Global Cyber Bi-Weekly Report - May 1, 2016
ISRAEL
Israel and Singapore agree to expand cyber cooperation
A pledge to expand cyber defense collaboration has been announced by Israeli Prime Minister Benjamin Netanyahu and his counterpart from Singapore, Lee Hsien Loong. The announcement was made after Loong’s recent visit to Israel, noted to be the first ever visit by a Singaporean prime minister. Nevertheless, Lee stated Singapore is watching “carefully from a distance the Israel-Palestine problem and the Middle East peace process, and the progress or lack of progress on these issues,” and added that, “We hope to see a two-state solution with Israel and Palestine living side by side in peace and security one day.” Netanyahu emphasized the two countries are “anchors of stability and strength in our respective regions” and likened Israel’s transformation “to a technological powerhouse” to the economic success that has earned Singapore worldwide renown, and added that, “innovation and entrepreneurship have allowed us both to punch well above our weight.”
Israelis expose #OpIsrael hackers
The annual #OpIsrael assault by the hacker group Anonymous was supposedly responsible for the recent shutdown of Israel Today’s website. A tweet by Israeli Elite Force, a private Israeli hacker group that is fighting back, noted that “Anonymous got exposed by @Buddhax private hackersclub.” The Israeli hacker known as Buddhax was able to expose the faces, names, and addresses of eight hackers who participated in the latest attack on Israeli websites. Specifically, #OpIsrael targeted the websites of Yad Vashem – Israel’s Holocaust Museum, the Israeli Ministry of Education, and Israel's Central Bureau of Statistics. The eight #OpIsrael hackers are from Indonesia, United States, Great Britain, Germany, France, Turkey, and Lebanon.
Formulating order for supervision of cyber systems exports has been halted
Prime Minister Benjamin Netanyahu and Head of the National Cyber Bureau Dr. Eviatar Matania have decided to stop the process of formulating an order for supervision of cyber systems exports. The call, which has been published by the Prime Minister’s Office, stated that Israel would supervise only offensive cyber exports through the Defense Ministry’s Defense Export Controls Agency (DECA) Supervision Department, while exports of civilian cyber systems would be supervised by the Ministry of Economy and Industry. The Israeli cyber industry was satisfied with the decision. According to a source from the National Cyber Bureau, the security supervision would be conducted on a small scale, and in any case would be relevant to only a very small number of systems.
UNITED STATES
United States are conducting cyber operation against ISIS
The United States is conducting cyber operations against ISIS in order to disrupt the group’s “command-and-control and communications,” according to President Obama. Three former intelligence officers, who spoke on condition of anonymity, told the Daily Beast that US Cyber Command has moved beyond the mere disruption and are entering a new, more aggressive phase that is targeted at individuals and is gleaning intelligence that could help capture and kill more ISIS fighters. US military hackers are now breaking into the computers of individual ISIS fighters to implant viruses and malicious software that allow them to mine their devices for intelligence. Obama also noted that recently the United States has either captured or killed several key ISIS figures, including Sulayman Dawud al-Bakkar, a leader of its chemical weapons program, and “Haji Iman” the man purported to be ISIS’s second-in-command. The military has also used cyber operations to block ISIS’s use of encrypted communications.
FBI decide not to give Apple the solution for unlocking the iPhone
On April 17, 2016, the FBI announced that it would not give Apple the technical solution to unlock the iPhone that had been used by one of the attackers in the mass shooting in San Bernardino, CA. The phone was unlocked with help from an unknown outside group that was apparently paid at least $1.3 million. The decision upset some technology industry executives, who said it appeared to run counter to the Obama administration’s promises to promote security and transparency in the nation’s technology operations. Apple declined to comment.
EUROPE
Estonia: NATO organized the largest international cyber defense exercise
Last month Estonia organized the largest international cyber defense exercise in the world. Locked Shields 2016, which was organized by NATO, has welcomed twenty-six nations and more than 550 leading computer security professionals in Tallinn. Locked Shields is the biggest and most advanced international cyber defense exercise in the world, which is hosted yearly by the NATO Cooperative Cyber Defence Centre of Excellence. About twenty teams representing nineteen nations as well as the NATO Computer Incident Response Capability had to maintain and defend the networks and computer systems of a fake country under attack. This exercise included several tasks, including reporting incidents, performing forensic, responding to attacks, and taking care of the legal aspects. According to Sven Sakkov, director of the Tallinn-based NATO CCDCOE, “Locked Shields is unique in forcing the hands-on network defenders from nineteen nations and NATO to work together and exchange information. International cooperation is the key to successful cyber defense and this exercise is a perfect example of doing just that.” NATO is the only international organization to set up such event in order to strengthen the international cooperation in terms of cyber defense. These exercises are very important as it allow countries to exchange information about techniques, strategies, and procedures in case of large cyberattacks.
United Kingdom: Head of CERT urges sharing information to counter ransomware
In recent years, ransomware has emerged, proliferated, and reached its peak in 2016. Ransomware also has become more sophisticated in order to bypass security measures as we saw with Ransom32 or Petya. Since it first appeared, ransomware has targeted millions of computer systems all over the world and caused heavy financial lost. During the RSA conference, the Director of the Computer Emergency Response Team (CERT), Chris Gibson addressed CERT’s willingness to increase information sharing between the public and private sector in order to counter the phenomenon of ransomware. CERT represents the intersection between the private and public sector when it comes to protecting UK infrastructures as well as financial assets. According to Gibson, “the large majority of UK businesses will be affected by cyber threats if not outright breaches at some point.” The cooperation between the public and private sector is vital as cyber threats become more advanced and some UK business does not have the capabilities to defend themselves. The government has already invested £860 million for its cyber defense and will probably invest more in the next few years. The United Kingdom fully understands the challenges posed by cyber threats in the current century. Indeed, with a strong increase in the Internet of Things (IoT) devices as well as online services, cyber threats will continue to rise and put government and business at danger.
RUSSIA
Russia to block access to social networks for its servicemen
According to RNS news, German Klimenko, the cyber security and internet development adviser to the president of the Russian Federation, admitted to the possibility of automatically blocking access of Russian military servicemen to social networks. According to Klimenko, the bulk of the armed forces should have limited access to the Internet, because army should be more protected and more regulated than the civilian population. To block access to social networks, Klimenko suggested using a special security code.
ARAB COUNTRIES
Qatar’s leading bank hacked
Qatar National Bank, the country's leading bank has been hacked recently and some 1.4 GB worth of personal and financial information was stolen. Among the bank’s clients whose data was leaked are the local royal family and the country’s internal security agencies. Cyber security experts say that it seems the attackers did not seek to steal money and rather sought to retrieve financials transactions and personal details. Moreover, the experts added that the hackers were successful due to poor cyber defense software.
Iran is becoming more invested in cyber warfare
Since the nuclear agreement was signed, Iran has put digital weaponry at the center of its arsenal. In fact, Iran has become the sixth country to join the cyber superpower club, following the United States, United Kingdom, Israel, Russia, and China. Over the years, Iran has both been attacked and has attacked others in the cyber front; in 2008, the Stuxnet computer worm, created by the United States and Israel was unleashed on Iran’s nuclear program. In 2012, Iranian hackers struck Saudi Arabia’s national oil company, Saudi Aramco, nearly obliterating its corporate IT infrastructure, and bringing the company close to collapse. Since the Aramco attack, Iran has significantly developed its operations and capabilities. Knowing what Iran is technically capable of is only part of the picture; since 2012, when Ayatollah Ali Khamenei, the Islamic Republic’s supreme leader, established the Supreme Council of Cyberspace, it has been hardliners that have dominated its control. In addition, there is growing fear that Iran’s proxy cyber forces are providing damaging malware to groups such as Hezbollah.
ISIS building a more credible cyber force
In its fight against the Western world, the Islamic State has been using the internet mostly as a communications tool. ISIS has leveraged social media to spread propaganda and even coordinate targets for attacks, using an ever-shifting collection of social media accounts for recruitment and even to call for attacks on individuals whom ISIS leaders have designated as enemies. Until now, the organization's efforts to build a sophisticated internal “cyber army” to conduct information warfare against the United States and other powers opposing it have been fragmented and limited. Now, ISIS is trying to build a more credible cyber force. ISIS has merged four separate pro-ISIS groups - the Sons of the Caliphate Army, the Caliphate Cyber Army with groups called the Ghost Caliphate Section and Kalashnikov E-Security Team.
CHINA and ASIA PACIFIC
Bug in banking software allowed hackers to carry of $80 million from Bangladesh’s Central Bank
An alleged bug in the SWIFT banking software allowed hackers to carry of $80 million from Bangladesh’s Central Bank in February. According to latest reports from the British defense contractor BAE Systems, the malware used for the heist changes the code in the SWIFT software in order to tamper with bank transactions. This seems to have allowed the attackers to delete outgoing transfer requests and intercept incoming requests, as well as change recorded account balances.
Jaku botnet rises in Asia
A newly uncovered botnet for multi-stage tracking and data exfiltration is said to have been built primarily for targets in Asia. The botnet “Jako” was first discovered by Forcepoint after a six-month long investigation and published in Forcepoint’s “2016 Global Threat Report.” According to the report, Jaku targets are located worldwide, but with high concentrations in Asia, including Japan, South Korea, and China. The malware itself is controlled through servers located in Malaysia, Thailand, and Singapore.
Philippine police arrest COMELEC hacking suspect
Philippine police have arrested one of three suspects that breached the database of the Philippine Commission on Elections (COMELEC) and exposed personal information of 55 million voters. The arrest was announced by the National Bureau of Investigation (NBI), which worked on the case together with COMELEC and other government agencies. The suspect, Paul Biteng who is a twenty-three-year old IT graduate, took part in the hack in order to highlight vulnerabilities in the COMELEC site. Biteng may now face prosecution under the Cybercrime Prevention Law.
AFRICA
Anonymous hackers leak 1TB of documents from Kenya's Ministry of Foreign Affairs
On April 29, 2016, Anonymous in Kenya, a division of the Anonymous hacker collective, leaked a trove of data from the Kenyan Ministry of Foreign Affairs. The files were uploaded on the Dark Web on a server that also hosts data dumps from the Staminus data breach, the Turkish National Police Force data breach, and the FBI and DHS from this past winter. The data dump contained around 1TB of information. The hackers did not leak any sensitive information such as employee personal details or access credentials. At the time of writing, the Kenyan government confirmed the hack, but said that none of the stolen documents were labeled as “secret.”
