INSS Global Cyber Review – August 2013

INSS Global Cyber Review – August 2013

This post is also available in: heעברית (Hebrew)

global cyber - INSS


USA

U.S: Cooperation with India on cyber security issues

15829781_s-200x150

The United States started to build a strong partnership with India on cyber security issues. India faces threats from Pakistan, China and non-state actors. The actual Indian infrastructures are not well protected to coop with cyber threats. For these reasons, on July 2013 the United States and India signed the Memorandum of Understanding (MOU). The MOU promotes a close cooperation and the exchange of critical cyber security information between cyber security organizations. It is the first time that a cyber-security agreement is signed between the U.S and India.


Russia

Russia started to use electric typewriters to counter Cyber espionage

11882364_s-200x150

The Kremlin started to use the old fashion solution of electric typewriters for communication. The Federal Guard Service is going to buy a number of these electric typewriters. The solution has been planned for more than a year according to the service, known by its Russian acronym FSO. The Russian government hopes that using old style devices such as typewriters will enhance security and reduce cyber information theft and espionage.

Online banking attacks is the major problem of the Russian cybercrime market

The group IB which is one of the leading Russian companies in fraud prevention, cybercrime and investigations, recently released its yearly analysis of the Russian cybercrime market. The main trend is online banking sites attacks. In 2014, Botnet operators will face some difficulties, as the majority of malicious traffic will be blocked without reaching its intended victim with the rise in the number of filtering and analysing equipment installed at intermediate nodes. There will be continued growth in the number of attacks using HTTPS. The most frequent victims will be resources associated with online sales. However, DDoS attacks on the banking sector will most likely finally die out due to their ineffectiveness.


Arab Countries

United Arab Emirates: Attack on government sites

17695294_s-Copy-NXP

United Arab Emirates has been subjected recently to attempts by cyber hackers to damage the UAE’s governmental sites. The UAE’s Telecommunications Authority tracked down those attempts that were originated from Egypt and were aimed to damage some government electronic sites. They succeeded in neutralizing the danger and repairing the limited damage caused by the attack and in the same time, had worked on tracing the source of danger.
The UAE’s Telecommunications Authority contacted the relevant Egyptian authorities to coordinate efforts of the two countries on this matter and mentioned it would provide the Egyptian authorities a list of IP addresses from which the cyber-infiltration attempts originated.

This is yet, another attempt in the last couple of weeks of cyber-attacks that were originated from Egypt and were a revenge made by Mursi’s supporters toward countries that expressed their support of the Egyptian army’s acts.

www.i-hls.com


China and APAC

Taiwan: A ‘testing ground’ for Chinese cyber army

11106453_s

Taiwan is the frontline in an emerging global battle for cyberspace, according to elite hackers in the island’s IT industry, who said it has become a rehearsal area for the Chinese cyber-attacks that have strained ties with the United States.

The self-governing island, has endured at least a decade of highly-targeted data-theft attacks that are then directed towards larger countries.

Pakistan: Government is planning to enact a Cyber Security Act.

The Pakistani government is planning to adopt a Cyber Security Act before the end of 2013 and, after creating a task force to look at a the Pakistani cyber-security strategy and an emergency response team. The emergency to build a cyber-security framework is growing with the increasing number of internet users in the country.It is also a reality that with more security, the number of online transactions will also grow.Pakistan has around 30 million internet users, but only a part of them use online financial services or e-commerce.Many people think that online transactions are not safe because the country has no laws and governance for the cyberspace.


Europe

Germany: Security loopholes in the SIM card system

12474909_s-Copy-NXP

The German cryptographer Karsten Nohl who is the head of the Security Research Labs, discovered a loopholes in the SIM card encryption system that he will presentat the Black Hat conference on the 31 of July. In past years, Karsten Nohl had demonstrated that he can break the GSM (A5/1) algorithm in only 2 minutes. Nohl explained that the Data Encryption Standard (DES) algorithm has weaknesses that can possibly be exploited by hackers. According to him, around 750 million of SIM cards are vulnerable.

The DES algorithm was invented in the 70’s and is still in use for many SIM cards signature in the world. The DES algorithm is, still used by half of the 6 billion phones in use every day. In these, one quarter appear as vulnerable, according to the researcher. On a thousand cards tested in two years in Europe and North America, about 250 gave their encryption key in response to a fake SMS service, such as those sent by operators to validate terminal’s identity. Alerted by Karsten Nohl, the GSMA, which is the international association of telecom operators, claimed that only “a minority” of phones using the standard DES may be vulnerable. At present, the new SIM cards generation uses the AES Advanced Encryption System or the triple DES algorithm which are stronger. However nothing guarantees that in a close future these algorithms would not be compromised as well. These loopholes could open a new door for hackers and cyber spies.

UK: The largest 350 UK companies are losing confidential data because of cyber attacks

Weaknesses and cyber leaks at FTSE 350 index, which represent the largest 350 UK companies by capitalization are putting the UK’s economic growth and national security at risk, according to a report made by the company KPMG. The deep analysis reveals that companies which are vital to the UK’s economic growth and vital to national security are losing confidential data that can be used by cyber attackers. According to KPMG, this data is available in the public domain and could be used to gain control of intellectual property, perpetrate fraud or inflict heavy damages. The report is based on a simulation that a cyber-attacker might undertake using public domain data without breaching security.


The Global Cyber review is produced by the INSS Cyber Warfare Program Team:

Dr. Gabi Siboni, Daniel Cohen, Hadas Klein, Aviv Rotbart, Gal Perel, Amir Steiner, Doron Avraham, Shlomi Yass, Keren Hatkevitz, Sami Kronenfeld, Jeremy Makowski, Simon Tsipis

global cyber - INSS