Cyber Intelligence Report – February 20, 2014



Executive Cyber Intelligence Bi-Weekly Report by INSS-CSFI

February 20th, 2014


Israel – A growing cyber nation

In the last few years, the number of Israeli companies involved in the industry has ballooned from a few dozen to more than 200, accounting for 5 to 10% of cyber security firms worldwide, according to Eviatar Matania, Head of the Cyber Bureau. Matania estimated the global industry to be worth $60 to $80 billion a year.

IDF reveals five-year plan

The IDF C4i corps is moving forward with its five year strategic cyber plan. The purpose of the new plan is to bring the Israel corporations of air, ground, sea, and intelligence into one operational Internet network. This would enable different agencies to share information and data quickly and instantly. The program intends to be administered in three steps. The first course would be moving to a cloud based platform, which is scheduled to take place by the end of the year. A significant sum in expenses is estimated to be saved due to the centralization of computer services. The second step is to open an application store (similar to Google Play and App Store) equipping soldiers to share knowledge in more efficient ways. The final step intends to connect soldiers’ cell phones to a specific military system, which would integrate military details with military information security.


Edward Snowden used low-cost tool to belittle NSA

Intelligence officials are investigating how Edward Snowden gained access to copious amounts of classified documents while he was working as a technology contractor managing the National Security Agency’s (NSA) computer systems for the agency in Hawaii in an outpost focusing on China and North Korea. Officials report Snowden used inexpensive and widely available software to “scrape the surface” of the National Security Agency’s (NSA) networks, even continuing after he was briefly challenged by agency officials. Using “web crawler,” a software designed to search, index, and back up websites, Snowden gathered data while attending to his daily routine. NSA insists if Snowden had been located at NSA’s headquarters in Fort Meade, Maryland, he would have failed because the headquarters are equipped with monitors designed to detect when large volumes of data are being accessed and downloaded, and therefore, he would have most certainly been caught. Because Snowden was based at an agency outpost not upgraded with modern security measures, few alarms were raised. Additionally, he gained access to the documents by persuading 25 of his co-workers to divulge information, NBC News disclosed through an unclassified NSA memorandum.

The Director of the Defense Intelligence Agency, Lt. Gen. Michael T. Flynn, informed lawmakers Snowden’s disclosures could tip off adversaries to American military tactics and operations, forcing the Pentagon to spend vast amounts to safeguard against this. Uncertainty continues to result in the data Snowden posseses. “Everything that he touched, we assume that he took,” General Flynn stated, including details of how the military tracks terrorists, of enemies’ vulnerabilities and of American defenses against improvised explosive devices. He added: “We assume the worst case.”

Most recently it was revealed through Snowden, that the NSA spied on law firms with foreign clients, as the shown in a document that was circulated from February 2013 depicting Indonesia hiring a US law firm to assist them in trade talks. Australian Signals Directorate (ASD), the Australian counterpart to the NSA, informed NSA of the assistance and conducted surveillance. In their report to the NSA, ASD included attorney client privileged information as part of the report (attorney-client privilege is not subject to protection laws from NSA). The findings are striking as the NSA’s mission includes protecting the nation’s most sensitive military and intelligence computer systems from cyber-attacks.


Internet security concerns at Sochi Olympic Games

A concern emerged pre-Sochi Olympic Games on the information security level and how secure the Internet networks would be and if it would be safe for visitors to browse through Russian suppliers providing Internet coverage. No cases of cyber-attacks have been reported so far; however, on February 8th NBC released a report written by Richard Engel, claiming foreign athletes should not use Wi-Fi in Sochi because by connecting through the wireless networks, hackers are able to breach the devices (this statement has yet to be confirmed). The Guardian disclosed that the Federal Security Service of the Russian Federation (FSB) intends to monitor all communications made ​​by the participants and guests of the Olympic Winter Games. According to the source, the FSB took steps to install spy technology at the event. Reporters found major changes made in Sochi telephone and Wi-Fi networks to provide extensive and pervasive monitoring to filter all traffic by using the Russian system “SORM,” which intercepts telephone and Internet communications.

Middle East

Saudis could face five-year jail term and up to $800,000 fines for sending offensive tweets

A prominent legal consultant warned Twitter users who retweet abusive or offensive tweets will become liable to the same punishment as the original posters of such remarks. Article 6 of the Anti-Cyber Crime Law stipulates anyone involved in the production, transmission, or storage of material infringing on public order, religious values, or privacy would be sentenced to a maximum of five years in prison or a maximum fine of SR3m ($800,000) or face both forms of punishment.

Saudi Arabia has more than 3 million active Twitter users and is ranked as the fastest growing Twitter nation in the world with a rate of 3,000%. Riyadh, the capital of Saudi Arabia, is ranked 10th globally among cities with the most tweets. According to experts, social media provides a space for interaction not permitted in public – one of the reasons why people turn to social media to express their opinion.

The Syrian Electronic Army hacks website

The website was hacked by the Syrian Electronic Army (SEA). They posted an image of what appeared to be a WordPress administrator panel for multiple Forbes websites. The next day it revealed login details of more than 1 million Forbes users, admin, reporters, and other employees of the company. Forbes confirmed the cyber-attack and asked users and personnel to change passwords. While appears to be back to normal, screenshots taken by Softpedia display that the hackers defaced a number of pages on the site, posting a story claiming to be written by the website’s cyber security correspondent Andy Greenberg under the headline: “Hacked by the Syrian Electronic Army.” SEA tweeted that the reason behind the attack was because “Forces posted many articles against the SEA… [and] they deserved to be embarrassed.”

Asia Pacific

Singapore welcomes new Israel Aerospace Industry cyber R&D center

On the 13th of February, Israel Aerospace Industry (IAI) opened a new cyber R&D center in Singapore. The aim is to find new techniques and technologies to provide warnings and counter measures against cyber-attacks. The R&D center is the first Israeli defense corporation center opened in the Far East. Esti Peshin, head of the cyber programs section at IAI’s subsidiary Elta, said the project was being set up in cooperation with Singapore’s Economic Development Board, and it represented a milestone for the Israeli defense industry. Hired employees are expected to be around 80 – 90% of Singaporeans, including scientists, engineers, and cyber security professionals. The center will focus on three areas: active defenses including catching cyber attackers in real time, monitoring, and redirecting their attacks; finding the geographical location of virtual attackers; and anomaly detection. The head of the cyber program explained the decision to locate the center in Singapore was because of the Asia Pacific region’s high activity in cyber defenses. Countries like South Korea are facing a high number of cyber-attacks, while India is growing as a strong player in the cyber world. Singapore appears to be very satisfied from the new cyber center, which continues the strong relations between the two countries.


German government and intelligence services accused of involvement in NSA affair

The German Federal Office for the Protection of the Constitution, the BSI (German Federal Intelligence Service) and members of the German government are suspected of having assisted the NSA (National Security Agency) in their data collection program. According to German informant Constanze Kurz, the offenders admitted to using the XKeyScore program by the NSA in order to conduct efficient data analysis through emails, browsing histories, and online chats without authorization. Together with the International League for Human Rights, Kurz intends to sue the responsible parties in federal court. Kurz is a speaker and member of the Computer Chaos Club, Europe’s biggest association of hackers, and she is a reporter for the German newspaper FAZ. After documents leaked by the American whistle blower Edward Snowden, the German Federal Intelligence Service and German government have been cooperating with the NSA by using NSA-provided spying software. The BSI played a major role in exchange of information for named spying tools among intelligence agencies referred to by the NSA.

UK targeted Anonymous with cyber-terrorism tactics

According to documents leaked from National Security Agency through Edward Snowden, the United Kingdom has been engaged in denial of service (DDoS) attacks and other cyber tactics against non-belligerents. It is the first time a Western state has been caught using cyber-terrorism tactics. In 2012, a PowerPoint presentation from the Signals Development Conference explained the British Government Communications Headquarters and the Joint Threat Research Intelligence Group declared a shutting down of communications on the hacktivist group Anonymous.

The speciality of Anonymous is the group’s DDoS attack technique, an attack flooding servers with more requests than the server can address. The DDoS attacks have been and are used by many hackers to attack government websites. In 2012, Anonymous attempted a DDoS attack on the British government websites, including the home office and GCHQ. Since then, the UK has changed its cyber strategy and is becoming more offensive, particularly against hackers and hacktivists. In fact, the British government has invested £500,000 for its cyber army reserve and is continuing to develop its cyber defense. Like the US, the UK has one the biggest worldwide budgets for cyber security.

inss150About the Cyber Intelligence Report:

This document was prepared by The Institute for National Security Studies (INSS) – Israel and The Cyber Security Forum Initiative (CSFI) – USA to create better cyber situational awareness (Cyber SA) of the nature and scope of threats and hazards to national security worldwide in the domains of cyberspace and open source intelligence. It is provided to Federal, State, Local, Tribal, Territorial and private sector officials to aid in the identification and development of appropriate actions, priorities, and follow-on measures. This product may contain U.S. person information that has been deemed necessary for the intended recipient to understand, assess, or act on the information provided. It should be handled in accordance with the recipient’s intelligence oversight and/or information handling procedures. Some content may be copyrighted. These materials, including copyrighted materials, are intended for “fair use” as permitted under Title 17, Section 107 of the United States Code (“The Copyright Law”). Use of copyrighted material for unauthorized purposes requires permission from the copyright owner. Any feedback regarding this report or requests for changes to the distribution list should be directed to the Open Source Enterprise via unclassified e-mail at: [email protected]. CSFI and the INSS would like to thank the Cyber Intelligence Analysts who worked on collecting and summarizing this report.