Cyber Intelligence Report – April 15, 2014

Executive Cyber Intelligence Bi-Weekly Report by INSS-CSFI - April 15, 2014




Israel well prepared against cyber-attacks

#OpIsraelBirthday occurred with no real damage, save for a few minor sites whose webpages were defaced, old credit cards number no longer available, and email accounts containing old passwords from last year. At the annual INSS cyber conference, held a day after the Anonymous operation, Maj. Gen. Uzi Moshkovitz addressed the attack: “We were prepared for this attack. We had known of the preparation, and we knew that nothing will come out of it. We don’t need to fear from these kinds of attacks. The problem is the enemy that we don’t know anything about.” While the Anti-Israeli hackers failed, a new Israeli hacker team referred to as the Israel Elite Force managed to pin-point members from the AnonGhost team and the Syrian Electronic Army (SEA) by revealing their identities, photos, I.P. addresses, and cyber actions. As expected, most of the hackers are from Arabic origins, with some of them residing in Portugal, Germany, Finland, and other countries. The few websites #OpIsraelBirthday managed to attack included low profile government sites such as the Israeli Education Ministry, the Postal Service, and the Central Bureau of Statistics. Anonymous issued a warning on YouTube prior to the attack and called their “brothers and sisters to hack, deface, hijack, database leak, admin takeover, and DNS terminate the Israeli cyberspace by any means necessary.” The attack was launched in retaliation for “crimes against humanity” that Israel committed against the Palestinians.

New cyber centers being developed in Israeli universities

While the attack revealed the strength of Israel’s cyber capabilities, it appears Israeli cyber faculty will expand as new academic cyber research projects are being prepped in Tel Aviv University (TAU) and Ben Gurion University (BGU). The TAU cyber initiative will be headed by Professor Yitzhak Ben Yisrael and will focus on cyber defence by combining exact sciences research, such as computer science and computer engineering, with research in the cyber field through social studies, with a budget of 10 million shekel. BGU will develop the national center for defending cyber space with the cooperation of the National Cyber Bureau. The center will advance a long term theoretical research in the cyber domain with the investment of 30 million shekels, which will be run by Professor Yuval Elovich.


U.S. government suggest private companies share cyber-threat information

President Barak Obama recently announced a lack of shared information between private companies, which is a deficiency needing to be addressed promptly. Obama’s administration suggested that through U.S. federal agencies, “companies should share cybersecurity information to protect consumers from hackers without violating antitrust rules.”  Moreover, a statement was made by U.S. General James Cole who declared: “We must encourage companies to rely on each other… to secure the nation’s networks of information and resources, members of the private sector must share information.” According to the U.S. government, resources for sharing information have already been available for around 15 years. However, U.S. lawmakers were unable to clearly agree on the legal limit for the sort of information companies can share in order to protect themselves from hackers and express additional concerns over the privacy rights of customers. It seems there is a divide between the U.S. government and the private sector regarding sharing information because companies could face antitrust exposure by collaborating on cyber threat issues. The difficulty remains how to establish working guidelines accepted by both the public and private sector.


Foreign social networks banned in Russia

A decree banning the activities of foreign social networks in Russia has been proposed in Kremlin. According to Russian officials, the measure will protect Russians from U.S. intelligence agencies that are claimed to steal sensitive information. Referring to the revelations through U.S. whistle-blower Edward Snowden, Russia believes the National Security Agency monitors accounts of Russians citizens stationed in Western social networks.

Middle East

Iranian and Syrian cyber-attack activity on the rise

According to the cyber company Mandiant, 2013 had an unprecedented number of cyber-attacks due to a political conflict spurred by hackers acting against websites not in support of their beliefs. Many of the attacks are linked and identified with Iran and Syria. The energy sector is one of the principal targets of cyber-attacks suspected to be linked to Iranian based hackers. The report did not identify if attacks are limited to DNS or bigger, more damaging attacks. In the case of SEA, there was a clear goal – to gain public awareness, as SEA has mainly focused on wide-reaching, popular websites.

China and APAC

Japan and U.S. hold second cyber security cooperation meeting

Japan and U.S held their second cooperation meeting on cyber security issues in April. This second meeting focused on the issues surrounding bilateral cooperation, including critical infrastructure protection, cybercrime, cyber terrorism, and national security. The U.S. security and technology departments were present at the meeting, led by the U.S. Coordinator for Cyber Issues from the Department of State. From the Japanese side, the delegation was conducted by Japan’s Ambassador in charge of Cyber Policy and the Deputy Director General of the Foreign Policy Bureau. This cooperation is supposed to be beneficial for both countries even though Japan requires a greater extent of assistance in the issue from the U.S. In fact, Japan suffered multiple cyber-attacks, resulting in their networks being hit approximately 3,000 times per year. Japan is one of the most advanced countries in cyber security in the Eastern Asian region alongside China, Singapore, and South Korea.


The British GCHQ to approve U.K. postgraduate degrees in cyber security

The British intelligence agency, GCHQ, which is responsible for national cyber security and communications surveillance, is about to approve U.K. postgraduate degrees in cyber security offered by different U.K. universities. The report is claiming that, due to the large number of cyber security degrees offered by U.K. universities, it is difficult to assess the quality of the degrees on offer.” Moreover the document is claiming in order to become certified with a Master’s degree in cyber security, a candidate must offer a “general, broad foundation in cyber security” and include a detailed knowledge of threats to online activity including “common attacks,” “malicious code,” and “adversarial thinking.” This new certification will be valid for a period of five years and will be renewed. This certification system has existed in the States for a number of years. In fact the NSA/CSS has certified American universities offering these cyber security programs as a pledge of good quality. Cyber security is a fast growing field, and it is difficult for students who are interested in the field to evaluate the level of quality of a university’s curriculum. It is for this reason governments decided to create a certification system to indicate the  quality of education.

inss150About the Cyber Intelligence Report:

This document was prepared by The Institute for National Security Studies (INSS) – Israel and The Cyber Security Forum Initiative (CSFI) – USA to create better cyber situational awareness (Cyber SA) of the nature and scope of threats and hazards to national security worldwide in the domains of cyberspace and open source intelligence. It is provided to Federal, State, Local, Tribal, Territorial and private sector officials to aid in the identification and development of appropriate actions, priorities, and follow-on measures. This product may contain U.S. person information that has been deemed necessary for the intended recipient to understand, assess, or act on the information provided. It should be handled in accordance with the recipient’s intelligence oversight and/or information handling procedures. Some content may be copyrighted. These materials, including copyrighted materials, are intended for “fair use” as permitted under Title 17, Section 107 of the United States Code (“The Copyright Law”). Use of copyrighted material for unauthorized purposes requires permission from the copyright owner. Any feedback regarding this report or requests for changes to the distribution list should be directed to the Open Source Enterprise via unclassified e-mail at: [email protected]. CSFI and the INSS would like to thank the Cyber Intelligence Analysts who worked on collecting and summarizing this report.