Cyber Intelligence Report – July 15, 2015

Executive Cyber Intelligence Bi-Weekly Report by INSS-CSFI - July 15, 2015




Israel-US to Cooperate on Cybersecurity

The Deputy Secretary of the US Department of Homeland Security, Alejandro Mayorkas, announced he will work to promote the US-Israeli cybersecurity relationship. At a signing ceremony to be held in Tel Aviv, Mayorkas will sign a new agreement to expand cooperation, research, and development between the two countries in the area of cybersecurity. In addition, law enforcement cooperation and aviation security measures will also be discussed between the parties.

Israel Police, Defense Ministry mulled buying spyware, Hacking Team leak reveals

Officials in the Israel Police, Defense Ministry, and Israeli defense electronics firm Elta were looking into purchasing spyware from the Italian firm Hacking Team, documents revealed Wednesday after Hacking Team itself was hacked. It is not clear whether the programs were purchased or used.

Cyber security company SafeBreach raises $4m

Israel cyber security company SafeBreach has raised $4 million from Sequoia Capital and serial entrepreneur and angel Shlomo Kramer. Following the investment, Sequoia partner Gili Raanan will join SafeBreach’s board of directors. The investment is the first for SafeBreach, which plans to use the money from the financing round to expand its development in Israel and its North American business.

USA & Canada

FBI disapproves encryption of commercial products

James Comey, the director of the Federal Bureau of Investigation (FBI), recently expressed his disapproval in Silicon Valley’s hesitance to comply with the government in regards to encryption on products. A number of these leading firms have opted to encrypt their products in the interest of their clients’ privacy. With privacy being one of the outstanding social issues within the US, Comey defended the government’s shadowing by example of the Islamic State’s use of recruitment through social media, new platform, and encryption through smartphones. While traditional cell phone companies do not provide encryption for their products, iPhones and Androids have automatic data encryption tools. The government is seeking a “back-door” into these encrypted products. Comey suggested that if action is not taken by these companies, the US Congress will take action. The FBI is not the only government agency searching to secure the cyber world.

US Senate bill would make social media report ‘terrorist activity’

Twitter, Facebook, YouTube, and other social media operators would have to notify federal authorities of online “terrorist activity,” according to the text of a bill approved by the Senate Intelligence Committee and seen by Reuters on July 8th. The types of communication include postings related to “explosives, destructive devices, and weapons of mass destruction,” according to the text.  The main purpose is to give social media companies additional legal protection if they reported to the government on traffic circulated by their users (to prevent the use of their systems by violent militants), rather than coerce them to spy on users. It is unclear when the Senate might vote on the bill and whether the House of Representatives would pursue similar legislation, which would be necessary for the proposed requirement to become law. “We share the government’s goal of keeping terrorist content off our site,” Facebook’s Head of Policy Management Monika Bickert said in a statement. A representative of Twitter saidt her company had not taken a position on the legislation. Google did not immediately respond to requests for comment.


New hacking spyware systems for Russian intelligence agencies

Russian government intelligence agencies acquire hacking spyware systems in open markets. As it became known to Forbes magazine, among the buyers of spyware “Remote Control System,” developed by “Hacking Team” appeared Russian Government Agencies. Recently, unidentified hackers broke into the company’s customer database, and among its customers were Russian Security Services. As it became known, the Russian Security Services, in order to hide their identity, were acquiring the software products through surrogates. In this case, the Services used company named “Quantum,” which is owned by Russian defense giant “Rostec.”


UAE and US launch center for anti-IS online propaganda in Abu Dhabi

On July 8th, the US and Emirati governments launched a new Mideast digital communications center focused on using social media to counter the Islamic State group’s messaging online for recruiting and drawing support from plugged-in young Muslims. The new Sawab Center is based in Abu Dhabi, the capital of the United Arab Emirates, a key American ally and a member of the US-led coalition against the IS group. The center’s aim is to support coalition efforts, challenge IS propaganda, and amplify moderate and tolerant voices from across the region. It could also serve as a template for similar centers elsewhere. The center released YouTube videos and Twitter messages in Arabic and English announcing its launch. The United States has also been expanding an existing US State Department division set up in 2011 known as the Center for Strategic Counterterrorism Communications. Its responsibilities include countering jihadist messages online and coordinating American counterterrorism messaging efforts.


Draft of Chinese cybersecurity law

On July 6th, China’s Parliament published a draft cybersecurity law that consolidates Beijing’s control over data, with potentially significant consequences for Internet service providers and multinational firms doing business in the country. This law strengthens user privacy protection from hackers and data resellers but simultaneously elevates the government’s power to access, obtain records, and block dissemination of private information deemed illegal under Chinese law. Internet service providers and companies must store data collected within China on Chinese territory, and this could make it hard for foreign hardware vendors to do business; data stored overseas for business purposes must be government-approved. Network equipment must also be approved under testing standards issued by China’s cabinet. The government also reiterated its longstanding objective of requiring Internet users to log in with their real names to services like messaging apps – though such drives have failed in the past. Parliament will take feedback on the proposed legislation until August 5th.

Australia’s first Cyber Security Summit with business leaders

The Prime Minister chaired Australia’s first Cyber Security Summit with CEOs and Chairmen on July 8, 2015, in Sydney, hosted by the Business Council of Australia. The Prime Minister, business leaders, and members of the Review’s Expert Panel discussed cyber threats affecting Australia and what can be done about them. A focus was on the importance of leadership – cyber security is an issue for executives and boards, not just an IT issue for technical experts. The Summit also discussed some of the ideas for practical improvement to Australia’s cyber security. This included the government and businesses working together to improve cyber threat sharing, address Australia’s cyber security skills shortages, and increase opportunities for Australia’s businesses online, including growing Australia’s cyber security industry. The Government’s Cyber Security Strategy will be released in the coming months and is an important step toward building a secure online economy for all Australians.


German-owned Patriot missiles stationed in Turkey briefly taken over by hackers

The attack took place on anti-aircraft ‘Patriot’ missiles on the Syrian border. The American-made weapons had been stationed there by the Bundeswehr (German army) to protect NATO ally Turkey. According to the civil service magazine, the missile system carried out “unexplained” orders. It was not immediately clear when these orders were carried out and what they were. The magazine speculates about two weak spots in the missile system, which could be exploited by hackers. One such weakness is the Sensor-Shooter-Interoperability (SSI), which exchanges real time information between the missile launcher and its control system. The second exposed point is a computer chip that controls the guidance of the weapon. Attackers might have gained access in two different ways, one that takes over the operating of the missile system and one that steals data from it.

UK intelligence agencies used hacking to counter Northern Ireland terrorism

The British government has recently admitted that the intelligence agencies including MI5 and MI6 have used hacking techniques in order to investigate computer systems and phones of dissident republicanism regarding the 20 terrorist attacks in 2014. Furthermore in a report published by the Independent Reviewer of Terrorism Legislation, it has been explained that the Darknet is a great network for dissidents, including the Irish and Chinese. The report also claims that several authorities are intercepting citizens’ communications and data by using legal ways not related to the Regulation of Investigatory Powers Act 2000, which was supposed to regulate these kinds of operations. Out of the 20 terrorist attacks attempts in 2014, only a few were successful. However, the Director General of MI5 Andrew Parker has said that “for every one of those attacks, we and our colleagues in the police have stopped three or four others coming to fruition.” Like the United States, the UK is using cyber methodologies in order to counter threats and found ways of bypassing the surveillance act regulation. Similar to the United States, the UK is allowed to perform surveillance on UK citizen but only in specific circumstances.

Germany launches new National Cyber Security Policy

In order to increase the level of its cyber security, Germany has recently decided to pass a new legislation regarding the level of information security in the country. This new law, which will be fully approved by the German Parliament on July 16th, will request the 2000 service providers in the country to implement a minimum information security policy or get a $111,000 fine if they do not do it within two years. Furthermore, the Bundesrat will obligate companies and federal agencies to certify a certain level of cyber-security standards and obtain Federal Office of Information Security clearance. The companies will also have to report any suspected cyber-attacks on their systems. This legislation is a decision taken by the German government in order to counter cyber threats. Indeed after having been victim of several cyber-attacks against its critical infrastructures, including Parliament, industrial, and financial systems, Germany needs to increase the level of its cyber security and take such measures to protect its critical infrastructures and ensure better security to the country.

inss150About the Cyber Intelligence Report:

This document was prepared by The Institute for National Security Studies (INSS) – Israel and The Cyber Security Forum Initiative (CSFI) – USA to create better cyber situational awareness (Cyber SA) of the nature and scope of threats and hazards to national security worldwide in the domains of cyberspace and open source intelligence. It is provided to Federal, State, Local, Tribal, Territorial and private sector officials to aid in the identification and development of appropriate actions, priorities, and follow-on measures. This product may contain U.S. person information that has been deemed necessary for the intended recipient to understand, assess, or act on the information provided. It should be handled in accordance with the recipient’s intelligence oversight and/or information handling procedures. Some content may be copyrighted. These materials, including copyrighted materials, are intended for “fair use” as permitted under Title 17, Section 107 of the United States Code (“The Copyright Law”). Use of copyrighted material for unauthorized purposes requires permission from the copyright owner. Any feedback regarding this report or requests for changes to the distribution list should be directed to the Open Source Enterprise via unclassified e-mail at: [email protected]. CSFI and the INSS would like to thank the Cyber Intelligence Analysts who worked on collecting and summarizing this report.