Cyber Intelligence Report – April 1, 2014

Executive Cyber Intelligence Bi-Weekly Report by INSS-CSFI - April 1, 2014




Israel: Cyber Attacks vs Cyber Defense

In the 10 years since Ahmed Yassin death, Hamas has sent various threatening text massages to Israeli civilians stating they will be the next Gilad Shalit and that Hamas will conquer Israel. These bouts of messages were sent via the “Israel Defense” email distribution list. The hackers have also replaced the “Israel Defense” homepage with a picture of the Sheikh and two messages.

#OpIsraelBirthday promises damage to Israel via cyberspace

The website interviewed two hackers participating in the current #OpIsrael. The two hackers, “Mrlele” and “Anonxoxtn,” are both members of AnonGhost, the Anonymous group behind #OpIsrael. When asked the intentions of the operation, Mrlele informed: “Leaking personal data’s, spamming emails, spamming cell phones, leaking website, leaking emails and password, defacing, DDoS attacks and maybe publishing hacked website and gov.” When asked if he received threatening messages in response to his actions, he claimed three countries did but refused to state which ones. When the two were asked if they fear retaliations from Israeli hackers, they laughed and explained there was “no such thing.” When asked of Anonxoxtn what the overall message of the operation is, he answered: “The message is clear; we will not remain silent in front of the Zionism massacre in Palestine, Palestine will be free, we will not remain  silent anymore to support our brothers and sisters in Palestine, there is no place for Israeli in Palestine.” Anonxoxtn also declared the attack will be bigger and more powerful than ever before. When asked if he had anything to say to Israel, he replied: “I have a message from AnonGhost team to Israhell: you call us terrorist and we are proud to be terrorist but we won’t stop hacking defacing leaking exposing your pigs, there is no israhel its only Palestine.”

The #OpIsraelBirthday operation has been successful in conducting a hack against the Israeli Agriculture Research Organization, a domain within the Israeli Ministry of Agriculture and Rural Development. The message left stated: “Hi Israel! We always here to punish you as we did on the last Operation 7 April and we are back again to celebrate it. Because we are the voice of Palestine and we will not remain silent!! Muslims are everywhere – We will enter Palestine soon 🙂 Remember this 😀 Alkhilafah is coming soon Insha’Allah.” It is believed that the hacking against this specific domain is a warm up for what lies ahead. Nevertheless, the website was fully functioning later in the day.

Israel cyber security market in continual expansion

The Israeli cyber security market is seeing two big investments. The first being the Israeli cyber security firm, Cyvera, which specializes in unique threats. Cyvera was bought by the American company Palo Alto for $200 million dollars. The second company bought for $115 million, is NSO, a homeland security firm developing technology, which can listen to cell phone calls and text messages and monitor all uses of the phone through a phone number without notifying the phone provider.


US signs agreement with EU on cyber issues

The US-EU summit took place in Brussels, where a new agreement was reached and signed between the US and the European Union on cyber security issues.   According to the U.S government, the new agreement provides both participants the ability to share more information about fundamental rights and freedoms of citizens. Moreover, the cooperation will focus on international security, international cyber policy, and Internet freedom. The agreement provides the creation of an international working group focused on key areas such as cyber incident management, critical infrastructure, cyber security, cybercrime, and other cyber defense issues.

The US Defense planning to increase cyber workforce by 2016

The US Defense Secretary, Chuck Hagel, announced the US intends to increase its cyber workforce in the coming years because “our nation’s security reliance on cyberspace outpaces our cybersecurity.” According to Hagel, the Pentagon has already started to recruit cyber security professionals, and the US cyber workforce intends to increase membership of the Defense Department’s Cyber Mission Force by 6000 people by 2016. These positions are intended to be filled by those who have served in the military, even if they have no previous cyber or IT experience. This cyber workforce is aimed to face new challenges such as cyber-attacks from other states and cyber terrorist groups especially from China, Russia, and Iran. To manage these new cyber security professionals, the U.S government nominated Vice-Admiral Mike Rogers, who is currently the head of the Navy’s Cyber Command. Rogers is actually awaiting the US Senate confirmation to start his new position and succession to General Keith Alexander, who has been the director of Cyber Command and the NSA since 2005. However, Hagel emphasized he has no intention to “militarize cyberspace” and instead wishes to focus more on cyber operations than espionage.


Russia deploying highly sophisticated cyber weapons

As reported by the ArsTechnica Information Agency, Russia deployed highly sophisticated cyber operations during the Ukrainian crisis. A current example is Snake (other aliases include Ouroboros and Uroburos), which is an espionage tool of which multiple instances were detected in Ukraine. This is a long-standing exploit whose deployment dates back at least four years, with some elements of the software created as far back as 2005. Russia managed to shut down almost all of the Ukrainian government websites and managed to track mobile and phone equipment of numerous government figures. In Crimea, prior to the invasion in February, Russian Special Forces managed to shut down all essential communications physically by direct incursion. Cyber espionage is a crucial aspect and tool of Russian foreign policy in former USSR countries. Accessing the information systems of diplomatic, government, and military organizations over the years enabled Russia a major advantage in predicting tactics and position of its neighbours.

Middle East

Emirate: First global cybersecurity conference in Abu Dhabi

The New York Institute of Technology (NYIT) held its first Global Cybersecurity Conference in March. The conference began with the contribution of His Excellency Sheikh Nahayan Mabarak Al Nahayan, Minister of Culture of the UAE.  The NYIT’s conference welcomed cyber defense professionals, information technologists, banking and finance executives, and others from the US, China, United Arab Emirates, and throughout the Middle East and the North African region. It has been estimated that cybercrime costs more than $113 billion annually, with 378 million victims. In addition, the UAE recently disclosed plans to nearly double its security budget in the coming decade, with most of the increase to be used for cyber security.

China and APAC

China training cops for cyber war

China decided to train its police to become professional cyber cops. The Chinese government selected a group of police officers to provide them with cyber training. The goal is not only to train them in defensive operations, but to teach them about offensive cyber-attacks. The creation of these new cyber war units are likely related to the growing threats of Internet based criminal groups within China. Several cyber police units are currently being organized to assist Chinese firms and local governments to improve their network security. Moreover, some of these new cyber war police units will have offensive capabilities, probably in order to respond to groups perceived as enemies of China. The developing cyber war police units are using cyber technologies developed in China. These new cyber war units are also aided by the military hackers Unit 61398.

Palo Alto opened cyber security lab in Singapore

Palo Alto Networks has opened its new headquarters and cyber security lab in Singapore. According to Mark McLaughlin, CEO of Palo Alto, the opening of the cyber security lab will provide customers within the region the opportunity to learn more effectively about the latest cyber technology for countering cyber threats, including advanced persistent threat (APT) protection, new firewall technology, IDS/IPS systems, and URL filtering. Additionally, the opening of the new headquarters in Singapore enables access in the region where cyber security developments remain dynamic. Moreover, Sharat Sinha, who is the Asia-Pacific VP of the company, explained: “The region is home to the highest number of Internet users in the world, with exponential growth in online banking, shopping, and social media activity, making it a prime target for cybercriminals.”


Romania is world’s top hacking and global cyber-attack country

The number of cases, scammers, and resulting victims  of fraud originating in Romania rose dramatically over the last few years, with 2.8% of global cyber-attacks occurring through Romania. This makes the Balkan country ranking 7th in the world of hacking and cyber-attacks. Romania is a haven for cyber criminals, where schools provide high-level IT training; however, rough economic conditions push experts to cyber criminal activity. The latest massive data hack may have compromised the personal information of 110 million customers, mostly Americans. Bucharest estimated Romanian cybercriminals steal around $1 billion every year by hacking US computers. Romanian cyber cops and FBI agents are working closely to recruit 600 Romanian investigators in combating cybercrime, arresting 100 people across Romania every day, and bringing more than 1000 cases before the court.

UK launched  Computer Emergency Response Team after delay

The British newspaper “The Guardian” announced the British government launched its new Computer Emergency Response Team (CERT) after a delay. The establishment of CERT was announced in December 2012 by the Cabinet Office claiming to provide one of the most important parts of the £650m UK cybersecurity strategy. According to the British government, the new CERT will work in cooperation with UK security agencies such as the GCHQ, the Centre for the Protection of National Infrastructure, and the CSIRT. The new CERT team already shares information about cyber incidents with CSIRT through the Janet network, and they work hard together on the latest cyber threats.

According to Charlie McMurdie, former head of the London Metropolitan Police Central e-Crime Unit (PCeU), who was involved in the CERT-UK’s development, “The unit should act as an overarching unit that will enhance the response to major attacks being monitored by other incident response teams.” The British government is expecting CERT to be a center of coordination with the existing UK computer incident response community, and together they produce efforts to secure UK cyberspace more effectively.


TOR escalates in hiding criminal activity

According to Kaspersky Labs, TOR increasingly was being utilized by criminals in the last year and has uncovered evidence of 900 services using TOR with 5,500 plus nodes (server relays) and 1,000 exiting nodes (servers of emerging traffic). Kaspersky researchers report TOR is playing host to the ChewBacca point-of-sale keylogger and the ZeuS banking malware control infrastructure, the first TOR Trojan for Android. Currently, TOR is being used to hide 900 botnets, and the main problem of which is that computer owners are unaware of the malicious malware in transmission to other computers through the Internet on their individual computers (including spam or viruses). Sergey Lozhkin, a Kaspersky researcher, also explained that money laundering services have expanded on TOR as cybercriminals use the easy mechanism to spread a single transaction through dozens of different wallets, making it difficult to track.

inss150About the Cyber Intelligence Report:

This document was prepared by The Institute for National Security Studies (INSS) – Israel and the Cyber Security Forum Initiative (CSFI) – USA to create better cyber situational awareness (Cyber SA) of the nature and scope of threats and hazards to national security worldwide in the domains of cyberspace and open source intelligence. It is provided to Federal, State, Local, Tribal, Territorial and private sector officials to aid in the identification and development of appropriate actions, priorities, and follow-on measures. This product may contain U.S. person information that has been deemed necessary for the intended recipient to understand, assess, or act on the information provided. It should be handled in accordance with the recipient’s intelligence oversight and/or information handling procedures. Some content may be copyrighted. These materials, including copyrighted materials, are intended for “fair use” as permitted under Title 17, Section 107 of the United States Code (“The Copyright Law”). Use of copyrighted material for unauthorized purposes requires permission from the copyright owner. Any feedback regarding this report or requests for changes to the distribution list should be directed to the Open Source Enterprise via unclassified e-mail at: [email protected]. CSFI and the INSS would like to thank the Cyber Intelligence Analysts who worked on collecting and summarizing this report.