Executive Cyber Intelligence Bi-Weekly Report by INSS-CSFI
February 1st, 2014
Cyber Park in Beer Sheba expanding
One of the biggest network companies, Cisco, will invest millions of dollars in the Israeli cyber industry through the JVP foundation, The Marker reported. This investment joins the announcement made by Lockheed Martin and EMC on opening a research center/cyber park in Beer Sheba (initial investment being one million dollars). The park will be called Cyber-Spark and will accommodate leading cyber industries, academic research, and the national cyber command. Another addition to the ever growing park will be made by IBM in cooperation with Ben Gurion University, who declared their intention to open a center for global excellence in the field of cyberspace. The rise of the cyber industry in Beer Sheba is meant to create a cyber hub in the middle of the South, as well as mixing economic and security growth by creating 15,000 jobs in a few years.
Israel’s Darknet and TOR dilemma
Last year, Edward Snowden turned over to The Guardian 58,000 classified U.S. government documents, and only a fraction of the files have been made public. To avoid detection, Snowden almost certainly relied on one very specific and powerful tool to cover his tracks – TOR. TOR, an acronym for “the onion router,” is software providing the closest thing to anonymity on the Internet. Engineered by the TOR Project, TOR has been adopted by both agitators for liberty and criminals, and many people who use TOR do so to browse the Darknet liberally. Many countries have faced questions on how to deal with Darknet, and an example occurred with two young men in Israel, standing trial for using Bitcoins to purchase drugs on the Darknet. The young men also used fake credit card numbers, which were bought through the Darknet. This criminal issue related to Darknet is one of several cases the Israel court has had to deal with in the past few months.
Changes in NSA and cyber security matters due to Snowden affair
General Keith Alexander, Director of the NSA, is stepping down and being replaced by U.S. Navy’s Cyber Security Chief, Michael S. Rogers. Since whistle-blower Edward Snowden revealed the intensity of U.S. spying on its citizens and allies, a call has been made for intelligence agencies to be more transparent and for them to uphold the law. The U.S. has faced many embarrassments and the need for explanation since the Edward Snowden affair. Yet because of the Snowden affair, policy decisions in cyber security have reached a stalemate as the U.S. has begun struggling to deal with the daily cyber-attacks from Russia and China. Plans and projects in the NSA have halted even though ideas could be effective, and decision makers in Congress explain: “[Snowden] slowed everything down.” However, opposing and pro-Snowden supporters insist the problem in U.S. and fighting terrorism was never lack of information but U.S. intelligence agencies not sharing data or informing the public. As it currently stands, the FBI, NSA, and DHS are denied to share classified cyberspace information with the civilian population. Since Snowden, the U.S. has faced growing criticism internationally, with foreign leaders disregarding Obama’s warnings regarding cyber affairs. The announcement of Rogers as Director of NSA comes a few days after the cyber hackers group Anonymous hacked and publicized email addresses of U.S. members of the Federal Bureau Investigation.
Microsoft answers to growing criticism
Microsoft has responded to breaches in its security when it announced plans to launch ‘Transparency Centers’ worldwide, enabling government customers to verify their Microsoft products. Microsoft has faced growing pressure and criticism over its involvement with U.S. spying after the revelations of Edward Snowden Prism, a top-secret program giving the NSA direct access to the systems of Google, Microsoft, and Facebook. Microsoft also faced the embarrassment of being hacked by the SEA through phishing attempts on Microsoft email accounts to steal information. Microsoft plans to expand encryption across its services to provide legal protection for customer’s data and government users. Plans to reveal the source code have remained unannounced.
USA: Major retailers in the U.S. hacked during holiday season
Massive cyber-attacks hit major U.S. retail stores of high end Neiman Marcus. Neiman Marcus confirmed a data breach involving credit card theft from customers during the holiday shopping season, where hackers rooted payment information from customers. Neiman Marcus spokesperson, Ginger Reeder, stated the company is unaware of the cause or identification of the data breach, but they informed “federal law enforcement agencies and are working actively with the U.S. Secret Service, the payment brands, our credit card processor, a leading investigations, intelligence and risk management firm, and a leading forensic firm to investigate the situation.” Similar breaches affected Target on Black Friday, the biggest shopping day in the U.S. Senator Edward J. Markey (D-Mass) responded to the attack stating: “In the wake of the Target breach, customers, lawmakers, and consumer advocates have stepped up calls for Congress to set up guidelines on how merchants should protect consumer data…a need for clear, strong privacy and security standards across all industries.” Target has already responded with CEO Gregg Steinhafel proclaiming to improve Target’s understanding of consumer-based scams, including removing the malware the cyber criminals installed, hiring a team of data security to investigate occurrence, and working with law enforcement. Target is also preparing to announce an education campaign on accelerating the knowledge on technology and cyber security. Some believe other retail stores have been affected, causing a pattern in attacks heading towards larger widespread attacks. Chris Petersen, CTO of LogRythm remarked that this would entail extremely sophisticated malware software. At this time, these are just rumours circulating, and IntelCrawler contended the attacks on Target and Neiman Marcus were separate. Nevertheless, no national breach disclosure law exists, allowing many companies who may have been attacked to not publicize it.
Russia to set up a cyber-defense unit
Russian Maj. Gen. Yuri Kuznetsov was quoted by the national news agency RIA Novosti, stating a cyber-defense unit will be ready “to defend the Russian armed forces’ critical infrastructure from computer attacks” by 2017. The mission maintains to better protect the defense sector from cyber-attacks. Cyber-warfare has emerged and has become a national security threat in recent years to Russia. Websites used by Asian governments were targeted by the “Anonymous” cybercrime organization in 2013, and U.S. and Chinese officials have traded accusations about cyber espionage in recent years. RIA Novosti reports the Russian newspaper Vedomosti was knocked offline Thursday by a DDoS cyber-attack (denial-of-service), overwhelming servers with requests. Alexei Moshkov, Russia’s top cybercrime official, claimed cyber-attacks last year on Russian citizens combined cost around $28 million.
Middle East & Iran
Palestinian hackers suspected to be behind breach in Israeli defense ministry computers
Hackers broke into Israeli defense ministry computers by sending phishing e-mails containing an advanced remote access Trojan called Xtreme Rat, Aviv Raff, CTO of Seculert Research Lab, blogged on January 27th. The e-mail appeared as if it was sent by the Israeli Security Agency enabling legitimacy, and the original target was Israeli Customs, according to TrendMicro. One of the 15 breached computers revealed to be Israeli Civil Administration of Judea and Samaria, which monitors entry and work permits into the West Bank from Israel. The Civil Administration made no comment in regards to an attack. Even though the attack was conducted from a server located within the U.S., similarities in code to past cyber-attacks conducted from a Hamas server on the Israeli Police, enhanced rumours the Palestinians were behind the cyber-attack. As of now, it is unclear if the hackers used or gained any information.
Saudi Arabia to launch National e-Security Center to Protect Government against Hackers
Saudi Arabia embarked on producing a national authority for information security called the National e-Security Center. The main goal will be to protect important networks against cyber-attacks. The decision came after numerous attacks were launched by both cybercriminals and hacktivist on the Saudi Arabian government websites. An example was when the Saudi Arabian Interior Ministry was breached with a DDoS attack, disrupting the website for several hours in May. The attack was traced back to various countries.
Iran unveils new cyber security products
Fars news agency reported Iran was unveiling 12 new Iranian technological products within the cyber field at a ceremony held and attended by Iranian Defense Minister Brigadier General Hossein Dehqan and Head of Iran’s Civil Defense Organization Brigadier General Gholam Reza Jalali. Among the products revealed was a cell phone providing secure communications, immune from tapping. Other products unveiled were a home-made, secure operating system, a indigenized navigation system, a telecommunications optical transmission system, Padvish anti-malware, a cyber threats recognition and identification system, a security operations center, a high-speed and high-capacity firewall, and a software firewall.
Iran has launched an indigenous cyber defense network cited as “Shahpad,” according to project manager Mohammad Naderi. The initial idea stemmed from missile defense shields used in different countries to prevent missile attacks. “Shahpad” is the outcome of several years of research. The system protects data, operates as a data manager, and is responsive to the safety needs of all organizations. According to Iranian news agency ISNA, whenever a threat against an organization is detected, the system informs other sensors using smart mechanisms for the exchange of intelligence. The system is capable of informing all sensitive and important agencies such as Security Operations Centers across the country, facilitating a swift reaction.
SEA attacks PayPal UK and eBay UK
The Syrian Electric Army (SEA) used a DDoS cyber-attack on PayPal UK and eBay UK, causing Twitter to shut down the SEA’s official Twitter handle. Both PayPal UK and eBay UK verified the attacks occurred, and they were resolved shortly afterwards; however, they made no mention of the crude defacement SEA had left on their webpages with messages: “Hacked by the Syrian Electronic Army. Long live Syria. F*ck the United States government.” SEA stated the cyber-attack occurred because of PayPal’s denial to allow Syrians to purchase products online and also assured no information had been gathered by the account, unlike previous cyber-attacks were it was documented the SEA had stolen law enforcement data from Microsoft.
China and APAC
Japan sending Self Defense Forces to U.S. for cyber training
The Japanese government will send members of its Self-Defense Forces (SDF) to receive specialized training in cyber defense with U.S. forces in a cooperative program to bolster Japan’s defense against cyber-attacks, sources said. The SDF members will learn from technologies and experiences of the more advanced U.S. forces in countering cyber-attacks. The project aims to improve the SDF’s cyber defense capabilities and to strengthen Japan-U.S. cooperation. Until today, the Japan-U.S. cooperation in the field of cyber-defense was limited to exchanging information; however, this project is expected to strengthen the collaboration between the two countries.
Europol smashed financial cyber-crime gang targeting UK citizens
The European cyber-crime agency EC3 of Europol was thanked after Polish police arrested five Bulgarian citizens accused of electronic payment card fraud targeting mainly UK citizens. The agency declared three hackers from the gang were caught, two of them were carrying out illegal electronic payment card transactions at automated cash machines (ATMs). One of them was receiving compromised card numbers online and encoding counterfeit plastic cards. The other two suspects were arrested in different hotels in Krakow on 22 January. Europol said the financial data involved came mainly from the U.K., but a spokesperson informed to online security magazine SCMagazineUK.com that they could not divulge about the UK card holders involved as “the investigation is still ongoing.” The European cybercrime center was created a year ago, and its role is to help to co-ordinate national police forces targeting cyber criminals all over Europe.
Germany: Increase of Cyber Attacks
A study conducted by the Federal Office for Information Security (BSI) in Germany recorded 2,000 to 3,000 attacks on the German government Internet domains per day. Some cyber-attacks are on such an advanced technical level, the alleged offenders are suspected to be intelligence services. Hundreds of thousands of computers in Germany are infiltrated and potentially could be operated for cyber-attacks through so-called bot networks by remote control, making computers used as tools for crime without the knowledge of the actual owner. Many German companies experience cyber-attacks; however, instead of reporting these offenses, companies conceal them to avoid damage control.
The Federal Criminal Police Office counted almost 64,000 cases of cyber-crime solely in Germany, raising concerns with security experts. According to the EU, more than a million people fall victim to cyber-attacks each day, ranging from hacked bank transfers to digital blackmail to dispersal of child pornography. At this point, the President of BSI Michael Hange expressed the relevance to sensitize and educate the public in IT security. The President of the Federal Academy for Security Politics Hans-Dieter Hermann spoke about a confidence crisis and how European states must realize their standards.
About the Cyber Intelligence Report:
This document was prepared by The Institute for National Security Studies (INSS) – Israel and The Cyber Security Forum Initiative (CSFI) – USA to create better cyber situational awareness (Cyber SA) of the nature and scope of threats and hazards to national security worldwide in the domains of cyberspace and open source intelligence. It is provided to Federal, State, Local, Tribal, Territorial and private sector officials to aid in the identification and development of appropriate actions, priorities, and follow-on measures. This product may contain U.S. person information that has been deemed necessary for the intended recipient to understand, assess, or act on the information provided. It should be handled in accordance with the recipient’s intelligence oversight and/or information handling procedures. Some content may be copyrighted. These materials, including copyrighted materials, are intended for “fair use” as permitted under Title 17, Section 107 of the United States Code (“The Copyright Law”). Use of copyrighted material for unauthorized purposes requires permission from the copyright owner. Any feedback regarding this report or requests for changes to the distribution list should be directed to the Open Source Enterprise via unclassified e-mail at: [email protected]. CSFI and the INSS would like to thank the Cyber Intelligence Analysts who worked on collecting and summarizing this report.