CYBER SECURITY – WEEKLY REPORT (July 26, 2017)

0
18

 

SUMMARY  REMARKS

In the race toward technological superiority in cyber security and warfare, China seems to have very clear strategic goals and is winning.  Beijing has laid out a development plan to become the world leader in Artificial Intelligence (AI) by 2030, aiming to surpass its rivals technologically and build a domestic industry worth almost $150 billion.  According to the policy paper released by the State Council, the world’s second-largest economy will be investing heavily to ensure its companies, government and military leap to the front of the pack in a technology many think will one day form the basis of computing.

The plan comes with China preparing a multibillion-dollar national investment initiative to support “moonshot” projects, start-ups and academic research in A.I. China launched a project in the city of Jinan, using `quantum cryptography’, to create a new “un-hackable” communications network. While taking huge strides developing technological applications that make internet secure, Beijing is also spreading its offensive reach not only to control domestic communications but also spy on international networks. A number of reports included in this week’s compilation give a glimpse of Chinese technological advances and spread of its spy network.

The Trump administration is drawing up its own cyber policy to prepare the country for aggressive action against foreign nations that hit the US with cyber-attacks, according to a White House policy maker.  Tom Bossert, assistant to the President for Homeland Security and Counterterrorism, said China, Russia, Iran and North Korea have not been deterred from conducting cyber-attacks and the new policy, to be released next month, will make hostile actors pay a steep price.  However, the intended policy is likely to remain `toothless’ as it is not backed by financial resources required.

The new appropriations for Homeland security for the fiscal 2018 remained at same level as previous year or reduced.  Rep. Dutch Ruppersberger stated, “We are drastically cutting the important cybersecurity and research & development work and shifting that money to fund a border wall.”  Added to this are deep internal political divisions, which are likely to further weaken the country’s resolve for a unified action.  For instance, a group of former intelligence officers, including NSA specialists, using forensic evidence questioned the assessment of Russia’s hacking of Democratic Party emails to influence elections last year.  They concluded that it was an insider hacking.

Russia is too bracing itself for a cyberwar, making both offensive and defensive preparations, according to a study published by Meduza.  Recent reports of the ability of cyber technologies to compromise systems in nuclear and other power generation plants, Moscow is strengthening its own defenses.  Financial constraints, however, would make Kremlin to depend on low-cost technologies combined with exploitation of information warfare to realize its strategic ambitions.

The unresolved crisis in the Gulf Cooperation Council, sparked by hacker attacks on Qatari media, demonstrate new capabilities being acquired by the regional countries for their strategic goals. American experts believe that the next conflagration might be sparked by Iran.  They said that Iran’s evolution in cybersecurity has been rapid. More recent Iranian operations have leveraged extensive reconnaissance of social media to successfully compromise American government organizations and critical infrastructure facilities.

It is hoped that India is preparing itself to face these challenges particularly from China, which is making rapid strides in creating new technologies that would revolutionize future warfare.

Meanwhile, in a coordinated operation, FBI, DEA and Europol have taken down the largest and third largest Dark Web market sites, `AlphaBay’ and `Hansa’, which sold, among other things, illegal drugs, arms, malware, and counterfeit documents; and provided illegal services. AlphaBay alone is estimated to have generated $1 billion in transactions since its inception in 2014. At takedown, there were over 350,000 listings for illegal drugs, goods, and services on AlphaBay. The dark web’s potential to anonymously arm criminals and terrorists, as well as vulnerable and fixated individuals, is “the most dangerous aspect.”  Sixty percent of weapons on sale on the “dark web” are from the United States.

INTER-STATE CYBER WARFARE

How the Russian government plans to protect the country from the coming cyberwar

https://meduza.io/en/feature/2017/07/19/moscow-s-cyber-defense?utm_source=email&utm_medium=briefly&utm_campaign=2017-07-20  Based on recent legislation and remarks by state officials, Russia is indeed bracing itself for a cyberwar, and it’s making both offensive and defensive preparations. Until recently, the government said almost nothing about the need to protect state websites and the nation’s critical infrastructure. Meduza published a detailed study on Russian cyber war preparations based on interviews with dozens of cybersecurity experts.

Trump Preparing Aggressive Response to Cyber Attacks

http://freebeacon.com/national-security/trump-preparing-aggressive-response-cyber-attacks/?utm_source=Freedom+Mail&utm_campaign=c8a34483aa-EMAIL_CAMPAIGN_2017_07_20&utm_medium=email&utm_term=0_b5e6e0e9ea-c8a34483aa-38360125  The Trump administration is preparing to conduct aggressive action against foreign nations that hit the United States with cyber attacks, a White House policymaker said Thursday.  Tom Bossert, assistant to the president for homeland security and counterterrorism, said China, Russia, Iran, and North Korea have not been deterred from conducting cyber attacks using the internet. The first step in a new cyber policy being drawn up by the White House is to better protect American infrastructure—such as the electrical grid and financial networks—from attack, Bossert told a security conference in Aspen, Col. The new policy, set to be unveiled by the White House next month, will seek to create cyber deterrence—making hostile actors pay a steep price for attacking through the cyber realm.

House panel signs off on $1.8B for DHS cyber office

http://thehill.com/policy/cybersecurity/342583-house-panel-signs-off-on-18-billion-for-dhs-cyber-office  House lawmakers on Tuesday advanced a spending measure that would provide roughly $1.8 billion in funding for a Department of Homeland Security (DHS) cyber unit.  The bill would allocate the money for the National Protection and Programs Directorate (NPPD), the DHS office tasked with securing critical infrastructure from cyber threats. NPPD, which is charged with protecting U.S. cyber and physical infrastructure, would receive nearly $1.4 billion to help secure civilian networks, prevent cyberattacks and espionage, and help modernize emergency communications infrastructure.

Intel Vets Challenge ‘Russia Hack’ Evidence

https://consortiumnews.com/2017/07/24/intel-vets-challenge-russia-hack-evidence/  In a memo to President Trump, a group of former U.S. intelligence officers, including NSA specialists, cite new forensic studies to challenge the claim of the key Jan. 6 “assessment” that Russia “hacked” Democratic emails last year.  Forensic studies of “Russian hacking” into Democratic National Committee computers last year reveal that on July 5, 2016, data was leaked (not hacked) by a person with physical access to DNC computers, and then doctored to incriminate Russia. After examining metadata from the “Guccifer 2.0” July 5, 2016 intrusion into the DNC server, independent cyber investigators have concluded that an insider copied DNC data onto an external storage device, and that “telltale signs” implicating Russia were then inserted.

WikiLeaks : Releases Raytheon-CIA documents

https://wikileaks.org/vault7/#UCL/Raytheon  WikiLeaks published on July 19 documents from CIA contractor Raytheon Blackbird Technologies for the “UMBRAGE Component Library” project.  They acted as a kind of “technology scout” for the Remote Development Branch of the CIA by analyzing malware attacks in the wild and giving recommendations to the CIA development teams for further investigation and PoC development for theirn own malware projects.

China set to launch an ‘unhackable’ internet communication

http://www.bbc.com/news/world-asia-40565722  As malicious hackers mount ever more sophisticated attacks, China is about to launch a new, “unhackable” communications network – at least in the sense that any attack on it would be quickly detected. The technology it has turned to is quantum cryptography, a radical break from the traditional encryption methods around. The Chinese project in the city of Jinan has been touted as a milestone by state media. In the Jinan network, some 200 users from the military, government, finance and electricity sectors will be able to send messages safe in the knowledge that only they are reading them.  China’s push in quantum communication means the country is taking huge strides developing applications that might make the increasingly vulnerable internet more secure.

China Toys with an Internet Lockdown

https://www.wsj.com/articles/china-toys-with-an-internet-lockdown-1500980579  President Xi Jinping has taken Chinese politics back to pre-Internet days of Maoist orthodoxy, when the country sealed itself off from the global economy. His cardinal principle is “internet sovereignty.” The question is whether his administration is ready to take that all the way to absolute digital control. China deploys a fierce array of censorship tools and methods to keep its Great Firewall in place. The one crack is a technology called VPN, or virtual private network, that circumvents the controls by connecting users to servers outside China. Authorities have shut dozens of VPNs this year. This month, the Ministry of Industry and Information Technology denied a Bloomberg report that it had ordered telecom carriers to bar all personal VPNs, such as those used by many small and midsize businesses.

Chinese Android Spyware still collects PII despite outcry

https://threatpost.com/android-sypware-still-collects-pii-despite-outcry/127042/  Shanghai Adups Technology Co. was roundly criticized on July 25 during a Black Hat session in Las Vegas for continuing to use spyware called Adups on at least two Android handset makers’ phones.  Researchers said the company was still collecting personal identifiable information without user consent despite coming under fire for the practice last year.  Ryan Johnson, research engineer and cofounder of Kryptowire, who was part of the original team that found the spyware, told attendee Adups was still sending user data back to the company’s China-based servers as recently as May.

The Iranian Cyberthreat Is Real

http://foreignpolicy.com/2017/07/26/the-iranian-cyberthreat-is-real/  While internal GCC differences over Iran are a key driver of the current crisis, the next conflagration might be sparked by Tehran itself. Iran is capable of causing a lot of havoc through cyberspace. Moving from web defacements and crude censorship in the early 2000s, through sophisticated internal information controls and sustained espionage campaigns, to complex multistage attacks today, Iran’s evolution in cybersecurity has been rapid. More recent Iranian operations have leveraged extensive reconnaissance of social media to successfully compromise American government organizations and critical infrastructure facilities.

CYBER TERRORISM

Chinese residents being forced to install spyware on their mobile phones

http://www.business-standard.com/article/international/chinese-residents-being-forced-to-install-spyware-on-their-mobile-phones-117072500341_1.html   Residents of Xinjiang, an ethnic minority region of western China, are being forced to install spyware on their mobile phones.  On July 10, mobile phone users in the Tianshan District of Urumqi City received a mobile phone notification from the district government instructing them to install a surveillance application called Jingwang (or “Web Cleansing”). The message said the app was intended to “prevent [them] from accessing terrorist information.”  But authorities may be using the app for more than just counter-terrorism.

Telegram blocks ‘terror’ content after Indonesia threat

http://www.aljazeera.com/news/2017/07/telegram-blocks-terror-content-indonesia-threat-170716041113324.html   The encrypted messaging company Telegram says it is forming a team of moderators who are familiar with Indonesian culture and language so it can remove “terrorist-related content” faster.  The announcement comes after Indonesia limited access to the app and threatened a total ban.  Indonesia’s Ministry of Communications and Information Technology on Friday said it was preparing for the total closure of Telegram in Indonesia, where it has several million users, if it did not develop procedures to block unlawful content.

Global network of ‘hunters’ aim to take down terrorists on the internet

https://www.theguardian.com/technology/2017/jul/21/global-network-hunters-against-terrorists-on-the-internet  Group of volunteers obsessively tracks and reports Isis’s most prominent recruiters and propagandists, and tries to block the spread of their propaganda. The Hellfire Club is made up of about a dozen members based in the US, Europe, Middle East and Indonesia who communicate via a private Twitter group. These hunters plug a gap in social media companies’ ability to keep terrorists off their networks by obsessively tracking and reporting Isis’s most prominent recruiters and propagandists across private messaging apps like Telegram and WhatsApp and public networks like Twitter, Facebook and YouTube. Some of them also provide valuable tip-offs of credible threats to law enforcement.

CYBER CRIME

Takedown of Dark Web Market Giants AlphaBay and Hansa: Europol ED Wainwright

https://cchs.gwu.edu/sites/cchs.gwu.edu/files/Europol-Wainwright-QA-July2017.pdf FBI, DEA, Europol announced last week of a coordinated takedown of the Dark Web market giants AlphaBay and Hansa, the largest and third largest criminal sites. The two sites that were seized in this case sold, among other things, illegal drugs, malware, and counterfeit documents; and provided illegal services. AlphaBay alone is estimated to have generated $1 billion (USD) in transactions since its inception in 2014. At takedown, there were over 350,000 listings for illegal drugs, goods, and services on AlphaBay. By comparison, the Silk Road (Dark Web) marketplace seized in 2013 had just 14,000 listings. Europol’s Executive Director Robert Wainwright spoke of the lessons and implications for cyber-policing.

U.S. weapons main source of trade in illegal arms on the Dark Web

http://www.homelandsecuritynewswire.com/dr20170726-u-s-weapons-main-source-of-trade-in-illegal-arms-on-the-dark-web?page=0,1  New report, based on first-ever study, looks at the size and scope of the illegal arms trade on the dark web. European purchases of weapons on the dark web generate estimated revenues five times higher than the U.S. purchases. The dark web’s potential to anonymously arm criminals and terrorists, as well as vulnerable and fixated individuals, is “the most dangerous aspect.”  Sixty percent of weapons on sale on the “dark web” are from the United States, according to a new study – Behind the Curtain: the illicit trade of firearms, explosives and ammunition on the dark web.

Dark Web sold drugs to hundreds of thousands of customers

http://www.independent.co.uk/life-style/gadgets-and-tech/news/dark-web-us-government-alphabay-hansa-marketplace-down-not-working-offline-shutdown-a7851321.html  The world’s biggest drugs marketplace on the dark web has been shut down, the US Justice Department has said.  The marketplace AlphaBay had allowed hundreds of thousands of people to buy illegal drugs, said attorney general Jeff Sessions. When it was up, it sold drugs to more than 40,000 vendors that supplies more than 200,000 clients, law enforcement officials said. Dealers were able to buy drugs like fentanyl and heroin by using a technology called Tor, which allows people to browse anonymously and was originally created to avoid surveillance.

Founder of the Dark Web AlphaBay arrested, committed suicide in jail

https://www.nytimes.com/2017/07/20/business/dealbook/alphabay-dark-web-opioids.html?hpw&rref=technology&action=click&pgtype=Homepage&module=well-region&region=bottom-well&WT.nav=bottom-well  AlphaBay, the largest so-called dark net market, was taken down in early July at the same time the authorities arrested the reported founder of the site, Alexandre Cazes, a Canadian man who was living in Bangkok. Mr. Cazes committed suicide in his jail cell shortly after he was arrested, the authorities said on Thursday. He was 25 years old.

Hacker admits to Mirai attack against Deutsche Telekom

https://threatpost.com/hacker-admits-to-mirai-attack-against-deutsche-telekom/127001/  A hacker that goes by the name “BestBuy” admitted to a German court that he was behind an attack last year that knocked close to 1 million customers of German ISP Deutsche Telekom offline.  The suspect is a 29-year old British man who is only identified as “Daniel K.”  He was arrested Feb 22 by the British National Crime Agency at the request of Germany’s Federal Criminal Police Office.  German media is reporting that Daniel K. was allegedly paid about $10,000 by a Liberian telecommunications firm to carry out the DDoS attack against competitors.

One cybercrime in India every 10 minutes

http://timesofindia.indiatimes.com/india/one-cybercrime-in-india-every-10-minutes/articleshow/59707605.cms  From the global ransomware attacks that hit hundreds of systems to phishing and scanning rackets, at least one cybercrime was reported every 10 minutes in India in the first six months of 2017. That’s higher than a crime every 12 minutes in 2016. According to the Indian Computer Emergency Response Team (CERT-In), 27,482 cases of cybercrime were reported from January to June. These include phishing, scanning or probing, site intrusions, defacements, virus or malicious code, ransomware and denial-of-service attacks.

Maharashtra to seek Interpol help to learn how foreign agencies probe cyber attacks

http://indianexpress.com/article/india/maharashtra-to-seek-interpol-help-to-learn-how-foreign-agencies-probe-cyber-attacks-4764129/  After A spate of cyber attacks which affected systems in many countries including India, the Maharashtra Cyber Cell plans to approach Interpol to find out how its overseas counterparts are investigating such cases. The Maharashtra Police has registered three FIRs in cyber attack cases over the past few months. The Maharashtra Cyber Cell has now issued an advisory asking organisations to adopt secure software for their work. The advisory has been sent to stakeholders in the health and defence establishments, banking, the state secretariat and other critical establishment, government organisations and even private companies.

Rehab camp aims to put young cyber-crooks on right track

http://www.bbc.com/news/technology-40629887  Teenagers caught carrying out hacking and cyber-attacks could soon be attending a rehab camp that aims to divert them away from a life of crime.  The first weekend camp for offenders was held in Bristol this month as part of the National Crime Agency’s (NCA) work with young computer criminals.  Attendees learned about responsible use of cyber-skills and got advice about careers in computer security. If the trial proves successful, it will be rolled out across the UK.

Cybercrime fighting tool moves from government to private sector

http://www.homelandsecuritynewswire.com/dr20170725-cybercrime-fighting-tool-moves-from-government-to-private-sector  Some Department of Energy facilities experience thousands of attempted cyberattacks every day. But the FLOWER software app, developed and patented by DOE’s Pacific Northwest National Laboratory, has been used by other tools and cyber analysts to detect, deter, and mitigate coordinated attacks. Now, FLOWER has been licensed to zSofTech Solutions of Atlanta, which provides its clients software resources in the areas of cybersecurity, data analytics, artificial intelligence and Infrastructure and Cloud management.

“Stalking software”: Surveillance made simpler

http://www.homelandsecuritynewswire.com/dr20170726-stalking-software-surveillance-made-simpler  The controversial Snap Map app enables Snapchat users to track their friends. The app makes it possible for users to monitor their friends’ movements, and determine – in real time – exactly where their posts are coming from (down to the address). Many social media users expressed their indignation, referring to the app as “stalking software.” This is the latest in a series of monitoring tools to be built on social media platforms. A new study assesses the benefits and risks associated with their use.

ARTIFICIAL INTELLIGENCE & OTHER NEW TECHNOLOGIES

Beijing Wants A.I. to Be Made in China by 2030

https://www.nytimes.com/2017/07/20/business/china-artificial-intelligence.html?rref=collection%2Fsectioncollection%2Ftechnology&action=click&contentCollection=technology&region=rank&module=package&version=highlights&contentPlacement=1&pgtype=sectionfront  If Beijing has its way, the future of artificial intelligence will be made in China. The country laid out a development plan on Thursday to become the world leader in A.I. by 2030, aiming to surpass its rivals technologically and build a domestic industry worth almost $150 billion. Released by the State Council, the policy is a statement of intent from the top rungs of China’s government: The world’s second-largest economy will be investing heavily to ensure its companies, government and military leap to the front of the pack in a technology many think will one day form the basis of computing. The plan comes with China preparing a multibillion-dollar national investment initiative to support “moonshot” projects, start-ups and academic research in A.I., according to two professors who consulted with the government about the effort.

New Microsoft cloud service uses AI to find bugs in your code

http://www.techrepublic.com/article/new-microsoft-cloud-services-uses-ai-to-find-bugs-in-your-code/?ftag=TREa988f1c&bhid=27547637924291379434650709219148  Microsoft Security Risk Detection, made publicly available Friday, uses artificial intelligence (AI) to help software developers find bugs in their code and other vulnerabilities. The cloud-based tool, previously known as Project Springfield, is meant to complement the work being done by developers and security experts, according to a blog post. Microsoft’s David Molnar, who leads the group behind Microsoft Security Risk Detection, said in the post that the tool performs fuzz testing, a QA method for finding buggy code and security problems. As more and more software is developed, the need for this testing grows, and becomes hard to manage.

AI and the SMB: Four Strategic Trends to Embrace Right Now

http://www.huffingtonpost.com/entry/ai-and-the-smb-four-strategic-trends-to-embrace-right_us_5978aaace4b0c6616f7ce6af Thought leaders in the field of artificial intelligence (AI) have been weighing in lately on what impact AI will have in the business world. We’ve all seen the IBM Watson commercials, and the possibilities around this amazing technology are intriguing. Yet looking at this from the point of view of the typical small or medium-size business owner raises some more questions. Specifically, can AI help SMBs get better at creating and marketing their brands? A 2016 survey by Demandbase indicates that this question is already relevant. The study found that more than eight out of 10 marketing executives believed that AI would revolutionize marketing by 2020….and that’s only three years away.

Artificial Intelligence in banking: you ain’t seen nothing yet

http://www.ibtimes.co.uk/artificial-intelligence-banking-you-aint-seen-nothing-yet-1631901 Banks have been slow to adopt Artificial Intelligence technology, but it could transform the way we run our finances. Temenos’s Todd Winship explores what it will be like to bank with a bot. One recent survey suggests that AI will be the primary way in which banks interact with their customers within three years. Forward-thinking institutions are already launching more sophisticated chatbots. These include Swedbank’s Nina, which deals with more than 30,000 queries per month, while RBS is testing Luvo, a bot with a “warm and human-like personality”, according to the bank.

Grasping how neural nets work

http://www.livemint.com/Technology/EiyBAqJDt1dxp5EmLcnEOO/Grasping-how-neural-nets-decide.html If research and advisory firm Gartner Inc. is right in its forecast, Artificial Intelligence (AI) technologies will become pervasive in almost every new software product and service by the year 2020. The growth in AI, broadly a set of computational technologies and methodologies aimed at helping machines emulate human intelligence, is being driven primarily by sophisticated algorithms, the availability of huge data sets, greater computing power, and advances in machine learning as well as deep learning.

Chatbots should be experts, not virtual assistants

http://www.information-age.com/chatbots-experts-not-virtual-assistants-123467493/ The introduction of Amazon Echo and Google Home is helping the Chatbot crossover into the mainstream, heralding a new era for the technology. However, while they have grand ambitions of offering 360-degree personal assistant support to consumers, the current limits of the technology mean they still fall short of being able to complete more complex tasks. Sure, Alexa and Siri can tell you the weather, play your favourite Spotify playlist, search the internet on your behalf, and manage your diary – but ask them to book you a ticket on the next train home, order an Uber, or tell you your bank balance and they’re stumped. But, why?

The secret to Google’s rock-solid security is now commercially available

http://www.techrepublic.com/article/perimeter-based-security-is-broken-heres-how-to-fix-it/?ftag=TREa988f1c&bhid=27547637924291379434650709219148  A new startup aims to commercialize a security approach birthed at Google. While not an open source project, the concept of zero trust security was surfaced by Google and now provides the foundation for startup ScaleFT, which just raised $2 million in seed funding from Fuel Capital. What excites about ScaleFT is that they understand we can’t win the perimeter defense way. Perimeter will always have holes. We need to flip the security paradigm on its head. The perimeter security model is like Windows patching. You just keep patching, like chasing a dog’s tail. Bad guys are always ahead. Zero trust is a fundamentally better way of doing security. The fact that this is based on Google and how they run their own security is the best validation you can get.

VULNERABILITIES / PATCHES

iCloud Keychain encryption bug exposes iOS passwords, credit card numbers

http://www.techrepublic.com/article/icloud-keychain-encryption-bug-exposes-ios-passwords-credit-card-numbers/?ftag=TREa988f1c&bhid=27547637924291379434650709219148  A largely unreported iOS security flaw undermined iCloud’s end-to-end encryption capability, and could have allowed attackers to steal passwords, credit cards, and any other information on file, according to security firm Longterm Security.  iCloud Keychain enables users to store passwords and credit card numbers across all of their devices, while iCloud Keychain Sync allows users to share this information securely between devices. The security flaw was found in iCloud Keychain Sync’s custom Off-The-Record (OTR) implementation, Longterm Security co-founder Alex Radocea wrote in a blog post.  The flaw was addressed in the iOS 10.3 update—demonstrating again why it’s important to stay on top of updating your device.

RESEARCH / SURVEYS

Indian firms value scaling encryption, lag in adoption: study

http://www.livemint.com/Technology/q79bVjCNFzAgnzzMHG8afP/Indian-firms-value-scaling-encryption-lag-in-adoption-stud.html Indian information technology (IT) firms value scaling of data encryption but lag in adoption of the technology compared to the global average, says a study commissioned by French security technology firm Thales. “95% of organisations in India valued scalability for encryption solutions, which was much higher than any other country, global average of 29%,” the Global Encryption Trend study said. However, it found that 82% of organisations in India covered in the study embrace some type of encryption strategy while global average is of 86%.  This study is a call to action for organisations in India to strengthen their security position with strong data security and encryption plans in order to secure sensitive data and adhere to risk and compliance best practices and regulations.

NSA funds cybersecurity project to bolster security of cloud-based computing

http://www.homelandsecuritynewswire.com/dr20170720-nsa-funds-cybersecurity-project-to-bolster-security-of-cloudbased-computing  A University of Arkansas at Little Rock researcher has received funding from the U.S. National Security Agency (NSA) to improve cybersecurity skills for students and the general population. The cybersecurity lab project, “Networking and Network Security in the Cloud (NetSiC),” will address issues related to cloud-based computing environments and help students practice networking and cyber defense skills. This project is unique because it allows students to conduct networking and security practices in a computing cloud they choose, and the developed software will be free to use.

LEAVE A REPLY