Cyber Intelligence Report – December 15, 2014

Executive Cyber Intelligence Bi-Weekly Report by INSS-CSFI - December 15, 2014




Israel capital booming

In the last year, 100 start-ups were established in Jerusalem alone, compared to that of 40 established in 2013 and 12 in 2012. The Jerusalem Hi-Tech scene is home already to newly established start-ups like Umoove, Orcam, ThetaRay, as well as international companies like IBM, Intel, and Cisco. Over the 100 start-ups established in 2014, 47 raised $172 million dollars.

A new vulnerability to affect Israel financial companies

A vulnerability was discovered a few months ago in the SSL v3 protocol allowing a MITM (Man in the Middle) attack. Currently, a new variation of the SSL vulnerability (dubbed POODLE attack) was discovered in TLS protocol (an encryption protocol like SSL). The attack allows hackers to intercept and crack encrypted information transferred between the end user and the website being accessed. Calcalist, an Israeli financial site, discovered that a large number of Israeli banks, insurance companies, and credit card companies are vulnerable to this kind of attack. While the severity of the attack is grave, security measures required to avoid the vulnerability are relatively easy. Moreover, ability of a hacker to exploit the vulnerability depends on his capability to install the malware on the user’s system. For this reason, safety behaviour and precaution by the user will minimize the abilities of the hacker to compromise his data.


US Senate to hold hearing on increasing cyber-crime against financial sector

According to Matthew Goldstein of the New York Times, the Senate Banking Committee intends to hold a hearing on ways to “protect the financial sector” from cyber-attacks. This development follows the cyber-attack on JPMorgan earlier this year. Official reports claim the same hackers also attempted to access the systems of at least twelve additional financial institutions. The focus will be on the joint international efforts carried out to handle cyber-attacks on banks and other financial institutions. The most serious cyber-attacks in the financial sector have occurred in retail organizations through companies like Neiman Marcus, Target, etc. Nevertheless, cyber-attacks on financial institutions are becoming more frequent, as regulators worry about criminals accessing sensitive financial information or looting accounts. This is an important milestone in bringing cyber-crime to the forefront among policy and decision makers in the US and in democratic states.

A new cyber branch established by US Army

A cyber branch is being established in the US Army in efforts to step up modernization and improvements in the field. The cyber program will be the first in its area within the Army. The Head of Cyber branch explained it must prepare for future circumstances. The new cyber branch will operate both as defense mechanisms and as an attacker. The new wing will run regular cyberspace checkpoints and conduct cyber operations against every enemy of the US. The branch was announced late September, and by October 2015, it should begin receiving personnel enlisted specially for the branch. By 2016, it will begin teaching courses and programs.

China capable of launching cyber-attacks against US power grid

Head of Cyber Command and the Director of the National Security Agency (NSA), Admiral Mike Rogers, spoke in front of the US Congress claiming China has the cyber capabilities to launch an attack on the US power grid system and other critical infrastructure. The Chinese government has denied all claims and has accused the US of creating a negative image of China. In order to illustrate that China is not a real cyber threat a Chinese article, “China Threat Theory,” measures US cyber capabilities claiming the US cyber units can hack China’s power-grid and cause critical damage. It should be noted that more than 80% of China’s economy and other critical systems are combined under the same control system, known to be vulnerable to attacks due to its reliability on foreign components, low security awareness, and constant connection to the Internet. With no talks between the two superpowers, the US needs to establish the difference between “low priority attack” and an act of war.


Kaspersky Lab blocked more than 1 million cyber-attacks between 2013 and 2014

According to the information posted on the web portal of the Russian cyber-security company “Kaspersky Lab,” from October 2013 to November 2014 the company was able to block 1,363,549 unique attacks on devices running Android. Compared to the same period of 2012-2013, the number of attacks on Android-powered devices had quadrupled. Every fifth user of Android has faced mobile threats at least once. In 53% of cases, the use of mobile Trojans was aimed at stealing users’ money.


Iran officially a real player in global cyber war

In a new report entitled “Operation Cleaver,” released by US cyber security firm Cylance, it is noted that Iran has been steadily developing its cyber warfare capabilities for a number of years and now poses a significant threat to government agencies and critical infrastructure companies around the world. “We believe that if the operation is left to continue unabated, it is only a matter of time before the team impacts the world’s physical safety,” Cylance published in an 87-page report on the hacking campaign. According to the report, “Operation Cleaver” hackers launched a massive attack on 50 organizations at 16 countries including the targeting of military, oil and gas, energy and utilities, transportation, airlines, airports, hospitals, and aerospace industries. Damage reports found that the attackers managed to gain information allowing them to access ICS and SCADA. With this information, the attackers succeeded hacking into airport security systems, gaining complete access to gates and security control systems, etc. The attacks have taken place in over 50 entities in 16 countries, with only 10 of the targeted companies located in the US. In light of how ambitious Iran’s hacking campaigns have become, the report makes a bold claim that Iran is the new China.Iran, for its part, has denied the allegations stating: “This is a baseless and unfounded allegation fabricated to tarnish the Iranian government image, particularly aimed at hampering current nuclear talks,” Hamid Babaei, an Iranian spokesperson, told Reuters. Iran is said to have heavily invested in its cyber capabilities since 2010, when the Stuxnet virus hit its nuclear program, as Iran has dedicated many sources into its defensive and offensive cyber program.

The man behind ISIS’s “Twitter Jihadi” facing life imprisonment

Mehdi Masroor Biswasaka aka @ShamiWitness, one of the most influential Twitter handles for the ISIS terror group, was recently arrested and could potentially face life imprisonment under India’s cyber terrorism law, under Section 66F of Information Technology Act, 2000. These charges deal with crimes where a person knowingly accesses a computer resource that “may be used to cause or likely to cause injury to the interests of the sovereignty and integrity of India, the security of the State, friendly relations with foreign States, public order, decency or morality, or in relation to contempt of court, defamation or incitement to an offence, or to the advantage of any foreign nation, group of individuals or otherwise.” The police investigation shows that a review of the tweets posted by Biswasaka clearly depicts his close ties and links with many ISIS fighters on the frontline.


Australian government begins review of cyber security strategy

At the much-anticipated opening of the Australian Cyber Security Centre (ACSC), Australian Prime Minister Tony Abbott announced a review into Australian cybersecurity. The review is intended to assess Australia’s current cybersecurity arrangements relating to the security of government information and communications in addition to the security of businesses and individuals. Abbott put network security on par with physical security, explaining it is a guarantor of economic security. Abbot stated the importance of staying ahead, as the last existing review occurred in 2008. A panel of experts and Department of the Prime Minister and Cabinet will conduct the review. The panel will include CEO of the Business Council of Australia, Jennifer Westcott; Cisco chief security and trust officer, John Stewart; Telstra CISO, Mike Burgess; and Tobias Feakin, director of the International Cyber Policy Centre at the Australian Strategic Policy Institute. The six-month review will look at how both the public and private sectors can collaborate and cooperate to enhance national security and the security of online systems. Abbott stated that the Australian Signals Directorate (an Intelligence Agency) in just the last year 940 cyber incidents involving government agencies occurred, which is a 37% increase from the previous year.


Kenya breaks ‘Chinese-run cybercrime network’

Kenyan police say they have cracked a cybercrime centre run by 77 Chinese nationals from upmarket homes in the capital, Nairobi. Police believe they were involved in hacking and money laundering. China has promised to help with investigations.

Nigeria: Cisco warns banks, others of increased cyber attacks

The increasing threats of cybercrime menace may impact more on the activities of banks and other financial institutions, oil and gas, and other sectors of the economy, unless urgent measures are implemented. Speaking at the presentation of the 2014 Cisco Mobility Report in Lagos, Cisco’s Country Manager for Nigeria, Liberia, Sierra Leone, and Ghana, Dare Ogunlade, noted that cyber insecurity was posing great danger to individuals, businesses, and governments across the globe, growing at an average 14 per cent on a yearly basis.


Raytheon opening new cyber research center in UK

The American defense company, Raytheon, is about to inaugurate its new cyber research center in the UK. The new “Cyber Innovation Centre” will be based in the South-West of England and will include about 100 cyber security specialists. These specialists will work in cooperation with the government and corporations. This new cyber research center will focus on the development and test new solutions to counter emerging cyber threats. Moreover, Raytheon explained that their new center is expecting to gain benefits from the UK by helping the country in developing a cyber-workforce with high skills, which will be beneficial to the UK as they are currently facing large-scale cyber-attacks, especially against their financial institutions. With Raytheon in the UK and Israel Aerospace Industry in Singapore, many companies have opened cyberresearch centers globally in order to increase international cooperation against cybersecurity threats.

China would have signal intelligence center in France

China intends to have a signal intelligence center in France, as the Chinese Embassy in Paris appears to be involved in signal intelligence activities. According to some sources, the Embassy installed three satellite antennas of 6 meters each on the roof of Embassy’s building located in a Paris suburb. According to a French specialist in communication interception, two of the satellites are supposed to intercept the electronic communications between Europe, Africa, and the Middle East, the latter of which will forward communications directly to China. These arenas have drawn the attention of the French security agencies. According to Ms. Li, who is the press secretary of the Chinese Embassy in Paris, stated these buildings are used for “logistics service, and the antennas for communication.” China is using signal intelligence and sophisticated systems to listen to encrypted communications. The people behind these spying operations are from either the Chinese PLA army or the Ministry of State Security, the Chinese intelligence agency, and may have used the Chinese Embassy to try to operate under a diplomatic cover. Indeed the French Police have no right to penetrate the Chinese Embassy, which gives them a certain freedom toward their activities inside the Embassy. Moreover, they probably chose France because the country is geographically comfortable between Europe and Africa. France needs to strengthen its signal detection systems in order to detect electromagnetic activities performed by foreign countries on its territory.

Cyber space international building: EU and USA promoted cyber security dialog

The European Union welcomed the highest representatives of cyber foreign policy in the EU-US Cyber Dialogue in Brussels with EU representatives, companies, and government promoting cyber security build-up capacity and partnerships across all the EU countries. The conference was supported by the Group of Governmental Experts on Developments in the Field of Information and Telecommunications in the Context of International Security. The main goal of the conference was to improve international dialog in the field of cyber security and ameliorate EU-USA cooperation in the following areas: international security in cyberspace, internet governance, US-EU cyber related work streams, cybercrime, and protection of the human rights and global capacity. Cyber law development was a hot topic, as well as how to respond to conflicts in cyberspace and building efficient measures.

inss150About the Cyber Intelligence Report:

This document was prepared by The Institute for National Security Studies (INSS) – Israel and The Cyber Security Forum Initiative (CSFI) – USA to create better cyber situational awareness (Cyber SA) of the nature and scope of threats and hazards to national security worldwide in the domains of cyberspace and open source intelligence. It is provided to Federal, State, Local, Tribal, Territorial and private sector officials to aid in the identification and development of appropriate actions, priorities, and follow-on measures. This product may contain U.S. person information that has been deemed necessary for the intended recipient to understand, assess, or act on the information provided. It should be handled in accordance with the recipient’s intelligence oversight and/or information handling procedures. Some content may be copyrighted. These materials, including copyrighted materials, are intended for “fair use” as permitted under Title 17, Section 107 of the United States Code (“The Copyright Law”). Use of copyrighted material for unauthorized purposes requires permission from the copyright owner. Any feedback regarding this report or requests for changes to the distribution list should be directed to the Open Source Enterprise via unclassified e-mail at: [email protected]. CSFI and the INSS would like to thank the Cyber Intelligence Analysts who worked on collecting and summarizing this report.