Global Cyber Bi-Weekly Report by INSS October 15, 2017
ISRAEL
Israel said behind discovery of Russian cybersecurity hack into US intel
Kaspersky Lab software ordered wiped from government computers after Israeli agents hacked into system and found Kremlin’s footprints. According to US media reports, Israeli intelligence officials were behind a US decision to remove all Kaspersky Lab software from government servers, after having alerted them about Russian hackers using the anti-virus software to steal classified information. Over a two-year operation, Israeli intelligence agencies hacked into Kaspersky’s network and discovered that the software used globally by some 400 million people had been breached by Russian hackers who were using the program to find code names of US intelligence programs, according to the New York Times, which first broke the story.
TD Bank opens cyber security lab in Israel
TD Bank Group will open a subsidiary office dedicated to cyber security research in Tel Aviv. The new office marks the first time a Canadian bank has opened an office in Israel, and it is a rare move for TD Bank Group to open an office in an area that it does not actually serve as a bank. According to Jeff Henderson, executive vice-president and CIO of TD Bank Group, the bank could not resist the security talent available in the region. Apparently, the bank is hungry for both quantity and quality of this variety of talent. “The demand for the talent has grown exponentially,” he said. “There is terrific talent in North America and I think we’ve done a terrific job punching above our weight acquiring that talent. But that’s not enough for us.”
UNITED STATES
Russian hackers stole US cyber secrets from NSA
Russian government-backed hackers stole highly classified US cyber secrets in 2015 from the National Security Agency (NSA) after a contractor put information on his home computer. The theft included information on penetrating foreign computer networks and protecting against cyberattacks and is likely to be viewed as one of the most significant security breaches to date.
North Korea hacked South Korea’s secret joint US war plans
North Korean hackers have stolen hundreds of classified military documents from South Korea, including detailed wartime operational plans involving its US ally. The hackers broke into the South Korea’s military network in September last year and gained access to 235 gigabytes of sensitive data. Among the leaked documents was Operational Plans 5015, for use in case of war with North Korea and including procedures for “decapitation” attacks on leader Kim Jong-un.
EUROPE
London issues call to arms to cyber security community
London is calling on the cyber security community to help keep the city’s more than one million small businesses safe from cybercrime. “Cybercrime is a growing problem for everyone, but while individuals are protected by their banks, small businesses can be sunk if their [banking] details are hacked,” said Rebecca Lawrence, chief executive of the Mayor’s Office for Policing and Crime. “Cybercrime is a huge area of crime, and one that policing alone cannot solve,” she said. “We will not be able to police ourselves out of this problem, but we can take simple protective measures.” Lawrence said enabling small businesses to make themselves safer from cyberattack is the driving concept behind the London Digital Security Center (LDSC).
Will Germany’s new social media law kill free speech?
This month, a new law will come into force in Germany that will impose huge fines on social networks if they do not delete illegal content, including hate speech. The law has sparked a huge debate over freedom of expression and has attracted an unusual collection of opponents. The law, called Netzwerkdurchsetzungsgesetz, or NetzDG for short, obliges the largest social networks—those with more than two million German users—to take down “blatantly illegal” hate speech within twenty-four hours of it being reported. For material that is less obviously violating the law, networks such as Facebook and Instagram will have seven days to consider the posts and, if appropriate, delete them. Failure to meet these deadlines could lead to fines of up to €50m. Critics argue the short timeframes coupled with the potentially large fines will lead social networks to be overly cautious and delete huge amounts of content, even things that are perfectly legal. But the law’s supporters, and the German government argue that it will force social media companies to proactively deal with online incitement and hate speech.
RUSSIA
Russian hacker is hired by Putin’s political party
The Russian hacker Pyotr Levashov—who was detained by the Spanish authorities and whom the United States seeks to extradite for hacking attacks—claimed in a court session in Madrid that he was hired to work for the Russian political party Yedinaya Rossiya (United Russia), which is the leading party of Vladimir Putin.
Twitter revealed 200 accounts related to “Russian trace” in US elections in 2016
Twitter reported that it blocked about 200 accounts in connection with the investigation of the “Russian interference” in the US elections in 2016. Due to an inside investigation, about 450 accounts that Facebook previously had mentioned in their research were examined and it turned out that twenty-two of them were linked to Twitter accounts. In addition, through these accounts 179 other accounts related to them were also found. Twitter blocked them for violation of rights of the social network, the company said.
Russia willing to proceed in cyber cooperation with United States
The Russian Federation will resume cooperation on cybersecurity with the United States, as soon as Washington is ready and the relevant proposals are handed over to the Americans, Deputy Foreign Minister of the Russian Federation Oleg Sjromolotov, who oversees the anti-terrorist cooperation, told RIA Novosti.
Russia developing secret weapon “more powerful than nuclear bomb”
According to the Daily Star, Russia is developing powerful radio-electronic weaponry that could prove more effective than nuclear weapons. Russia’s defense industry reportedly has devised the “Alabuga,” a new electromagnetic missile that can disable all enemy electronics within a radius of 2.3 miles. According to the source, these weapons can destroy all electronic equipment miles away and could bring down entire armies. They employ electromagnetic emitters to disable missile warheads and onboard aircraft communication systems from far distances. This technology can jam a tank’s loading mechanism, blow up artillery shells inside a turret, and kill enemy soldiers who take cover up to 100 meters underground with radiation.
Russian intelligence uses Kaspersky products to penetrate PCs
Russian hackers, on behalf of Russian government, stole the key for penetrating hacking software programs used by the NSA from an employee who had stored it on his home computer. According to the source, Russian hackers penetrated the employee’s home computer through its anti-virus software, which was developed and produced by the Russian Kaspersky Labs.
MIDDLE EAST
Iran is attributed to cyberattacks on British parliament members
Iran has been blamed for a cyberattack in June on the email accounts of dozens of British members of parliament, including Prime Minister Theresa May and senior ministers. After initial suspicion of Russia and North Korea were dismissed, evidence now points to Iran, according to an unpublished report by British intelligence. The network affected is used by every parliament member for interactions with constitutions, and the attack sought to gain access to accounts protected by weak passwords.
Qatar and Turkey in a joint initiative for cybersecurity
The Qatar National Research Fund (QNRF) and Turkey’s leading research agency launched “Academia-Industry Cooperation on Cyber Security,” a joint funding call. The program is designed to pool knowledge, expertise, and resources in tackling shared cyber-safety priorities. This follows a December 2015 bilateral agreement between Qatar and Turkey to collaborate on projects with mutual research interest. Any selected project is expected to get funding up to $2.15 million and must include members of academia and industry from both countries.
Twenty-two people arrested in Saudi Arabia for violating anti-cybercrime law
The Saudi Presidency of State Security arrested a Qatari citizen and twenty-one Saudi citizens, after law enforcement monitored video clips, which included directions for committing cyber-crimes and circulated on social media websites. The arrests made are based on the country’s anti-cybercrime law and are due to the heavy monitoring of the Saudi regime of social media apps and websites.
CHINA and APAC
Hackers use ‘China Chopper’ tool to steal Australia F-35 stealth fighter data from defense firm
An aerospace engineering firm, which is also an Australian defense subcontractor, had been hacked using a tool called “China Chopper,” which is widely used by Chinese cybercriminals. 30 gigabytes of sensitive data about Australia’s F-35 stealth fighter and P-8 surveillance aircraft programs was stolen. This sensitive data was subjected to restricted access under the US government’s International Traffic in Arms Regulation. It has been suggested that the subcontractor still used default passwords as “admin” and “guest” in parts of their network, despite having undertaken a massive A$50 billion submarine project, heightening vulnerability for the cyber hack. The minister of defense assured that the government was spending billions of dollars on cybersecurity; however, breach of security of industrial, corporate and military secrets is still on the rise.
It is time for India to update its cybersecurity policy
Although the “Digital India” Campaign is a central part of the Indian government’s initiative to boost electronic delivery of government services, there is still a need to prioritize the cybersecurity and update the Cyber Security Policy, 2013 into a more comprehensive framework. Critics have said that the policy is a “statement of the first principle” rather than a comprehensive framework for implementing a broad principle. The government should also proactively address India’s ability to respond to the cyber threat by outlining an institutional framework ensuring the country’s digital safety. Currently, the Indian government’s Cyber Security Policy has multiple stakeholders, but without tasks and operational responsibilities assigned to them. As a result, there is confusion as to whom to approach. Moreover, issues of training of cybersecurity personnel, the establishment of public-private partnership, and civil-military collaborations are yet to be integrated into the Cyber Security Policy framework. However, major organizations such as National Cyber Cooperation Center, Data Security Council of India (DSCI) and National Association of Software and Services Companies (NASSCOM) have made suggestions and recommendations on such issues.
Workshop seeks to boost cyber cooperation
Cambodia, Laos, Myanmar, and Vietnam and the Vietnam Computer Emergency Response Team (VNCERT) organized a two-day workshop to discuss policy and cooperation in cyberspace. They agreed that efforts are needed from the government, public agencies, private sector, civil society, and nongovernmental organizations. Further, international cooperation to devise cybersecurity strategy for ASEAN member states was discussed, along with the set of regulations and international laws in cyberspace.
AFRICA
Nigeria: Seandovi Security decries companies’ slow pace of cyber defense
Seandovi Security, a cyber security firm, has expressed concern about the increasing cyber security threats to companies in Nigeria, especially those that go undetected. The firm referred to a recent report released by Check Point Software Technologies Ltd., which listed Nigeria and four other African countries among the world’s highest risk countries in the latest Global Threat Impact Index released for May 2017. To assist organizations in tackling the challenge, Seandovi Security disclosed plans to hold cybersecurity training in Lagos from November 13–17, 2017. The training will focus on the latest threats affecting enterprise, including zero-day attacks and how to deal will this kind of attack.
Museveni to meet Russians over oil, cybersecurity
Uganda’s president, Yoweri Museveni, is expected to meet a delegation of Russian businesspeople, led by Alexey Volin, the co-chair of the Russia-Uganda Intergovernmental Commission on Economic, Scientific and Technical Cooperation. Other high-profile delegates from Russia include Alexander Dianov, the deputy co-chair of the commission and Emil Kuliev, the executive secretary of the Russian section of the commission among others. Minister of ICT and National Guidance Frank Tumwebaze, Executive Director of the Uganda Media Center Ofwono Opondo, and Executive Director of Uganda Communications Commission Godfrey Mutabazi will also attend the meeting. Issues to be discussed include trade and investment between the two countries in different sectors, including oil and gas, ICT, agriculture, minerals development, cybersecurity, media, mobile software, science and technology among others.
