said he has hidden from the truth for years and years, and it's right. That is future should be decided in the British judicial system the big legal problem. Mr Assange faces isn't just a bail skipping beef. The kind of thing that might be resolved on reality TV by dog. The bounty hunter, nor is it likely to be his now closed dust up with Sweden's legal system. Although that one was a more serious matter. He had faced sexual assault charges in Sweden. These have been dropped but could be reopened. If Swedish authorities found cause to do. So Mr Assange says that the whole thing was a frame up. Anyway, probably an American Honey trap. It was the prospect of facing Swedish Justice, however that led him to the UK and the embassy of Ecuador in twenty twelve more serious still and more likely is the prospect of being extradited to the United States. It has long been thought based on an apparently inadvertent failure to fully redacted related indictment that Mr Assange would be charged in the US. That's now confirmed the US Justice department unsealed an indictment shortly after Ecuador's showed Mr Assange the door. He's charged with one count of conspiracy to release classified information the alleged conspiracy. With former US army specialist Bradley now Chelsea Manning. Just as says that if convicted Mr Assange could face five years in prison for now, it's just the one charge. But the Justice department is indicating that more could well be added he faced his first hearing at a Westminster magistrate's court where District Judge Michael snow through the book and some tough love him for skipping out on bail the defense claim that the face of WikiLeaks hadn't had a fair hearing to begin with. But judge snow was having none of it. The judge said, quote, Mr Assange is behavior is none of a narcissist who cannot get beyond his own selfish interests. He hasn't come close to establishing reasonable excuse. And quote, thus a quick finding of guilty. Mr Assange will remain in custody until sentencing at some later time in the south Crown Court. He could face up to a year's detention at Her Majesty's pleasure. He'll also remain in custody through the extradition hearing. That will decide whether he's turned over to the US for trial there reporters present in court noted that Mr Assange continued to read Mr. Vidal's history of the national security state while he waited for his lawyers to show up. Russia's government denounced the arrest as a strangling freedom, and it must be conceded that on that topic at least Moscow speaks from deep and direct experience. But perhaps it's only fair to regard the Kremlin's concern as a disinterested commitment to personal liberty and journalistic rights since Russia has said it has nothing to do with WikiLeaks. Mr Assange is other supporters objected the arrest as illegal seeing him as a journalist and transparency activist whose arrest represents an assault on journalism itself. The story is rapidly developing. We'll continue to follow it as it does. Turning to other matters cisa the department of homeland security's cybersecurity and infrastructure security agency has issued a joint homeland security. FBI malware analysis report on the hop light Trojan, which is attributed to North Korea's hidden Cobra also known as the Lazarus group. It's in use around the world. The report says and isn't focused on any restricted set of targets. It also uses a proxy app to obscure its connections with its command and control server. The report says hop light is a fairly powerful backdoor Trojan. Some say this is a time of exceleron convergence in cyber security with increasing opportunities to combine signals from different sources for a clearer picture of what's going on MAURICE singleton is a founding member of security firm vid- sys where they're seeing the intersection of physical and IT security. We're talking about. Out technology, such as social media are inflammation in real time. As there's another fact we're talking about our assess feeds folks are constantly. Getting real time updates about what's going on in and around their environments and from again, various different sources cellphone data computer data center. Data smart inflammation, coming from centers that building management systems temperature sensors, for example, flood sensors for monitoring, the rain even centers monitoring chemicals in the air. All of his information is now being blown into one central source where you have folks to determine is Phil or thoughts. And can you give me an example of how in the real world? This would play out as a situation where having this blend of information really puts you in a better position does take against. A security person center there monitors out in Arment chemical detection, one of those sensors might go off which may indicate that something's happening could be a false. Right. And so if you have that sense across the of in quick -ly had the video presented in the area to determine is there any activity that might mend itself to verify validating. But this is real situation or incident. That's so they get multiple aspects of what's happening at the same time. They might get a von call that says someone's that feeling well, and again it could be in vicinity where that chemical detection offs. So now, they have voted that adds to the revocation of that particular incident that's been reported to track things like social media chatter. People are talking about an incident online as well. There you go exactly. So people now are on their smartphones for, hey, wait a minute. I just saw you know, some books to begin distress. I myself might be feeling effects of not feeling. Well, you may have chatter on the public safety radios. That's now. We're being dispatched for sure Saunders. Get all of that information is relevant to the ticket situation. That incident at the time that now could be brought in to give better situation awareness and also contribute to the response in action, and defined this scenario where we're folks are lagging people tend to think of physical security physical security in IT is IT. Actually, we're really starting to see the taking that convergence again, you have your physical security. IT folks while they may have separate emissions those responsibilities. They are starting to see those touch points are incidents that are basically two incidents in their cyber attacks. For example, cannot just be we made it to some more time to Atkin to compete for. Could be somewhat trying to buy expense as well. So there's comes at burgeon that information on the same response that he's taken to address. That's Marie singleton from bid SIS. Kaspersky which yesterday described the activities of Taj Mahal now describes an operation by the politically motivated Gaza cyber gang group. One Kaspersky calls the operation sneaky pastes. This operation is rated as far less sophisticated than anything seen in Taj Mahal, but potential victims most of them in and around Israel and the Palestinian territories should be alert for the spearfishing. The group is said to employ Kaspersky labs summarizes the principal. Target set as embassies government entities, education media outlets. Journalists activists political parties or personnel, healthcare and banking. Finland's election results. Reporting system sustained a denial of service attack this week. Authorities are investigating but there is so far. No attribution Finland votes. This sunday. Denial of service would affect the reporting of results by the press and probably not vote tallies themselves still finish thirties are concerned about maintaining public confidence in the election. There's widespread agreement that incident response plans are a security essential. It's therefore dispiriting that an IBM security study should find that over half of the organizations that have such plans never get around to exercising them. And finally a couple of teenagers. In New Jersey are in big trouble with the law for jamming the WI fi at Seacaucus high school are north jersey desk, by the way insists that we use the old school local pronunciation Seacaucus as opposed to the trendy Secaucus favored by recent arrivals who lack knowledge, but do watch football games. Over at the Meadowlands. Any who the Seacaucus utes both freshmen at Seekonk is high. We're running a wifi jamming on demand service, apparently with the do motive of helping out some of their broS and girlfriends who would have rather not taken exams, and of course, getting some lows the two unnamed boys will appear at family court in Jersey City at some undetermined future date to give an account of themselves. The attack was a Dido. They would flood the school's wifi routers to render service in excess -able nj dot com. Talked to a junior girl in a position to know who told them on background quote. He was doing it to get. Out of tests and stuff like that. One of the boys was also doing it for his friends. So she wouldn't have to take a test during the class. It was a big prank really in quote A students leave those wildfires alone. And if you're listening to us in Hudson county, New Jersey, we'd just like to close with go patriots. Now a moment to tell you about our sponsor observe it. The greatest threat to businesses today isn't the outsider trying to get in. It's the people you trust the ones who already have the keys, your, employees, contractors and privileged users. In fact, a whopping sixty percent of online attacks today are carried out by insiders can you afford to ignore this real and growing threat with observe it. You don't have to see most security, tools, only, analyzed computer network or system data. But to stop insider threats you need to see what users are doing before an incident occurs observe it. Combat's insider threats by nibbling your security team to detect risky activity, investigate in minutes, effectively respond and stop data loss. Wanna see it in action for yourself? Try observe it for free. No installation required. Go to observe it dot com slash cyber wire. That's observe it dot com slash. Cyber wire, and we thank observant for sponsoring our show. And joining me once again as Jonathan Katz. He's a professor of computer science at the university of Maryland. And also director of the Maryland cyber security center. Jonathan is great to have you back sort article from the I triple E spectrum publication. This was written by mckell Diack off. And it's called the case against quantum computing. The proposed strategy relies on manipulating with high precision and unimaginably huge number of variables. And I think this gentlemen, admits that he's kind of in the minority with his pessimism. Here. What do you make of this? Well, I think we know there's a lot of excitement about quantum computing. And it's been studied lift from a theoretical point of view for couple of decades now and people are excited, or maybe even worried about it from a security point of view, because we know that a thrown as a general purpose large scale quantum computers are belt, they would be able to break all the public cryptography. That's currently being used on the internet. So that would be certainly quite devastating. And there are a lot of. People now trying to experimentally realized quantum computers not only with an academic. But also with an industry now, I take you know, his article I appreciate where he's coming from. I think it's certainly worth having some skepticism here. But I think he's really being overly pessimistic to say that it can never possibly be realized seems to be extreme certainly it may take longer than people think, but the seems to be no fundamental physical review. Why we shouldn't be able to build these quantum computers. Yeah. You know? I I hear folks saying that on the on the optimist side, it could be five to ten years. And then I heard other people say it's kind of like the joke about fusion energy that it's always twenty years away. No matter when you ask. Somewhere in between there. Well, actually, I just gave a talk where someone jokingly that the best case scenario from the point of view research would be if it's five years away for the next twenty years. Keep on getting funded for working there you go. What I will say if that it's very unclear what the time line is. I've actually just recently part of team that was working on putting together a white paper to actually try to come up with them concrete estimates for how long we think it would take to build a quantum computer capable of factoring the numbers that are being used for modern public cryptography. And really the the at the end of the day. The result was we just don't know a lot of theoretical work. That's being done doesn't take into account various railroad constants in real world constraints that people would have to consider and building a quantum computer. And so fundamentally reduced don't quite know yet. How these things are going to behave when you start building them in the real world. Now, people are starting to build smallest Cal quantum computers. Google and Microsoft have shown examples of this. And I think that's why the research has important the goal of the research is to exactly see what happens when you start building these things and the other thing I like. Think about always a quote, actually or an operation I should say made by Scott Aronson that he's made repeatedly is that if we if there's some fundamental reason that we aren't aware of yet for why quantum computers cannot be built the now would represent an advance in our understanding physics that at there's something about quantum physics that we currently don't understand. And so from that point of view, it would kind of be a win either way. Either. Learn something new about physics or we can build these computers. But I've I earlier seems to be no fundamental reason. Why we can't it seems to me just an engineering task at this point in. What is the threshold by which you all consider a quantum computer to be practical thing and not just something to be running in a lab. Well, it depends on what you're trying to do. So there are these quantum computers that are already being commercially produced. But for example, by the delay of company, which I thought was mentioned in the article now that computer is not with some people would call it true quantum, computer? It's relying on certain aspects of. Of quantum machinery, but not others. And so in particular, it doesn't allow you to break modern public crypto, but it doesn't allow you to have other problems. And so again, kind of depends on what exactly you're looking to to do with the quantum computer? If you looking to attack public cryptography, they need a number of cubits to be able to run this algorithm called Shore's algorithm gain if that's your only goal, and that would be what you're trying to optimize for time will tell right Jonathan Katz. Thanks for joining us. Thank you. And that's the cyber wire links to all of today's stories. Check out our cyber wire daily news brief at the cyber wire dot com. Thanks to all of our sponsors for making the cyber wire possible, especially are supporting sponsor observe it. The leaving insider threat management platform. Learn more at observe it dot com. The cyber wire podcast is proudly produced in Maryland out of the startup studios of data tribe for their co building the next generation of cyber security teams. And technology are cyber wire editor is John Patrick social media editor Jennifer Ivan technical editor, Chris Russell our staff. Writer is Tim no, Dr executive editor Peter Kilby, and I'm Dave bittner. Thanks for listening.