Executive Cyber Intelligence Bi-Weekly Report by INSS-CSFI
January 15th, 2014
Israel: Hackers of the Islamic Cyber Resistance Group claim to have breached Israel Airports Authority computer systems
The Islamic Cyber Resistance hacker group claimed to have breached the computer system of the Israel Airports Authority (IAA), which is responsible for the management of the Israel civil airports and border terminals. The cyber-attack is part of a cyber-campaign called Op Israel. The hackers maintain they gained access to the IAA networks and stole sensitive documents, including information on domestic and international flights. The Islamic Cyber Resistance Group said the attack has caused service disruptions and claims to have had access to the Israel Airports Authority’s systems for months already. During this period, they contend to have downloaded a “huge amount” of data and analysed Israel’s aviation systems. They have reached out to the Israel Airports Authority to see if they can comment on the incident; however, IAA has yet to comment.
USA: Obama announces new policies in surveillance in wake of NSA scandal
President Barak Obama is announcing alterations to surveillance programs conducted through the National Security Agency (NSA). The announcement will include protection of surveillance of non-Americans in allied countries and appoints a privacy advocate to argue in front of the Foreign Intelligence Surveillance Count, which approves surveillance. This week the NSA panel summoned by the President will also reveal its findings. No matter what the announcement holds, the results of changes occurring are a direct result of NSA whistleblower Edward Snowden. Snowden justified his actions by claiming Americans and its allies have a right to privacy.
USA: Microsoft hacked by the SEA while making email alterations
On January 11, Microsoft News Twitter feed was hacked for the second time by the Syrian Electric Army (SEA), which displayed messages such as: “Don’t use Microsoft emails (Hotmail, Outlook). They are monitoring your accounts and selling the data to the governments.” SEA is using the aggravation of American residents from the Edward Snowden leaks. Additionally, SEA hacked into video game console Xbox’s Twitter, Xbox Support Twitter, and Xbox’s Instagram social media accounts. Microsoft, which is the owner of Xbox stated: “Microsoft is aware of targeted cyber attacks that temporarily affected the Xbox Support and Microsoft News Twitter accounts. The accounts were quickly reset, and we can confirm that no customers’ information was compromised.”
Yet, since December, Microsoft has been in the process of expanding and strengthening its products, including the email service Outlook.com, the Office 365 apps, the Azure cloud-computing service, and Skydrive online storage. Additionally, an encryption technology called Perfect Forward Secrecy is being constructed to thwart eavesdropping. The company is scrambling in an effort to assure users and foreign governments their data is not free for the National Security Agency’s taking. The announcement follows similar efforts by Google, Twitter, Mozilla, Facebook, and Yahoo. However, Microsoft said it will also go several steps further, by making a contractual promise to business and government customers alerting them if Microsoft receives legal orders related to their data — and fight every gag order in court.
USA: Major retailers in the U.S. hacked during holiday season
Massive cyber-attacks hit major U.S. retail stores of high end Neiman Marcus. Neiman Marcus confirmed a data breach involving credit card theft from customers during the holiday shopping season, where hackers rooted payment information from customers. Neiman Marcus spokesperson, Ginger Reeder, stated the company is unaware of the cause or identification of the data breach, but they informed “federal law enforcement agencies and are working actively with the U.S. Secret Service, the payment brands, our credit card processor, a leading investigations, intelligence and risk management firm, and a leading forensic firm to investigate the situation.”
Similar breaches affected Target on Black Friday, the biggest shopping day in the U.S. Senator Edward J. Markey (D-Mass) responded to the attack stating: “In the wake of the Target breach, customers, lawmakers, and consumer advocates have stepped up calls for Congress to set up guidelines on how merchants should protect consumer data…a need for clear, strong privacy and security standards across all industries.” Target has already responded with CEO Gregg Steinhafel proclaiming to improve Target’s understanding of consumer-based scams, including removing the malware the cyber criminals installed, hiring a team of data security to investigate occurrence, and working with law enforcement. Target is also preparing to announce an education campaign on accelerating the knowledge on technology and cyber security.
Some believe other retail stores have been affected, causing a pattern in attacks heading towards larger widespread attacks. Chris Petersen, CTO of LogRythm remarked that this would entail extremely sophisticated malware software. At this time, these are just rumours circulating, and IntelCrawler contended the attacks on Target and Neiman Marcus were separate. Nevertheless, no national breach disclosure law exists, allowing many companies who may have been attacked to not publicize it.
Russia: Russian online forum being formed to expand new cyber strategy
An online discussion, involving both the Russian government and the public, will be taking place for a month in order to convene on a new cyber security strategy being developed, Senator Ruslan Gattarov, who is head of the program stated. The discussion is meant to incorporate feedback received and then analyse and edit the data into the new cyber strategy being developed by the government. This is one of many instances of Russia expanding and progressing its cyber laws in efforts to improve existing laws around information security. Examples include the announcement in August of producing a separate branch of military forces to focus on combating cyber-attacks, as well as President Vladimir Putin signing a document defining cyber-attacks as a major threat to international security.
Iran: Cyber-attacks on 29 embassies in Iran
Twenty-eight embassies were affected by a cyber-attack email regarding the Syrian conflict. According to a report made by the Japanese firm Trend Micro, a cyber-attack was perpetrated during the month of November 2013. The original report did not specify in which Middle Eastern nation the cyber-attack took place; however, sources with insider knowledge surmised it was Iran. The emails carrying the malware were subjected towards the Syrian conflict. Once received, it tempted email recipients to open the virus-ridden attachments, a technique better known as “spear phishing.” Trend Micro disclosed that the coordination of the cyber-attacks indicate they were not simple hackers, but a well-orchestrated organization of cyber attackers. The cyber-attack used a new, deadly software entitled Zero Day, searching for Windows XP operating systems and 2003 Server, which have few or no cyber security measures installed. Circulated via email, the lethal program makes a backdoor entry and takes control of the server and can also pull data from the system. Last November, Microsoft issued a warning on malware in this particular form. Investigators from Trend Micro noted resources in the malware were made to stop other forms of software from pinpointing it. Many questions are left unanswered, including the identity of the hackers.
China and APAC
China: Cracking down on Cyber Activism
The Chinese government is trying to fight against the growing power of cyber activism. At the end of 2013, China announced its newest objective is to handle new media. Due to its restrictive politics, China knows of the growing cyber activism movements around the country. The Chinese State Internet Information Office called for a crackdown on independent online investigation into personal details of suspected wrongdoers, known in China as the “Search.” Another announcement from the Chinese government is looking for legislation regarding online activities, examples being human flesh searches, which have been linked both cyber activism and cyber vigilantism. Citizens of China are trying to encourage and empower ordinary citizens to hold the government more accountable. In an interview with the sociologist Tricia Wang, she explained: “Flesh searchers feel like they are sharing information in a system that does not have a comprehensive or consistent rule of law.” The searches are a component of the “long revolution,” defined by Chinese scholar Guobin Yang in his 2009 book, The Power of The Internet in China, expressing how Chinese society is gradually becoming more participatory and transparent.
Brazil: Controversial update to Brazilian Internet law
Brazilian President Dilma Rousseff is pushing for an update to the “Civil Internet Framework” legislation through Congress in 2014, which defines the rights of the Internet. However, the bill has hit a stalemate regarding Internet neutrality, the addition being in response to revelations in September that the U.S. had been spying on President Rousseff. Internet neutrality would prohibit service providers from suppressing Internet speed based on content, allowing the Executive Branch to force certain Internet connection and program providers to build or use data centers in Brazil with a number of conditions. Many have regarded this update negatively. However, the Brazilian government points to the revelations of U.S. spying and the necessity of such acts to protect Brazil rights. Yet, those against it worry if Brazil passes such laws, other countries will, too.
UK: Ministry of Defense dedicates millions for ‘digital insurgency’, social networking research
The UK’s Ministry of Defence decided to invest millions into postgraduate studies such as ‘digital insurgency’. Ministry of Defence Science and Technology Laboratory (DTSL) is sponsoring PhD papers on the role of cyberspace social media, too. The impact of social networks such as Twitter and Facebook in period of crisis will also be mapped. Around £10 million will be invested into the program made by the DTSL. Furthermore, PhD projects will be funded nationwide at the universities of Exeter, Southampton, Glasgow, Queen Mary, and University of London in order to verify the influence of the online behaviour on societies. Exeter has been granted £82,630 by the DTSL for its PhD research on ‘Collective Action in the Digital Age: social identities and the influence of online and offline behaviour.’
DSTL is also funding research into what they call “battle-winning technologies” and have financially backed the creation of underwater drones and the development of clothing with fully embedded electronics. On the DSTL website, they remarked: “We also work in niche areas which are sensitive, operationally critical or international in nature and must therefore be done within government… We’re extremely proud of our work which saves lives in the UK, overseas and on the front line. We’re a trading fund of the MOD, accountable to government, to the taxpayer and the UK armed forces we support in the field every day.” The UK Ministry of Defense conveyed the notion that they consider cyber security as an issue of “growing importance,” and socially engineered attacks are a “growing threat” needing to be understood and exploited so they can be defended.
This comes after it was revealed from the UK government that cyber criminals stole more than £1 billion from residents of the UK. The most common scam has been phishing scams allowing criminals access to online banking passwords. Additionally, IO Active exposed how many apps for banking on smartphones are faulty, as a number of tests had a plus 90% statistic, including lack of jailbreak detection, fake login prompts, etc.
UK: Investment into Cyber Streetwise
The UK government is launching a new campaign attempting to change the attitude towards online security for consumers and small businesses, called Cyber Streetwise. Opening a website with suggestions, the £4 million campaign is led by the Home Office, which is funded by the National Cyber Security Program, and delivered in partnership with the private and voluntary sectors. The program has been praised for its accessibility and ease of usage for small businesses.
This document was prepared by The Institute for National Security Studies (INSS) – Israel and The Cyber Security Forum Initiative (CSFI) – USA to create better cyber situational awareness (Cyber SA) of the nature and scope of threats and hazards to national security worldwide in the domains of cyberspace and open source intelligence. It is provided to Federal, State, Local, Tribal, Territorial and private sector officials to aid in the identification and development of appropriate actions, priorities, and follow-on measures. This product may contain U.S. person information that has been deemed necessary for the intended recipient to understand, assess, or act on the information provided. It should be handled in accordance with the recipient’s intelligence oversight and/or information handling procedures. Some content may be copyrighted. These materials, including copyrighted materials, are intended for “fair use” as permitted under Title 17, Section 107 of the United States Code (“The Copyright Law”). Use of copyrighted material for unauthorized purposes requires permission from the copyright owner. Any feedback regarding this report or requests for changes to the distribution list should be directed to the Open Source Enterprise via unclassified e-mail at: [email protected].
CSFI and the INSS would like to thank the Cyber Intelligence Analysts who worked on collecting and summarizing this report.