CYBER-SECURITY : WEEKLY REPORT (August 23, 2017)

0
36

 

SUMMARY REMARKS

Cyberwar is looming large.  No time should be lost in renewing efforts for fresh negotiations to forge an international legal framework governing cybersecurity under the UN framework.  Previous negotiations that began thirteen years ago in 2004 have broken down in June this year due to disputes that pitted Russia, China and Cuba against western countries.  Experts from 25 countries, including India, participated in the discussions. The main dispute is centered around the right to self-defence in the face of cyber-attacks.

Cuban representative Miguel Rodriguez argued that recognizing self-defence rights in cyberspace would lead to militarization of cyberspace and “legitimize…unilateral punitive force actions, including application of sanctions and even military action by states claiming to be victims” of hacking attacks.  US representative Michele Markoff, on the other hand, charged that these countries “believe that they are free to act in or through cyberspace to achieve their political ends with no limits or constraints on their action.”

The distrust between the two groups is understandable in view of the prevailing diplomatic tensions over cyberattacks relating to alleged Russian involvement in influencing last year’s US presidential elections and American retaliatory sanctions. The US and China have their own share of differences over mutual allegations of cyber penetration.  WikiLeaks’ disclosures have not helped the US to take a moral lead in the matter.

The US, along with Israel, was the first to launch a concerted cyberattack against Iran using Stuxnet worm to slow down its nuclear program, which had a spill-over effect infecting over 100,000 computers worldwide before it could be stopped.  Iran retaliated by launching multiple waves of cyber-attacks against American banks and Saudi Aramco oil company.  Russia had its own cyber weapons sharpened against adversaries Ukraine, Latvia etc., not to talk of the US itself.

The havoc that cyberwar can cause has similar or rather higher proportions of impact than a nuclear attack using ICBMs but it still has not caught the imagination of the international community.  A nation’s military power can be incapacitated, financial transactions can be made to go awry, electricity and water supply can be cut off and so communications.  A state can be completely crippled before it realizes what is happening.

The UN, therefore, must resume the negotiations in view of enormous fall out of a cyberwar.  It is not easy to find a quick resolution to regulate cyberspace as it took several years to conclude similar agreements to regulate nuclear technology like START, NPT, CTBT, etc.  It is worth considering setting up a separate organization under the UN, like IAEA, as cyber space is to be monitored for compliance of any future agreements similar to nuclear weaponization.

It is not just the major powers and their proxies to be brought under regulation.  Silicon Valley corporations too are watching and recording every detail of activity of the people which in the end they intend to use to manipulate our behavior. They already earn vast sums of money from watching what we do online.  Soon, they will earn even more money from watching what we do offline.  Growing number of apps and devices thrust on us are going to facilitate such massive corporate surveillance both online and offline.

Hence, the people worldwide need to raise in one voice and demand greater democratic regulation of cyberspace and internet to ensure security of our data from corporate exploitation.  India is a shining example in protecting privacy of the people and protection of their data.  A nine-judge Constitution Bench of the Supreme Court unanimously ruled on August 24, 2017 that the right to privacy is intrinsic to life and liberty…and comes under the various fundamental freedoms in Part III of the Indian Constitution. The UN also must similarly extend Article 51 of its charter protecting the right of individual to cyber space and draw up general rules and guidelines for international compliance.

INTER-STATE CYBER-WARFARE

Dispute along cold war lines led to collapse of UN cyberwarfare talks

https://www.theguardian.com/world/2017/aug/23/un-cyberwarfare-negotiations-collapsed-in-june-it-emerges?utm_source=The+Sinocism+China+Newsletter&utm_campaign=f15813197c-EMAIL_CAMPAIGN_2017_08_23&utm_medium=email&utm_term=0_171f237867-f15813197c-29622273&mc_cid=f15813197c&mc_eid=a080463883  Thirteen years of negotiations at the United Nations aimed at restricting cyberwarfare collapsed in June, it has emerged, due to an acrimonious dispute that pitted Russia, China and Cuba against western countries. The split among legal and military experts at the UN, along old cold war lines, has reinforced distrust at a time of mounting diplomatic tension over cyber-attacks. At previous sessions, officials accepted that the principles of international law should apply to cyberspace, including the UN charter itself. Article 51 of the charter states that nothing shall “impair the right of individual or collective self-defence” in the face of an armed attack. Russia, China and Cuba raised objections, perhaps for the fear of “the west” dictating the rules of the game.

World’s tech leaders call on UN to ban killer robots

http://www.homelandsecuritynewswire.com/dr20170821-world-s-tech-leaders-call-on-un-to-ban-killer-robots?page=0,1  An open letter by 116 tech leaders from 26 countries urges the United Nations against opening the Pandora’s box of lethal robot weapons. The open letter is the first time that AI and robotics companies have taken a joint stance on the issue. “Lethal autonomous weapons threaten to become the third revolution in warfare,” the letter states. “Once developed, they will permit armed conflict to be fought at a scale greater than ever, and at timescales faster than humans can comprehend. These can be weapons of terror, weapons that despots and terrorists use against innocent populations, and weapons hacked to behave in undesirable ways. We do not have long to act.”

US Government Warns North Korean Cyber Attacks Continue

http://freebeacon.com/national-security/government-warns-north-korean-cyber-attacks-continue/?utm_source=Freedom+Mail&utm_campaign=432a0e3a21-EMAIL_CAMPAIGN_2017_08_23&utm_medium=email&utm_term=0_b5e6e0e9ea-432a0e3a21-38360125 The Department of Homeland Security and FBI issued a new warning on Wednesday that North Korean government hackers are continuing to target critical U.S. infrastructure for cyber attacks. The alert said the North Korean government is using the cyber tools to “target the media, aerospace, financial, and critical infrastructure sectors in the United States and globally.” The government warning followed a report by the California-based security firm Palo Alto Networks earlier this month indicating that North Korean hackers were targeting U.S. defense contractors. The North Korean botnet has been operating since 2009 and have compromised “a range of victims” that were not specified by the notice.

Cyberwar on Iran Won’t Work. Here’s Why.

http://www.defenseone.com/ideas/2017/08/cyberwar-iran-wont-work-heres-why/140369/?oref=defenseone_today_nl  The Iran nuclear deal is increasingly at risk with Trump threatening to declare Iran non-compliant with the accord.  However, he has no viable alternative better than the JCPOA.  Perhaps a more realistic concern is the prospect that the administration will nominally uphold the deal, while engaging in aggressive covert action against Iran. But a stepped-up cyber offensive against Iran is very unlikely to yield desirable results. Not only is it unlikely to be effective in its immediate objectives, but it risks antagonizing Iran into precisely the kinds of behavior the hawks want to forestall.

Android Spyware linked to Chinese SDK forces Google to boot 500 apps

https://threatpost.com/android-spyware-linked-to-chinese-sdk-forces-google-to-boot-500-apps/127585/ More than 500 Android mobile apps have been removed from Google Play after it was discovered that an embedded advertising SDK could be leveraged to quietly install spyware on devices. The SDK, called Igexin, was developed by a Chinese company and may have been used to install malware that could, among other things, exfiltrate logs from devices.

WikiLeaks Turned Down Leaks on Russian Government During U.S. Presidential Campaign

http://foreignpolicy.com/2017/08/17/wikileaks-turned-down-leaks-on-russian-government-during-u-s-presidential-campaign/  In the summer of 2016, as WikiLeaks was publishing documents from Democratic operatives allegedly obtained by Kremlin-directed hackers, Julian Assange turned down a large cache of documents related to the Russian government, according to chat messages and a source who provided the records. WikiLeaks declined to publish a wide-ranging trove of documents — at least 68 gigabytes of data — that came from inside the Russian Interior Ministry, according to partial chat logs reviewed by Foreign Policy.

Trump orders that U.S. Cyber Command receive new authority to conduct cyberwarfare

https://www.cyberscoop.com/trump-orders-u-s-cyber-command-receive-new-authority-conduct-cyberwarfare/  President Donald Trump announced Aug 18 that U.S. Cyber Command will be elevated to a unified combatant command, making it the 10th such organization with the operational authority to conduct military operations abroad under the purview of the secretary of Defense and the White House. Trump’s decision to elevate Cyber Command now requires that Secretary of Defense James Mattis conduct a review to determine whether Cyber Command should be separated from its Fort Meade neighbor and partner organization, the National Security Agency.

What the Announced NSA / Cyber Command Split Means

http://www.defenseone.com/technology/2017/08/what-announced-nsa-cyber-command-split-means/140362/?oref=gbb-newsletter  Cyberwar and cyber intelligence are diverging, as are Cyber Command and the NSA. The move to elevate Cyber Command to a full Unified Combatant Command and split it off from the National Security Agency or NSA shows that cyber intelligence collection and information war are rapidly diverging fields. “The decision means that Cyber Command will play an even more strategic role in synchronizing cyber forces and training, conducting and coordinating military cyberforce operations and advocating for and prioritizing cyber investments within the defence department,” said Kenneth Rapuano, assistant defense secretary for Homeland Defense and Global Security.

PRIVACY Vs CYBER-SECURITY

Privacy is a fundamental right under Article 21, rules Indian Supreme Court

http://www.thehindu.com/news/national/privacy-is-a-fundamental-right-under-article-21-rules-supreme-court/article19551224.ece?homepage=true  A nine-judge Constitution Bench of the Supreme Court, led by Chief Justice of India J.S. Khehar on August 24, 2017 ruled that the right to privacy is intrinsic to life and liberty, thus coming under Article 21, and comes under the various fundamental freedoms in PART III of the Indian Constitution. All the nine judges arrive at the same conclusion, though through different but concurring judgments, that right to privacy is intrinsic to right to life and liberty. The immediate effect of the judgment is on the government’s Aadhaar scheme (unique identity card) that collects personal details, biometrics to identify beneficiaries for accessing social benefits and government welfare scheme.

Silicon Valley siphons our data like oil. But the deepest drilling has just begun

https://www.theguardian.com/world/2017/aug/23/silicon-valley-big-data-extraction-amazon-whole-foods-facebook  Personal data is to the tech world what oil is to the fossil fuel industry. That’s why companies like Amazon and Facebook plan to dig deeper than we ever imagined. Amazon is going to expand Silicon Valley’s surveillance-based business model into physical space, and make money from monitoring everything we do. Companies harvest this data by observing as much of our online activity as they can. This activity might take the form of a Facebook like, a Google search, or even how long your mouse hovers in a particular part of your screen. Alone, these traces may not be particularly meaningful. By pairing them with those of millions of others, however, companies can discover patterns that help determine what kind of person you are – and what kind of things you might buy. These patterns are highly profitable.

CYBER-CRIME

A Hunt for Ways to Combat Online Radicalization

https://www.nytimes.com/2017/08/23/technology/a-hunt-for-ways-to-disrupt-the-work-of-online-radicalization.html?rref=collection%2Fsectioncollection%2Ftechnology&action=click&contentCollection=technology&region=rank&module=package&version=highlights&contentPlacement=1&pgtype=sectionfront  Law enforcement officials, technology companies and lawmakers have long tried to limit what they call the “radicalization” of young people over the internet. It isn’t just violent jihadists who benefit from the internet’s power to radicalize young people from afar. White supremacists are just as adept at it. Where the pre-internet Ku Klux Klan grew primarily from personal connections and word of mouth, today’s white supremacist groups have figured out a way to expertly use the internet to recruit and coordinate among a huge pool of potential racists. That became clear two weeks ago with the riots in Charlottesville, Va., which became a kind of watershed event for internet-addled racists.

Hackers Briefly Take Over HBO Twitter Accounts

https://www.nytimes.com/2017/08/17/business/media/hbo-hacking-twitter-game-of-thrones.html?module=WatchingPortal&region=c-column-middle-span-region&pgType=Homepage&action=click&mediaId=thumb_square&state=standard&contentPlacement=4&version=internal&contentCollection=www.nytimes.com&contentId=https%3A%2F%2Fwww.nytimes.com%2F2017%2F08%2F17%2Fbusiness%2Fmedia%2Fhbo-hacking-twitter-game-of-thrones.html&eventName=Watching-article-click  Several of HBO’s Twitter accounts were hacked late Wednesday night, raising further security concerns at a moment when the premium cable channel has been dealing with the sustained leaking of proprietary information.  A group that identified itself as OurMine infiltrated HBO’s main Twitter account and accounts for TV shows like “Game of Thrones” and “Girls.” In two tweets posted to several of HBO’s accounts, the hackers wrote “we are just testing your security” and “let’s make #HBOHacked trending!”  It did not last long. HBO appeared to have reclaimed control of the accounts and had deleted the hacker’s tweets within an hour of the breach

Game of Thrones: HBO hackers threaten leak of season finale

https://www.theguardian.com/technology/2017/aug/21/game-of-thrones-hbo-hackers-threaten-leak-of-season-finale  The hackers who compromised HBO’s network systems in July have threatened to leak the final two episodes of Game of Thrones. The “Mr Smith group” of hackers told tech site Mashable that it has access to “many HBO platforms” and that HBO should be “ready” for the leak of episode six, which aired on Sunday, and episode seven of its biggest hit immediately ahead of the show’s finale at the end of the week.

The cyber con ‘artists’ of Jharkhand’s Jamtara district

http://www.thehindu.com/news/national/other-states/the-cyber-con-artists-of-jamtara/article19476173.ece  Karmatar, a small town, has slowly emerged as the epicentre of cybercrime in the country. Many of its ”vishing” experts have never left town, but their reach spans the nation. Some police officers call the practice “phising” (phishing) but Jaya Roy, the Jamtara Superintendent of Police (SP), says it is actually “vishing”, gaining access to private financial information of a person by claiming to be calling on behalf of a bank or financial institution. She says the tricks which the local youth, mostly school and college dropouts, employ to dupe people are not very complicated.

This is when your business is most likely to get hit by malicious spam attacks

http://www.techrepublic.com/article/this-is-when-your-business-is-most-likely-to-get-hit-by-malicious-spam-attacks/?ftag=TREa988f1c&bhid=27547637924291379434650709219148  New research from IBM determined where, when, and how spammers are most likely to hit your company. Spammers are most active on Tuesdays, followed by Wednesdays and Thursdays. This is likely because Tuesdays are a key day for email marketing. They are the least active on Mondays and Fridays. Spam messages hike around 1 am ET, and drop around 4 pm ET, because spammers start off with targets in Europe before moving to those in the US. In terms of location, the top originator of spam in the past six months was India, followed by South America and China.

Business email compromise campaign harvesting credentials in numerous industries

https://threatpost.com/business-email-compromise-campaign-harvesting-credentials-in-numerous-industries/127601/ A business email compromise campaign emanating out of Western Africa is targeting companies in a wide swathe of industries, bucking a trend of these scams focusing wire fraud and targeting CEOs. The criminals are using phishing emails with links redirecting victims to sites designed to harvest corporate email credentials.  Researchers at Flashpoint said it’s likely one individual or a small group working together on each phase of attacks, which date back likely to before March and were still active as of August 8.

CYBER-SECURITY

Cybersecurity IT pros vs. policy wonks: How to bridge the communication gap

http://www.techrepublic.com/article/cybersecurity-it-pros-vs-policy-wonks-how-to-bridge-their-communication-gap/  IT pros and policymakers focusing on cybersecurity often don’t speak the same language and seem to be at odds with each other. Discover how these cybersecurity experts can find common ground. The first group, tech geeks, we know pretty well because they have been around for years. The other camp, cybersecurity policy wonks, is of more recent vintage. Not sure what they look like? They’re the lawyers, privacy advocates, think-tankers, policymakers, and governance types. We’d be better off if more coders, hackers, and tech professionals understood the current legal and policy environment for information security and privacy protection. In turn, lawmakers and DC policy types would benefit from seeing up close how “the cyber” looks from the perspective of those with fingers on the keyboard. Here are a few ideas.

100% of government IT workers said employees are biggest threat to cybersecurity

http://www.techrepublic.com/article/100-of-government-it-workers-said-employees-are-biggest-threat-to-cybersecurity/?ftag=TREa988f1c&bhid=27547637924291379434650709219148  The government sector lags behind others in implementing modern cybersecurity defenses, according to a new report from security firm Netwrix. This failure to update has led to an increase in breaches: 72% of government entities worldwide had their security compromised in 2016, the report found. And only 14% of government organizations consider themselves to be well-protected against cyber threats. However, the main threat is less nefarious than you may expect: Employees. A whopping 100% of IT specialists working for government agencies worldwide said they see employees as the biggest threat to security.

Google launches Chrome Enterprise with added security and Active Directory integration

http://www.techrepublic.com/article/google-launches-chrome-enterprise-with-added-security-and-active-directory-integration/?ftag=TRE684d531&bhid=27547637924291379434650709219148  Google announced Chrome Enterprise, a beefed-up offering of its Chrome OS that brings on-premises identity management through Microsoft Active Directory, endpoint management through VMware Workspace ONE, and a host of other features for business users.

New methods defeat cyberattacks on 3D printers

http://www.homelandsecuritynewswire.com/dr20170818-new-methods-defeat-cyberattacks-on-3d-printers  With cyberattacks on 3D printers likely to threaten health and safety, researchers at Rutgers University-New Brunswick and Georgia Institute of Technology have developed novel methods to combat them, according to a groundbreaking study. “They will be attractive targets because 3D-printed objects and parts are used in critical infrastructures around the world, and cyberattacks may cause failures in health care, transportation, robotics, aviation and space,” said Saman Aliari Zonouz, an associate professor .

Popular messaging apps: Encrypting is easy but authenticating is hard

http://www.homelandsecuritynewswire.com/dr20170817-popular-messaging-apps-encrypting-is-easy-but-authenticating-is-hard  Researchers at BYU have learned that most users of popular messaging apps Facebook Messenger, What’sApp and Viber are leaving themselves exposed to fraud or other hacking because they don’t know about or aren’t using important security options. Even though What’sApp and Viber encrypt messages by default, all three messaging apps also require what’s called an authentication ceremony to ensure true security. But because most users are unaware of the ceremony and its importance, “it is possible that a malicious third party or man-in-the middle attacker can eavesdrop on their conversations.

Industrial Cobots might be the next big IOT security

https://threatpost.com/industrial-cobots-might-be-the-next-big-iot-security-mess/127567/ Researchers at IOActive have found nearly 50 vulnerabilities in industrial collaborative robots, machines that work side-by-side with people in manufacturing and other settings, that can be abused to possibly cause physical harm to workers, or even configured to spy on their surroundings.

Facebook awards $100K to researchers for credential spearphishing detection method

https://threatpost.com/facebook-awards-100k-to-researchers-for-credential-spearphishing-detection-method/127559/ A group of researchers recently identified a real-time way to detect credential spearphishing attacks in enterprise settings.  Credential spearphishing attacks are far less expensive and easier to pull off than attachment-driven exploits. The attacks usually rely on a tricking a user into clicking through a deceptive email to an attacker’s site and entering credentials.The technique detected six known spearphishing attacks that succeeded and nine that failed. What makes the detector truly remarkable is its false positive rate, 0.004 percent.

Vendor exposes backup of Chicago voter roll via AWS bucket

https://threatpost.com/vendor-exposes-backup-of-chicago-voter-roll-via-aws-bucket/127538/ Voter registration data belonging to the entirety of Chicago’s electoral roll – 1.8 million records – was found a week ago in an Amazon Web Services bucket configured for public access.  The data was a backup stored in AWS by Election Systems & Software (ES&S), a voting machine and election management systems vendor based in Omaha, Ne.

It’s not exactly open season on the IOS secure Enclave

https://threatpost.com/its-not-exactly-open-season-on-the-ios-secure-enclave/127533/ The black box that is Apple’s iOS Secure Enclave may have been pried open, but that doesn’t necessarily mean it’s open season on iPhones and iPads worldwide. Public disclosure of the decryption key for the Secure Enclave Processor firmware does indeed allow white and black hats to poke and probe about for vulnerabilities.  And while finding a bug is one thing; exploiting it may be quite another.

LEAVE A REPLY