Executive Cyber Intelligence Bi-Weekly Report - Nov 15, 2015

ISRAEL

Iranian hackers tried to spy on Israeli physicists and nuclear scientists

A group of Iranian hackers tried to spy on Israeli physicists and nuclear scientists, as well as on other senior people in academic institutions, the defense establishment, and the business world, as part of the group’s worldwide cyberattacks over the last two years. This was revealed by Israeli software provider Check Point. As a result, authorities in Britain, Germany, and Holland removed the platform used by the group in its hacking ventures. Check Point managed to get into the server the group used in its phishing attempts to obtain personal information. It then compiled a list of more than 1,600 targets tracked by the hackers, managing to uncover the identity of an Iranian computer engineer who was involved in the group’s actions. According to the report, first published by Reuters, the group, which had been uncovered previously, also targeted human rights activists in the Arab world, diplomats in countries such as Saudi Arabia – where they operated against royal family members – Afghanistan, the United Emirates, Iraq, and even some commercial agencies in Venezuela, a country with close links to Iran. In some cases the hackers tried to reach their targets through family members.

Israel tech to protect NY water systems from cyberattacks

New York City and Jerusalem will work together to keep each other’s water supplies safe, according to a new agreement signed between New York City’s Department of Environmental Protection (DEP) and Jerusalem’s Hagihon water provider. According to the agreement, the two agencies will develop defenses against “infrastructure terrorists” who target networks in order to interfere with the delivery of clean, safe water to homes and businesses. “This agreement will help us determine the criteria needed to defend systems against cyberattacks, and it will also give a boost to Israeli cybersecurity firms, enabling them to deploy their technology in the United States,” said Zohar Yinon, CEO of Hagihon.

UNITED STATES

US to develop “atomic” cyber weapon

The US government has announced the development of a new “lethal” cyber weapon with catastrophic capabilities, some say equivalent to nuclear power, in the field of cyber tech. The project’s budget is estimated to be $460 million and will go to a private company. Raytheon, Northrop Grumman, and Lockheed Martin are among the major defense firms expected to bid for the contract. The project will create a new kind of mass-impact weapon, designed to attack large-scale facilities and areas. As part of developing the new cyber weapon, the Pentagon mentioned three potential situations - causing nuclear fusion, opening dams in populated areas, and harming the navigation systems of airplanes, all in order to cause massive accidents. Cyber strikes are allowed even if “it is certain that civilians would be killed or injured - so long as the reasonably anticipated collateral damage isn’t excessive in relation to what you expect to gain militarily,” said retired Maj. Gen. Charles J. Dunlap, executive director of Duke University's Center on Law, Ethics and National Security. According to Dunlap, “These are essentially the same rules as for attacks employing traditional bombs or bullets.” The weapon's protocol currently is being written in order to create specific rules of engagement and to cause as little collateral damage as possible. Experts say the cyber weapon’s capabilities are so massive that a safety mechanism must be created and applied.

US internet connections and communications are at risk

As the United States spends more and more money on developing advanced cyber weapons, it seems Russia is thinking about a simpler solution to the struggle. Internet communication is transferred between governments, business centers, private citizens, and military forces via fiber optic cables hidden under the ocean. In order to “disconnect” the United States from the rest of the world, all that is needed is to cut the wires. Lately, Russian armed forced have been positioned in areas of conflict, such as Syria, as well as in the North Pole. US intelligence also has reported on Russian naval movements around the internet cables, an act which causes great concern for the United States. As cyber warfare is expected to play a significant role in future conflicts, the information warfare needs to be curtailed. The side that will be able to disrupt the enemy’s army, weapons, and communications, all based on cyber technology, will gain the upper hand in the conflict and might find itself on the winning side; this is why the United States perceives potential disconnection from the Internet as a devastating option that might require preventative measures.

EUROPE

United Kingdom

The GCHQ and NCA have created a special Darknet Task Force

The UK intelligence agency, Government Communications Head Quarters (GCHQ) and the law enforcement agency, National Crime Agency (NCA) have decided to create a new cyber unit in order to counter cybercrime. According to the online cyber magazine Motherboard, this special cyber task force has already been working for some time. Indeed, a year ago, UK Prime Minister David Cameron announced its creation while talking at the We Protect Children Online Global Summit. This new unit comprises officers from both agencies and focuses on the Darknet. Their mission is to gather intelligence from the Darknet as well as to track and investigate cases related to cybercrime, including financial fraud, pedophilia, drug and weapon trafficking. According to GCHQ Director Robert Hannigan, “The Joint Operations Cell will increase our ability to identify and stop serious criminals.” The creation of this unit should finally shatter the image that the GCHQ focuses solely on national security matters or terrorism cases. In addition, this new unit will strengthen the cooperation between law enforcement and intelligence agencies, which have a common goal in securing the United Kingdom and protecting its citizens. This kind of joint cyber unit is relatively new in the field; indeed, law enforcement and intelligence agencies often cooperate with the private sector, but issues usually arise when they need to share information with each other, such as between the NSA and FBI in the United States.

RUSSIA

Cybercrime group activity suspended by law enforcement

As a result of a recently conducted special operation, the Russian Interior Ministry has halted the activity of major international criminal groups that have threated the security of the banking system in Russia. The criminals specialized in hacking ATMs, using specially manufactured technical devices, and in modifying software of banking terminals. Among those arrested was a young hacker, who is able to carry out targeted attacks not only on the individual processing centers of banks, but also on the global system of interbank financial telecommunications systems.

ARAB COUNTRIES

Threatening emails sent to New Zealand families from the Syrian Electronic Army

Families in New Zealand received a threatening email from hackers who claimed to be part of the Syrian Electronic Army. The email threatened that if the recipient doesn't pay $1,500 in bitcoin, their computer files would be destroyed, family members would be killed, and their house would be burned down. New Zealand police investigated the email out of concern for any threats against members of the public and for the potential vulnerability of the recipients.

Cyber Caliphate hacked tens of thousands of Twitter accounts and posted phone numbers of heads of CIA and FBI

54,000 Twitter accounts and passwords were hacked in retaliation for the drone attack that killed a British IS extremist. The Cyber Caliphate claimed responsibility for the cyberattack in revenge of the death of Junaid Hussain, who led the hacking division of the Islamic State. The Cyber Caliphate, set up by Junaid Hussain from Birmingham urged its followers to take control of the accounts to spread IS propaganda. Most of the victims appear to be based in Saudi Arabia. The extremists also posted the personal details, including mobile phone numbers, of the heads of the CIA, the FBI, and the NSA. Hussain was killed by a US drone in a joint operation with the United Kingdom in August. The Cyber Caliphate, which briefly took control of a Pentagon-owned Twitter account in January, has kept a low online profile until now.

CHINA and APAC

Japans culture is an obstacle to improved cybersecurity

In addition to criminal activities in cyberspace, Japan’s businesses and government agencies are facing a unique cybersecurity threat: themselves. Even though improving cybersecurity practices is a top national priority for Japan, the efforts have been hindered by the widespread corporate view of security breaches as a loss of face. Japanese experts and government officials state that this constantly leads to poor disclosure of incidents or information sharing at critical moments.

Australia’s vulnerability to cyberattacks

Australian government agencies and organizations are increasingly vulnerable to cyberattacks, according to international cybercrime expert Chris Pogue. Pogue, who is a member of the US Secret Service Electronic Crimes Task Force and senior vice president of Cyber Threat Analysis with the Australian tech company Nuix, will conduct a high-level briefing with Australian government and security agencies. He will discuss major implications for Australia’s national security, and push for better collaboration and intelligence sharing in the face of an inevitable cyber disaster. The trade of stolen data is booming in the Dark Web, which is why “data is the new oil,” Pogue said. With organized cybercriminals working together and dealing in critical data on the dark web, governments as well as private organizations, have to increase their collaboration.

AFRICA

A new cyber hub to counter cybercrime in South Africa

The South African Minister of Telecommunications and Postal Services announced on October 30 the establishment of a new national hub to help counter cyber threats. Based on collaboration between public and private actors involved in the cyber domain, the hub will be able to identify potential criminal activities in the cyber realm and provide related information and solutions to the public. The new hub is expected to improve its forecasting skills and solutions offered as it gains experience from successive attacks over time. This platform will constitute the first attempt of government institutions and the private sector to connect through joint partnerships in South Africa.