Cyber Intelligence Report – March 4, 2014



Executive Cyber Intelligence Bi-Weekly Report by INSS-CSFI

March 4th, 2014


New opportunities and new challenges in cyber sector

Israel’s cyber industry is gaining another big boost from the People’s Republic of China. WBP Venture Partners, Founder Group, and others will begin investing millions of dollars into Israeli high-tech and cyber companies. The companies are a compilation of a variety of different sectors including private investors, Peking University, and the Chinese government. Yet, while the public sector grows stronger within Israel, the cyber and technologic units of the Israel Defense Force (IDF) are losing their most valuable resource – the people. New records conducted by the Human Resources Directorate indicate the IDF is losing its human advantage in two ways: a reduction of high school students graduating in the field of technology and soldiers and officers deciding to conclude their army service after the mandatory years. The problematic issue of less Israeli high school students studying physics and high-level math is that this means less students join technological army units. Those who do join technological units end up serving the required years, but they leave afterwards to the public sector where opportunities are more appealing in terms of promotions and salaries.


Anonymous member sentenced to 12 years of prison in U.S.

An Anonymous member, British citizen Lauri Love, was sentenced to 12 years of prison for hacking the U.S. Federal Reserve: 10 years for hacking and 2 for theft and aggravated identity. This is according to the U.S. Attorney for the Southern District of New York office. The U.S. Federal Reserve servers had been hacked in October 2012 and February 2013 where the personal information of 104,000 people had been stolen and made publicly available by Anonymous, which cost the U.S. $3.7 million to deal with the fallout. The U.S. government tracked down Love by cracking Anonymous’ restricted chat rooms, were Love made comments about the attack in the forum. Andy Archibald, head of the NCA Cyber Crime Unit stated: “Cyber-criminals should be aware that no matter where in the world you commit cyber crime, even from remote places, you can and will be identified and held accountable for your actions.” Love is awaiting indictment, as he is currently on bail in the U.K. Though dozens of Anonymous members have been arrested, very few have been sentenced and even fewer have been sentenced to prison.

White House announces voluntary Cybersecurity Framework

The Obama administration released the first phase of a voluntary framework developed by hundreds of companies, several federal agencies, and many international contributors as a how-to cybersecurity guide for organizations in the business of running and protecting the nation’s critical infrastructure. The framework closely resembles a similar one President Obama released in October 2013. “Cyber threats pose one the gravest national security dangers that the United States faces,” President Barack Obama explained in a statement released by the White House. “This voluntary framework is a great example of how the private sector and government can and should work together to meet this shared challenge.” The framework attempts to identify, protect, and detect companies or organizations responding to and recovering from cyber intrusions. The framework seems to be published as a new push from the Department of Defence to push the importance of cyber security. Defense Secretary Chuck Hagel plans to shrink the United States Army to its smallest size pre-World War II, and will have distinct focus on special operations and cyber warfare, which will be considered the new way of American defence.


Sophos Labs revealed Russian spam contributes to large part of world’s spam

“SophosLabs” revealed the dirty dozen top spam-relaying nations, disclosed at the final “Spampionship” league table of 2013. Once again, it was the USA earning the league’s top spot, generating 14.5% of the total spam volume sent during the last quarter of the year. However, the gap to second place narrowed, with China re-emerging as a major player in spam sending, leaping from 4.6% to 8.2%, while Russia’s spam contribution edged up from 3.0% in third quarter, to 5.5% in the fourth quarter. This comes days after Russia Today, one of Russia’s leading newspapers, was hacked inserting the word “Nazi” into headlines.

Major cyber malware Uroburos pinpointed as Russian

German computer security and antivirus company G Data Security targeted the Russian government behind the malware “Uroburos,” because of the file name, encryption keys and behavior to a previous malware associated with Russia, Agent.BTZ, which attacked the U.S. Pentagon in 2008. Uroburos, active since 2011, steals files and monitors network traffic by taking control of infected computers through an Internet connection. It then connectesto other computers within the same network, providing random commands. Uroburos and camouflages its involvement by sending all information back to the malware author, making it very dangerous as new features can be added to its already damaging capabilities. According to G Data, Uroburos targets intelligence agencies, big companies, and nation states. Currently, there are very few governments undertaking writing malware, the most famous example of which would be the production of Stuxnet.

Middle East

United Arab Emirates investing more money in cyber security

The United Arab Emirates is doubling its homeland security budget from $5.5 billion to over $10 billion in the next 10 years. The majority of that funding will go toward cyber security, according to the 2013-2014 annual reports by the US Commerce Department’s International Trade Administration and reported by state news agency WAM.

Cyber-attacks on critical installations in Saudi Arabia and Qatar in 2012 and 2013 provided a wakeup call to governments in the Gulf Cooperation Council (GCC). In 2012, they announced the creation of the National Electronic Security Authority, the first national authority for cyber security in the region to combat online threats to military and critical installations. The main goals of this authority are to monitor the war against cyber-attacks; protect the country’s communications networks; and continue to develop, modify, and use devices required in the field of electronic security. It will also be responsible for proposing and implementing the UAE’s national policy on electronic security and developing a national plan to confront any risks, threats, or attacks.

FC Barcelona Twitter account hacked by SEA

The Syrian Electronic Army (SEA) targeted the Barcelona Football Club for its ties to Qatar money, which SEA claimed is “full of blood and kills.” Three accounts associated with the football club, with millions of followers, were compromised by the SEA on Wednesday morning following Barcelona’s 2-0 defeat over Manchester City in the Champion’s League. The hackers posted the same message on all three accounts, saying: “Dear FC Barcelona management, don’t let the Qatari money funds you, it’s full of blood and kill.” The tweets, which were removed, responded to the Qatari commercial sponsorship of the football club from the Qatar Sports Investment, followed by Qatar Airways.

China and APAC

China planning to be strong Internet power

During an official meeting on security, President Xi Jinping called for a “master strategy… and innovative development,” stressing the strategic importance of “Internet security and information,” demonstrating the growing concern for cyber security in China. China has the biggest Internet market in the world with $618 million users, with cyber-security becoming a major issue after the country was hit by a large scale cyber-attack in January 2014. According to the  Beijing Times, a large amount of Internet users do not necessarily correspond with safe cyber security standards. With the help of senior leaders, the Chinese government is drafting national strategies and policies within the cyber field. Compared to the U.S., China is far behind in becoming a major cyber powerhouse, as the U.S. is more advanced in technology. The cyber competition between China and the U.S. will be the main focus of cyber strategy in the next 10 years, as China intends to become a cyberpower in the coming years. China is determined to bridge this gap, especially since the U.S. has cracked down on cyber-attacks emerging from supposed state sponsored Chinese hackers (even though China has denied being behind any cyber-attacks against any state).


France inaugurated new cyber defense headquarters

On the 20th of February, the French Prime Minister inaugurated the new cyber defense headquarters. Created in 2009, the French ANSSI (Agence Nationale de Sécurité des Systèmes d’Information) is charged for the information systems security of the state and its critical infrastructures, such as the following: hospitals, power stations, nuclear power plants, airports etc. The new center is open 24 hours a day to respond to threats and cyber-attacks. The French agency is currently hiring 357 cyber security experts and is planning to increase this number to 500 through 2015. The Ministry of Defense, which has its own analysis and computer control center in the same building as the ANSSI, claims to have treated 790 incidents or cyber-attacks in 2013. The general directorate for weapons, which is a government agency managing the major future programs in the defense field, decided to develop a new specialized branch located in the west of France. The goal of this new branch is meant to recruit 400 new engineers coming from the best universities and engineering schools to develop equipment and techniques of defense against electronic attacks. Today, the ministry is hiring 1400 cyber-fighters and is planning to recruit 350 more by the end of the military program in 2019. The development of cyber weapons has been very discreet, but since 2008, the offensive systems are meant to deploy virulent computer viruses used against the enemies of France.

Despite these efforts, France is still late in terms of cyber defense when compared to the other major nations such as the United Kingdom. Indeed, the cyber human resources of France to counter cyber-attacks are weak compared to other nations. This lack of human resources is due to several factors. First, France has a lack of computer security experts, and secondly, the French did not anticipate the problem of cyber-attacks and the protection of its computer systems.

 A darknet website shut down in Netherlands

The Dutch and German police arrested five people and shut down a “darknet” website as part of an investigation into online criminal marketplaces. Dutch police were ‘astonished’ after acquiring ecstasy and cocaine through the website, as well as being offered a down payment for a killing  contract at the website called “Silk Road. The anonymous marketplace.” This case is one of many that are related to crimes within the darknet revealed in the past year. The success of “Silk Road” was the patronage anonymity that the “darknet” succoured. In October 2013, the Silk Road site was shut down by U.S. authorities, and the mastermind behind the marketplace was arrested. Law enforcement agencies in other countries are also cracking down on similar darknet sites, the latest called “Utopia Marketplace.”

To reach the darknet, The Onion Router (TOR) must be downloaded, which is a free software enabling anonymity necessary to enter the darknet and works by causing bits of data to be drawn from thousands of computers worldwide using proxy servers in order to establish a marketplace or web portal such as Silk Road. It appears incidents will only increase, and the desire for anonymity and the motivation for criminals and others to sell, buy, and merchandise all sorts of goods will develop and advance darknet activity. Tools like TOR intend to increase the aspect of anonymity by creating further instruments like TOR Instant Messaging Bundle (TIMB), which keeps instant messaging conversations encrypted and a real time anonymous chat system routed through TOR’s encrypted network.

inss150About the Cyber Intelligence Report:

This document was prepared by The Institute for National Security Studies (INSS) – Israel and The Cyber Security Forum Initiative (CSFI) – USA to create better cyber situational awareness (Cyber SA) of the nature and scope of threats and hazards to national security worldwide in the domains of cyberspace and open source intelligence. It is provided to Federal, State, Local, Tribal, Territorial and private sector officials to aid in the identification and development of appropriate actions, priorities, and follow-on measures. This product may contain U.S. person information that has been deemed necessary for the intended recipient to understand, assess, or act on the information provided. It should be handled in accordance with the recipient’s intelligence oversight and/or information handling procedures. Some content may be copyrighted. These materials, including copyrighted materials, are intended for “fair use” as permitted under Title 17, Section 107 of the United States Code (“The Copyright Law”). Use of copyrighted material for unauthorized purposes requires permission from the copyright owner. Any feedback regarding this report or requests for changes to the distribution list should be directed to the Open Source Enterprise via unclassified e-mail at: [email protected]. CSFI and the INSS would like to thank the Cyber Intelligence Analysts who worked on collecting and summarizing this report.