NSA contract worker arrested with classified material. TalkTalk gets a record data breach fine. Yahoo! surveillance story's still murky. Thoughts from AUSA on cyber innovation and information warfare.

Dave Bittner: [00:00:03:17] The FBI has arrested an NSA contract worker. TalkTalk gets a record fine for its 2015 data breach, £400,000, which comes to a hundred thousand hackerweight Yahoo! Email surveillance allegations amount to a story that's still murky and anonymously sourced. And the AUSA Meeting and Exposition closed yesterday with a look at 2013, warnings of Russian information operations, and considerations of how the US Government can keep pace with industry innovation.

Dave Bittner: [00:00:37:11] Time to tell you about our sponsor ClearedJobs.Net. If you're a cybersecurity professional and you're looking for a career opportunity, check out the free Cyber Job Fair on the first day of CyberMaryland, Thursday, October 20th, at the Baltimore Hilton. Hosted by ClearedJobs.Net, a veteran owned specialist at matching security professionals with rewarding careers. The Cyber Job Fair is open to all cybersecurity professionals, both cleared and non-cleared. It's open to college students and cybersecurity programs too. You'll connect face-to-face with over 30 employers, like SWIFT, DISA, and the Los Alamos National Laboratory. You can also tune up your resume and get some career coaching (all of it's free) from career expert and Air Force veteran, Patra Frame. To learn more visit clearedjobs.net and click job fairs in the main menu. Remember that's clearedjobs.net and we'll see you in downtown Baltimore. And we thank ClearedJobs.Net for sponsoring our show.

Dave Bittner: [00:01:39:15] I'm Dave Bittner, in Baltimore with your CyberWire summary for Thursday, October 6th, 2016.

Dave Bittner: [00:01:45:15] Today seems to be a day of crime and punishment. The FBI has arrested an NSA contract employee and entered a criminal complaint against him for theft of government property and unauthorized removal and retention of classified documents or material. The man arrested, Harold Thomas Martin, was employed by Booz Allen Hamilton. He goes by the nickname Hal, and he's been fired. The Bureau executed a search warrant against Martin's home and vehicle, where they found documents and material that was either highly classified. Reports say that some was Top Secret SCI, that is, Sensitive Compartmented Information, which if, the reports are borne out, would make the material very highly classified indeed. Or that were marked as government property. Observers point out, amid the inevitable widespread speculation surrounding the case, that taking this kind of stuff home isn't something one does inadvertently, in say a fit of abstraction. They also observe that doing this sort of thing usually represents a pattern of behavior and not a one-off, one-time act.

Dave Bittner: [00:02:47:08] The complaint the FBI filed with the United States Court for the District of Maryland states that, when the Bureau searched Martin's vehicle and residence in Glen Burnie, Maryland on August 27th of this year, they found classified material in both hard-copy and digital forms. The digital information was found stored, the complaint says, on a variety of removable media. At the time the complaint was filed, at least six of the documents were found to contain matter "properly classified" at the Top Secret level, and that was apparently obtained from sensitive intelligence produced in 2014. Disclosure of the documents are said to risk compromising intelligence sources, methods, and capabilities.

Dave Bittner: [00:03:26:16] Reports in the New York Times and elsewhere, mention the possibility that among the classified material the FBI found in Martin's possession was software. There's much speculation that Martin had been working for Russia's SVR as a mole, and that he may have been connected with the Shadow Brokers' compromise of Equation Group tools, but the story is still developing and these conclusions are premature. It's also important to note that Martin is entitled to the legal presumption of innocence, even though the complaint says he admitting knowing that he'd done something wrong. A statement from Martin's lawyers reported in the New York Times seems to foreshadow his likely defense. “We have not seen any evidence, but what we know is that Hal Martin loves his family and his country. There is no evidence that he intended to betray his country,” thus, no intent. The markets regard the arrest, of course, as a black eye for Booz Allen Hamilton. The company's stock closed down 3.78% yesterday.

Dave Bittner: [00:04:23:02] In the UK, it's also courts, but in this case torts: TalkTalk has received a record fine, £400,000, for what Her Majesty's Government regards as negligent security practices that led to a significant breach. High-Tech Bridge CEO Ilia Kolochenko believes the fine, while a record, may be relatively minor compared to other consequences of the breach for the British telecom company. He told the CyberWire that, "£400,000 is a very small amount in comparison to other financial losses for TalkTalk caused by the breach." He noted that one of the most expensive aspects of the incident may be a dramatic cost increase in new customer acquisition. Companies find the reputational damage of a major breach makes it more expensive to attract and hold new customers.

Dave Bittner: [00:05:11:03] The story of Yahoo!'s alleged complicity with Government surveillance now seems more complex than earlier reports would have suggested. After initially responding to inquiries concerning the allegation with bland assertions of being law-abiding, Yahoo! Has denied giving up customer emails in bulk to the US Government. It's unclear exactly what Yahoo! Did beyond compliance with court orders, and many note that Reuters' sources anonymity isn't helping. The story continues to develop, and observers are calling for more details before they're willing to move to judgment.

Dave Bittner: [00:05:44:15] Bitcoin, and the Blockchain technology that it's built on, are a hot topic in cybersecurity. Peder Muller is an annalist at Novetta, and they're teaming up with Chainalysis to host a special event at the Jailbreak Brewery in Laurel Maryland, coming up on October 17th. The CyberWire is a media sponsor for the event. And we spoke with Peder Muller to get a preview of his presentation.

Peder Muller: [00:06:05:22] People are hearing the buzz. They're hearing Blockchain, now what does that mean? And they certainly have heard Bitcoin. And even more certain is I don't think they realize the link between Bitcoin and Blockchain. And that link is that, you know, Blockchain is, as I believe, a revolution, a whole new paradigm shift in the way we move data and store data, and the way we think about IT and coding, in general. But, we will make people know that around here locally, there's definitely a market for it and there are larger companies that are interested in tackling that. And it's not just about building stuff, but it's about educating the locals about what's happening in tech and Blockchain is definitely something that is happening in tech.

Dave Bittner: [00:06:50:08] So, what are some of the areas where Blockchain is happening?

Peder Muller: [00:06:53:19] Well, obviously in finance. I mean, Bitcoin, as people will see in my presentation, Bitcoin is probably the most famous example of Blockchain, or infamous, depending on who you're talking to. But, Blockchain has a lot of other implications, like, for instance, in voting, in healthcare, perhaps in logistics, assets tracking. Blockchain isn't just a matter of coding something so you get a Blockchain. Blockchain is a way of thinking. Blockchain can be applied to so many different areas in our world, and especially now with Smart Contracts. You know, we're talking about Blockchain 2.0, distributed to autonomous companies and organizations. These are whole new ways of dealing with things, that takes some of the human bias out of our everyday decisions and puts them into code, specially talking about the Therium here.

Peder Muller: [00:07:44:24] These decisions are made in code, and that has huge implications for intellectual property and contracts between people like, for instance, Escrow. All this can be done in code and then that saves costs. It saves time. It doesn't require trusts. That's one of the big things, Blockchain's trustless. There's so many places Blockchain can be used, and I think the human imagination is really all that blocks it from, no pun intended, blocks it from going into certain areas. If you can think it, and apply a Blockchain, you can probably do it.

Dave Bittner: [00:08:21:08] So, who are the people who should come to see this presentation? Who are you targeting?

Peder Muller: [00:08:26:00] So, I am targeting everyone from the 'What is Bitcoin?', have never seen Bitcoin before, all the way up to the Gavin Andresen types. I would like to have the super pros there to sharpshoot it. We need people to say, "Yeah it's great, but." And I'm hoping that we can turn the talk into a discussion. We're going to have Q&A afterwards, and if that Q&A turns into a little bit of a light argument, that's fine. That's what makes Blockchain better. That's what fosters ideas into the blockchain world that we can work on.

Dave Bittner: [00:08:57:09] That's Peder Muller from Novetta. His presentation on Blockchain is coming up at a special event this October 17th at the Jailbreak Brewery in Laurel, Maryland.

Dave Bittner: [00:09:08:21] The CyberWire spent the first three days of this week at the Association of the United States Army's 2016 meeting and exposition. You'll find full accounts of what we learned on thecyberwire.com, but we will mention two overarching themes that touch on cyber matters. Both came from the Institute of Land Warfare Contemporary Military Forum. First, many experts consider Russia and the US to be engaged already in an information war. Peter Singer, a strategist at New America, observed that Russia invented information warfare, and that, unlike the US, Russia doesn't conceive of information warfare in narrowly military terms. "The goal of Russian information operations is not to make people love Russia, but rather to disrupt, and create distrust. This feels new to us, but it goes back at least as far as Stalin's day."

Dave Bittner: [00:09:59:20] To keep pace with threats in cyberspace, the US Army's Cyber Command is trying to build a new culture of innovation so that it won't see what General Frost characterized as a "clock speed mismatch" between itself and industry. That new culture, Cyber Command boss General Cardon said, would be one that took the formulation and posing of problems as its central task. "We should," General Cardon said, "be in the problem business." Look for more reports on AUSA and cybersecurity in tomorrow's CyberWire.

Dave Bittner: [00:10:30:18] And, finally, we're happy today to be able to mark a milestone of our own. Our sister publication, the CyberWire Daily News Briefing, today published issue number 1000. On behalf of all of us at the CyberWire, thanks for subscribing and thanks for reading. We're looking forward to our next thousand issues.

Dave Bittner: [00:10:52:03] Time to take a moment to tell you about our sponsor Netsparker. When you want automated security, you want it to be (wait for it) automatic. Netsparker delivers truly automated web application security scanners. It can be surprisingly labor intensive to scan websites, and other solutions need a lot of human intervention. To take one example, with other scanners, you have to configure URL rewrite rules to properly scan a website. Not with Netsparker. They say it's the only scanner that can identify the set up and configure its own URL rewrite rules. Visit netsparker.com to see how Netsparker's no false positive scanner frees your security team to do what only humans can. And don't take their word for it. If you'd like a free trial, go to netsparker.com/cyberwire for a 30 day, fully functional version of Netsparker Desktop. Scan your websites with no strings attached. That's netsparker.com/cyberwire. And we thank Net Sparker for sponsoring our show.

Dave Bittner: [00:11:52:14] And I'm joined once again by Joe Carrigan. He's from the Johns Hopkins University Information Security Institute. Joe, you know, old guys like me, I find that my tendency when it comes to storing my data, is that I wanna have everything local. I wanna have everything on my PC.

Joe Carrigan: [00:12:08:13] Right, you like ownership of it.

Dave Bittner: [00:12:09:18] I like ownership of it. My music, my documents, my pictures. But I'm starting to give in to the allure of the Cloud.

Joe Carrigan: [00:12:19:02] Right. I'm very much the same way as you. My computer at home, that I've talked about before, has actually a little RAID array in it, just a RAID 1, which means that it's got two one-terabyte hard drives that house all my data. And the data is duplicated across those two drives. Recently, I've actually gone ahead and purchased the Microsoft Office Home and Student plan. That comes with a terabyte of Cloud storage from Microsoft on their product called OneDrive. I have started backing up my data to the Cloud, but I don't view this as where my data lives. I still think of this as my data living on my machine and being backed up on first, my RAID array, and second in the Cloud. You were telling me earlier about your son.

Dave Bittner: [00:13:06:04] Right, yeah, we were upgrading a computer recently and I was transferring user accounts to a new home computer, and I said to my son, "Son, you have, you know, 350 gigabytes of stuff here on your account, that's too much. I can't transfer all that over. What do you want me to do?" And he said, "Oh, just get rid of it all. All my stuff's in the Cloud. I don't need anything local." And I was like "What?"

Joe Carrigan: [00:13:26:21] He doesn't think that way, right?

Dave Bittner: [00:13:28:15] Well, right. I think that's the paradigm shift, right?

Joe Carrigan: [00:13:31:03] Exactly. That people are starting to think of their data as living in the Cloud and having somebody else take care of it, rather than being responsible for it themselves.

Dave Bittner: [00:13:40:07] But, I guess the flip side of that is, and of course, this being a cybersecurity show, is when you're putting your stuff in the Cloud, it's out there and there's the possibility that other people could have access to it.

Joe Carrigan: [00:13:49:15] There is that possibility. So, again, the same thing I always say, is strong passwords, strong passwords, strong passwords. I can't emphasize that enough. I don't even know what my password is to my OneDrive account. It's a string of random characters that my password manager generates and I just copy it and paste it in. And, when I have to do it on my phone, yeah, it's a little bit of a task to enter a 20 character random password through the keyboard that comes up on your phone, but I'm willing to make that trade off, because I don't want somebody to get access to my documents. I don't want somebody to be able to read all of anything I might be working on or thinking about.

Dave Bittner: [00:14:29:10] Alright, good advice. Joe Carrigan, good talking to you.

Joe Carrigan: [00:14:31:23] My pleasure.

Dave Bittner: [00:14:35:00] And that's the CyberWire. Thanks to all of our sponsors, who make the CyberWire possible. The CyberWire podcast is produced by Pratt Street Media. Our editor is John Petrik. Our social media editor is Jennifer Eiben, and our technical editor is Chris Russell. Our executive editor is Peter Kilpe and I'm Dave Bittner. Thanks for listening.