Global Cyber Bi-Weekly Report - Feb 15th, 2016

ISRAEL

Iran hacked into former IDF senior officers’ computers

Iran’s revolutionary guards hacked the private computer used by a former IDF chief of staff, in addition to dozens of computers belonging to Israelis, markedly senior security officials. The extent of damage and information retrieved is unknown. According to the report, hackers working for the Islamic Republic have breached computers belonging to more than 1,800 individuals. Victim of the cyberattacks included hundreds of Israelis, primarily past and present senior military officials. The report added that the cyber activities stopped a few months ago when Iran realized that its operations had been exposed.

UNITED STATES

Obama announces new cybersecurity national action plan

On February 9, President Barack Obama announced a new cybersecurity national action plan that includes $3 billion to kick-start the overhaul of federal computer systems and the creation of a new federal position, the Chief Information Security Officer, to lead the changes within the government. Obama also announced the creation of a corps of cyber professionals to ensure best practices at every level of government, in order to strengthen partnerships with the private sector, deter, detect, and disrupt threats to the nation’s critical infrastructure, and to help Americans to protect themselves online. In partnership with the private sector, Obama’s Government is launching a new national awareness campaign to raise awareness of cyber threats and encourage more Americans to move beyond passwords—adding an extra layer of security like a fingerprint or code sent to a cellphone. In addition, Obama announced the establishment of a bipartisan Commission on Enhancing National Cybersecurity to focus on long-term solutions.

FBI under hacking attack

A group of hackers have revealed names and addresses of 20,000 employees of the Federal Bureau of Investigation (FBI) and of more than 9,000 employees of the US Department of Homeland Security. Through the Twitter account @DotGovs, the hackers posted a link to a list of names, positions, emails, and phone numbers of employees stolen from US Justice Department’s computers. The list includes, inter alia, computer specialists, procurement officers, analysts, managers, and senior consultants. The hackers link to the hashtag #FreePalestine and wrote in a post that, “This is for Palestine, Ramallah, West Bank, Gaza, this is for the child who is looking for an answer.” The message and methods used are similar to those of a hacker who last year broke into the private email accounts of CIA Director John Brennan and head of the DIA James Clapper.

EUROPE

The French Data Protection Authority demands that Facebook stop tracking and sharing personal data of non-users

For several years European countries have disapproved of the fact that Facebook tracks their citizens’ online activities as well as shares their private data, and have accused Facebook of behaving like the US intelligence agency NSA. The French Data Protection Authority (CNIL) has recently issued an official warning to Facebook, requesting that it comply with the European Data Protection Law or else face legal sanctions against the company. Facebook has been given three month to show that it has stopped tracking French citizens and sharing their data with the United States. In 2015, the European court issued an agreement approved by thousands of companies, including Facebook, in order to prevent such issues. This measure was supposed to be the most efficient one in terms of protecting the online data privacy of users. As part of the agreement the European court gave companies a period of three months to set up legal arrangements for data transferring and to stop relying upon the safe Harbor pact which are principles that enable some US companies to comply with privacy laws protecting European Union and Swiss citizens. According to the French Privacy Authority, Facebook tracks personal data and activities by embedding cookies on users’ browsers while they are visiting a Facebook page. This technique is well known in the data mining sphere and is often used by many companies in order to target clients’ needs and wants. However, these data are also used by the US government in order to collect information about users and profile them with the help of several cyber intelligence collection programs such as PRISM. The real challenge today regarding the collection, tracking, and storage of users’ data is to find the right balance between monitoring potential threats and unjustified violation of users’ privacy. This issue has been the center of attention in many countries and of online law regulation authorities as social media has been widely used by terrorist organizations in the past few years.

RUSSIA

Ukrainian energy infrastructure hacked by Russian hackers

US Deputy Secretary of Energy accused Russian hackers of a cyberattack on Ukrainian energy infrastructure, according to US Deputy Minister of Energy, Elizabeth Sherwood-Randall. The attack also concerned the American power industry. According to experts, the Ukrainian and American power grids are subject to the same vulnerabilities.

ARAB COUNTRIES

Ukrainian hackers reveal secret arms deal between former Qatari defense minister and Ukrainian counterpart

The Ukrainian hackers group, “Cyber Berkut,” has revealed documents tracking a secret arms deal in support of the Islamic State. According to Ahmed Tahiri the prominent Egyptian journalist, the documents expose negotiations between former Qatari Defense Minister, Major General Hamad bin Ali al-Attiya with Ukrainian counterpart, Stjepan Bolturak. The negotiations address a deal for air defense systems as well as Cobra, Stringer, and other missiles, which were to be handed over to the Islamic State via intermediaries in Turkey and Saudi Arabia.

UAE and India collaboration

Last Thursday, India and the UAE signed four agreements across various sectors, including cybersecurity, infrastructure investment, renewable energy, and currency swaps. The pact on cyberspace is to enable greater synergy between security agencies of the UAE and India, in order to address the activities of terrorists groups as well as the radicalization of youths via online platforms.

Anonymous threatens cyberwar against Islamic State’s opponents

The hacktivist group Anonymous, which had declared a cyberwar against the Islamic State (IS) seems to be targeting the Islamic State’s opponents as well. They have threatened IS with cyberwar, but also are threatening the terror group’s rival coalition, led by the Saudis. Anonymous threatened to attack the International Olympic Committee if they did not ban the Saudi delegation from the next Olympics due to the exceeding rate of executions in the kingdom, included of Shia cleric Sheikh Nimr al-Nimr along with other Arab Spring activists. Past events indicate the cyber group will most likely fulfil its threat and execute the attack should the Saudis be allowed to participate in the games.

CHINA and ASIA PACIFIC

China and United States head list of cyberattack sources

The Global Perspective Report named China as the source of the greatest number of cyberattacks worldwide. The report was carried out by Norse, a provider of cyberattack intelligence and cybersecurity solutions, and gave an overview of the attack landscape across the globe for 2015. China is followed by the United States, Saudi Arabia, Germany, and Russia. Iceland, the Netherlands, and Saudi Arabia are among the top ten, when population size is also taken into account. The most significant targets by number are the United States, the United Arab Emirates, Saudi Arabia, and Germany. While Asia carries out a high volume of basic attacks, Eastern Europe appears to perform more sophisticated cyberattacks.

Japan’s NEC Corporation launched cyber security factory in Singapore

NEC Corporation, Japan’s leading IT and network technologies company, has recently launched a cybersecurity factory in Singapore. The newly opened factory works with Singapore’s government to strengthen the country’s preparedness in combating cyber threats. The cybersecurity factory launched a Strategic Attachment and Training Program to prepare new cybersecurity experts. Moreover, the Singapore factory will collaborate with other NEC security centers around the world in sharing intelligence on cyber threats and providing security throughout to the users.

Indian website hacked by Pakistani hackers during major state events

India-Pakistan rivalry has spilled over into cyberspace through hacktivism and even “state-sponsored” attacks with popular Indian websites being prone to attacks during high-profile events like cricket matches and days such as Independence Day. According to a report by the Boston-based Recorded Future, nationalist hacker groups undertake cyberattacks around events and national holidays, and their objective is mostly to cause public embarrassment. According to the report, India and Pakistan’s Independence Days, which fall on August 15 and August 14 respectively, over the past three years have created a predictable pattern of attacks and retaliatory strikes by the opposing hacker groups. According to the report, since 2007, the Pakistan Cyber Army (PCA) has hacked, defaced and shut down high-profile Indian websites. The PCA has targeted government and private sites, including Indian Oil and Natural Gas Corporation, Indian Railways, the Central Bureau of Investigation, Central Bank of India, and the State Government of Kerala.

India in talks with foreign governments on cyber security

Placing a high priority on cybersecurity, India has engaged in talks with many foreign countries including the United States to cooperate in preventing cyber espionage and other cyberattacks, Communication and IT Minister Ravi Shankar Prasad said on Feb 8. The Prime Minister Narendra Modi also said that the cybersecurity is a huge issue and is important for India’s government, and that “it is like a bloodless war.” Prasad was in Boston to attend the annual India Conference at Harvard University. Prasad also said that “Internet is the finest creation of human and it should not be abused by some peoples. In that scenario there is greater cooperation among countries world over.”

TalkTalk falls victim to another ‘insider’ scam

TalkTalk has announced a major security issue this time with its “Bright Sparks” service for engineers’ customer data. TalkTalk has announced the serious security issue with its call center partner Wipro in India, where three employees of Wipro were arrested for stealing TalkTalk customers’ private data and using this information for illegal activities.

LATIN AMERICA

Brazilian companies targeted by malicious spam campaign

A spam campaign targeting Portuguese-language computers are specifically focusing on Brazilian companies. More than 40,000 emails have been sent with malicious attachments indicating money transfer receipts. Attackers gain access to employee emails and are able to reach internal service and obtain sensitive information.

AFRICA

Anonymous target African governments against corruption

In a statement published a few days ago, the hacktivist group Anonymous announced a series of attacks against Rwanda, Uganda, South Africa, Zimbabwe, Tanzania, Sudan, South Sudan, and Ethiopia. Hacktivists said that corruption in these countries has led to atrocious conditions for its citizens and, above all, their children. Using the hashtag #OpAfrica, Anonymous started with Rwanda, and breached the backend of the Broadband Systems Corporation, a Rwandan information technology company that provides high quality video conferencing software for the local Rwandan government. Hackers gained access to the company’s email accounts, along with its ticketing system, from where they dumped the database’s content containing details such as employee names, email addresses, passwords, and phone numbers. Uganda, was hit as well. The culprit behind this attack was Hanom1960, a hacker that previously leaked data from the Costa Rican and Colombian governments.

Cybercrime: South Africa the most targeted on African continent

South Africa has the highest rate of cybercrime on the continent. A Cisco Annual Security report said that “today’s attackers launch more sophisticated‚ bold and resilient campaigns.” Consulting Systems Engineer Security Solutions at Cisco South Africa‚ Greg Griessel said, “Cyber criminals are getting smarter and employing a number of personalized tactics‚ which places businesses at greater risk. 92 percent of business leaders agree that regulators and investors will expect companies to manage cybersecurity risk exposure.”