Executive Cyber Intelligence Bi-Weekly Report - Oct 15, 2015

ISRAEL

Israeli Police to establish an Arabic counter-terror cyber unit

Following the recent wave of terror in Israel, the Israeli police has announced the establishment of a new Arab cyber division. The role of the new division will be to track Arab coordination for terror attacks via social media platforms, and to identifying lone terrorists before they act. The police has found that some of the terrorists that acted recently had declared their intentions on social media platforms.

Israeli Police to run a cybercrime hotline

The Israeli police has announced a plan to operate a telephone hotline for addressing cybercrime, which will be operated by professional IT personnel. The hotline number—111—will deal with cybercrime complaints such as online fraud, hacking, sex crimes, minor exploitation, and more. The hotline is designed to respond in real-time, allowing citizens to immediately report incidents of cybercrime, and enabling law enforcement agencies to follow suspects’ tracks in real-time.

US

China continues cyber spying

On September 28th, three days after Obama and Xi Jinping signed a historic agreement to curb online economic espionage, the FBI issued a fresh warning about Chinese spies in US corporate networks. According to the report, hackers based in China “have compromised and stolen sensitive military information” from companies that provide engineering and technical services to the navy and the marine corp. The FBI sent the warning three days after Chinese President Xi Jinping and President Obama announced the historic agreement; however, it does not cover the kinds of spying that the alert describes. China can still target US military contractors on the grounds that the classified information in their computers—including weapons designs and documents describing military operations and programs— is central to China’s own national security interests. The US also hacks foreign companies for military and political intelligence, but officials say the information is never shared with American companies to give them a leg up in their business dealings. In July, the bureau warned companies to be on the lookout for Chinese hackers, including those whom the bureau thinks were responsible for stealing records from the OPM. The same month, in a rare for-the-record briefing, the FBI’s top counterintelligence officials said they were tracking hundreds of cases of Chinese economic espionage against American firms.

Serious concern for US: Islamic State recruiting via Twitter and social media

On October 7th Admiral Bill Gortney, commander of US Northern Command and the North American Aerospace Defense Command, admitted that the recruiting by Islamic State militants via thousands of Twitter accounts and other social media postings remains one of the biggest threats facing the United States. US authorities could potentially track recruits who communicate with Islamic State recruiters, but it was tougher to identify potential recruits. As a consequence, the government cannot predict when or where such attacks could occur. “It’s going to be a long slog,” Gortney said, adding that the United States need to realize that, “It’s a war of words.” According to Gortney, “We have to go after and break this pattern of radicalization.” Gortney said the US government was doing a comprehensive review of its efforts to counter Islamic State’s recruitment drive, but the fight needed to be led at the local level by parents, communities, and schools, not the military. His staff is working with the intelligence community to understand when the threat level could be lowered, but warned it would be a “glacial” process.

The White House will not search for legislation for a “back door” to encrypted messages

The Obama administration will cease efforts to find a legal way to compel companies to design devices so that law enforcement agencies can access encrypted messages. Earlier this year, the Obama administration asked to find a legitimate way to force tech companies to create a “back door.” This will allow American espionage and defense agencies to read private encrypted messages sent and received by the devices in order to foil attacks on American soil and against American forces, as part of the fight on terror and to ensure the public safety. Leading tech companies such as Apple, Microsoft, IBM, and others already opposed the move as a violation of the consumers’ privacy.

EUROPE

The first UK cybersecurity delegation to visit India

The UK government has recently decided to send the first official UK cybersecurity delegation to visit India. With the agreement of the Indian Prime Minister Narendra Modi, the UK government sent a delegation that included top UK cybersecurity experts. This mission is supposed to strengthen the cooperation between the two countries on cybersecurity issues, but it is also a great way for the UK to promote and export its cybersecurity technologies. The delegation, which was led by Stephen Phipson, head of the UK Trade and Industry’s Defense and Security Organization, included BAE Systems as well as smaller companies. Phipson declared to the Indian journalist that as one of the top leaders in cybersecurity, the UK was happy to share its experience and technology. According to Emily Orton from the company Darktrace, “The UK’s cyber defense industry’s strength is that it has been built by scientists rather than IT specialists.” However, the UK continues to open academic cybersecurity programs across the country as companies seek to recruit highly skilled IT experts. In 2014 the UK government launched its first export strategy for UK companies that are looking for a share of the £100 billion global cybersecurity market. In addition, the government aims to reach £2 billion in cybersecurity exports by 2016.

RUSSIA

New information security doctrine

The new Information Security Doctrine of the Russian Federation is to be adopted in 2016, which will replace the current 2000 document. The authors of the new doctrine identify five main threats to Russia’s National Security in the information field. Notably, it was emphasized that foreign countries are to build capacity in the field of ICT (Information and Communication Technologies), which also will have an impact on the critical information infrastructure of the Russian Federation, as well as in the field of technical intelligence with respect to Russian government agencies, research organizations, and Russian military-industrial enterprises. Special services and public organizations of individual states are actively using ICT as a tool to undermine the sovereignty and territorial integrity of other countries, and “destabilize the political and social situation.” The authors of the document also note “the backlog of Russia from the leading foreign states in the creation of competitive ICT and products based on them, which leads to dependence on export policies of other countries.” Another threat was described as “the desire of individual states to use technological dominance to achieve economic and geopolitical advantages in the global information space.”

ARAB COUNTRIES

Palestinian hacked Radio Tel Aviv web site

As the recent Palestinian uprising continues in the streets, it also broke into the internet. Calling themselves “AnonCoders,” Palestinian hackers compromised the Radio Tel Aviv website. While they did not break into the air waves, the website’s main page was blocked by sentences like “We are here to punish and we will not be silent . . . we will enter Palestine soon. Palestine is in our hearts.” The hackers mentioned that their main goal is to take down the Israelis and the Zionists.

Iranian hackers using LinkedIn to acquire sensitive defense information

A group of Iranian hackers set up a system of LinkedIn profiles in order to collect sensitive information from people in the defense and telecom sectors. In a tactic known as “social engineering,” hackers trick people to get them to provide personal or sensitive information. The 25 fake profiles are connected to more than 200 legitimate LinkedIn profiles—mostly people based in the Middle East who have worked in sectors like telecom and defense.

Saudi and Bangladesh to enter ICT cooperation

Bangladesh and the Saudi Kingdom plan to start ICT cooperation by signing an agreement soon for mutual benefits, as reported by Bangladesh Corporate Magazine. Bangladesh State Minister for ICT, Zunaid Ahmad Palak announced the proposed cooperation while visiting the Saudi Kingdom. He said the decision was made during a discussion with Communications and Saudi Information Technology Minister Dr. Mohammed Al-Suwaiyel in Riyadh. The Bangladeshi government has initiated many steps to promote ICT, an industry that generates locally around $300 million yearly in revenues, in order to generate employment opportunities in the sector. These opportunities are especially significant for women and youth, and tap into the global ICT market.

CHINA and APAC

Japanese firms to launch AI-based cybersecurity solutions

Attacks in cyberspace have become increasingly sophisticated. Many companies are often too slow in detecting and responding to these threats. This has led Japan’s NTT Communications and SoftBank to start developing cybersecurity software using artificial intelligence techniques, with the potential to instantly protect companies from potential cyberattacks. Through big data analysis, a lot of malicious activities can be detected. According to experts, this usually takes 8–15 minutes, even for a security expert, to identify a new mode of attack as some of the process has to be done manually. NTT Communication’s new service now promises to automatically identify patterns in a virus and the modus operandi of previous electronic crimes, as well as to detect new ones through analysis of previous incidents. Reportedly, the service will be able to detect over 99% of unauthorized accesses. The automatic detection function is also expected to assist cybersecurity experts who are significantly understaffed in facing the increase in cyberattacks.

Seoul suspects North Korea in subway cyberattack

North Korea is suspected of having launched a cyberattack last year on Seoul’s subway system, as South Korean intelligence reports revealed this month. The attack, staged between March and August 2014, affected several servers of Seoul Metro, which runs four major subway lines in the capital. After analyzing the hacking records, the National Intelligence Service found that the malware codes were similar to those that North Korean hackers had used before. A Seoul Metro spokesman confirmed the hack, but stated that the computers used for the direct operation of subway lines had not been compromised. Seoul’s subway network is one of the busiest in the world, carrying about 5.25 million passengers a day.

Singapore government agency signs MOU with several cybersecurity firms

The Cyber Security Agency of Singapore has signed a Memorandum of Understanding (MOU) with local service provider Singtel and two global cybersecurity firms, Check Point and FireEye, to boost cybersecurity capabilities in Singapore. Singtel will help train and certify manpower to facilitate the increasing demand for new cybersecurity solutions. The Israeli cybersecurity vendor Check Point Software Technologies focuses on bringing advanced software solutions to Singapore while strengthening local capabilities to provide these solutions. FireEye, which is a US security company, will strengthen information sharing on cyber trends, cybercrimes, and threats and indicators of compromise. All parties will also collaborate on workforce development initiatives and in-depth technical training, as well as develop measures to enhance