Executive Cyber Intelligence Bi-Weekly Report - Dec 15th, 2015
ISRAEL
INCB head briefed ministers on cyber threats to the public sector
Israel National Cyber Bureau (INCB) head Dr. Eviatar Matania briefed ministers in the weekly Cabinet meeting. In his briefing, Matania discussed threats, solutions, and responses as well as opportunities presented by the field. Dr. Matania said that, “The cyber revolution is to the order of the Industrial Revolution. We are developing protection concepts on the individual, organizational, and national levels. There is also an extraordinary economic and business opportunity. Israel leads the world in these areas. We are promoting research and development at the national level and investments in the industry, academia and more. We are working together with all the relevant elements in order to defend against cyberattacks and intrusion attempts.” Prime Minister Binyamin Netanyahu said in the meeting, “I set cyber as a national goal because it is a critical issue for us and a huge challenge. We are world pioneers and leaders. We founded the Israel National Cyber Bureau, we are moving the IDF cyber units to Beer-Sheva, and building an economic center there that specializes in the subject. We are taking additional steps at the national level. We will continue to invest and lead in the cyber field.”
UNITED STATES
Second meeting of the US-EU Cyber Dialogue
On Monday, December 7, 2015 the second annual meeting of the US-EU Cyber Dialogue was held in Washington, DC, and reinforced cooperation on cyber issues as envisioned during the 2014 US-EU Summit. The participants jointly affirmed specific areas of collaboration. The United States and the European Union welcomed the landmark consensus of the 2014-2015 Group of Governmental Experts on Developments in the Field of Information and Telecommunications in the Context of International Security. They affirmed the applicability of existing international law to cyberspace, and the articulation of norms of responsible state behavior in cyberspace. They supported the continuation of this process and its central role in further defining how international law applies to cyberspace. The participants also reaffirmed their strong commitment to the promotion and protection of human rights on the Internet. They also reiterated that no single entity, company, organization or government should seek to control the Internet, and expressed support for multi-stakeholder governance structures of the Internet that are inclusive, transparent, accountable, and technically sound. They both welcomed the continued cooperation through the existing US-EU Working Group on Cybersecurity and Cybercrime. In the end, the United States and the European Union, as founding members of the Global Forum for Cyber Expertise (GFCE), continue to emphasize the importance of bridging the digital divide towards fostering open societies and enabling economic growth and social development.
Anonymous: War declared on Donald Trump
In a video released on Wednesday, December 9, the hackers group Anonymous declared war on Republican presidential hopeful Donald Trump in the wake of his recent comments about Muslims in the United States and his statement, issued on Monday December 7, calling for a ban of all Muslims entering the United States. A masked man said in the video that Trump’s proposed ban is exactly what ISIS wants: “The more Muslims feel sad, the more ISIS feels that they can recruit them.” The masked spokesman warned, “Donald Trump, think twice before you speak anything. You have been warned.” As part of the #OpTrump hacking campaign, Anonymous targeted the website of Trump Towers, www.trumptowerny.com in a distributed denial of service attack, according to the International Business Times. The site was reportedly down for hours. According to the most recent polls from CNN/ORC, Trump is the leading Republican candidate, favored by 33 percent of GOP voters. The second-highest-polling candidate is Senator Ted Cruz, who is polling at 20 percent, followed by Ben Carson at 16 percent. According to the New York Times and CBS, the last time Americans were as afraid of the likelihood of a terror attack as they are now, was in the aftermath of 9/11. Consequently, that fear has helped garner support for Trump’s extremist political response to terrorism.
United States and China reached an agreement on fighting cybercrime
During the first week of December, China and the United States held the first round of a new dialogue on fighting cybercrime in Washington, DC. China’s Minister of Public Security Guo Shengkun met with US Secretary of Homeland Security Jeh Johnson and Attorney General Loretta Lynch. To prepare for the dialogue, Deputy Secretary of Homeland Security Alejandro Mayorkas led a delegation to Beijing in mid-November to discuss cyber issues. The talks had long been planned to follow a landmark agreement between the two countries reached in September. The next round will come in June, the Justice Department said. During the meeting, the United States and China agreed on guidelines for requesting assistance on cybercrime or other malicious cyber activities. The Justice Department said that in addition to the agreement, the two countries will conduct “tabletop exercises” in the spring, with a number of scenarios designed to improve understanding of the expectations for response and cooperation. China’s Ministry of Public Security said the agreement would have a “major impact” on the implementation of internet security measures, adding that the two sides resolved to maintain frank discussion on the issue.
Latest terror attacks rekindle the government’s overseeing of communication devices
The recent terror attacks in France and California has led US intelligence agencies to review the ways of effectively tracking down terror suspects both before and after attacks occur. After the Snowden leaks, communication companies increased the development of encryption technologies. The new security standard has made mobile communications almost impossible to track, allowing terror suspects to go “off radar.” Due to the fact the terrorists in France were able to move safely away from the terror site, US intelligence and law enforcement agencies are calling for new steps to be taken. The agencies see the capability of “going dark” as a serious challenge, giving a significant advantage to the lone-wolf terrorist, and have decided to renew their call to regulate the use of encryption technologies and make it possible to retrieve the contents of communication. The heads of the FBI, NSA, MI5, and other intelligence and law enforcement agencies publicly stated that these advanced encryption technologies have turned the Internet into a “safe haven” for terrorists and criminals. CIA Director John Brennan warned that some technologies – he did not specifically named encryption – “make it exceptionally difficult, both technically as well as legally, for intelligence and security services to have the insight they need to uncover it.” This concern revives the idea of creating a built-in back door in all new communication devices, which was negotiated a few months back and was declined due to invasion of privacy issues raised by the intelligence agencies. With cyber-space being the new frontier for terrorists, it is possible we will be seeing more inspection of communication devices and experience greater infringement upon privacy in exchange for safety.
Cyberattack on the power grid as a new target for terror attacks
The recent attacks in Paris and California has caused the US government to express concern for the possibility of a more sophisticated terror attack destroying both human lives and infrastructure. A future terror attack could possibly target the US power grid, which could disconnect major areas of the country from the electric grid. “There are many serious hazards and threats facing the electric sector, and these threats continue to evolve,” Liz Sherwood-Randall, the US deputy secretary of energy, told reporters. In addition to the fear of bombs and guns, cyberattacks on major facilities has become a new concern, for which the United States might not be prepared. The next attack on US citizens could target the utilities infrastructure, an attack which could be less fatal in the short run, but might be catastrophic in the long run, and could be one of the most terrifying scenarios.
EUROPE
France may ban public Wifi as well as TOR network access in response to Paris terrorist attacks
After having significantly increased its security measures, the French government is now considering to ban free hotspot Wifi access as well as the Darknet network TOR. Indeed, according to a report from the Civil Liberties and Legal Affairs (DLPAJ) of the French Ministry of Interior, the new law would propose two resolutions, one around the State of Emergency and the other on countering terrorism. This new State of Emergency law considers banning the use of free Wifi and sharing Wifi connections in order to stop terrorists to connect themselves from public access points, as it is more difficult for law enforcement to track terrorists that use public hotspots. The proposed law also suggests banning the use of anonymous networks like TOR as well as requiring service providers to hand over encryption keys to the police. TOR (The Onion Router) is an anonymous network maintained by volunteers. To ensure the anonymity of the communications, the routing is randomly performed as well as encrypted. Tor is an easy way to hide end users’ identity on the Internet, and is often used by terrorists as well as cyber criminals. The Department of Civil Liberties and Legal Affairs, however, asked to review the proposal in order to determine if this new law would violate the French constitution. The real problem in such emergency situations is to determine the boundary between applying extreme security measures to protect citizens, and being too intrusive in people’s lives. When used in a specific framework, such measures could be very helpful in the struggle against terror.
United Kingdom: British Universities subjected to cyberattacks
Several UK universities have recently been subjected to cyberattacks. Unknown cyber criminals have attacked a publicly funded network named Janet, which was used by several universities throughout the United Kingdom. On Monday, December 7, several students had problems accessing their university network. It was then discovered that the network had experienced a large DDoS attack, which flooded the network and did not allow the student to go online. The universities affected included Manchester, Edinburgh, Sussex, Glasgow, and Royal Holloway. The Janet network provides Wifi services and controls ac.uk and gov.uk email addresses. The leading users of the network include staff and students from universities all over the country. Although the United Kingdom has significantly increased its cyber capabilities over the past few years and enhanced its cybersecurity regulation for governmental bodies and financial institutions, it still has to increase protection of the universities. A lot of universities suffer from poor cybersecurity measures and thus are liable to cyberattacks. Despite information security policies, these universities should all use DDoS mitigation tools. These tools are dedicated to disinfecting traffic or building DDoS mitigation functionality into devices used primarily for other functions such as load balancing or firewalling.
RUSSIA
Russian engineers have developed a mini-PC and unique data encoder
Russian engineers from the United Instrument Corporation, which is part of the Russian technological giant Ros-Tec, developed a unique product – a special encoder, developed for security services and federal authorities. Last week, the chairman of Ros-Tech, Sergey Chemizov presented the new product to Russian President Putin. The device will be released to the free market after the approval of the Federal Security Service (FSB). The experts of Ros-Tech also created a mini PC called Raydget. The model is equipped with Intel Core M 5Y10, Celeron-U, or Pentium-U processors, and with integrated graphics from Intel HD Graphics 5300.
ARAB COUNTRIES
ISIS and Anonymous continue to cyber fight
The online cyberwar between the cyber branch of ISIS, known as the Caliphate Cyber Army, and Anonymous has continued for some time now. A few days ago Anonymous announced its intention to conduct an “ISIS Trolling Day,” and in response the Islamic terror organization’s cyber division issued a statement threatening to publish private information about Anonymous’ leaders and hacktivists. This is not the last time the two rival cyber groups are battling with each other, and most likely the cyberwar between the two will escalate and become more interesting to observe – as long as the battle stays within the realm of the Internet and does not affect civilians.
CHINA and ASIA PACIFIC
Japan boosts US cybersecurity cooperation and launches anti-terrorism unit ahead of G7 Summit and Olympics
The Japanese and US governments have agreed to enhance cooperation to prevent cyberattacks ahead of Tokyo’s hosting of the 2020 Olympic Games, a Japanese official said. Toshiaki Endo, Japan’s Olympics minister, and Michael Daniel, special US presidential assistant and cybersecurity coordinator, agreed to share more intelligence related to cybersecurity, and cooperate in training personnel to fight hackers. Earlier in December, Japan launched a new counterterrorism unit in an air of secrecy. Journalists were only allowed to photograph its twenty-four members from behind, without disclosing their faces. The recent worldwide terrorists’ attacks have raised fears ahead of the holding of a G7 Summit in Japan next year and the Tokyo Olympic Games in 2020. “The country is inexperienced, and its counterterrorism capability is untested,” said Motonobu Abekawa, a former official at the Public Security Intelligence Agency and a terrorism studies expert at Nihon University. “People have long thought terrorist attacks are a distant problem abroad.” Japan decided to explore ways to boost public safety and intelligence after five Japanese citizens were killed by terrorists abroad. The Islamic State organization killed two Japanese hostages in Syria early this year, and an attack on tourists at a museum in Tunisia claimed three Japanese lives.
China is accused of being behind massive cyberattack on Australian government
China is being accused of a major cyberattack on Australia’s Bureau of Meteorology. The bureau owns one of Australia’s largest supercomputers and provides critical information to many agencies across the Australian federal government. The Australian Broadcasting Corporation (ABC) reported that the attack may have allowed the attackers to access also the network-linked agencies, such as the Department of Defense. Since these other agencies have also been affected, ABC reported that it will cost millions of dollars to return the security to their systems.
New Zealand is facing an increasing number of serious cyber threats
Government Communications Security Bureau (GCSB) of New Zealand says that the country is facing an increasing number of cyber threats, ranging from attempts to obtain credit card information to “serious and persistent” attempts to compromise the information systems of significant organizations.
Una Jagose, acting director of the GCSB, says there were 190 incidents over a recent twelve-month period, of which 114 targeted government networks and systems, fifty-six targeted the private sector, and twenty threats the GCSB was not sure about. It is expected that attempted attacks will exceed 200 by the end of this year.
ISIS could mount cyberattack in Japan
Japanese Cabinet Minister Taro Kono said in an interview with Bloomberg that Japan is at risk of cyberattacks on its essential infrastructure by the Islamic State. Kono is chairperson of the National Public Safety Commission of Japan and also supervises the National Police Agency, and is closely involved with security arrangements for the 2020 Tokyo Olympics. Japan has not experienced an Islamic State attack, but two of its citizens abroad were kidnapped and murdered by ISIS, and ISIS said that it considers Japan a target.
