Cyber Intelligence Report – July 1, 2015

Executive Cyber Intelligence Bi-Weekly Report by INSS-CSFI - July 1, 2015




IDF to establish new cyber command

IDF Chief of Staff Gadi Eisenkot concluded on Monday that, in light of the challenges the IDF faces in the cyber sphere, a cyber command should be established in order for it to oversee all operational activity in the cyber dimension. According to the IDF Spokesperson’s Unit, the new command will be established over a time period of two years. A multi-branch team will be responsible for presenting the Chief of Staff with a development plan. The new command is of utmost importance in the mission to adapt the IDF to the dynamic changes and challenges of modern warfare. “The IDF is required to excel in every aspect of war, including the cyber dimension, which is becoming more significant every day. This new command will empower the IDF to perform better in these fronts and will utilize the technological and human advantage that already exists in Israel,” said Eisenkot. The decision will be submitted to the authorization of Defense Minister Moshe Ya’alon, the IDF said.

Israeli regulator directs banks to focus on cyber security management

The purpose of the directive (Directive 361, issued in March, 2015) is to support banks in efforts to manage cyber-related risks and help banking corporations manage such risks, said the supervisor of banks at the Bank of Israel.

Europe’s largest cyber-tech firm to set up innovation center in Israel

The German Fraunhofer SIT industrial technology institute announced that it would be setting up an international cyber research center in Israel in cooperation with the Technion Israel Institute of Technology. The center, which will focus on the development of software, systems, products, and services for use in the civilian sector, is expected to be set up by the end of the year. The research will be carried out both in Israel and Germany and will involve the exchange of staff between the two countries. The center will also cooperate with high-tech companies in Israel, including SAP Labs. “The Institute will join forces with Israel, which is widely regarded as the nation with the biggest experience and a very well trained workforce in this area, as well as one of the highest innovation capacities worldwide,” the company said.

USA & Canada

US admonish China for online attack

In a bilateral meeting on June 23, senior officials of the Obama administration admonished China for sponsoring online attacks against businesses, but they remained silent, at least publicly,  on the suspected role of Chinese hackers in the recently discovered theft from government computers of personal data on millions of federal employees and contractors. Vice President Joseph R. Biden Jr. has declared that the country was not a “responsible competitor” in cyberspace. Treasury Secretary Jacob J. Lew has shown his concern about government-sponsored cyber theft from companies and commercial sectors. Secretary of State John Kerry suggested the two sides should have “a very frank discussion of cyber security and other ongoing concerns” once they went behind closed doors. US also stressed the importance of keeping the sea lanes of Asia open despite rising tensions. China expressed the hope that the two countries will manage their differences and manage to avoid any confrontation. State Councilor Yang Jiechi has declared that China is prepared to work closer with the US on the issue of cyber-crime and said Beijing supports an “international code of conduct for cyber information sharing.”

Anti-LGBT site hacked and painted with gay flag’s colors

Shortly after the US congress announced the ruling in favor for same sex marriage all over the 50 sates of the US, a group of hackers managed to gain access to the online Gospel news portal site ( and left the gay flag pinned for all to see. The online Gospel news portal is a protestant group with anti-gay prospective and acts. The hackers are a part of a group called “ASOR Hack Team.” The Verdade Gospel group has 264k fans on Facebook and 140k followers on Twitter, most of them being exposed to the colorful hacking job.

Cyber-attack on Canadian government websites

Several Canadian government websites and servers were taken down in a cyber-attack on June 17, 2015. The hacker group Anonymous posted a YouTube video and statement the same day claiming responsibility for the attack. The video said the attack is in response to the government’s anti-terrorism Bill C-51, which was recently passed in Parliament. This law would broaden the mandate of the Canadian Security Intelligence Service (CSIS), giving the agency new powers to disrupt perceived security threats. The legislation, once enacted by the government, would also make it easier for federal agencies to increase surveillance and share information about individuals. Tony Clement, the cabinet minister responsible for the Treasury Board, confirmed on his Twitter account the cyber-attack on the general website for government services (, as well as the site of Canada’s spy agency and the Canadian Security Intelligence Service (CSIS). The government said the attack also affected email, Internet access, and information technology assets. Public Safety Minister Steven Blaney denounced the cyber-attack, telling reporters that there were many other democratic ways for Canadians to express their views. He also said the government was implementing efforts to improve its cyber security.


Russia fosters domestic software for national computer

The Russian state Duma adopted, in the third reading, a bill on preferences for domestic-made software for national computer and IT systems. Beginning January 1, 2016, there will be a requirement to justify their choice in favor of foreign software; if there will be a specially crafted Russian domestic-made software counterparts. However, this limitation will only affect state bodies, said the “Vedomosti” news publication.


Iran and Saudi Arabia heading toward cyber war?

Iran and Saudi Arabia, regional rivals in the Middle East, may be engaged in cyber warfare, according to a new report by threat intelligence firm Recorded Future. As the two powers vie for influence over the civil wars in Yemen and Syria and regional dominance, Tehran and Riyadh have begun using cyber-attacks to release critical intelligence.

WikiLeaks released on June 19 over half a million cables from the Saudi Foreign Ministry, including several “Top Secret” reports from the country’s General Intelligence Services after a hack by a group calling itself the Yemeni Cyber Army. The Washington Post reported the theft of the Saudi Cables bore indications of Iranian hackers.


New China law to boost cyber security

China has passed sweeping new legislation reinforcing government controls over cyberspace in the wake of what it called growing threats to Chinese networks. The vaguely worded National Security Law adopted calls for strengthened management over the web and tougher measures against online attacks, theft of secrets, and the spread of illegal or harmful information. It said core information technology, critical infrastructure and important systems and data must be “secure and controllable” in order protect China’s sovereignty over its cyberspace.

China says it is a major target of hacking and other cyber-attacks, while the ruling Communist Party has expended vast efforts in blocking content available in China that is deemed subversive or illegal.

Singapore Defence Minister: Non-combat troops can help in cyber defence

Soldiers who may not be fit enough to take on combat roles can instead help the Singapore Armed Forces in its fight against online threats. Calling this group of soldiers a “resource pool that we can draw from,” Defence Minister Ng Eng Hen said they can work alongside their combat-fit counterparts to monitor cyber threats and beef up the Singapore Armed Forces’ networks against virtual attacks.


UK Ministry of Defense counter thousands of daily cyber-attacks

The UK’s Ministry of Defense hase recently declared that UK is being targeted by thousands of advanced daily cyber-attacks and declared military officers responsible for defending the army’s computer networks. According to the Brigadier Alan Hill, head of Operate and Defend at the MoD, the British Army is a large target for state and non-state actors spying operations. Accediting to the British authorities, the United Kingdom’s military computer network, which is the largest in Europe, is targeted by more than 1 million cyber incidents on a daily base. As declared in 2011 while UK invested about 800 million pounds in its cyber defense, cyber threats has become one of the UK’s top defense priorities. In an interview given to the Financial Times, Brig Hill declared, “The MoD’s ‘cutting edge’ lies in using big data analytics to sift through the millions of incidents on its network that sensors pick up. We have to have automated. . . and really slick processes to find the needle in the haystack,” Even if the UK is one of the largest targets in Europe and facing thousands of daily cyber-attacks, it is probably the country which has the best cyber defense system to counter these threats. Most of these cyber-attacks are coming from Russia and China, which seems to be engaged in a cyber cold war against the West and UK. Indeed China and Russia have been engaged in cyber espionage operations against the UK for the past 15 years. One of the first operations involved a data breach of the British government systems in 2003. A fraudulent email from a Tibetan group containing a virus that allowed the hackers the opportunity to gain access to the network was opened in the UK Foreign Office. In the next few years, evidence that Britain was targeted by a cyber-espionage campaign became clearer. This evidence also showed that these cyber campaigns did not just target the government, but also businesses for their economic or industrial secrets.

Europol Cyber Crime Center EC3 is countering the Islamic State propaganda

The Cyber Crime Center of the European law enforcement agency Europol has recently announced the creation of a new unit specialized in propaganda countering. Indeed this new unit will attempt to remove the social network accounts which promote jihadism, extremism, and religious fundamentalism. This new unit will be operational beginning July 1, 2015. According to the head of Europol, Mr. Wainwright, the team will initially be composed of 15 to 20 members, who “will combine what we see on social networks with more traditional intelligence sources.” Europol will recruit these new specialists from EU country members and will probably have a strong background in intelligence and cyber fields. Europol is following the move and taking example on the UK Internet-Savvy Army Unit, which has been created in order to counter these threats at the beginning of 2015. In a period where the Islamic State continues to strengthen its presence and increase its power, this new unit will be a helpful solution in countering online propaganda and thus reducing the number of people being recruited to fight alongside the Islamic State in Syria.

Hackers targeted Polish airline LOT, grounded 1,400 passengers

A cyber-attack against the ground computer systems of the Polish flagship carrier LOT grounded more than 1,400 passengers at Warsaw’s Okecie airport. The Polish national airline, LOT, announced on June 20 that it had cancelled 10 flights due to a cyber-attack against the airline’s ground computer systems at Warsaw’s Okecie airport. The attack occurred at around 4:00 pm local time and was resolved by 9:00 pm.

inss150About the Cyber Intelligence Report:

This document was prepared by The Institute for National Security Studies (INSS) – Israel and The Cyber Security Forum Initiative (CSFI) – USA to create better cyber situational awareness (Cyber SA) of the nature and scope of threats and hazards to national security worldwide in the domains of cyberspace and open source intelligence. It is provided to Federal, State, Local, Tribal, Territorial and private sector officials to aid in the identification and development of appropriate actions, priorities, and follow-on measures. This product may contain U.S. person information that has been deemed necessary for the intended recipient to understand, assess, or act on the information provided. It should be handled in accordance with the recipient’s intelligence oversight and/or information handling procedures. Some content may be copyrighted. These materials, including copyrighted materials, are intended for “fair use” as permitted under Title 17, Section 107 of the United States Code (“The Copyright Law”). Use of copyrighted material for unauthorized purposes requires permission from the copyright owner. Any feedback regarding this report or requests for changes to the distribution list should be directed to the Open Source Enterprise via unclassified e-mail at: [email protected]. CSFI and the INSS would like to thank the Cyber Intelligence Analysts who worked on collecting and summarizing this report.