Cyber Intelligence Report – January 15, 2015

Executive Cyber Intelligence Bi-Weekly Report by INSS-CSFI - January 15, 2015

22066

cyber_report

ISRAEL

New agreement signed between Israel and Japan regarding cyber

The cooperation between Israel and Japan was recently announced. The purpose of this agreement is to strengthen and tighten relations between Israel and Japan, even attempting to reach levels of relations similar to other East Asian countries including South Korea and India. The base of the cooperation will incorporate Israel’s defense and hi-tech industry by focusing on cyberspace and cyber security.


USA

North Korea sanctioned by US for cyber attacks

Earlier this month, US President Barak Obama sanctioned several North Korean companies and personnel including government companies KOMID and “Korea Tangun” due to recent cyber-attacks on Sony. President Obama accused the North Korean regime as the operator behind the harsh cyber-attack. The companies are the main suppliers for the North Korean army and war industry, specializing in ballistic missiles and R&D. Additionally, the FBI revealed tracks of North Korean intervention during the cyber-attack as the hackers “Guardians of Peace” attacked via servers available only in North Korea.

More than 13,000 user passwords of Amazon, Walmart, and Brazzers were hacked

A group of hackers associated with “Anonymous” claimed to have hacked more than 13,000 password combinations for popular sites, including Amazon, Walmart, Xbox Live, and PlayStation networks. Several EA game accounts were suspected to have been hacked after users found purchases they did not recall making. Experts believe the EA attack was conducted by stolen credentials from other sites. The information stolen from the Amazon and Walmart attack was potentially the base for the EA attack and possibly more in the near future. This attack is notable after the well-publicized “Lizard Squad” attack on Sony and Microsoft game servers, estimating to affect more than 150 million users worldwide. In response to the attacks against Microsoft and Sony game serves, Ryan Kivimaki, 17 years old, was arrested recently by the FBI. Additionally, Vinnie Omari, another member of “Lizard Squad,” was arrested by the British police for PayPal cyber frauds during 2013-2014.


RUSSIA

German government website under cyber-attacks by pro-Russian group

Several German government websites, including Chancellor Angela Merkel’s official page, have been crippled in an unprecedented cyber-attack claimed by a pro-Russian group referred to as “CyberBerkut.” The attack was carried out in response to Prime Minister Merkel and Ukraine Prime Minister Arseniy Yatsenyuk meeting with the pro-Russian group demanding Germany sever ties with Ukraine. The cyber group demanded that Germany should not provide any political or financial support to the “criminal regime in Kiev, which is engaged in a bloody civil war” in Eastern Ukraine. “CyberBerkut” is infamous among the cyber community as taking an active position through committing major cyber-attacks to various Ukrainian government institutes and offices, such as blocking access to the websites of the Federal Press Office, the Chancellery, the Bundestag, and the Foreign Ministry for several hours by denial of service (DoS) attacks.


MIDDLE-EAST

Islamic State hackers might be behind series of attacks on news organizations

The US Central Command announced hours after the IS (the “Islamic State”) cyber-attack that no harm occurred in affiliation, mentioning that no military network or classified information was revealed. The US Central Command was not the only recent cyber-attack from IS-affiliated organizations. The Twitter accounts for the Albuquerque Journal and Maryland’s WBOC 16 were also recently hacked, with the Cyber Caliphate hacking group claiming responsibility as well as attempts to access FBI databases. Cyber Caliphate claims to be associated with IS and intends to carry out a series of cyber-attacks on homes and offices across the United States. In a message posted onto their Facebook page (which was removed afterwards) they stated: “You’ll see no mercy infidels. We are already here; we are in your PCs, in each house, in each office. With Allah’s permission, we began with New Mexico and will come to every state, inshallah. We will not stop… We know all your personal data: where you live, what you eat, your diseases, and even your health insurance cards.” The hack enabled them to post several confidential documents including driver’s licenses, corrections records, and spreadsheets listing hundreds of names and addresses. The FBI has been investigating Cyber Caliphate’s claim in connection to IS.


CHINA and APAC

Japan increases national cyber security by establishing new cyber center

Japan has finally launched its National Center of Incident Readiness and Strategy for Cybersecurity (NCIRSC) in efforts to coordinate security against cyber-attacks. It will serve as the secretariat for the government’s cybersecurity strategy headquarters and take on more supervisory and management responsibilities than when it operated under the National Information Security Center. The mission of NCIRSC is to organize measures against cyber-attacks in cooperation with the National Security Council, to coordinate international cooperation, and train specialized personnel. NCIRSC will be headed by Assistant Chief Cabinet Secretary Nobushige Takamizawa and will have approximately 100 employees arriving either from other agencies or be newly recruited from the private sector. “We are confronting an extremely crucial issue,” said Chief Cabinet Secretary Yoshihide Suga, addressing the new organization at the ceremony. “With the Olympics set to be held here, you have a tremendous role to play.”


AFRICA

New Kenyan security law to allow electronic evidence

The new controversial Security Law (Amendment) 2014 Act, signed by the Kenyan president last year, allows for electronic and digital evidence to be admissible in court proceedings. The amendment act seeks to add or alter previous laws to enable the country to combat the growing terrorism threat. Section 31 of the amendment act outlines rules and guidelines on how electronic evidence will be presented to the court. The section reads: “In any legal proceedings, electronic messages and digital material shall be admissible as evidence.” The law requires that the evidence be presented to it in its original form and puts weight on how it has been handled.


EUROPE

UK suffering from several cyber-attacks against power grid

It has recently been established that cyber-attacks against the UK power grid have increased and are a major threat, according to British Parliament member James Arbuthnot. He added: “Our National Grid is coming under cyber-attack not just day-by-day but minute-by-minute.” These cyber-attacks have been reported by the UK Computer Emergency Response statistics. The increase of cyber-attacks targeting critical infrastructure emerged after the massive cyber-attack against the Iranian nuclear power center in 2010, as hackers began comprehending they could potentially damage critical infrastructure by developing malware and other cyber weapons (as seen with the recent attack against the German steel factory last month). The UK Cabinet Office declared in December 2014 that they would increase the cyber security program budget to 860 million pounds from an original 650 million pounds that was established over for a four year period in 2011. The UK has probably the largest budget for a national cyber security plan in Europe. This massive investment in cyber security is not only aimed to help the United Kingdom in protecting themselves from cyber-attacks targeting all industries, but also to anticipate potential cyber warfare.

France targeted by hacktivists under OpFrance cyber-attack campaign

Muslim Hacktivist groups such as the Tunisian Hacker Team, Middle East Cyber Army, and the pro-Palestinian group AnonGhost have launched a series of cyber-attacks against several French websites in response to the recent terror attacks in Paris. The targeted attacks included the website of French politician Patrick Devedjian and the website of the Embassy of the Republic of Tajikistan in France. The hackers left a message stating in French: “Je ne Suis pas Charlie et je suis Mussulmen” (I am not Charlie and I am Muslim). This is in reference to the slogan adopted by thousands of supporters on the web supporting the newspaper Charlie Hebdo. These cyber-attacks are the beginning of a cyber-campaign named OpFrance that is expected to reach its peak mid-January. Some groups have even gone so far as to release a list of targets including French Banks and government websites. To perform these cyber-attacks, Islamist hacktivist groups are either using open source hacking and vulnerability scan tools or developing their own.


inss150About the Cyber Intelligence Report:

This document was prepared by The Institute for National Security Studies (INSS) – Israel and The Cyber Security Forum Initiative (CSFI) – USA to create better cyber situational awareness (Cyber SA) of the nature and scope of threats and hazards to national security worldwide in the domains of cyberspace and open source intelligence. It is provided to Federal, State, Local, Tribal, Territorial and private sector officials to aid in the identification and development of appropriate actions, priorities, and follow-on measures. This product may contain U.S. person information that has been deemed necessary for the intended recipient to understand, assess, or act on the information provided. It should be handled in accordance with the recipient’s intelligence oversight and/or information handling procedures. Some content may be copyrighted. These materials, including copyrighted materials, are intended for “fair use” as permitted under Title 17, Section 107 of the United States Code (“The Copyright Law”). Use of copyrighted material for unauthorized purposes requires permission from the copyright owner. Any feedback regarding this report or requests for changes to the distribution list should be directed to the Open Source Enterprise via unclassified e-mail at: [email protected]. CSFI and the INSS would like to thank the Cyber Intelligence Analysts who worked on collecting and summarizing this report.