Cyber Intelligence Report – November 15, 2014

Executive Cyber Intelligence Bi-Weekly Report by INSS-CSFI - November 15, 2014




#OpSaveAlAqsa is new cyber-attack campaign against Israel

As tensions between Israelis and the Palestinians have increasingly risen, hactivists AnonGhost called for a new cyber protest against Israel. The new campaign is named #OpSaveAlAqsa, in reference to the Israel blockade of al Aqsa Mosque in Jerusalem. The group was able to hack the homepage of the United Nations and claimed to hack numerous Israeli websites. According to a Hamas affiliated Palestinian Information Center, Anonymous would also have a cyber protest on November 14th targeting stating: “We and other groups decided to get together and attack Israeli government sites, bank sites, and all Israeli Internet users.” Furthermore, the group mentioned it would attack defense establishment websites in order “to punish Israel for keeping Arab worshippers out of their mosque.” Nevertheless, as proven in previous Anonymous attacks, the current protests have done little damage to Israeli cyberspace. The inefficacy of the cyber protests can be attributed to the people behind AnonGhost and Anonymous producing these attacks, as they lack the technological accessibility and intelligence information needed to create an effective and useful cyber-attack against Israeli cyberspace.

Israeli Trojan Horse Scam

Social engineers on Facebook impersonated Israeli cell phone company Cellcom, attempting to get users download a Trojan horse. The hackers used Facebook Paid post claiming to be from Cellcom official Facebook page, linking the paid ad to a program that professed to give users a phone book of all company clients.


Postal service hit by cyber-attack; US suspects China

The United States Postal Service (USPS) stated that it has been the victim of “a cyber-security intrusion” exposing the employment records of more than 800,000 employees. The FBI is investigating the source of the cyber-attack, which appears to have originated from China. Accordingly there has been “no evidence” that any customer credit card information was exposed, but the cyber-attack compromised some call center data and may have swept up names, addresses, telephone numbers, and email addresses. China is suspected to be the primary responsible actor for this cyber-attack against the USA Postal Service. China is among the world’s best players at intruding foreign government computer systems, and the agency was first alerted of suspicious activity in the middle of September. The cyber-attack breached into the office of the Postal Regulatory Commission, the U.S. Postal Inspection Service, and the Postal Service Office of the Inspector General. “We have recently implemented additional security measures designed to improve the security of our information systems, including certain actions this past weekend that caused certain systems to be off-line,” said spokesman of USPS, David Partenheimer.


Russia needs funds to support domestic software development

Recently, the Minister of Communications of Russia, Nikolai Nikiforov, said that to support domestic software developers asubstantial cash infusion is needed. The general director of Telecom Daily, Kuskov Denis, commented on the statement of the Minister. In an interview published by The Kommersant, he stated that monetary support from the government is not enough to guarantee the creation of competitive Russian software products. According to him, the ministry must understand that in Russia there is no software that can successfully replace the foreign programs. Existing developments are extremely limited and locally characterized, and for the full replacement of corporate software there is a need to create their own analogs of MS Office, Windows, and Linux. With the Russian cyber industry being in a state of deep stagnation, he believes that the development of domestic software will need a creation of a national scale project involving both government and private investments.


NATO helps Jordan fend off ISIL cyber threat

Over recent years, NATO has been strengthening its membership of cyber defense capabilities of its countries and partners by creating the NATO Science for Peace and Security (SPS) project. As part of this initiative, NATO is setting up a cyber defense in Jordan’s key infrastructure, such as electricity grids, dams, energy network and more. SPS will assist Jordan’s implementation of its National Cyber Defense Strategy.


Vietnam increasing cyber cooperation

In a recent article, Jessica Woodall, an analyst in ASPI’s International Cyber Policy Centre, describes how and why cyber-security can help Australia take its existing engagement with Vietnam to the next level. Along with other countries, including the US, Japan, Russia, and India, Australia is seeking a stronger relationship with a partner in a geographically important location and a warmer friendship with Association of Southeast Asian Nations (ASEAN) main players. As an indication that cyber issues are important to Vietnam, Microsoft Vietnam and the Vietnam Information Security Association (VNISA) recently signed a Memorandum of Understanding (MoU), aimed at strengthening information security and privacy in Vietnam while addressing increasing security risks in the country.

China, Japan, and Republic of Korea hold cyber security meeting in Beijing

Senior diplomats from China, Japan, and the Republic of Korea met in October, 2014, in Beijing for a cyber-security meeting with the intention of enhancing trust and cooperation. This was the first meeting since the three states established a cyber-security consultation mechanism earlier this year. Each of the participants introduced their own cyber works (i.e. policies, institutions, etc.) and discussed cyberspace norms and procedures for combating cyber-crime and terrorism, as well as Internet emergency response cooperation. Among the issues discussed was the idea of collaboration with other Association of Southeast Asian Nations (ASEAN) regional forum members and BRICS – Brazil, Russia, India, China, and South Africa.


UK signs agreement with Qatar to fight Jihad and cyber threats

The United Kingdom and Qatar recently signed an agreement on Jihad and cyber warfare issues. Emir of Qatar, Sheikh Tamim bin Hamad al-Thani, and the UK Prime Minister, David Cameron, met in London a few days ago to sign the security pact. Both countries agreed to share classified intelligence in order to track and counter jihadists and cyber warfare operations. This agreement includes close cooperation with the UK GCHQ cyber intelligence agency on cyber threats and fighting terrorism. On the top, the UK will sell Qatar cyber security products and services in order to strengthen their security measures. This cooperation arrives at a crucial period for the Middle East as the Islamic State attempts to annihilate the entire Middle East region through terrorist acts. In terms of security and cyber, Qatar could not find a better partner than Great Britain. A month ago in Kuwait, the United States also affirmed its desire to cooperate with Europe and Arabs countries in order to fight the Islamic State, which is currently the most significant terrorist threat to Middle East and West.

Germany developing cyber intelligence capabilities

Germany is currently developing cyber intelligence capabilities in order to prevent future cyber-attacks. According to Germans, this new development is an “early warning” system which is capable of detecting imminent foreign cyber-attacks. Germany decided to develop such system due to several cyber threats coming from different foreign countries including China, Russia, and Islamic hacking groups. The system will mainly monitor foreign social media. According to the Sueddeutsche Zeitung, the Germany Federal Intelligence Service will invest €28 million into its Strategic Technical Initiative of 2015. Germany began to realize the importance of cyber intelligence as open source intelligence is a powerful strategy, especially to monitor social media and websites, which can help gather valuable intelligence in order to prevent cyber-attacks. Hacktivists often publish on the Internet their cyber-attack campaigns targeting governments and corporations, which makes these social networks a great platform for open source intelligence. Germany is not the only country to adopt this strategy; the US and UK are using such systems to monitor cyber events and prevent future cyber-attacks against their governments.

Was Warsaw Stock Exchange breached by ISIS criminals?

The Poland premier of the Warsaw Stock Exchange (WSE) stated that their website was breached. The website was unavailable for over two hours to investors and brokers, and the WSE confirmed the hack in an email to all members. The hackers attacked the system and stole approximately 30 MB of investor’s details as well as the IP addresses of servers and network infrastructure maps. Through the hackers, leaked data was posted with English-language comments referring to “Allah” and mentioned revenge for attacks on their country. The president of WSE, Donald Tusk, stated: “The Polish government must be strong and effective against cyber-attacks.” As a consequence of the cyber-attack, there have been over 30,000 login and password credentials stolen from Warsaw investors and brokers. Furthermore, the breach was apparently in retaliation for the air strikes campaign against the Islamic State, as hackers responsible for the cyber-attack conveyed sympathy with ISIS. Poland recently announced they will provide political support to the United States on attacks against ISIS insurgents in Iraq and Syria.

inss150About the Cyber Intelligence Report:

This document was prepared by The Institute for National Security Studies (INSS) – Israel and The Cyber Security Forum Initiative (CSFI) – USA to create better cyber situational awareness (Cyber SA) of the nature and scope of threats and hazards to national security worldwide in the domains of cyberspace and open source intelligence. It is provided to Federal, State, Local, Tribal, Territorial and private sector officials to aid in the identification and development of appropriate actions, priorities, and follow-on measures. This product may contain U.S. person information that has been deemed necessary for the intended recipient to understand, assess, or act on the information provided. It should be handled in accordance with the recipient’s intelligence oversight and/or information handling procedures. Some content may be copyrighted. These materials, including copyrighted materials, are intended for “fair use” as permitted under Title 17, Section 107 of the United States Code (“The Copyright Law”). Use of copyrighted material for unauthorized purposes requires permission from the copyright owner. Any feedback regarding this report or requests for changes to the distribution list should be directed to the Open Source Enterprise via unclassified e-mail at: [email protected]. CSFI and the INSS would like to thank the Cyber Intelligence Analysts who worked on collecting and summarizing this report.