This post is also available in: heעברית (Hebrew)

INSS global cyber - banner small


Hacking U.S Secrets, China Pushes for Drones plan

15829781_s-200x150The NY Times published on September 20, 2013 that for approximately two years, hackers based in Shanghai shadowed one foreign defence contractor. According to an American cyber security company monitoring the attacks, their target was “the United States technology in military drones.“ Darien Kindlund, who is the manager of intelligence threat at the company FireEye declared: “I believe this is the largest campaign we’ve seen that has been focused on drone technology.” It appears the Chinese government intends to construct their own drone technological capabilities. The hacking operation, conducted by a group called Comment Crew, was one of the most recent signs of China’s ambitions in the drone development program.

The State Department officials stated China does not take measures against hacking, and the state itself is a victim. Another American cyber security company has tracked members of Comment Crew to a building associated with the People’s Liberation Army outside Shanghai. China is now dispatching its own drones into potential combat arenas. Every major arms manufacturer in China has a research centre devoted to drones. Military analysts say China has long tried to replicate foreign drone designs. Some Chinese drones appearing in recent air shows have closely resembled foreign ones. Chinese engineers and officials have done reverse engineering, meaning they studied open source material and debriefed American drone experts who attend conferences and other meetings in China.

For the Obama administration and American business executives, no method of Chinese technology acquisition is more worrisome than cyber espionage. An American official confirmed drone technology had been stolen by hackers. FireEye, a cyber-security company in California, called the drone theft campaign Operation Beebus because it was traced back to a command-and-control node at Cyber security experts say general address and tools linked are associated with the Comment Crew. Comment Crew are considered a Chinese hacker unit, which Mandiant, another cyber security company, discussed in a report in February. Mandiant claimed the group was part of Unit 61398 of the People’s Liberation Army, based in Shanghai.


Russia Ranks 2nd in international confidential information leaks

INSS global cyber - IranAt the an international conference, DLP Russia, the CEO of analysis firm, InfoWatch, Natalya Kaspersky declared that in the first half of this year Russia climbed 2 spot in the list of countries of leaks to confidential data. The leader in the ranking is United States. According to InfoWatch, United States accounted for 62.9% of all international leaks. A total of 42 leaks were registered in Russia, followed by the UK with 41 cases. These statistics were based on InfoWatch’s database, which has been updated since 2004. The database includes information leaks having occurred in private and public organizations through inadvertent or intentional actions by their employees. These information leaks have been reported in the media or other public available sources. This investigation means the database only includes a small part of the actual international information leaks. In 2012, a total of 934 confidential information leaks were reported in the media worldwide. Kaspersky claimed the quantity of accidental leaks was decreasing, representing 38 per cent of the total leaks.

Arab countries

The Syrian Electronic Army denies developing a new Mac malware

INSS global cyber - Arab StatesA new Mac malware was found and has been linked to the Syrian Electronic Army (SEA) hacking group. However, SEA is denying any involvement in the creation or spreading of the malware. The researchers at security firm Intego, revealed in a blog post the new Mac Trojan horse virus was found by a user in Belarus, which disguises itself as a picture of a kissing couple. The malware was probably part of a targeted attack. The malware was designed to trick users into clicking on a seemingly innocent image. Once the image was pressed it would install a backdoor in the computer allowing the hackers to surreptitiously control the computer and steal data. The malware downloaded a picture of the SEA logo onto the computer, which made Intego researchers suspect the pro-Assad hackers group.

According to security researcher, Ken Westin, the malware is similar to what the Syrian hackers used in their phishing attacks against The New York Times and The Washington Post. The real question is who is behind this malware, and why would they make the virus download the logo of the Syrian Electronic Army? The security experts at Westin believe there are two plausible answers. The first would be for propaganda purposes, if it really is SEA behind the malware. The second option would be someone wanting to keep their identity a secret, and covering their tracks by pointing the direction towards SEA. In these cases, the logo would be a false flag, which is possible. The best way to hack a network and hide your tracks, Westin explains, is to use a proxy through China and blame it on them.

The British blogger Graham Cluley declared: “The only reason I can imagine that someone else would want to embed such an image in their Mac malware is if they wanted to show their support for the hacking group, or simply wanted to throw cybercrime investigators off the scent of the true creators of this malware.”

iHLS – Israel Homeland Security

China and APAC

A Hacker group was found in China and linked to a big cyber-attacks: Symantec

INSS global cyber - China and APACA U.S. computer security company stated on Tuesday that researchers have discovered a group of highly sophisticated hackers operating for hire out of China, and linked them to some of the best-known espionage attacks in recent years. A Symantec report explained the Hidden Lynx group might have been involved with the 2009 Operation Aurora attacks, which is the most famous cyber espionage campaign against any U.S. company.

In Operation Aurora, hackers attacked Google Company and others, including Adobe Systems. Google revealed the attacks in January 2010, in which hackers tried to read emails about and from communications between human rights activists. Also they attempted to access and change source code at targeted companies. Symantec researcher, Liam O’Murchu, said his company was not capable to determine who was behind Hidden Lynx. Unlike a previous report by another company, Symantec did not accuse the Chinese government of involvement in the cyber-attacks. Beside the fact China denies any involvement in cyber activities, it is considered one of top country’s regarding cyber-attacks and cyber spying activities.

South America

Argentina and Brazil agree on cyber-defense alliance against espionage

INSS global cyber - South AmericaDefense ministers of Brazil and Argentina signed an agreement for cooperation to improve their cyber defense capabilities. This follows revelations of the US spying on Latin American countries. “We need to reflect on how we cooperate to face these new forms of attack,” the Brazilian defense minister, Celso Amorim, declared at a conference in Buenos Aires. He also said they will organize a meeting in Brazil before the end of the year to intensify their capabilities in the matter of cyber defense.

The ministers signed a broader military cooperation agreement. In 2014, Brazil will provide cyber warfare training to Argentinian officers. After NSA contractor Edward Snowden revealed U.S spying program on countries in Latin America they started to increase their cyber security. In September, Brazil’s TV Globo reported that NSA had intercepted telephone calls and e-mails of Brazilian President Dilma Rousseff. A week later, it was revealed that the US government also retrieved key data on a number of issues including oil market, drugs trade and political movements in the Latin American countries.


UK: A London teenager arrested over world’s biggest DDoS attack

INSS global cyber - EUA British teenager has been secretly arrested in London over what it is called the “world’s biggest cyber-attack” as part of an international swoop against a suspected organized gang. The boy, who lives in southwest London, has not been identified. Detectives at the National Cyber Crime Unit were acting in cooperation with police services from around the world in a swoop against a group of suspected cyber-criminals. At the same time a Dutch man living in Spain was also arrested. The cyber-attack was a Distributed Denial of Service (DDoS) attack against the Dutch anti-spam group Spamhaus. A UK operation document describes the attack as “the largest DDoS attack ever seen with a worldwide impact” on Internet exchanges.

Another eight suspects, part of a group who took control of a Barclays bank computer, were arrested for a £1.3 million theft. Details of the arrest, which happened in April, were deliberately kept secret, but have been disclosed to the Evening Standard newspaper before the creation of the new British National Crime Agency. The NCA will take over the National Cyber Crime Unit as part of a drive against offensives carried out through the Internet, which now seen as one of the most serious crime-fighting challenges. Half of the 4,000 cyber-security officers who will form the new agency will be trained in countering cyber-crime and cyber threats. The British security minister, James Brokenshire, declared the new National Crime Agency would do its best to combat criminals operating on the Internet.

Europol explains that cyber-attacks will increase over next decade

Critical infrastructure could be at risk from cyber-attacks by 2020. An increase growth of the number of devices connected to the Internet will open new threats and give new opportunities to hacking groups. A study, carried out by Europol and by the European Cybercrime Centre, in cooperation with the International Cyber Security Protection Alliance, predicts a huge growth in virtual reality technologies.

The problem is technology opens new risks to privacy, and new opportunities for cyber criminals to hack personal data, potentially causing serious psychological and physical effects. According to John Lyons, governments and IT manufacturers will have to work more to counter these cyber threats. Some IT manufacturers are exacerbating the problem by releasing new products before they have been properly tested, said Lyons. They are engaging in reckless behavior because of the competitive pressure to get products out first. According to Troels Oerting, who is the head of Europol’s Cybercrime Centre Ec3, governments need to use appropriate technologies and resources to counter cyber-crime. Cyber criminals are moving to states in Africa and Asia, which do not have the infrastructures and resources to fight them.

The Global Cyber review is produced by the INSS Cyber Warfare Program Team:

Dr. Gabi Siboni, Daniel Cohen, Hadas Klein, Aviv Rotbart, Gal Perel, Amir Steiner, Doron Avraham, Shlomi Yass, Keren Hatkevitz, Sami Kronenfeld, Jeremy Makowski, Simon Tsipis

INSS global cyber - banner small