INSS Global Cyber Review – September 15th

INSS Global Cyber Review – September 15th

This post is also available in: heעברית (Hebrew)

global-cyber

Israel

Israel: Anonymous planned new cyber-attacks on Israel web sites

4703831_s-200x150AnonGhost, an affiliate group of the Anonymous hacker organization, was threatening Israel by planning new cyber-attacks on their websites to commemorate the 12-year anniversary of September 11th. The group posted a list of potential Israeli web targets, including government websites. Anonymous already planned and made several attacks on Israel websites. The group has carried out two campaigns against Israeli websites. The first, which is called #OpIsrael, took place this April on Holocaust Remembrance Day. The second one was title #OpIsraelReloaded, which started on June 7, 2013, and was in response to a retaliatory Israeli hacker campaign named #OpIslam.

The group declared on Saturday September 7 it had obtained 165,000 listings of names, e-mail accounts, and phone numbers of Israeli citizens. According to Israeli newspaper Haaretz, the information was likely obtained from hacking into an Israeli websites. AnonGhost also claimed to have obtained the details of over 5,000 credit cards belonging to Israelis.

U.S.A.

The Budget Documents Detail Extent of U.S. Cyber operations

15829781_s-200x150The NY Times published on August 31, 2013 the newly disclosed budget documents for America’s intelligence agencies, and how aggressively the United States is currently conducting offensive cyber operations against other nations; even as the Obama Administration protests attacks on American computer networks by China, Iran and Russia. In documents obtained by The Washington Post Saturday edition from Edward J. Snowden, the former National Security Agency (NSA) contractor and NSA leaker, indicate 231 cyber operations in 2011, a year after the first evidence emerged of an American- and Israeli-led cyber-attack against Iran’s nuclear-enrichment center. The number suggests President Obama was not deterred from the disclosure of the Iranian operation, which only became evident because of a technological error, and continues the insistence of using cyber weapons against a variety of targets. A parallel effort code-named GENIE, is depicted as an effort by American intelligence officials working for NSA and the military’s Cyber Command to insert surreptitious controls into foreign computer networks. That computer code, a type of malware, allows American officials to hijack computers or router some of their data to servers enabling American espionage.

Computerized espionage is not recent, though the sophistication and scale has increased in recent years. Offensive operations intended to alter data, turn off networks, or destroy machines is what made the Iran operation so complex and unusual, making it a newer phenomenon. President Obama, in an executive order signed last year, reserved the right to decide when the United States should conduct such operations. Recently, Gen. Keith B. Alexander, who directs NSA and commands the military’s Cyber Command, spoke publicly of creating 40 cyber teams, including 13 focused on offensive operations. The defensive operations include protections for the American military and other government agencies, in addition efforts to detect broad cyber-attacks launched against the United States.

U.S.: Imaging a cyber-attack on power grid system

The NY Times published on September 10, 2013 more than 200 utilities and government agencies across the country, from Consolidated Edison to the Department of Homeland Security to Verizon Wireless, are now expected to sign up for the largest emergency drill to test the electricity sector’s preparation for cyber-attack. The drill, scheduled for November 2013, will stimulate an attack by an adversary taking down large sections of the power grid and knocking out vast areas of the continent for weeks. The drill, organized by the North American Electric Reliability Corporation, intends to explore how the country would respond to an enormous grid failure, which would interrupt supplies of water, food and fuel, and create disruptions on a scale far beyond 9/11. An attack on the power grid could occur, said former Senator Byron L. Dorgan, who represented North Dakota in the Senate and House for more than three decades. “I think that we are vulnerable, and it’s not just me, it’s the National Science Foundation and a number of people in the energy industry.”

Russia

Security expert Eugene Kaspersky expressed his opinion regarding the impact of the Prism project

11882364_s-200x150A month after Edward Snowden’s arrival into Russia, Eugene Kaspersky, answered a question about the newly-exposed U.S. surveillance programs. According to Kaspersky: “There is no more privacy.” Kaspersky declared consumers are paying the price of new and advanced technologies. He also claimed Mr. Snowden’s actions were justified, because it is unclear how many lives the American programs saved.

Kaspersky company works closely and routinely with domestic and international government security forces to combat the spread of malicious software, including the Russia’s Federal Security Service. Kaspersky believes security companies developing security software or applications will not see any change in relationship with governments due to revelations on the U.S. Prism program. Additionally, the expansion and cooperation between government and private companies will depend on user behaviour.

The results of the Prism project could scare away potential consumers from buying American antivirus, however, Kaspersky suspects American antivirus companies do not send weighty data to the NSA. He said the problem varies for internet companies because they have private data on their servers. Therefore, to have a back door in an antivirus product would lead to the end of their business and could potentially damage the reputation of security software companies. For these reasons, government and private companies will not take the risk to voluntarily compromise their software.

iHLS – Israel Homeland Security

Arab countries

The Syrian Electronic Army cyber-attacks continue with U.S. Marines

17695294_s-Copy-NXPThe Syrian Electronic Army (SEA) has continued its series of cyber-attacks. This time they targeted the U.S. Marines corps website, “www.marines.mil.” They hacked the recruiting info page, posting a message asking US soldiers to refuse orders if Washington decides to launch an attack against Syria. The site became unavailable for several hours Monday and visitors were redirected to a special message “delivered by SEA.”

SEA has been highly active over the last six months. The group, which supports Syrian President Bashar al-Assad, claimed responsibility for cyber-attacks on the New York Time website and Twitter. This time the group focused on the U.S. Marines because of their potential into being deployed into the civil war in Syria. Since its creation in 2011, the pro Assad group has launched around 13 cyber-attacks against U.S. government and private websites. The group tactics is to use phishing in order to gain sufficient information to compromise accounts.

In addition to the use of social media, this group has created their own Android Application for members. Moreover they spread malware and distribute DDoS attack tools. In many cases, the SEA carries out their attacks in a manner that is difficult to detect. Some research shows the average breach goes undetected for 243 days and 63% are discovered by third parties.

China and APAC

North Korea pursues cyber-attacks against South Korea

11106453_s“Kaspersky Lab” in Russia has detected a new group of cyber espionage from North Korean government agencies. Although the exact mode of transmission has not yet been determined by Russian specialists, experts believe the spread of “Kimsuky” occurs by sending targeted phishing emails. The Kimsuky Trojan targeted cyber attacked against 11 organisations in South Korea and two in China, including Korean national security think tank the Korea Institute for Defence Analyses (KIDA), South Korea’s Ministry of Unification, Hyundai Merchant Marine and The Supporters of Korean Unification. ”Kimsuky” has functions such as tracking pressing keyboard keys, drawing up a list of files and steal all directories, remote control of your computer and stealing documents that are in HWP format (which is widely used in the South Korean government offices). First examples of this Trojan have been apparent for Russian hackers already in May 2013. However, the profile Kaspersky built of these hackers suggests that they are not the most sophisticated espionage criminals.

Chinese Cyber spies are hacking into America’s Small Businesses, but not for reasons that you would think

A wide range of small businesses and institutions, from pizza restaurants and medical clinics to synagogues and universities, have been both victim and unwitting accomplices in sophisticated cyber espionage campaigns being carried out by hackers in China, security researchers told The Huffington Post. For years, Chinese cyber spies have been quietly hacking computers in these places, however, not to steal data, researchers claim. Instead, hackers intend to take over their PCs and use them to disguise attacks against other companies.

By camouflaging their activity, hackers are able to bypass security software blocking suspicious Internet addresses in China from connecting to a company’s network. It also confuses investigators who trace the source of cyber-attacks to seemingly benign locations, including a church computer in Florida, according to Kevin Albano who is a researcher at the computer security firm, Mandiant.

Europe

UK: Northrop Grumman continues to help the U.K. Ministry of Defence to monitor cyber events

12474909_s-200x150 europeNorthrop Grumman decided to extend its contract with the Defence Science and Technology laboratory to develop software designed to help the U.K. Ministry of Defence monitor cyber events. Northrop claimed they will work with the Universities of Oxford and South Wales to build concepts, tools, and strategies as part of the MOD’s (N.Guru) Cyber Situational Awareness System development program. Danny Milligan, sector-managing director at Northrop Grumman Information Systems Europe, said the research initiative aims for the resulting technology to help the MOD in protecting its infrastructure.

The N.Guru project will use visualizations for tracking and monitoring cyber risks. The project also aims to determine the impact of cyber threats on businesses, detect anomalies and share threat information with organizations to reduce risks.

The Global Cyber review is produced by the INSS Cyber Warfare Program Team:

Dr. Gabi Siboni, Daniel Cohen, Hadas Klein, Aviv Rotbart, Gal Perel, Amir Steiner, Doron Avraham, Shlomi Yass, Keren Hatkevitz, Sami Kronenfeld, Jeremy Makowski, Simon Tsipis

global-cyber