Executive Cyber Intelligence Bi-Weekly Report - Jan 1st, 2016
ISRAEL
Israel launches Kidma 2.0 cybersecurity program
During the National Cyber Bureau Conference held on December 17, 2015, the Office of the Chief Scientist (OCS) of the Israeli Ministry of Economy & Industry and Israel’s National Cyber Bureau in the Prime Minister’s Office announced it would launch a new phase of KIDMA, a comprehensive program to promote the Israeli cyber industry, in early 2016. Reflecting Israel’s role as a global powerhouse in the field and seeking to boost the industry’s competitiveness in the global market, the Bureau and the OCS teamed up three years ago to create the KIDMA program (which in Hebrew stands for “Promoting Cyber R&D”). KIDMA provides benefits to Israeli companies in order to encourage R&D activity aimed at developing technological solutions in the field of cybersecurity. The overall funding for the program from both government agencies exceeds NIS 100 million and is implemented by the OCS according to the R&D Law.
UNITED STATES
CH-4, China’s armed drone appears to be built from stolen US data
On December 17, a short-video posted to the video-sharing website Youku revealed the Caihong-4 or CH-4, a missile-firing, unmanned aerial vehicle (UAV) in action. According to the blogger who posted it, the video was produced by the China Aerospace Science and Technology Corporation, a drone developer and manufacturer. The video of one minute and thirty-seven seconds shows takeoffs and landings of the drone. Photo analysis of the CH-4 shows the remote-controlled aircraft is very similar to the US military’s front-line combat UAV, the MQ-9 Reaper. The only major difference is the Predator’s engine intake is located on top of the aircraft while the CH-4’s is underneath. There is not any evidence that the Chinese stole design information by carrying out cyberattacks against the Reaper’s manufacturer, General Atomics Aeronautical Systems, Inc. According to former National Security Agency director, retired Gen. Keith Alexander, Beijing may have acquired drone designs and technology through cyber espionage. In a 2012 report on automated defense systems, the Pentagon’s Defense Science Board warned that China was actively pursuing unmanned aircraft development, and “copying other successful designs” to accelerate its drone programs. Then China lagged behind the US drone programs, but had “leverage on all available information on Western unmanned systems development.” In the three years since the report was published, the Chinese have managed to advance in their drone development and close the gap with the United States.
ISIL hackers are trying to attack the United States
The Islamic State of Iraq and the Levant, also known as ISIL, has tried to penetrate computers that regulate the nation’s electricity grid, US officials say. To date, a lack of expertise has limited ISIL and its supporters to defacing websites, including that of an organization for US military spouses, and conducting pranks, such as commandeering the Twitter feed of the US military command directing operations in Iraq and Afghanistan. But Islamic State adherents have made no secret of their desire to acquire lethal cyber capabilities The added danger of ISIL’s burgeoning cyber capabilities is that the terrorist group does not operate according to the same rules as even the most reckless nations. Strategies that deter even the most hostile states such as North Korea are unlikely to succeed with the Islamic State. Although ISIL has mainly invested its efforts into inspiring scattered shootings and bombings rather than organizing mass casualty attacks, cyberspace could become a more active front in the war on terror as the military pressure increases on ISIL. ISIL also recognizes that it might be easier to strike at the United States from afar using digital weapons than to infiltrate terrorists across the border. The US government spends more than $5 billion annually on cyber defense, with responsibility divided among the Departments of Defense and Homeland Security, the National Security Agency, and the FBI. The concern, however, is not limited to the US government. Four days after ISIL terrorists killed 130 people in Paris, Britain’s top Treasury official warned that the terror group seeks to strike British critical infrastructure, such as the financial system or power grid. To date, ISIL’s cyber achievements have been limited, although the United States charged a Kosovo native in October with hacking into a US database and stealing personal information of more than 1,350 military and government personnel. The suspect, Ardit Ferizi, later passed the data to Junaid Hussain, a member of the self-proclaimed Islamic State Hacking Division who was reportedly killed by an airstrike in Syria in August. According to the Justice Department, the information Ferizi pilfered included US personnel’s email addresses, passwords, locations, and phone numbers.
The United States needs a battle plan to defeat ISIS online
First, collect online information and intelligence necessary to understand and ultimately defeat the adversary. Second, shut down the most noxious sources that amplify the most violent voices. Third, resist ISIS’s narrative, expose its myths and falsehoods, and provide a credible and constructive alternative. This trio of components is proposed for the playbook to defeat ISIS online. Already, multiple efforts are underway; yet these various initiatives need to be brought together and incorporated into a single clear and coherent plan, uniting both foreign and domestic aspects of the action. For this, an orchestra leader is needed to put the various instruments in sync and correct those that may be off-key or missing. This conductor would be responsible for uniting policy with operations; directing activities under Title 10 (Armed Forces), Title 50 (War and National Defense), and Title 22 (Foreign Relations); and bringing together warfare with law enforcement and key players in the private cyber domain. The position should be anchored in the Executive Office of the President, in order to ensure interagency coordination, and would culminate in eighteen months in order to impart a sense of urgency and help the US marshal and focus its resources against ISIS. The US Cyber Command, the Federal Bureau of Investigation, the Department of Homeland Security, and the Department of State (in particular the Special Presidential Envoy for the Global Coalition to Counter ISIL) all would have instrumental roles in accomplishing the mission. Although the multiplicity of actors involved further complicates the situation, a playbook for action is within reach, but not without a strong political will.
New OPM cyber chief expects ISIS may hack agency’s systems
“I assume that at some point in time they may be successful.” This is what Clifton Triplett said on December 14 when asked about the ISIS cyber threat during a webcast hosted by Bloomberg. Named the first-ever senior cyber and information technology adviser of the US Federal Office’s Office of Personnel Management (OPM), Triplett also said that forthcoming access controls will blunt the severity of any future hacks. OPM will “make it more of a need-to-know kind of access control,” he said, “so if we do have a compromise, it is far more contained than, for example, our last incident.” The agency, he explained, will institute the equivalent of tear lines on network data to grant as little information as possible to authorized personnel. “Right now, I think, in some of our situations, the access control is broader than perhaps needs to be,” Triplett said, because OPM computer programs were developed before data security became a government priority.
EUROPE
United Kingdom: The NCA leads an international cybercrime exercise
A recent international cybercrime simulation exercise was led by the United Kingdom’s National Crime Agency (NCA) and involved several law enforcement officials from eight different countries including the United States, Georgia, Lithuania, Bulgaria, and Ukraine. Additionally, some representatives from Europol’s Joint Cyber Action Taskforce (J-CAT) took part in the exercise. Taking place at the Cabinet Office’s Emergency Planning College in North Yorkshire, the exercise aimed to see how these different countries would interact with each other in case of a large-scale cyberattack. The Director of the NCA’s National Cyber Crime Unit, Jamie Saunders declared that “Cybercrime is by its very nature international, with many of the criminals and the technical infrastructure they rely upon based overseas, and yet its impact is felt by real people and real businesses in communities across the UK.” Such exercise is important, if not critical, for the international community, as cyberspace does not have any borders and concerns every country. Furthermore, cybercrimes are constantly evolving as cybercriminals and hackers often are a step ahead. In 2015, the United Kingdom arrested several hackers, such as members of the famous Lizard Squad group. International cooperation regarding cybercrimes is essential and should be constant. These simulation exercises should be organized regularly, and lead by a different country each time.
The European Union has signed its first cybersecurity rules
In December 2015 European legislators signed the first set of cybersecurity rules for the European Union. The rules, which are part of the European Network and Information Security Directive, include asking high tech industry leaders like Google and Amazon to be more cooperative and transparent about their security measures, in order to help the European Union to protect its critical infrastructures against advanced cyberattacks. According to Andreas Schwab a Parliament rapporteur, “Today, a milestone has been achieved: we have agreed on the first ever EU-wide cybersecurity rules, which the Parliament has advocated for years.” This new rules will strengthen the cybersecurity of the European Union as cyber threats do not have any borders.
RUSSIA
Roskomnadzor has begun testing a system of control of online media content
Roskomnadzor (Federal Service for Supervision of Communications, Information Technologies and Mass Communications) has launched an experimental system of automatic collection and analysis of content in online media. This was announced by the head of the department, Alexander Zharov. The system analyzes full text database of sites, as well as contents, comments, and forum writings for violations of the legislation of the Russian Federation. The software package is able to check the description of multimedia files and send suspicious content for manual inspection by Roskomnadzor specialists.
ARAB COUNTRIES
United Arab Emirates firms are exposed to cyberattacks
A new survey in the United Arab Emirates (UAE) shows that one-third of the local firms faced a cyberattack during the past year and had difficulty dealing with it. More than half of those who had been hacked said they did not know about the attack in real time, and only half of the respondents mentioned they had contingency arrangements in place. The UAE is located in the top ten list for cybercriminals, yet KPMG, which conducted the survey, determined that many companies in the UAE are not even aware of the risk due to a lack of cyber intelligence-oriented thinking.
ISIS hackers improve their cyber terror skills in secret forum
Hundreds of Islamic State supporters log onto an online channel, dedicated to providing tools for waging cyber terror campaigns across the Internet. “This channel is dedicated to publishing courses of hacking and programming languages for the supporters of the Caliphate on the Internet,” reads the forum. About three-hundred people now belong to an ISIS-affiliated forum where users swap material on how to target and hack into vulnerable networks and computer systems. They connect through a social messaging app used by ISIS supporters to share instructions on how to make explosive devices, hand grenades, suicide belts, and Molotov cocktails.
CHINA and ASIA PACIFIC
Connect Smart - New Zealand government’s cybersecurity awareness campaign
New Zealand released a renewed strategy for cybersecurity, accompanied by an action plan, and a national plan to address cybercrime, on 10 December 2015. This new Strategy signals the Government’s commitment to ensuring that New Zealand is secure, resilient, and prosperous online. A Government-led initiative in partnership with NGOs and the private sector, Connect Smart is designed to raise awareness of cybersecurity issues and promote ways of protecting individuals, businesses, and others online. The cybersecurity strategy has four intersecting goals: (1) Cyber resilience; (2) Cyber capability; (3) Addressing cybercrime; and (4) International cooperation. The strategy has four principles: (a) partnerships are essential; (b) economic growth is enabled; (c) national security is upheld; and (d) human rights are protected online.
Launching the new cybersecurity strategy, New Zealand’s Communications Minister Amy Adams said a key initiative of the update is to set up a national CERT. Among the ways the government says it has beefed up the nation’s defense against cyberattacks is through the Government Communications Security Bureau’s “Cortex” project, which disrupts advanced cyber threats to organizations of national significance in both the public and private sectors. The new cybersecurity strategy also aims to increase people’s understanding of cybersecurity, and improve police capability in dealing with cybercrime.
Second World Internet Conference held in China
China’s president Xi Jinping opened the second annual World Internet Conference (WIC) in Wuzhen, China in mid-December with a statement reflecting Beijing’s views of how cyberspace should be governed. Jinping urged all countries to respect Internet sovereignty, jointly safeguard cybersecurity, cooperate with an open mind, and improve global Internet governance together. Most of the ideas in the speech have been heard before; what was new was a call for an international convention on cyberterrorism. More than 2,000 government officials, organization leaders, and entrepreneurs from China and abroad discussed Internet governance and explored cyberspace cooperation. During the three-day meeting, a series of cooperation deals between Chinese and overseas tech companies were signed.
Ninety-seven hacking cases in Japan since September
Japan’s National Police Agency announced that Anonymous, the international network of activist and hacktivist entities, has attacked at least ninety-seven websites in Japan since September. The group used DDoS attacks to render a variety of websites inaccessible, including those for aquariums, groups related to dolphin and whale hunting, airports, news organizations, and government offices. Thereupon, Japanese authorities have urged website administrators to set up backup sites and take other protective measures.
Social cohesion in Singapore - a strong defense against terror attacks
The threat of terrorism has grown with the emergence of ISIS and self-radicalized individuals and no country can guarantee that it will not fall prey to an attack. Singapore’s Deputy Prime Minister Teo Chee Hean said that if an attack takes place in Singapore, the country’s reservoir of goodwill and trust among all communities will help the nation rally together to reject the premises and actions of the terrorists and to support the victims and rebuild. He added that trust must never be taken for granted and Singapore has to work constantly on building trust and social cohesion.
