This post is also available in: heעברית (Hebrew)

global cyber - INSS

Israel

4703831_s-200x150Israel: IBM Bought the Israeli cyber security company Trusteer

IBM signed an agreement to acquire cyber security company Trusteer, and plans to set up a cyber-security software lab in Israel.

The cyber security software lab in Israel will combine IBM and Trusteer staff whom work in the area of software security research and development. They will focus on mobile and application security, advanced threat, malware, counter-fraud, and financial crimes. IBM claimed its new lab (IBM Cyber Security Software Lab) will be an addition to IBM’s existing research and development facilities in Israel. The company specializes in cyber security against financial fraud and advanced security. The Israeli company Trusteer currently serves as the main cyber security provider to seven of the top ten biggest American banks and nine of the top ten UK firms.

U.S.A

15829781_s-200x150The National Security Agency hacked United Nations communications

The U.S. National Security Agency (NSA) broke the encryption system securing the United Nations video conference system at its headquarters in New York City. This news was reported on Sunday, August 25th by the German newspaper Der Spiegel. For several months beforehand, NSA has been at the center of intelligence revelations made by Edward Snowden. Der Spiegel also claimed NSA monitored the European Union after they moved into new offices in New York in September 2012. This new revelation is another disclosure added to the list, which started a few months ago. The U.S. continues its offensive cyber intelligence operation in the goal of protecting its national infrastructures. Revelations about PRISM and other programs made by NSA in which they collected and stored personal information from multiple sources such as emails, phone calls and web information have sparked outrage in Europe.

The NSA Imposes Rules to Protect Secret Data Stored on Its Networks

The NY Times published on July 18, 2013, NSA imposed new rules designed to sharply restrict sharing and downloading of top-secret material from its computer networks after the Snowden incident. Among new procedures is a “two-man rule,” which is based on how nuclear weapons are handled. It requires two computer systems administrators to work simultaneously when they are inside systems containing highly classified material.

Gen. Keith B. Alexander, head of the NSA and the commander of the Cyber Command, stated future plans are being made to keep sensitive data in a highly encrypted form, which sharply limits the number of system administrators who can move data throughout the nation’s intelligence agencies and the Department of Defense. Ashton B. Carter, Deputy Secretary of Defense, and General Alexander jointly said the military has begun deploying roughly 4,000 personnel in the Pentagon’s first faction devoted to conducting cyber operations. This is a new mission formalizing America’s use of a class of weapons the Obama administration has rarely discussed in public. The best known example is the covert effort called “Olympic Games,” which was against Iran’s nuclear program.

The U.S. Intelligence “Black Budget” revelations

On August 30th a new revelation made by Edward Snowden to the Washington Post revealed the US intelligence “Black Budget” of 2013. According to the report, a large portion of the budget allocated $14.7bn to the CIA out of $52.6bn for 16 intelligence agencies. The second agency receiving the biggest budget was NSA with $10.8bn. The CIA and the NSA are actively hacking into foreign countries. They have launched “offensive cyber operations” to hack or sabotage enemy computer networks, according to the leaked files. The report also presented who the US priority counterintelligence targets are: China, Russia, Iran, Cuba and Israel.

NSA is denying an aspect of the report were the agency planned to investigate up to 4,000 cases of possible internal security breaches. Vanee Vines, one of the agency’s spokesman, said to the Associated Press the effort actually represented a broad reinvestigation of civil personnel to lessen the possibility of security risks. He also claimed: “Periodic reinvestigations are conducted as one due-diligence component of our multifaceted insider threat programme.”

The Intelligence “Black Budget” is the latest in a series of leaks by ex-NSA Snowden, who has been charged with espionage in a federal court in the US.

Russia

11882364_s-200x150Russia strengthens its cyber security by creating a new army cyber security branch.

Russia decided to strengthen its cyber security by creating a separate cyber warfare branch under the military command.

According to a senior Russian official in the Research and Development branch of the army, the army assumed the Internet could become the new arena of war. The Foundation of Advanced Military Research, which is the equivalent of the Washington’s Defense Advanced Research Projects Agency (DARPA) in the US. The agency has been in charge of briefing the Kremlin about Russia’s defense capabilities. The Deputy Prime Minister Dmitry Rogozin claimed: “The agency will provide support for both fundamental research and high-risk projects. We have so many breakthrough projects gathering dust that if we implement only a small part of them we will see a revolutionary leap in Russia’s development.” Russia has injected 2.3bn roubles ($70m) into the foundation for 2013. Russia realized its cyber security infrastructure is not sufficient to counter threats in a country where cyber-attacks are very common.

A new integrated network for the Russian Defense.

According to the “Kommersant” publishing house, citing on its own sources in one of the Russian Government Ministries, the FSB experts took the initiative to create “integrated network for the needs of national defense, national security and law enforcement” (ISS). According to preliminary data, the proposals have been approved by Vladimir Putin on May 31 this year. Currently, a draft of a government decree for creating an all-national global federal network is under discussion in relevant agencies.

iHLS – Israel Homeland Defense

Arab countries

17695294_s-Copy-NXPA Syrian Cyber-attack hit Twitter and the New York Times

The NY Times published on August 15, 2013 that people accessing certain articles on The Washington Post’s website Thursday morning were redirected to the site of the Syrian Electronic Army (SEA), a hacker collective that supports the Syrian president, Bashar al-Assad. The Post stated by Thursday afternoon they had regained control of the website. The paper reported SEA tweeted they had also hacked Time magazine and CNN. This suggests it tried to carry out a coordinated attack on American news outlets. Several days beforehand, SEA allegedly subjected Washington Post’s newsroom employees to a sophisticated phishing attack to gain password information. The attack resulted in one of the writer’s personal Twitter account being hacked and tweeting a message dictated by the SEA. For 30 minutes on August 15th, some articles on the website were redirected to SEA’s webpage. SEA claimed through a tweet they gained access to elements of our site by hacking one of the post’s business partners, out brain.

The New York Times website, nytimes.com, was hacked for a second time in two weeks, and the suspected hacking group is the Syrian Electronic Army. An attack also occurred on the popular social media website Twitter. SEA, an online group that supports al-Assad, took responsibility for the attack. Officials told NBC News that the FBI is “aware of the hack and is looking into it.” The group may have used “spearphishing” to help gain access to the Times’ website. The approach, part social engineering, part hacker know-how, involves tricking a targeted individual to open an attachment within an email that could unleash malicious code or carry out another nefarious action.  Matt Johansen, head of the Threat Research Center at WhiteHat Security, stated on Twitter the New York Times website attack did link to the SEA because the website’s domain server name was “pointing to an SEA name server.”

China and APAC

11106453_sThe biggest denial of service attack on Chinese websites

The Chinese government declared it faced the largest denial of service attack it’s ever seen this Sunday. The attack consisted of access to “.cn” websites to load extremely slowly if accessed at all. The Chinese Internet Network Information Centre, which manages “.cn” domain, said the attacks occurred around 2AM and 4AM Sunday morning, with service being gradually restored afterwards. To attack Chinese servers, the cyber attackers summoned traffic flow “far greater” than witnessed before. The first attack started around midnight and lasted near two hours, which interrupted services, CNNIC claimed. The second one became the biggest denial-of-service attack on Chinese domain servers name in history, slowing or killing connections to websites. A staff member at CNNIC declared to the Post “the attack was still going on yesterday afternoon.”

Access to most Chinese websites were more or less normal yesterday, the government deployed an emergency plan, including backup servers. The Chinese suspected the attack was launched overseas and not by a group of hackers due to the resources it required. According to China, this incident held heavy consequences on the Chinese industry.

China prepares for Cyber Warfare

China’s military is prepping for war in cyberspace involving space attacks on satellites and the use of both military and civilian personnel for a digital “people’s war.” All this is according to an internal Chinese defence report. As cyber technology continues to develop, cyber warfare has quietly begun, the report concludes, noting the ability to wage cyber war in space is vital for China’s military modernization. According to the report, strategic warfare previously was built on nuclear weapons. “But strategic warfare in the information age is cyber warfare,” the report declared.

Europe

12474909_s-200x150 europeUK: McAfee official public strategy calls on UK government cyber strategy change

On August 28th, Graeme Stewart, the director of UK public sector strategy at McAfee, called the UK government to change its approach to IT procurement. Last month, government officials did not hide their desire to procure a more digital, cloud-based system for the future determined as the “G-Cloud policy.” Stewart disagrees with how the government handled its transition from paper-based platforms to new, centralised systems.

According to Stewart, there is a cyber-security professional crisis in the UK because the demand for cyber security graduates is high, however, the supply is limited to employ at high defense companies or the public sector. Additionally Stwart said, “With the UK government driving its own digital transformation agenda, and cyber security being reclassified to a tier-one national security threat, never has there been more pressure for the public sector to rectify a very real cyber security skills gap.”

However, the British government has recently realized the importance of encouraging more graduates into the cyber-defence industry. At the start of 2013, Francis Maude, the minister for online security and GCHQ and UK’s Internet defence authority, announced the creation of eight ‘Centres of Excellence in Cyber Security.’ The University of Bristol, Lancaster University, Imperial College London, University of Oxford, Queen’s University Belfast, University of Southampton, University College London and Royal Holloway London were all selected by ministers to produce qualified recruits for security firms and government. Each of these Universities benefited from a £50,000 capital investment, as well as a close collaboration with GCHQ and a number of private companies being supported by the UK government.

The Global Cyber review is produced by the INSS Cyber Warfare Program Team:

Dr. Gabi Siboni, Daniel Cohen, Hadas Klein, Aviv Rotbart, Gal Perel, Amir Steiner, Doron Avraham, Shlomi Yass, Keren Hatkevitz, Sami Kronenfeld, Jeremy Makowski, Simon Tsipis

global cyber - INSS