Global Cyber Bi-Weekly Report - April 1, 2016

ISRAEL

NSA chief paid a secret visit to Israel in order to coordinate cyber warfare

The director of the US National Security Agency, Admiral Michael Rogers, reportedly paid a secret visit to Israel last week in order to discuss cooperation in cyber defense, and in particular to counter attacks by Iran and its Lebanon-based proxy Hezbollah.

According to Haaretz newspaper, the NSA director who serves also as the head of US Cyber Command made the trip to meet with the commanders of the IDF’s 8200 intelligence unit, which specializes in signal intelligence (SIGINT) and code decryption. Israel has been targeted by a number of cyberattacks in the past two years, which according to officials, were conducted by hackers affiliated with the Iranian government and Hezbollah.

A senior Israeli official told Haaretz that Rogers restricted his meetings in Israel to the hands-on chiefs of the Israeli intelligence community. Rogers expressed great interest apparently, in becoming acquainted with the new IDF independent branch for cyber warfare.

Israeli company Cellebrite allegedly collaborated with the FBI on terrorist iPhone crack

The US Federal Bureau of Investigation has allegedly collaborated with Israeli company Cellebrite in order to crack the iPhone used by the terrorists involved in the shooting last year in San Bernardino, California. The US Justice Department reported earlier this week that it managed to access the data on the shooter’s phone, after having stated that it had been approached by a third party who knew how to access the data. The FBI had been locked in a standoff with Apple Inc. for a month over accessing data on the phone used by the terrorists; Apple refused to comply with a court order to unlock the phone, saying it was an unreasonable demand on the company and threatened the privacy and data security of millions of iPhone users.

The successful cracking of the iPhone has ended the government’s legal battle with Apple for now. Cellebrite declined to comment. The company’s relationship with the FBI on this case was first reported last week by Yedioth Ahronoth newspaper.

Shin Bet arrests Palestinian cyberterrorist for breaking into military aircraft systems

The Israeli Security Agency announced last week it has caught and indicted a Palestinian cyberterrorist who gathered information on Israel’s military and civilian aircraft.

The twenty-three-year-old Palestinian, Majder Aweida, is a computer engineer and cybertech expert from Gaza who worked as a radio broadcaster and producer for a radio station belonging to the Islamic Jihad movement. Aweida is accused of successfully hacking into the Israeli Air Force’s Gaza sector surveillance drone system between the years 2011-2015, enabling the Islamic Jihad movement in Gaza full access in real-time and in high definition to IDF surveillance flights over Gaza. The indictment additionally states that Aweida developed software that enabled him to collect data on aircraft movements at Ben Gurion International Airport, such as runway numbers, types of aircraft and their weight, passenger details, and arrival and departure times.

The Israeli Shin Bet agency stated that Aweida was arrested in February 2016 when he left Gaza in order to interview Palestinian candidates in Judea and Samaria for a talent show he was producing. Moreover, based on the Shin Bet’s arguments, Aweida confessed during interrogation to the crimes with which he was charged.

UNITED STATES

Cyberattack at MedStar Health: FBI is investigating

On March 28, hackers attacked the computer system at MedStar Health, forcing thousands of employees in the state's second-largest health care provider to resort to paper medical records and transactions. It seems, however, that patient medical records or other information were not compromised.

DHS seeks advice on building a cyberattack database

Last February, President Barack Obama issued an executive order directing DHS to promote “Information Sharing and Analysis Organizations” among sector- or subsector-specific groups to share information about cyberthreats and practices, and to develop cyber standards. The Department of Homeland Security admits there could be drawbacks to a broad cybersecurity incident database, accessible by members of the public and private sectors, which would include a spike in the cost of insurance. Businesses could use the database to assess how their cyber practices stack up against competitors, and the federal government could upload its own cyber threat predictions, as DHS suggests in a new white paper that fleshes out the concept.

US says it has unlocked iPhone without Apple

On Monday, March 28, the Justice Department of San Francisco declared that it had found a way to unlock an iPhone without help from Apple, allowing the agency to withdraw its legal efforts to compel the tech company to assist in investigating a mass-shooting. The decision to drop the case to compel Apple to help open an iPhone used by Syed Rizwan Farook, a gunman in the December shooting in San Bernardino, California, in which14 people were killed, ends a legal standoff between the government and the world’s most valuable public company. This development, however, also creates potential for new conflicts between the government and Apple about the method used to open the device and whether that technique will be disclosed. Lawyers for Apple have previously said the company would want to know the procedure used to crack open the smartphone, yet the government also might classify the method.

Joint statement on US-Germany bilateral cyber meeting

On March 22-23, the United States and Germany held a bilateral cyber meeting in Washington, DC. On this occasion, the discussions of international security in cyberspace focused on how international law applies to cyberspace, the promotion of cyber norms of responsible state behavior, and the implementation of confidence building measures. The two governments will continue their close cooperation on these issues in bilateral, regional, and multilateral venues. The two also welcomed the second set of confidence-building measures agreed upon in the Organization of Security and Cooperation in Europe (OSCE) and discussed Germany’s priorities in the cyber field for its OSCE chairmanship. Both sides underscore their conviction that the same rights that people have offline also must be protected online. These include the right to seek, receive, and impart information; the freedoms of expression; peaceful assembly and association; and the right to be free from arbitrary interference of one’s privacy. US and German representatives also discussed cybersecurity of critical infrastructure as well as management and coordination efforts of cyber incidents. The bilateral meeting was followed by a session with stakeholders from the private sector, civil society, the technical community, think-tanks, and academia on both sides.

Number of US government cyber incidents had a 10 percent increase in 2015

According to a White House audit, the US government was hit by more than 77,000 cyber incidents, including data thefts and other security breaches in the 2015 fiscal year. Part of the rise in cyber incidents stems from federal agencies improving their ability to identify and detect these incidents, the Office of Management and Budget said. National security and intelligence officials have long warned that cyberattacks are among the most serious threats facing the United States. President Barack Obama asked Congress last month for $19 billion for cyber security funding across the government in his annual budget request, an increase of $5 billion over the previous year.

Secret Service investigating claims That Anonymous hacked Donald Trump

The Federal Bureau of Investigation, in collaboration with the US Secret Service, is investigating claims by hacker activist movement Anonymous that it uncovered personal information about Republican frontrunner Donald Trump. In an animated YouTube video, an Anonymous member denounces Trump, comparing him to Adolf Hitler, and says that he would “promote an agenda of fascism and xenophobia.” The member then reports that Anonymous has released the Trump’s Social Security number, cell phone number, and other personal details. It is not clear if these details are correct. In the video, Anonymous also announces the formation of “Operation White Rose,” a nonviolent protest of Trump’s presidential campaign, named after an anti-Nazi group known for its activity during Hitler’s regime.

EUROPE

UK: National Cyber Security Centre to cooperate with the Bank of England

The UK Cabinet Office recently announced that the National Cyber Security Centre (NCSC) will collaborate with the Bank of England on new cyber security guidance for banks as well as financial companies. The new center will be based in London and will be fully operational in October 2016. According to Cabinet Minister Matt Hancock, “This important work with the Bank of England is paramount to ensuring that businesses of all shapes and sizes understand the threats and what they can do to mitigate them.” The NCSC is being set up to aggregate the UK’s cyber expertise and will be led by two cyber experts. Mr. Ciaran Martin, who is currently director general of cyber at GCHQ, will head this new center, while Dr. Ian Levy, who is currently the GCHQ’s technical director of cyber security, will be appointed NCSC’s technical director. Although the United Kingdom is undoubtedly one of the most advanced countries in terms of cyber security innovation and capabilities, it is also a significant target as its financial sector represents a large part of its economy. This new Cyber security center will strengthen the cyber security, and it demonstrates a real desire of the government to counter financial cybercrimes. According to a report published last year, cybercrime costs the global economy over $445 billion annually.

Belgium’s critical infrastructure at risk of cyberattack

Following the recent terrorist attacks in Brussels, the European Union’s Chief of Counter Terrorism, Gilles de Kerchove declared that Belgium’s critical infrastructure is at risk of cyberattacks. After Belgium’s nuclear facilities workers had their security passes revoked due to intelligence warnings, Belgian authorities have started to increase the level of cyber security. The EU’s counter-terrorism chief said that the facilities and other major infrastructure remain at risk of a cyberattack. Even if Belgium started to developed its cyber defense capabilities, the country is still vulnerable to many cyber threats and needs to further strengthen its cyber intelligence as well as defensive and offensive cyber capabilities. Moreover, stronger cooperation with other European countries, such as the United Kingdom and France, as well as the European Union Agency for Network and Information Security (ENISA) will help Belgium to anticipate and face the different cyber threats.

RUSSIA

Russian banks lost 2 billion from cyberattacks despite security measures

As the head of the Central Bank of Russia (CBR), Elvira Nabiullina stated at government hearings on March 3, the CBR sees growing risk of cybercrime, and in 2015, it set up a special center to combat cyber threats. On March 16, however, a major cyberattack on dozens of Russian banks occurred. Hackers send malicious emails to addresses of bank employees on behalf of the Central Bank Cyber Security Monitoring Center (FinCert), the Kaspersky Lab said. The letters were targeted personally to each employee and began with original first and last name of the banks’ employees, apparently the result of massive intelligence and information gathering by the hackers at various conferences, exhibitions, and official bank documents. Kaspersky Lab noted. Letters were sent from spurious info@fincert.net address, similar to the original one, with instructions attached to launch the embedded macro, giving the attackers access to the banks’ information systems. Since October 2015 until the present time, Russian banks have lost about 2 billion rubles as a result of hacker attacks, and have identified more than nineteen cyberattacks.

ARAB COUNTRIES

Iran’s ‘Cyber Army’ is under direct command of the Iranian Revolutionary Guard Corps

Although Iran has denied US claims of cyberattacks, according to an Iranian opposition group, a “cyber army” headed by top Islamic Revolutionary Guard Corps (IRGC) officers has been increasingly active since 2009.

Iran’s Foreign Ministry spokesman dismissed the US allegations, saying Iran has never supported “any precarious measures in cyberspace,” but, on the contrary, has been the victim of cyberattacks. According to the National Council of Resistance of Iran (NCRI), an exiled opposition group, the IRGC has been engaged in cyberwarfare since around 2007, and especially after the post-election anti-government protests in 2009. “The cyber army has been established under the command of IRGC commander Mohammad-Ali Jafari,” NCRI said in a new report, which it says is based on information from sources inside the regime, including in the IRGC.

NCRI said Jafari has endorsed a plan to make the cyber army the sixth force of the IRGC – alongside the Ground, Navy, Aerospace, Qods Force, and the domestic Basij militia. The aim of the cyber army is to work against targets inside Iran, and outside the country.

In November 2010, the cyber army claimed to have hacked 500 websites simultaneously, disrupting private sites as well as “intelligence networks” of foreign countries.

Apart from the IRGC cyber activities, the NCRI report said entities attached to Iran’s Defense and Intelligence Ministries were also involved in cyber activities. It claimed that an operational unit within the Intelligence Ministry’s technology department aims “to hack sites run by opponents, to control websites, to attack other networks, and to conduct electronic espionage abroad.”

The future cyber threats of Saudi Arabia

The kingdom of Saudi Arabia is facing numerous threats of all kinds from its many rivals, including the Islamic State terrorist organization (ISIS) and the Shiite theocracy of Iran. While in the past, the battle field was strictly limited to the physical world, the modern one has become more abstract and is taking place in the Internet’s virtual arena. As a result, the Saudi authorities are making a lot of efforts to protect the kingdom from any future cyberattack, whether it comes from ISIS cyber activists or from a rival country such as Iran. Ibrahim al-Shamrani, the executive director of operations at the National Cyber Security Centre of the Saudi Ministry of Interior Affairs, highlighted zero-day attacks and next-generation malware as some of the kingdom’s cyber threats at the eighth “Cyber Defense Summit” held recently in Saudi Arabia. The summit stressed the fact that the kingdom is highly concerned with cyber threats and is doing all it can in order to deal with any future threat it may face, especially due to its escalated approach to ISIS on the one hand, and Iran on the other.

CHINA and ASIA PACIFIC

After hackers attack Bangladesh bank New Zealand banks warned to check security

New Zealand banks and financial institutions are being urged to double-check their security practices following a cyberattack on Bangladesh’s central bank. Hackers carried off $80 million from Bangladesh’s central bank in early March in one of the largest cyber heists in history. The Brussels-based SWIFT cooperative messaging service is asking New Zealand’s Reserve Bank, among others, to review its internal security.

Singapore’s Cyber Security Agency carries out first multi-sector cyberattack exercise

The Cyber Security Agency of Singapore held its first multi-sector cyberattack exercise. The so called “Cyber Star” event aimed to bring together agencies from different sectors to impart expertise in cyber security, such as a malware infection or large-scale distributed denial of services attack – attacks which may bring down entire networks of these agencies.

More than one hundred participants from seven agencies, belonging to the critical sectors of banking and finance, government, energy and infocommunications, attended the exercise. The attendees had the opportunity to learn about each other’s processes and capabilities to strengthen their own ability to deal with increasingly sophisticated cyberattacks.

Malaysia's ‘Cyber-ISIS’ supports ISIS fighters online

Online extremism in Malaysia is a matter of national and regional security. Last year in May, Malaysian Home Minister Ahmad Zahid Hamidi reported that 75 percent of supporters of ISIS were recruited online. Although since then the Malaysian police have arrested more than 150 people for suspected links to ISIS, they continue to succeed in recruiting new supporters and fighters via online platforms. These online extremists believe that they are ‘Cyber-ISIS’ and that they are conducting their fight online.

Pakistani cyber espionage group allegedly targeting Indian military sites since 2013

A cyber espionage group possibly located in Pakistan has been targeting Indian government, military personnel, and Pakistani dissidents since at least 2013, according to the security company FireEye Inc. According to FireEye, the group sent phishing emails about military issues and India-Pakistan relations. FireEye has identified the malware hidden in the email as SEEDOR.

AFRICA

US donor agency suspends $472m aid to Tanzania over Zanzibar elections

A US international development agency has suspended its partnership with Tanzania, citing flawed Zanzibar elections and the draconian Cybercrime Act. The move by the board of directors of Millennium Challenge Corporation (MCC) means that Tanzania will not be receiving an envisioned $472 million in funding for electricity projects. In addition to complaining that Tanzania had gone forward with a flawed Zanzibar electoral process “despite the repeated concerns of the US government,” the MCC board said Tanzanian authorities had failed to ensure that the country's Cybercrimes Act “would not be used to limit freedom of expression and association.” “MCC’s model has a partner country’s commitment to democracy and free and fair elections at its core,” the directors’ statement said. The country qualified in 2008 for nearly $700 million in US assistance for road, water, and energy projects. This assistance ranked at the time as the largest single funding stream approved by MCC, an agency that makes development aid contingent on countries’ compliance with a set of conditions involving human rights, governance, and free-market economic policies.

LATIN AMERICA

Latin American countries are unprepared for cyber attacks

Two institutions, along with Oxford University, released a study this month, showing that much of Latin America is highly vulnerable to potentially devastating cyberattacks. The report analyzed the state of cyber security preparedness in 32 countries in Latin America and the Caribbean, based on 49 different criteria of readiness against cybercrime, cyberattack, and other threats the internet age has brought. The data was gathered using a Cyber Security Capability Maturity Model, which covered areas such as: policy and strategy, culture and society, education, technologies, and legal frame works. Antigua and Barbuda, Argentina, the Bahamas, Barbados, Belize, Bolivia, Brazil, Chile, Colombia, Costa Rica, Dominica, Dominican Republic, Ecuador, El Salvador, Grenada, Guatemala, Guyana, Haiti, Honduras, Jamaica, Mexico, Nicaragua, Panama, Paraguay, Peru, Saint Kitts and Nevis, Saint Lucia, Saint Vincent and the Grenadines, Suriname, Trinidad and Tobago, Uruguay, and Venezuela were all analyzed in the report.

Breaking down the specifics of the Caribbean cybersecurity action plan

With global cybercrime on the ascent, countries, corporations, and security agencies are continuously searching for new ways to combat the ever-evolving techniques of today’s cybercriminals. Nations in the Commonwealth Caribbean recently took their first major steps towards this goal, with ministers responsible for legal affairs, ICT, and national security meeting in Saint Lucia last week to create a new cyber security action plan. One of the agreements of the plan was to establish a regional network in order to gather and share evidence of cybercriminal activity. The plan also calls on governments to foster a culture of security and to participate in regular cyber drills in preparation for digital attacks. The meeting followed an assessment by the Commonwealth Cybercrime Initiative (CCI), which revealed that Trinidad and Tobago, Grenada, Dominica, Antigua and Barbuda and Barbados have all experienced an increase in cybercrime in the private sector.