Executive Cyber Intelligence Bi-Weekly Report by INSS-CSFI
February 1st, 2014
Israel
Cyber Park in Beer Sheba expanding
One of the biggest network companies, Cisco, will invest millions of dollars in the Israeli
cyber industry through the JVP foundation, The Marker reported. This investment joins the announcement made by
Lockheed Martin and EMC on opening a research center/
cyber
park in Beer Sheba (initial investment being one million dollars). The
park will be called Cyber-Spark and will accommodate leading
cyber
industries, academic research, and the national cyber command. Another
addition to the ever growing park will be made by IBM in cooperation
with Ben Gurion University, who declared their intention to open a
center for global excellence in the field of cyberspace. The rise of the
cyber industry in Beer Sheba is meant to create a cyber hub in the
middle of the South, as well as mixing economic and security growth by
creating 15,000 jobs in a few years.
Israel’s Darknet and TOR dilemma
Last year, Edward Snowden turned over to
The Guardian
58,000 classified U.S. government documents, and only a fraction of the
files have been made public. To avoid detection, Snowden almost
certainly relied on one very specific and powerful tool to cover his
tracks – TOR. TOR, an acronym for “the onion router,” is software
providing the closest thing to anonymity on the Internet. Engineered by
the TOR Project, TOR has been adopted by both agitators for liberty and
criminals, and many people who use TOR do so to browse the Darknet
liberally. Many countries have faced questions on how to deal with
Darknet, and an example occurred with two young men in Israel, standing
trial for using Bitcoins to purchase drugs on the Darknet. The young men
also used fake credit card numbers, which were bought through the
Darknet. This criminal issue related to Darknet is one of several cases
the Israel court has had to deal with in the past few months.
USA
Changes in NSA and cyber security matters due to Snowden affair
General
Keith Alexander, Director of the NSA, is stepping down and being
replaced by U.S. Navy’s Cyber Security Chief, Michael S. Rogers. Since
whistle-blower Edward Snowden revealed the intensity of U.S. spying on
its citizens and allies, a call has been made for intelligence agencies
to be more transparent and for them to uphold the law. The U.S. has
faced many embarrassments and the need for explanation since the Edward
Snowden affair. Yet because of the Snowden affair, policy decisions in
cyber security have reached a stalemate as the U.S. has begun struggling
to deal with the daily cyber-attacks from Russia and China. Plans and
projects in the NSA have halted even though ideas could be effective,
and decision makers in Congress explain: “[Snowden] slowed everything
down.” However, opposing and pro-Snowden supporters insist the problem
in U.S. and fighting terrorism was never lack of information but U.S.
intelligence agencies not sharing data or informing the public. As it
currently stands, the FBI, NSA, and DHS are denied to share classified
cyberspace information with the civilian population. Since Snowden, the
U.S. has faced growing criticism internationally, with foreign leaders
disregarding Obama’s warnings regarding cyber affairs. The announcement
of Rogers as Director of NSA comes a few days after the cyber hackers
group Anonymous hacked and publicized email addresses of U.S. members of
the Federal Bureau Investigation.
Microsoft answers to growing criticism
Microsoft
has responded to breaches in its security when it announced plans to
launch ‘Transparency Centers’ worldwide, enabling government customers
to verify their Microsoft products. Microsoft has faced growing pressure
and criticism over its involvement with U.S. spying after the
revelations of Edward Snowden Prism, a top-secret program giving the NSA
direct access to the systems of Google, Microsoft, and Facebook.
Microsoft also faced the embarrassment of being hacked by the SEA
through phishing attempts on Microsoft email accounts to steal
information. Microsoft plans to expand encryption across its services to
provide legal protection for customer’s data and government users.
Plans to reveal the source code have remained unannounced.
USA: Major retailers in the U.S. hacked during holiday season
Massive
cyber-attacks hit major U.S. retail stores of high end Neiman Marcus.
Neiman Marcus confirmed a data breach involving credit card theft from
customers during the holiday shopping season, where hackers rooted
payment information from customers. Neiman Marcus spokesperson, Ginger
Reeder, stated the company is unaware of the cause or identification of
the data breach, but they informed “federal law enforcement agencies and
are working actively with the U.S. Secret Service, the payment brands,
our credit card processor, a leading investigations, intelligence and
risk management firm, and a leading forensic firm to investigate the
situation.” Similar breaches affected Target on Black Friday, the
biggest shopping day in the U.S. Senator Edward J. Markey (D-Mass)
responded to the attack stating: “In the wake of the Target breach,
customers, lawmakers, and consumer advocates have stepped up calls for
Congress to set up guidelines on how merchants should protect consumer
data…a need for clear, strong privacy and security standards across all
industries.” Target has already responded with CEO Gregg Steinhafel
proclaiming to improve Target’s understanding of consumer-based scams,
including removing the malware the cyber criminals installed, hiring a
team of data security to investigate occurrence, and working with law
enforcement. Target is also preparing to announce an education campaign
on accelerating the knowledge on technology and cyber security. Some
believe other retail stores have been affected, causing a pattern in
attacks heading towards larger widespread attacks. Chris Petersen, CTO
of LogRythm remarked that this would entail extremely sophisticated
malware software. At this time, these are just rumours circulating, and
IntelCrawler contended the attacks on Target and Neiman Marcus were
separate. Nevertheless, no national breach disclosure law exists,
allowing many companies who may have been attacked to not publicize it.
Russia
Russia to set up a cyber-defense unit
Russian
Maj. Gen. Yuri Kuznetsov was quoted by the national news agency RIA
Novosti, stating a cyber-defense unit will be ready “to defend the
Russian armed forces’ critical infrastructure from computer attacks” by
2017. The mission maintains to better protect the defense sector from
cyber-attacks. Cyber-warfare has emerged and has become a national
security threat in recent years to Russia. Websites used by Asian
governments were targeted by the “Anonymous” cybercrime organization in
2013, and U.S. and Chinese officials have traded accusations about cyber
espionage in recent years. RIA Novosti reports the Russian newspaper
Vedomosti was knocked offline Thursday by a DDoS cyber-attack
(denial-of-service), overwhelming servers with requests. Alexei Moshkov,
Russia’s top cybercrime official, claimed cyber-attacks last year on
Russian citizens combined cost around $28 million.
Middle East & Iran
Palestinian hackers suspected to be behind breach in Israeli defense ministry computers
Hackers
broke into Israeli defense ministry computers by sending phishing
e-mails containing an advanced remote access Trojan called Xtreme Rat,
Aviv Raff, CTO of Seculert Research Lab, blogged on January 27th. The
e-mail appeared as if it was sent by the Israeli Security Agency
enabling legitimacy, and the original target was Israeli Customs,
according to TrendMicro. One of the 15 breached computers revealed to
be Israeli Civil Administration of Judea and Samaria, which monitors
entry and work permits into the West Bank from Israel. The Civil
Administration made no comment in regards to an attack. Even though the
attack was conducted from a server located within the U.S., similarities
in code to past cyber-attacks conducted from a Hamas server on the
Israeli Police, enhanced rumours the Palestinians were behind the
cyber-attack. As of now, it is unclear if the hackers used or gained any
information.
Saudi Arabia to launch National e-Security Center to Protect Government against Hackers
Saudi
Arabia embarked on producing a national authority for information
security called the National e-Security Center. The main goal will be to
protect important networks against cyber-attacks. The decision came
after numerous attacks were launched by both cybercriminals and
hacktivist on the Saudi Arabian government websites. An example was when
the Saudi Arabian Interior Ministry was breached with a DDoS attack,
disrupting the website for several hours in May. The attack was traced
back to various countries.
Iran unveils new cyber security products
Fars
news agency reported Iran was unveiling 12 new Iranian technological
products within the cyber field at a ceremony held and attended by
Iranian Defense Minister Brigadier General Hossein Dehqan and Head of
Iran’s Civil Defense Organization Brigadier General Gholam Reza Jalali.
Among the products revealed was a cell phone providing secure
communications, immune from tapping. Other products unveiled were a
home-made, secure operating system, a indigenized navigation system, a
telecommunications optical transmission system, Padvish anti-malware, a
cyber threats recognition and identification system, a security
operations center, a high-speed and high-capacity firewall, and a
software firewall.
Iran has launched an indigenous cyber defense
network cited as “Shahpad,” according to project manager Mohammad
Naderi. The initial idea stemmed from missile defense shields used in
different countries to prevent missile attacks. “Shahpad” is the outcome
of several years of research. The system protects data, operates as a
data manager, and is responsive to the safety needs of all
organizations. According to Iranian news agency ISNA, whenever a threat
against an organization is detected, the system informs other sensors
using smart mechanisms for the exchange of intelligence. The system is
capable of informing all sensitive and important agencies such as
Security Operations Centers across the country, facilitating a swift
reaction.
SEA attacks PayPal UK and eBay UK
The Syrian Electric Army (SEA) used a DDoS cyber-attack on PayPal UK and
eBay UK, causing Twitter to shut down the SEA’s official Twitter handle. Both PayPal UK and eBay UK
verified the attacks occurred, and they were resolved shortly
afterwards; however, they made no mention of the crude defacement SEA
had left on their webpages with messages: “Hacked by the Syrian
Electronic Army. Long live Syria. F*ck the United States government.”
SEA stated the cyber-attack occurred because of PayPal’s denial to allow
Syrians to purchase products online and also assured no information had
been gathered by the account, unlike previous cyber-attacks were it was
documented the SEA had stolen law enforcement data from Microsoft.
China and APAC
Japan sending Self Defense Forces to U.S. for cyber training
The
Japanese government will send members of its Self-Defense Forces (SDF)
to receive specialized training in cyber defense with U.S. forces in a
cooperative program to bolster Japan’s defense against cyber-attacks,
sources said. The SDF members will learn from technologies and
experiences of the more advanced U.S. forces in countering
cyber-attacks. The project aims to improve the SDF’s cyber defense
capabilities and to strengthen Japan-U.S. cooperation. Until today, the
Japan-U.S. cooperation in the field of cyber-defense was limited to
exchanging information; however, this project is expected to strengthen
the collaboration between the two countries.
Europe
Europol smashed financial cyber-crime gang targeting UK citizens
The
European cyber-crime agency EC3 of Europol was thanked after Polish
police arrested five Bulgarian citizens accused of electronic payment
card fraud targeting mainly UK citizens. The agency declared three
hackers from the gang were caught, two of them were carrying out illegal
electronic payment card transactions at automated cash machines (ATMs).
One of them was receiving compromised card numbers online and encoding
counterfeit plastic cards. The other two suspects were arrested in
different hotels in Krakow on 22 January. Europol said the financial
data involved came mainly from the U.K., but a spokesperson informed to
online security magazine
SCMagazineUK.com
that they could not divulge about the UK card holders involved as “the
investigation is still ongoing.” The European cybercrime center was
created a year ago, and its role is to help to co-ordinate national
police forces targeting cyber criminals all over Europe.
Germany: Increase of Cyber Attacks
A
study conducted by the Federal Office for Information Security (BSI) in
Germany recorded 2,000 to 3,000 attacks on the German government
Internet domains per day. Some cyber-attacks are on such an advanced
technical level, the alleged offenders are suspected to be intelligence
services. Hundreds of thousands of computers in Germany are infiltrated
and potentially could be operated for cyber-attacks through so-called
bot networks by remote control, making computers used as tools for crime
without the knowledge of the actual owner. Many German companies
experience cyber-attacks; however, instead of reporting these offenses,
companies conceal them to avoid damage control.
The Federal
Criminal Police Office counted almost 64,000 cases of cyber-crime solely
in Germany, raising concerns with security experts. According to the
EU, more than a million people fall victim to cyber-attacks each day,
ranging from hacked bank transfers to digital blackmail to dispersal of
child pornography. At this point, the President of BSI Michael Hange
expressed the relevance to sensitize and educate the public in IT
security. The President of the Federal Academy for Security Politics
Hans-Dieter Hermann spoke about a confidence crisis and how European
states must realize their standards.
About the Cyber Intelligence Report:
This document was prepared by The Institute for National Security Studies (
INSS)
– Israel and The Cyber Security Forum Initiative (CSFI) – USA to create
better cyber situational awareness (Cyber SA) of the nature and scope
of threats and hazards to national security worldwide in the domains of
cyberspace and open source intelligence. It is provided to Federal,
State, Local, Tribal, Territorial and private sector officials to aid in
the identification and development of appropriate actions, priorities,
and follow-on measures. This product may contain U.S. person information
that has been deemed necessary for the intended recipient to
understand, assess, or act on the information provided. It should be
handled in accordance with the recipient’s intelligence oversight and/or
information handling procedures. Some content may be copyrighted. These
materials, including copyrighted materials, are intended for “fair use”
as permitted under Title 17, Section 107 of the United States Code
(“The Copyright Law”). Use of copyrighted material for unauthorized
purposes requires permission from the copyright owner. Any feedback
regarding this report or requests for changes to the distribution list
should be directed to the Open Source Enterprise via unclassified e-mail
at:
inssdcoi@gmail.com. CSFI and the
INSS would like to thank the Cyber Intelligence Analysts who worked on collecting and summarizing this report.
Apple Pay saw more than one million card activations within 72 hours of launch, reports NFC World, and is already the leading NFC payments player in the US, according to Apple CEO Tim Cook. Cook outlined future growth plans for the service at the WS Journal D Live conference this week, including a potential partnership with Chinese ecommerce giant Alibaba.
US pharmacy chains Rite Aid and CVS plan to launch their own CurrentC mobile payment service in 2015, and have stopped accepting NFC payments, blocking mobile payments services like Apple Pay, Google Wallet and Softcard.
Ovum’s research indicates that 53% of consumers globally report
they’ve either used or are interested in redeeming offers and coupons
with their handsets, while 44% have used or are interested using their
mobile device to pay for things in store and restaurants, explains
Gilles Ubaghs, Senior Analyst, Financial Services Technology at Ovum.
