Global Cyber Bi-Weekly Report - Sep 1, 2016
ISRAEL
Apple boosts iPhone security after Israeli spyware reveals startling weaknesses
An Israeli digital arms company has motivated the tech giant Apple to boost security for its mobile operating system after developing a highly sophisticated spyware package that enables complete control of iPhone devices. The spyware (codename Pegasus) took advantage of previously undisclosed weaknesses in Apple’s mobile operating system, iOS 9.3.5. The software can track calls and contacts, collect passwords, read text messages and emails, record calls, and trace the whereabouts of the user. The discovery of the spyware started as a botched attempt to break into the iPhone of an Arab activist in the United Arab Emirates. The NSO Group stated its mission was to provide “authorized governments with technology that helps them combat terror and crime.”
An Israeli firm will set up cyber security academies in India
Israeli cyber security company, Vital Intelligence Group, announced on Wednesday that it will establish cyber security academies in the country. The firm is expected to kick off operations in Mumbai next April, and then will establish branches in New Delhi and Hyderabad. The academies will give defense training to the government and citizens. According to Marc Kahlberg, Chief Executive Officer of the company and former Israeli Defence Force and National Police Officer, experts from his team spent six months researching crime rates in Mumbai before deciding to establish themselves there. He added that the institute can provide vital knowledge, with which security agencies can effectively investigate various crimes. The company hopes to strike a dialogue with authorities in the government, and plans to work with the cyber cells of police and security agencies in order to improve the cyber security of the country.
Lawyers state Israel “lags behind” world on cyber rules and privacy
While Israel is a global front-runner in the development of defensive cyber technologies, its legal framework for protecting personal data is outdated and does not address contemporary threats to data privacy. According to Timor Belan, a partner at the Tel Aviv-based Gornitzky & Co, “The rise in the use of technologies that collect our personal data on a widespread and regular basis, alongside increasing numbers of cyber-attacks on entities that collect and store such data, is creating a significant threat to individual privacy worldwide. As a result, countries around the world have responded by updating their cyber regulations and privacy laws. But Israel lags behind.”
Israel’s Justice Ministry concurred that Israel’s data protection agency would indeed “benefit from stronger powers and updates to the Privacy Law, in order to better serve the public interest.” Israel has been working to make its state bodies more secure by allocating a cybersecurity budget and imposing new cyber-related requirements on government offices. The government is also establishing a national CERT (Cyber Event Readiness Team), which will provide cyber-related support and guidance to entities in both the public and private sectors, as well as a Security Operations Center (SOC), which will be an intelligence-based entity focusing mainly on the protection of government offices.
UNITED STATES
FBI alert: Russian attempt to meddle in the US election
The FBI’s decision to issue a nationwide alert about the possible hacking of state election offices after breaches in Illinois and Arizona is raising concerns that a nationwide attack could be imminent, with the potential for creating havoc on Election Day. It is possible, however, that the motivation behind the two state hacks was less about the political system and more about cash. Voter registration data sets include valuable information such as names, birth dates, phone numbers, and physical and email addresses, which criminal hackers can bundle and flip on the black market of the “dark web” for thousands of dollars. While such thefts could be the work of ordinary criminals, experts explained that Russian cyber gangs often act at the behest of the Kremlin, either directly or indirectly. In exchange, these groups receive immunity from prosecution and “maintain their untouchable status,” said Kellerman of Cybersecurity Strategic Ventures.
http://www.politico.com/story/2016/08/fbi-states-voting-systems-digital-assualt-227523
EUROPE
The French defense company DCNS is targeted by a massive data leak
On August 24, 2016, the newspaper The Australian published on its website excerpts of the 22,400 pages of various documents leaked from the French company Direction des Constructions Navales et Systemes (DCNS). The documents leaked are related to Scorpène submarines that the French defense company was supposed to deliver to several countries, including India, Malaysia, Brazil and Chile. The three documents posted online are sensitive, but unclassified and cover the period from 2010-2011. These documents contain critical information such as technical manuals and models of underwater antennae. Furthermore, according to the newspaper, they describe the vessel’s communication and navigation systems. Over 500 pages are exclusively dedicated to its torpedo system.
According to the conservative daily newspaper, DCNS has suggested that the leak may have come from India rather than France. The data may have been exported from France in 2011 by a former French naval officer who at the time was a DCNS contractor. The documents could have been sold to South East Asian companies before being sent to Australia. The fact that these documents were sent to Australia is not really trivial, even if the country chose another model of submarine two times bigger than the Scorpène. The case could impact the contract of 50 billion Australian dollars awarded on April 26, 2016. Industrial espionage is becoming increasingly popular these days. Indeed, even if China is one of the top countries in this domain, other countries are engaged in it too, as the weapon industry is a fierce race when it comes to the matter of winning a tender.
London police fighting Russian cyber criminals
The City of London Police have recently claimed that their fight against Russian cyber-crime is becoming more difficult. City of London Police Commissioner Ian Dyson explained that tracking cybercriminals has become harder than before. The main reason is because the perpetrators operate abroad. Indeed, around half of all cybercrimes reported to the National Action Fraud Center originate overseas. Furthermore, the UK police do not really have any support from their counterparts in Russia and Ukraine. Indeed, Eastern Europe countries have one of the highest rates of cybercrimes, but do not always cooperate at an international level in order to counter the phenomenon. Furthermore, these countries are usually more concerned about internal cybercrimes rather than those performed against Western countries such as the United Kingdom and the United States. This lack of cooperation is a major problem when some law enforcement agencies have the capabilities to track cybercriminals even if they use anonymity services such as TOR, but then cannot launch legal procedures against them. Beside the European EC3 Cyber Crime Center, which coordinates the different European police forces, an international agreement should be also signed with Russia and Ukraine.
The second reason is budgetary. According to Ian Dyson “Policing has taken a 20 percent hit in its budget so I’ve got to do what I can with what I’ve got.” Of the 40,000 monthly fraud events reported to the Action Fraud Center, the actionable leads are passed onto the National Crime Agency, and the rest is tackled by the City of London Police and the other forty-three police forces across the United Kingdom. Police Commissioner Dyson added that “There are 700 cases the City of London police are investigating at the moment. That’s me rather than ones disseminated to other forces. In the top ten, there is about half a billion pounds’ worth of fraud being investigated.” With the multiplication of connected objects and the development of the digital economy, the United Kingdom will need a significant number of human resources to counter cybercriminals in the next few years.
RUSSIA
Russia-backed DNC hackers strike Washington think tanks
Last week, one of the Russia-backed hacker groups that attacked the Democratic National Congress’ (DNC) computer networks also attacked several Russia-focused think tanks in Washington, DC, according to Defense One. The perpetrator is the group called COZY BEAR, or APT29, one of the two groups that cybersecurity company CrowdStrike blamed for the DNC hack. The founder of CrowdStrike, Dmitri Alperovitch said fewer than five organizations and ten staffers researching Russia were hit by the “highly targeted operation.” He declined to give details about which think tanks and researchers were hit, out of concern for his clients’ interests and to avoid revealing tools and techniques or other data to hackers.
Russian hacker Seleznyov to face thirty years in prison
The United States court convicted Roman Seleznyov, the son of Valery Seleznev, the Deputy of the State Duma. The jury acknowledged the younger Seleznyov was guilty of thirty-eight charges out of forty, including fraud with the use of communication and intentional theft of information from protected computers. Roman Seleznyov was arrested by the Secret Service in one of the airports in the Maldives in July 2014. According to prosecutors, the hacker stole and sold more than 2.9 million credit card numbers. According to Reuters, the sentencing is scheduled for December 2, 2016. Seleznyov faces up to thirty years in US prison.
MIDDLE EAST
Kuwait arrest government employee believed to be a main Islamic State cyber hacker
The national security forces of Kuwait managed to catch a local citizen, and more importantly, a government employee, who is believed to be an active member of the Islamic State’s Cyber Caliphate Army. The detained state official, Othman Zebn Nayef, is 26 years old and may be one of the lead hackers in the cyber branch of the Islamic State (IS) terror organization. After his arrest, his interrogation gave the Kuwaiti investigators enough information to aid in capturing two Iraqis and one Jordanian national who are also believed to be active participants in the IS cyber group.
Iran detects a new industrial malware in petrochemical plants
Iran has detected and removed malicious software from two of its petrochemical plants. According to Iran’s National Cyberspace Council, however, this malware was not the reason behind recent fires in those plants.
Iran’s Revolutionary Guard detains social media users for “in-appropriate behavior”
The Revolutionary Guard proves its total control over social media outlets in Iran as users were warned for posts that were considered immoral, related to modeling, or insulted religious beliefs.
http://www.bignewsnetwork.com/news/247003293/iran-revolutionary-guard-targets-450-social-media-users
Android phones of political activists in Iran are targeted in a newly exposed campaign
Hackers have sought access to Gmail, Facebook, and Telegram accounts of political activists in Iran while pretending to be “friends” from UK-based phone numbers.
CHINA and ASIA PACIFIC
Hosting a cyber-enabled crime exercise with INTERPOL
The world’s largest police organization, INTERPOL, has teamed up with the Rwanda National Police (RNP) to pool together experts in cybercrimes to conduct a cyber-enabled crime exercise in the Rwandan capital, Kigali, starting Monday, August 29. It focuses on three areas: cyber-enabled crime and digital forensics; the use of INTERPOL’s global policing capabilities; and investigations of human trafficking and gender-based and sexual violence. The exercise undertaken jointly with the RNP is unique as it focuses on two distinctly different yet related areas: human trafficking and cyber-enabled crime, which underpins all forms of crime. “The Rwandan government is delighted to host the cyber-enabled crime exercise and thanks African countries for their trust,” said Rwanda’s Inspector General of Police (IGP), Emmanuel Gasana.
China blamed for “massive” cyberattack on sensitive government and corporate computer networks in Australia
Sophisticated cyberattacks have penetrated sensitive government and corporate computer networks in Australia, including those holding highly confidential plans for a privately financed geostationary communications satellite. The Defence Department’s elite research division, now named the Defence Science Technology Group, both suffered significant cyber infiltrations in the past five years by hackers based in China. Intelligence sources say they suspect Beijing sponsored the attackers in these cases. The Prime Minister’s Cyber Security Adviser, Alastair MacGibbon, said that the Australian Government was “attacked on a daily basis. We don't talk about all the breaches that occur.” A spokesman for the Chinese Embassy in Canberra denied China had conducted any cyber espionage against Australian interests, calling such allegations “totally groundless” and “false clichés.” “Like other countries, China suffers from serious cyberattacks and is one of the major victims of hacking attacks in the world,” he said.
China strengthens its cyber security with new regulations
Chinese authorities have published a document on internet regulations. The Cyberspace Administration of China (CAC) said that the guidelines were issued by the CAC; the General Administration of Quality Supervision, Inspection and Quarantine of China, and the Standardization Administration of China (SAC). According to the document, mandatory national standards would be introduced to regulate the fields of major information technology infrastructure protection and classified networks. Authorities would accelerate the introduction of standards in cyber security, personal information protection, cybersecurity information sharing, and other fields. The document also requires the establishment of an information-sharing mechanism for major cyber projects and unified national standards to reduce the burden for companies and to improve the country’s overall cyber security.
Japanese government will form a cyberattack institute
The government of Japan will form an institute to train employees to counter cyberattacks. The institute, which will be operational early next year, will focus on preventing cyberattacks on electrical systems and other infrastructure. The training institute, which will operate as part of Japan’s Information Technology Promotion Agency (IPA), is the first center for training in Japan to focus on preventing cyberattacks. It will aim to prevent any large-scale blackout during the Tokyo Olympics and Paralympics in 2020, and stop leaks of sensitive power plant designs. Cyber security is a growing concern in Japan, where over 12 billion cyberattacks were reported in 2014 by the National Institute of Information Technology. The Japanese national police force reported that instances of cybercrime investigated by the police rose 40 percent from 2014-2015.
Singapore plans to cut off web access for public servants as a defense against cyberattacks
Singapore is planning to implement a policy to cut off web access for public servants as a defense against potential cyberattacks. The idea is closely watched by critics who say it marks a retreat for a technologically advanced city-state that has trademarked the term “smart nation.” Some security experts say the policy, due to be implemented by May, risks damaging productivity among civil servants and those working at more than four dozen statutory boards by cutting them off from the people they serve; moreover, it may only raise slightly the defensive walls against cyberattacks. Other cyber security experts agree with Singapore authorities that with the kind of threats governments face today, the government has little choice but to restrict internet access. FireEye, a cyber security company, found that organizations in Southeast Asia were 80 percent more likely than the global average to be hit by advanced cyberattacks, while those organizations close to tensions over the South China Sea – where China and others have overlapping claims – were particularly targeted.
