Global Cyber Bi-Weekly Report by INSS March 15, 2017
ISRAEL
What will be the impact on Israel of the massive data dump by WikiLeaks of CIA documents, code and spying techniques?
When Edward Snowden made his initial dump of National Security Agency documents in June 2013, it took time for some of the Israel-related documents to be revealed. Some of the biggest findings were not released or discovered until September 2013, and some connections to Israel were not fully revealed until February 2015. In the first twenty-four hours since the most recent leak, no one has reported on any Israel connections yet, and the name Israel does not obviously appear in the volumes of documents, most of which do not make much sense to people without advanced computer coding skills. There is a strong chance, however, that Israeli intelligence could be affected in the future. Col. (res.) Gabi Siboni, director of the Cyber Security Program at the Institute for National Security Studies in Tel Aviv, said, “We don’t know yet all of the technology which has been exposed, but in the past, Israel has had tight cooperation with the United States,” implying there is a strong chance that aspects of Israeli intelligence, coding, or spying techniques will be made public as the WikiLeaks dump unfolds.
IDF to begin recruiting new immigrants with cyber abilities
Jewish youth from the United States, who have a background in computers and who want to serve in the IDF, are being recruited to a new program where they will be able to serve in the Computer Service Directorate. The Garin Lotam Recruitment Program will be similar to the existing Garin Tzabar Program, where Jews who immigrate to Israel serve a minimum of two years and are provided with housing and other support.
UNITED STATES
WikiLeaks publishes “biggest ever leak of secret CIA documents”
The 8,761 documents published by WikiLeaks focus mainly on techniques for hacking and surveillance and provide details on the tools it uses to break into phones, communication apps, and other electronic devices. The leak will once again raise questions about the inability of US intelligence agencies to protect secret documents in the digital age. The leak feeds into the present feverish controversy in Washington over alleged links between Donald Trump’s team and Russia. US officials have claimed WikiLeaks acts as a conduit for Russian intelligence and Trump sided with the website during the White House election campaign, praising the organization for publishing Hillary Clinton’s leaked emails.
Brit Ltd. launches US cyber insurance team
The launch of an American-based cyber team will offer “local expertise and service to meet the growing demand for cyber and technology products in the United States (small and medium enterprise) sector,” the London-based specialty insurer and reinsurer said in a statement. In addition, Chicago-based Michael Carr was named as senior vice president to help lead the cyber and technology team. Mr. Carr previously had been the technology practice leader for Argo Group International Holdings Ltd.
FBI director addresses cybersecurity gathering
Director James Comey delivered a keynote address at the inaugural Boston Conference on cybersecurity, touching on the current cyberthreat landscape, what the FBI is doing to stay ahead of the threat, and the importance of strong private sector partnerships. The conference, a partnership between the FBI and Boston College’s Cybersecurity Policy and Governance master’s degree program, also features additional expert speakers and panelists who will be covering such areas as emerging technologies, operations, and enforcement, along with real-life cyber and national security experiences focusing on risk, compliance, policy, threat trends, preparedness, and defensive strategies. During his remarks, Comey discussed the “stack of bad actors” committing cybercrimes, including nation-states, multinational cyber syndicates, insiders, hacktivists, and—currently to a lesser degree—terrorists, who “have not yet turned to using the internet as a tool of destruction,” he explained, “in a way that logic tells us certainly will come in the future.”
US bill to target Russia’s possible influence in European elections
The United States has proposed legislation that expresses concerns about hacking in the 2017 European elections and Russia’s desire to support extremist, pro-Moscow candidates. The bill, introduced by Republican congressman Peter Roskam of Illinois and Democrat congressman David Cicilline of Rhode Island, declares that it is US policy “to sanction entities and individuals within Russia or associated with the Russian Government engaged in hacking, cyberattacks, and propaganda campaigns with the intention of interfering in democratic elections.”
EUROPE
Data wiping malware targets Europe
Shamoon, the mysterious disk wiper that appeared in 2012 and destroyed more than 35,000 computers in a Saudi gas company before disappearing, has returned. A new data wiper developed in the same style as Shamoon has targeted a petroleum company in Europe. Researchers from the Moscow-based antivirus provider Kaspersky Lab have called the new malware the “StoneDrill.” “The discovery of the StoneDrill wiper in Europe is a significant sign that the group is expanding its destructive attacks outside the Middle East,” Kaspersky Lab researchers wrote in a 35-page published report. “The target for the attack appears to be a large corporation with a wide area of activity in the petrochemical sector, with no apparent connection or interest in Saudi Arabia.” Like the Shamoon malware from 2012, the newer version quietly burrows into a targeted network so that attackers can obtain administrator credentials. It allows the attackers to build a custom wiper that uses the credentials to spread widely inside the organization. Then, on a set date, the malware activates and leaves the infected machines completely inoperable. The final stages of the attacks are automated, a feature that eliminates the need for communication with command-and-control servers. Kaspersky Lab researchers still do not know how StoneDrill spreads.
Kremlin seeks to sway British public opinion?
Ciaran Martin, the head of the National Cyber Security Center in the United Kingdom, has written to political parties warning of potential Russian-backed hacking to sway the British electorate. Security sources of the Sunday Times claim UK spy agency GCHQ now regards protecting the political system from foreign hackers as “priority work.” The sources say that Kremlin-backed cyber-sleuths are planning to sway the outcome of the next UK election by leaking damaging information that could influence the electorate’s opinions on various issues. In response to the threat, Martin said GCHQ would offer tailored seminars to help political parties understand the threats and reduce the risk of information being stolen. Martin wrote that, “This is not just about the network security of political parties’ own systems. Attacks against our democratic processes go beyond this and can include attacks on parliament, constituency offices, think tanks and pressure groups, and individuals’ email accounts.”
Europe tackles cybersecurity
Several European countries have moved to adopt distinct cybersecurity measures due to the increased interconnectivity within Europe’s energy system along with a changing paradigm, which includes decentralized power sources, the integration of electric vehicles, new digital infrastructure, and connected operational technology. According to a 2016 survey by the European Commission, at least 80 percent of European companies has experienced one or more cybersecurity incidents. While the commission has adopted a series of measures to tackle cybersecurity, it did not enact the European Union’s first broad legislation on cybersecurity until August 2016. Member states have until 2018 to adopt the directive on the security of network and information systems, which essentially creates a network of computer security incident response teams across the European Union to react to cyberthreats. It also establishes cooperation between member states.
Technology behind “all serious crime”
Technology is now at the “root” of all serious crimes, says Europol, Europe’s police agency. The returns generated by document fraud, money laundering, and online trade in illegal goods helps to pay for other damaging crimes, said Europol. The wider use of technology by criminal gangs poses the “greatest challenge” to police forces, it said in a study. It revealed that Europol is currently tracking 5,000 separate international organized crime groups.
RUSSIA
Russian Rostec developed anti-drone combat systems
Sergey Chemezov, the head of Rostec Enterprises, which is Russia’s sole and exclusive weaponry, military, and dual-use equipment and technologies exporter, announced on the Vesti broadcast, that Russia’s military has developed an anti-drone, radio-electronic combat system, which can interrupt command and control drone operation systems. This system, Chemezov added, is capable of interrupting multiple flocks of drones all at once.
Kaspersky Lab to check its vulnerabilities following accusation by WikiLeaks’ disclosure
The Russian anti-virus company Kaspersky Lab, following the recent WikiLeaks publications, has announced that it will study the WikiLeaks report for vulnerabilities in its antivirus products. WikiLeaks indicated that the CIA are able to use the Kaspersky Lab’s anti-virus scanner to mask the virus that attacks protected systems.
McCain accuses: WikiLeaks connected to Russia
John McCain, chairman of the Senate Committee of the US Congress on Armed Services, said that there is an “obvious link” between Russia and the organization WikiLeaks, as the Washington Examiner reports.
Google’s “artificial intelligence” technology for translation adds Russian
Google has added Russian, in addition to eight other languages that are being tested and engaged in the new version of Google Translate. The new version uses new deep neural networks to translate entire sentences, rather than individual words, said Barak Turovsky, a leading developer of the Google translation system.
Swiss Threema messenger widely used by Russia’s Federal Security Service
According to experts in the organization Roskomvoboda, the protected Swiss messenger app Threema is allegedly used by the Russian Federal Security Service (FSB) to gather information.
MIDDLE EAST
Iran blocks Waze app for being Israeli-made
Authorities in Iran have decided to temporarily block people from using the Waze app because it was developed in Israel. A permanent decision about the usage of the app in Iran will be made soon, but for now it is unavailable for download, and the government has blocked its use. The app has been classified as having “offensive content” due to its Israeli background.
Turkish cyberattacks of Austria create tension between the states
Turkish hackers have attacked the website of the Austrian Ministry of Foreign Affairs. According to the Ministry’s spokesman, the site was offline for several minutes. These attacks follow actions by Austria’s Chancellor Kern and Foreign Minister Kurz to ban Turkish officials from campaigning for President Erdoǧan and his new constitution initiative. Hundreds of thousands of Turks with dual citizenship live in Austria and have been the target of the Turkish campaign.
World day against cyber censorship reveals its extent in Middle East countries
Amnesty International has revealed its latest findings on cyber censorship. Each year governments around the world increasingly restrict internet freedom. Over 50,000 websites are currently blocked in Turkey, and more than 400,000 are blocked in Saudi Arabia. In addition, Middle Eastern countries conduct intensive surveillance of opponents of the ruling regimes.
CHINA and APAC
Chinese sovereignty gives it the right to control what happens on the internet within its borders
Chinese officials have drawn a red line in the sand around the country’s internet. Wang Jianchao, the deputy director-general of the Bureau of International Cooperation of the Cyberspace Administration of China told reporters, “Just like the real world, cyberspace needs not only the advocacy of freedom, but also the assurance of order.” A recently published government-authored public policy paper—intended for an international audience—outlines the country’s position on internet sovereignty and cyber defenses, including an opinion that hacking into Chinese companies may, in some cases, warrant a kinetic, military response.
Website of Saigon airport hacked, no damage reported
The website of Vietnam’s busiest airport Tan Son Nhat was hacked recently, but it has resumed normal operations. An aviation official said the website could not be accessed on Wednesday night, when the front page was displaying a cybersecurity warning. No data was stolen and the airport’s information system was not damaged. The system resumed normal operations at 10 a.m. the next day, but the cybersecurity team also took additional measures to protect the site. Representatives from the Civil Aviation Administration of Vietnam said the hacker behind the attack probably just wanted to raise an alert about the website’s security and did not intend any harm.
India is open for widest cybersecurity collaboration
India’s IT Minister Ravi Shankar Prasad stated that the Indian government is open for international collaboration in the field of cybersecurity and favors handling the issue of cyber terrorism in cooperation with other countries. “If internet has to remain powerful, it must be safe and secure. Few people are using digital technology for terrorism, for hatred, for extremism, and we need to work together,” Prasad said, and stated that the government has made a special effort to promote electronics manufacturing in the country and has received an investment of nearly $25 billion in the last two years for electronics productions in the country.
Singapore increases cyber warriors in response to military data breach
Defense Minister Ng Eng Hen of Singapore presented the nation’s new cyberdefense strategy following the recent and shocking breach of the country’s information and communications network belonging to its ministry of defense. “The Singapore Armed Forces (SAF) must keep up with tactics and operations of aggressors in the cyber realm . . . a never-ending game which we do in conventional warfare,” warned the minister. The defense ministry’s aim is to build a pool of 2,600 cyber defenders over a decade, which is believed to be a quantum jump compared to current numbers which the ministry did not disclose.
AFRICA
Report warns of budding West African underground cybercrime market
Trend Micro and Interpol released a report last week called “Cybercrime in West Africa / Poised for an Underground Market” in which the authors warn that while West African cybercrime is known for “simple types of fraud at present,” criminals are reportedly moving towards more elaborate and complex cybercrime operations. They find that the number of cybercrime complaints has steadily grown over the past few years reaching 2,182 in 2015 of which 30 percent have led to arrests. Furthermore, the report warns that these cybercriminals are in constant contact, comparing what works and what does not, which raises the probability that a cybercriminal underground will emerge.
Securex West Africa announces cybersecurity summit
Securex West Africa, known as the one of the most established security and public safety events serving public and private sectors of West Africa, has announced that it will hold this year for the first time a West African Cyber Security Summit or WACSS. This summit will be the “first of its size and scale” to be held in West Africa. It will take place on the March 22.
