Cyber Intelligence Report – July 1, 2014

Executive Cyber Intelligence Bi-Weekly Report by INSS-CSFI - July 1, 2014




Israel among top cyber defense exporting countries 

Israel National Cyber Bureau (INCB) published an astonishing statistic asserting Israel export of cyber related products reached 3 billion dollars in 2014. This places Israel second only after the USA in cyber export, making Israel 5% of the cyber world market. Additionally, Israeli cyber firms raised 165 million dollars in investment money, which is 14.5% of worldwide investment within the cyber field.

Cyber campaigns in wake of Operation Brother’s Keeper

In the ongoing Operation Brother’s Keeper, the Deputy Head of the Information Security Unit in the IDF (referred to as Deputy A) acknowledged enemies of Israel are using social media to gather tactical and strategic intelligence. In an interview with the IDF blog, Deputy A pertained: “We are under intelligence gathering campaign, which is being led by the radical axis, against Israel and the IDF. Over the past years the enemy has been accelerating the vector of information gathering through the web: from social media, application, and more, while the gathering is occurring through the cyber domain.” He added: “Our enemies learned that there is a lot of information that could be gathered in that domain, and from our understating they are pretty good at it.” The second step of building the cyber defense force (the first, establishing the INCB) ended after the 18th month when the practice drill “magic circle 1” concluded. The practice was applied at the Office of the Prime Minister and was designated to check the readiness of key players at the government in dealing with a major cyber event. “We must be prepared for every scenario. We will continue practicing the relevant players to raise the national readiness in a complex changing reality,” Dr. Evitar Matania, Head of the National Bureau explained.


New US Ambassador in Beijing said Chinese cyber espionage is a threat

A week ago, the new US Ambassador Max Baucus in Beijing declared he would use diplomatic and legal opportunities to cease Chinese cyber espionage activities against US industries. Diplomatic relations between the two countries have tensed since the US government have charged five Chinese military officers with cyber espionage activities against US defense and technology firms. China immediately rejected these accusations and deemed they were offended. The US Ambassador declared: “Cyber-enabled theft of trade secrets by state actors in China has emerged as a major threat to our economy and national security.” Ambassador Baucus added “The US-China relationship is their most important bilateral relationships.” If both countries want to keep good diplomatic and economic relations, a non-cyber spying agreement should be signed between the two nations. However, the actual international economic and security context has become so unstable that it would be difficult for the two countries to sign and respect such an agreement. To add fuel to the fire, China announced its Central Government Procurement Center rejected the American operating system Windows 8 in the bidding process for purchases of information technology products by the Chinese government because Microsoft and other US IT firms have been accused of cooperating with the US government to monitor Chinese Internet traffic.

Russia and CIS

A Russia plan to fight cyber extremism

It has been reported by “Kommersant” that the Russian Interior Ministry has developed a plan to combat extremism, and one of the main means in dealing with extremism is tightening the cyber-medium. A priority of anti-extremist strategy in combating radical ideology and opposition is to spread their own ideology to the masses through cyber. Interior Ministry believes the most radical trends are distributed via the Internet, by the usage of social networks. The Russian government considers civil society to be involved in protests and rallies, which can result in riots and can occur because of the spreading of data in social networks. Law enforcement agencies will monitor the media materials and the Internet to discover information bearing a radical or extremist character.

Russia develops a Stuxnet like cyber-attack directed towards US and Europe

A malicious cyber malware known as “Energetic Bear” has been confirmed to hit over 1,000 energy and utility organizations in over 84 countries lasting 18 months, Symantec security firm revealed. The cyber-attack has been levelled at the sophistication of Stuxnet. The malicious malware “allows its operators to monitor energy consumption in real time or to cripple physical systems.” The majority of the attack focused on the United States and Spain where the malware compromised industrial control systems (ICS) equipment providers through a Trojan. The group of hackers who composed this malicious malware, Dragonfly, are considered to be a state-backed group with ties to Russia. Dragonfly hackers worked with Fapsi, a Russian electronic spying agency; however, the focus is on an entire sector “for strategic data and control speaks of some form of government sanction,” as stated by Stuart Poole-Robb, former M16 and military intelligence officer and founder of security consultancy KCS Group.

Middle East

SEA hacks Reuter’s through third party system

The Syrian Electronic Army (SEA) hacked Reuters’ through Israeli ad agency, Taboola (Taboola uploads recommended ads onto Reuter’s). SEA compromised Taboola through a phishing attack, allowing SEA to gain access through the “back-office dashboard” and use HTML editing on Reuter’s widget. Also, it enabled SEA to add code to redirect any reader who clicked to access the article: “Attack from Syria kills teen on Israeli-occupied Golan.” Readers found themselves instead faced with the message “hacked by the Syrian Electronic Army,” as well as threats to Reuter’s to cease reporting false articles on Syria. This is not the first time Reuter’s has been hacked by the SEA; Reuter’s Twitter handle was hacked last July. This attack varies from previous attacks because they used a third party to breach the intended site; nonetheless, SEA still used its phishing, its most well-known method. Reuter’s was quick to point out Taboola, stating the news agency’s internal systems were not compromised, but that those of Taboola were. Taboola released a statement claiming the bug was fixed and insisted they would begin developing “two-factor authentication for backstage users” and remove other elements SEA was able to breach. Noted, Taboola is used for many other popular websites including TMZ, USA Today, Time, and the BBC.

Anonymous begins operation against ISIS supporters

Anonymous declared they would begin a series of cyber-attacks against nations funding or arming the radical Islamic terror group ISIS and Syria. In a statement Anonymous said: “We plan on sending straightforward message to Turkey, Saudi Arabia, Qatar, and all other countries that evidently supply ISIS for their own gain…we will begin defacing the government websites of these countries….” The campaign will be called Operation No2ISIS, and Anonymous has stated they will “unleash the entire legion” by hitting government websites with DDoS attacks. Anonymous decided to take countermeasures after hackers of ISIS breached the Anonymous Twitter handle @theanonmessage by posting graphic, violent pictures, similar to the techniques of the Syrian Electronic Army, making assumptions the two are linked. Because ISIS has little digital presence outside of social media, Anonymous decided to show their disdain for the radical Islamic terrorist group by attacking states supporting them.


The British Communication Intelligence Agency extends cyber cooperation

The British Communication Intelligence Agency (GCHQ) has decided to increase its cyber cooperation. The Director of GCHQ, Sir Iain Lobban, declared at a private conference, IA14 that the agency is going to share relevant information with UK private companies. The goal of this information sharing partnership is to fight against industrial cyber espionage, which the British National Security Council has ranked as one of the major risks in the UK. The government is also pushing UK businesses to ensure and improve their cyber security. Moreover, talking at the IA14 conference, British MP Karen Bradley, Minister in Charge of Serious and Organized Crime, stated the British government is setting up new cyber police and fraud unit within the UK’s network of Regional Organised Crime Units. MP Bradley has also reported local British police forces have recently received a specific cyber training program. According to Bradley, the “UK will have a significant increase of the numbers of police officers and staff who have been cyber trained by 2015.” With all these cyber cooperation measures and agreements, England is without a doubt the most advanced country in Europe in terms of cyber security cooperation to protect national critical infrastructures.

Europol and ENISA cooperate to fight cybercrime in Europe

The European Union Agency for Network and Information Security (ENISA) and the European Police Europol announced a new cooperation to fight cybercrime. According to the two European agencies, this new strategic cooperation will include the exchange of information about cyber criminals and cyber threats from all over Europe. The organizations claimed: “This agreement is an important step in the fight against ever more skilled cyber criminals who are investing more time, money, and people on targeted attacks.” In addition: “By combining their areas of expertise, they can help to make Europe a safer place online.” Cybercrime is one of the top threats in Europe and is estimated to cost more than $400 billion each year. The ENISA and the EC3 Cyber Crime department of Europol are the two organizations charged with protecting and tracking cyber criminals in Europe. These two institutions include cyber experts from all over Europe who cooperate with the cyber police units throughout Europe.

Dutch company hacked Google Glass

A hacking experiment conducted by Dutch ICT company, Masc, and computing experts at Deloitte, were able to breach into Google Glass by sending pictures and videos from the hacked Google Glass and sending the photos and videos to remote computers; this has been dubbed as “seeing through the victim’s eyes.” Masc reported access into the Google Glass was extremely simple with little to no barriers either through Wi-Fi or through placing a USB stick into the Google Glass. Yet, the Google Glass once more raises the question of privacy, and Google acknowledged this breach has been problematic in earlier versions. Yet, when the Google Glass will be launched to a wide audience, it is to be protected by a PIN-style code.

inss150About the Cyber Intelligence Report:

This document was prepared by The Institute for National Security Studies (INSS) – Israel and The Cyber Security Forum Initiative (CSFI) – USA to create better cyber situational awareness (Cyber SA) of the nature and scope of threats and hazards to national security worldwide in the domains of cyberspace and open source intelligence. It is provided to Federal, State, Local, Tribal, Territorial and private sector officials to aid in the identification and development of appropriate actions, priorities, and follow-on measures. This product may contain U.S. person information that has been deemed necessary for the intended recipient to understand, assess, or act on the information provided. It should be handled in accordance with the recipient’s intelligence oversight and/or information handling procedures. Some content may be copyrighted. These materials, including copyrighted materials, are intended for “fair use” as permitted under Title 17, Section 107 of the United States Code (“The Copyright Law”). Use of copyrighted material for unauthorized purposes requires permission from the copyright owner. Any feedback regarding this report or requests for changes to the distribution list should be directed to the Open Source Enterprise via unclassified e-mail at: [email protected]. CSFI and the INSS would like to thank the Cyber Intelligence Analysts who worked on collecting and summarizing this report.