Executive Cyber Intelligence Bi-Weekly Report - September 1, 2015

​

ISRAEL

The Israeli Ministry of Education to offer cyber studies for high school students

Israeli high school students will be able to major in cyber studies in the coming school year. The new program will begin in 20 high schools nationwide, and the ministry plans to expand it in the future. Students who choose to major in cyber studies will study five disciplines: information and communication technologies; information retention, sharing, and development; Internet and social media; information and informatics; and foreign languages in the cyber sphere. The program will teach a variety of skills, including data mining, information security, and information analysis. In addition, the Education Ministry has also decided to expand the Cyber Defense Studies Program, a pilot program launched in 2012 in collaboration with the IDF's cyber command. The program will begin in the 2015-2016 school year, and is being promoted as part of the ministry's efforts to boost technological education.

US and CANADA

US officials: Chinese secret agents in US spikes

The number of Chinese government secret agents in the US has spiked in the last several months and is now in the double digits, according to US officials. The agents are from the Ministry of Public Security, China's security service. US officials charged Wednesday that the increase suggests China lacks concern for US laws. It would also not be surprising if there are Chinese law enforcement agents on the ground of whom the US is not aware, officials said. The agents enter the US on tourist and business visas and do not report their presence to the authorities as required by law, according to US officials. Placing a law enforcement official in the US without notifying American authorities is criminal, they said.

IRS says cyberattacks more extensive than previously thought

The US Internal Revenue Service (IRS) said a hacking attack into one of its computer databases in May was much more extensive than previously thought, with nearly three times as many taxpayers hit by data theft. The IRS said that the tax return information of about 114,000 US taxpayers had been illegally accessed by cybercriminals over the preceding four months, with another 111,000 unsuccessful attempts made. A new review has identified 220,000 additional incidents where data was breached, the tax collection agency said. It identified another 170,000 suspected failed attempts by third parties to gain access to taxpayer data. The attackers sought to gain access to personal tax information through the agency's "Get Transcript" online application, which allowed taxpayers to call up information from previous returns. The system was shut down after the May attacks.

EUROPE

UK: British hacker killed in a US drone strike

A week ago, Junaid Hussain, a 21 years old British hacker who became one of the top cyber experts of the Islamic State, was killed in a US drone strike near Raqqa in Syria. According to the US and some European governments, Hussain was the leader of Cyber Caliphate, a hacking group that in January hacked the Pentagon's Twitter account; however, it is not clear if Hussain was personally involved. According to cybersecurity expert, Adam Meyers, vice president of the cybersecurity firm, Crowd Strike, Hussain and other hackers working for Islamic State do not have enough skills in order to launch serious attacks such as shutting down computer networks or targeting critical infrastructure. Meyers declared, "He wasn't a serious threat. He was most likely a nuisance hacker. It was his involvement in recruitment, communications, and other ancillary support that would have made him a target." Hussain is the second senior Islamic State member to be killed in the past two weeks, with the group's second-in-command killed in a US air-strike in Iraq on August 18th. Even if the Islamic State currently does not have sufficient cyber capabilities in order to disrupt a critical infrastructure, they have enough capabilities to launch certain types of cyberattacks such as large DDoS attacks and phishing campaigns. In addition, it may be just a question of time before the group can recruit enough highly skilled hacktivists, who then will be ready to perform more complex cyberattacks.

Europol's European Cybercrime Centre strengthens its cooperation with the private sector to counter cybercrime

Europol's European Cybercrime Centre (EC3) recently signed a memorandum of understanding (MoU) with the US cybersecurity firm FireEye. The goal of this MoU is to facilitate the exchange of knowledge and expertise on cybercrime, and especially in the monitoring and detection of cybercrime threats. Regarding this new cooperation agreement, Europol Deputy Director of Operations, Will van Gemert said, "Law enforcement and private industry need to work together to effectively combat cybercrime, a growing problem on a global scale. The MoU with FireEye further strengthens our strategic cooperation with industry partners to target the criminals behind these crimes." FireEye will allow the law enforcement agency to gain access to its threat intelligence, and will provide EC3 assistance on threats or technical indicators. This new agreement is the continuation of strong and efficient cooperation between the European agency and the private sector. Besides Fireye, the EC3 is already cooperating with several cybersecurity providers such as Anubis Networks, Group-IB, Intel Security, Kaspersky Lab, Symantec, Trend Micro, and Microsoft’s Digital Crimes Unit. This strong collaboration is essential to the fight against cybercrime, which generates a parallel economy and cause large financial losses. According to the Center for Strategic and International Studies (CSIS), the annual cost of cybercrime and economic espionage is 445 billion dollars, including 200 billion just for the US, China, and Germany.

RUSSIA

Foreign spy software found in Russian government information systems claims Security Council

According to the Russian Security Council Secretary, Nikolai Patrushev, software tools of foreign technical intelligence have been found in the information systems of Russian State Authorities. Patrushev believes that the use of Google, Yahoo and WhatsApp search engines and software tools present a serious danger to the national security of Russia. The politician also criticized the actions of officials, who use such foreign services. According to TASS News Agency, Patrushev demanded that the government take immediate measures to solve this problem.

ARAB COUNTRIES

Cyberattacks on political dissidents are linked to Iranian hackers

Iranian hackers have been linked to cyberattacks on political dissidents. The hackers are

targeting human rights activists who are speaking publicly against Iran. These hacks are conducted in order to download their email communications and contacts. Those targeted have received seemingly legitimate phone calls, asking them to open a link that was sent to them, which is actually a fake web page that is controlled by the hackers. One of those who was targeted was Iranian ex-patriot, Roya Hakakian, a secular poet and human rights advocate, who recently wrote an op-ed in The Forward criticizing the Iranian regime’s manipulation of foreign journalists.

Royal Saudi Air Force website hit by Iranian pro-Yemen rebel group

The Royal Saudi Air Force's website was recently hacked, with a text message on the website’s main page stating, "Hacked By Mr.Xpr! Iran Hack Security Team," and demonstrating that the site's security had been breached. The website had been targeted due to Saudi Arabia's actions in Yemen, with a warning that unless it stops, "…we will keep on targeting Saudi defense related sites." Iran is supporting the Shia rebels in Yemen and Saudi Arabia supports the Sunni government, which explains the spill-over into the cyber arena. Pro-Shia groups previously have hacked Saudi government targets, including a major breach, attributed to the Yemen Cyber Army. Iran, in turn, has blamed Saudi Arabia for attacks on the Twitter feed of its state TV station.

CHINA and APAC

India and the US are to boost cooperation to increase global cybersecurity

Ahead of India's PM Modi's meeting with US President Barack Obama in New York next month, officials of the two countries announced in a meeting in India this month that they are both "committed to robust cooperation on cyber issues" to increase global cybersecurity and promote the digital economy, as reported last week by India Today. In a joint statement issued after the fourth (2015) two-day India-United States Cyber Dialogue, led by the US Cybersecurity Coordinator and Special Assistant to the President, Michael Daniel and by India's Deputy National Security Advisor, Arvind Gupta, the two countries announced their intention to pursue an array of activities to bolster their cyber security partnership and achieve concrete outcomes. Daniel said he is especially encouraged by India's recent statements of support for the multi-stakeholder model of Internet governance. Experts in both countries identified a variety of opportunities for increased collaboration on capacity building in cybersecurity, cybersecurity research and development, combating cybercrime, international security, and Internet governance. Representatives from the private sector also met the delegations, according to the joint statement. Industry leaders from the US submitted policy recommendations to the two governments, emphasizing the need to protect cross-border data flow, facilitate remote access, provide for strong encryption standards, and reduce cybersecurity threats through targeted public-private partnerships. The two countries decided to hold the next round of the Cyber Dialogue in Delhi in 2016.

Israel Aerospace Industries Ltd. signs Japanese cyber deal

Israel Aerospace Industries Ltd. (IAI) has signed a contract to supply its TAME Range to Japan's Dai Nippon Printing (DNP) Company. TAME Range is a flexible and scalable platform for training cybersecurity specialists. The software allows to train for real live cybersecurity incidents with dummy scenarios on a closed network. Thus, the next generation of Japanese tech workers will be trained to fight computer hackers and prevent similar attacks in the real world. DNP, a leader in publication printing, documentation security, and software security products in Japan and around the world, will become a reseller of TAME Range in Japan. Reportedly, there are some 80,000 cybersecurity positions currently open in Japan, which are unfilled due to a lack of qualified personnel. The deal with IAI might now help Japan to fill this gap and to prepare for 2020 Tokyo Olympics.