This post is also available in: עברית (Hebrew)
Israeli Channel 2 TV News reported last Sunday Israel’s counter-cyber terrorism unit managed to thwart a concerted cyber-attack and an attempt at industrial espionage from China. According to the report, several weeks ago, 140 of Israel’s leading defence industries received an email from a well-known German company containing a Trojan Horse virus seeking to extract confidential information from there computers. Cyber defence systems identified the threat and shut it down.
The National Institute for Standards and Technology (NIST) proposed to draft cyber-security standards for private companies and infrastructure networks, which would define how they could protect themselves against cyber-attacks. These standards are part of an executive order President Obama proposed in February 2013. The goal is to create guidelines that private companies can use for protecting their infrastructures against cyber threats. It appears the framework was written with the cooperation of 3,000 companies and academic experts. The draft explains: “The framework provides a common language for expressing, understanding, and managing cyber security risk, both internally and externally.”
The reason the cyber security draft was pressed is due to the fact American critical infrastructures, banks, and private companies have increasingly been subjected to cyber-attacks in recent years. The mission of NIST is to promote U.S. innovation and industrial competitiveness by advancing standards and technology in ways it enhances American economy and security. Moreover, NIST closely works with the Department of Homeland Security to anticipate future threats and provide new solutions to protect American critical infrastructures.
NSA denies site was hacked, blames ‘internal error’
Yahoo! News published on October 26, 2013 that the NSA’s website went down for several hours during the day; however, the US intelligence agency, currently infamous for hacking into worldwide computer networks, blamed the outage on a technical mistake. The website, NSA.gov, went down in the afternoon, setting off speculation on social media website Twitter, the site may have suffered a cyber attack by hackers. An NSA spokesperson denied the claims, saying they were “not true.” The spokesperson further added: “NSA.gov was not accessible for several hours tonight because of an internal error that occurred during a scheduled update. The issue will be resolved this evening…. Claims that the outage was caused by a distributed denial of service attack are not true.” The website was operational again around 10:30 PM (0230 GMT Saturday). The hacker group, Anonymous, joked about the incident in a tweet, without declaring if it had played any role: “Don’t panic about nsa.gov being down. They have a backup copy of the internet.” The NSA has been at the center of a furor over its vast electronic surveillance operations, revealed in a series of leaks from former intelligence contractor Edward Snowden, who has obtained asylum in Russia.
The Russian Federal Security Service (FSS) has taken the initiative to create a separate State Internet Segment, which would provide federal and regional authorities, as well as the Administration of the President, safe access to the Internet and the ability to publish documents. In the draft decree presented by the FSS, it’s recommended to connect the Parliament, the Russian Federal Courts, the Prosecutor’s Office, the Investigation Committee, the Accountability Office, as well as enterprises of the Military Industrial complex and public research organizations together. Access to a global network of those bodies will be secure through encrypted channels, which will be under the service of the FSS.
Russian Government records Internet communications
The Russian ministry of communication, in cooperation with Russian security services, is finalizing a regulation to require Internet service providers to record private Internet communications. However, Internet service providers are claiming constitutional freedoms. According to the newspaper, Kommersant Daily, this new directive has been in development for over six months, and in close cooperation with the FSS. The major goal of this directive is to request Internet service providers to continually record the last 12 hours of incoming network traffic on their servers. This operation will start from July 1, 2014 and will allow secret services to control phone numbers, IP addresses and e-mails of social networks users. Like other countries, Russia has begun to control Internet communications in the goal of detecting eventual threats towards Russia.
In the ITU-IMPACT framework partnership, the second cyber defence exercise for the Arab States took place at the cyber security center in Oman from 22 to 24 October 2013 titled The Regional Forum. The national response teams from twelve countries participated in the event: Saudi Arabia, Bahrain, Egypt, United Arab Emirates, Kuwait, Libya, Mauritania, Morocco, Oman, Qatar, Sudan and Tunisia. The Regional Forum started with a series of presentations on worldwide cyber security with online protection of children, security of mobile telecommunications and computer forensic science methods. Workshops were held under the leadership of various partners such as ABI Research, Bitdefender, Nuix and the Cyber Guardian.
National and international cooperation is playing an important role in the prevention of cyber threats. The ITU and the international partnership against cyber threats, organized two-day exercises to promote communication between computer emergency response teams within the region. The exercise, part of the ALERT (Applied Learning for Emergency Response Teams) program, was focused on incident management and incident response, malware analysis, assessment vulnerability, penetration testing, data mining, visualization, survey of forensic methods, and malware targeting mobile telecommunicationns. Iran, Jordan, Lebanon and Syria were not engaged in this regional event.
Syria: Syrian Electronic Army targeted President Obama’s Twitter and Facebook accounts
The Syrian Electronic Army (SEA) has tracked the online presence of President Barak Obama. The Syrian hackers continue to persecute President Obama’s online statements. Recently, a series of tweets were sent from President Obama’s account and messages posted to the President’s Facebook fan site with URL links to SEA YouTube page. The source of the breach has been tracked to a third-part URL shortener, and not a takeover of the accounts themselves. This allows hackers to redirect any links sent out by members of Organizing for Action to SEA links. Addtionally, it appears the organization was able to have access to a campaign-related Gmail account as it posted a screenshot of the inbox. The control of the Facebook page seem to be back in the hands of Obama’s team as Facebook links are no longer redirecting, but Obama’s official Twitter account has been suspended at this time.
China and APAC
The Chinese are calling on the international community to accelerate the work on cyber security guidelines to ensure security after the United States was accused of spying on the phone records of its allies. The Foreign Ministry spokeswoman, Hua Chunying, declared: “We have noticed relevant reports and the remarks by some nations’ leaders. It is the latest testimony that cyber security is a common focus of all countries.” The international community must speed up the proposition of guidelines for a code of conduct in cyberspace within the United Nation to ensure a secure cyberspace. Officially, China is calling for international cyber cooperation and asks the international community to speed up their work on cyber security, but informally China is still continuing its aggressive cyber spying and hacking activities.
Indonesia Passes China to Become Top Source of Cyber-Attack Traffic
The unexpected surge in cyber-attacks coming from Indonesia earlier this year was not a fluke. The country has overtaken China to become the number one source of cyber traffic attacks in the world, according to a report by Akamai Technologies to be published later. Indonesia accounted for 38% of hacking-related traffic on servers Akamai monitored in the second quarter, which is up from 21% at the beginning of the year. China, a notorious haven for hacking, fell to No. 2, with a third of global attack traffic. The U.S. share fell to 6.9%, but the country remained in third place.
Last week, NATO defense ministers and U.S. Defense Secretary Chuck Hagel agreed they must “do more to deal with cyber threats,” as Hagel declared. The alliance prepared to launch a new cyber-defence center this week. Cyber security was one of the main topics defence leaders from the 28-nation NATO discussed during a two-day ministerial in Brussels.
NATO’s Secretary-General Anders Fogh Rasmussen has described cyber-attacks as a “fast-evolving threat,” and vowed to upgrade cyber defense capabilities. He stated: “Today we concluded that we are on track in upgrading our ability to protect NATO’s networks against these fast evolving threat cyber-attacks. Cyber defense is a national responsibility but we all agree that NATO can and NATO should play a useful role to facilitate the development of strong national cyber defense capabilities.”
Germans called for a closer military integration between NATO countries at the meeting. Fogh Rasmussen welcomed the German proposition. He said it was an example of how allies could cooperate more closely to acquire and develop much-needed military capabilities. He also declared “Cyber defense is a national responsibility but we all agree that NATO can and should play a useful role to facilitate the development of strong national cyber defense capabilities.”
The Global Cyber review is produced by the INSS Cyber Warfare Program Team:
Dr. Gabi Siboni, Daniel Cohen, Hadas Klein, Aviv Rotbart, Gal Perel, Amir Steiner, Doron Avraham, Shlomi Yass, Keren Hatkevitz, Sami Kronenfeld, Jeremy Makowski, Simon Tsipis