UNCLASSIFIED. Executive Cyber Intelligence Bi-Weekly Report by INSS-CSFI. April 1st, 2015

Transcription

1 UNCLASSIFIED Executive Cyber Intelligence Bi-Weekly Report by INSS-CSFI April 1st, 2015 This document was prepared by The Institute for National Security Studies (INSS) Israel and The Cyber Security Forum Initiative (CSFI) USA to create better cyber situational awareness (Cyber SA) of the nature and scope of threats and hazards to national security worldwide in the domains of cyberspace and open source intelligence. It is provided to Federal, State, Local, Tribal, Territorial and private sector officials to aid in the identification and development of appropriate actions, priorities, and follow-on measures. This product may contain US person information that has been deemed necessary for the intended recipient to understand, assess, or act on the information provided. It should be handled in accordance with the recipient's intelligence oversight and/or information handling procedures. Some content may be copyrighted. These materials, including copyrighted materials, are intended for "fair use" as permitted under Title 17, Section 107 of the United States Code ("The Copyright Law"). Use of copyrighted material for unauthorized purposes requires permission from the copyright owner. Any feedback regarding this report or requests for changes to the distribution list should be directed to the Open Source Enterprise via unclassified at: CSFI and the INSS would like to thank the Cyber Intelligence Analysts who worked on collecting and summarizing this report. 1

2 ISRAEL New cyber regulation for Israeli Central Bank The supervisor of the Israel Central Bank issued new regulations in regards to Cyber Defense Management for banking corporations and credit card companies. The regulations specify that corporations must place effective management on cyberrelated risks against them and enhance their existing information security capabilities in order to better deal with cyber threats. Each corporation is expected to establish a cyber defense program in accordance with the specific nature of their activities and risk profile. The regulations define principles and frameworks to cyber defense, while providing corporations leeway in how to implement the new framework. According to the Cyber Defense Management, banking corporations need to appoint an adequately qualified senior employee to serve as cyber defense manager. These new regulations in cyber are part of the increased preparedness by the Israeli government occurring in cyber threats, as expressed by the establishment of a national authority for cyber defense and the new cyber command within the Israel Defense Force (IDF). Lockheed Martin and Israeli Ministry of Education cooperate in enriching cyber defense programs The American company Lockheed Martin and the Israeli Ministry of Education will cooperate in enriching the cyber defense programs in the Israeli education system. As part of the project, cyber experts from Lockheed Martin and the University of Maryland will be incorporated into the education system in order to enlarge the number of Israeli teachers in the fields of computer science and cyber defense. The project will be supervised by the national cyber headquarter established in the Prime Minister s Office of Israel. Israeli cyber researchers announce new way to hack computers without internet connection Researchers from the cyber security center at Ben-Gurion University found a new system to hack computers with no hardline or internet connection. The new system, named BitWisper works on heat waves created by the computers. Those heat waves are being converted into linear signals, which create a way to communicate without using any special hardware. The BitWisper system can create a bridge between two computers. The created bridge can be used for communication or for planting malware and viruses. It also can establish a bridge for hacking and stealing information from stand-alone computers and closed networks. This feature can be useful for hacking into top-secret closed-networks, such as intelligence agencies and military. A former system for connecting computers was announced in the past; however, it used a special radio transmitter product, while the BitWisper uses no special hardware only with the computer sensors. Anonymous announced OpIsrael as Electronic Holocaust In their latest video, the hackers group Anonymous announced a new operation against Israel OpIsrael. In the video, the Anonymous masked presenter called for an attack on Israel as a response to operation Protective Edge, which occured last summer. Since that operation, Anonymous is devoted to attack and hit Israel s defenses, such as cyber security systems and the Iron Dome system. The attack is planned for April 7th and has been announced by the group to be an Electric Holocaust. 2

3 USA Taiwan seeks to establish strong cyber security connections with the US Taiwan wishes to join a massive cyber security drill known as Cyber Storm as part of seeking ways to create strong cyber connections with the US in order to protect the country from cyber-attacks. Taiwan is being threatened by no country in the world besides China, said Simon Chang, a former director of Asia hardware operations for internet giant Google Inc. in 2013, Taiwan invited the US to participate in a mock cyber drill that it held and wishes now to be invited by the US to participate in the biennial Cyber Storm drill. In East-Asia, Taiwan is the country victimized by cyber-attacks the most, and Chang emphasizes the idea that China s cyber army regularly uses Taiwan as a testing ground for its most advanced attacks. House intel leaders unveil cyber security bill Leaders of the House Intelligence Committee unveiled a bipartisan bill Tuesday that would make it easier for private companies to share cyber- hreat information with the government to thwart attacks by hackers. The bill contains stronger privacy protections than previous legislation, said Chairman Devin Nunes, R-Calif., and Rep. Adam Schiff, D-Calif., who introduced the bill and have scheduled a committee vote for Thursday. We're trying to do everything we can to protect civil liberties while protecting our cyber networks, Nunes said at a press briefing. The Protecting Cyber Networks Act specifically states that it does not authorize the Department of Defense, the National Security Agency, or any other part of the intelligence community to target a person for surveillance. Instead, the bill aims to give government agencies the ability to see how a hack occurred and take action to prevent more attacks. Companies would report cyber threats to civilian agencies rather than to the NSA or the Defense Department. The NSA, which is part of the Defense Department, is viewed with suspicion by privacy advocates because of its mass collection of the phone records of millions of Americans. The bill also makes the federal government liable for violations of privacy and civil liberties and allows citizens who believe their privacy has been violated to seek damages from the government in court. Nunes said the bill could reach the House floor in April. RUSSIA Kaspersky Lab may have relations with Russia's Federal Security Service (FSB) One of the biggest world anti-virus firm, Kaspersky Lab, may go beyond antivirus software, but it is also thought to operate espionage software on behalf of Russian security agencies and have ties to Russia s Federal Security Service (FSB), the successor to the Soviet KGB, according to a report published by Bloomberg. Kaspersky Lab apparently sells security software, including antivirus programs recommended by bigbox stores and other US PC retailers. The Moscow-based company ranks sixth in revenue among security-software suppliers. As Bloomberg reported in February, almost every computer is secured with Kaspersky's software. Kaspersky Lab permanently releases its security updates and reposts on alleged electronic espionage by the US, Israel, and the UK, but it has yet to look at Russia. Eugene Kaspersky, CEO 3

4 of Kaspersky Lab, dismissed these new claims. The Bloomberg report cited six unidentified former and current employees of Russian security agencies working at Kaspersky Labs. ARAB COUNTRIES Iran building cyber threat faster than nuclear threat In the last two years, Iran has invested in building a cyber army capable of taking down global infrastructure. Since President Hassan Rouhani began his term, the cyber security budget grew to almost 20 million dollars. After the American computer worm Stuxnet ruined one-fifth of the country s nuclear ability, Iran shifted its cyber ability. Only 5 months after this attack, Iran trained 1,500 cyber warriors. Cyber security and hacking has become an emerging industry in Iran, which is why many Iranian students are choosing to study computer network defense, exploitation, and warfare in high school and college. During their studies, they are offered internships with notorious Iranian hacker groups, who they then go on to work for after they graduate. ISIS posted information about military personnel 100 military members were notified that the Islamic State (ISIS) posted their names and addresses on the Internet. The group that identified themselves as the Islamic state hacking division encouraged Muslims in the US to kill the military members in their homeland. The Department of Defense released the following statement: The army is coordinating efforts with the Department of Defense as we work to determine the validity of any potential threats. In the meantime, our Criminal Investigative Division is working with the Federal Bureau of Investigation and has provided the information to local units, and, as always, we encourage soldiers to take prudent measures to limit the sharing of personal information online. In the release, ISIS was able to release the military personnel full names, ranks, and personal addresses. CHINA and APAC China reveals its cyberwar cecrets The People s Liberation Army for the first time acknowledged the existence of cyber units capable of launching attacks and not just to protect domestic networks as officials have long maintained. The acknowledgment came in the newest (2013) update to the PLA s The Science of Military Strategy. Beijing has previously denied US accusations of state-sponsored hacking notably last year when the Department of Justice pressed charges against five PLA officials for economic cyberespionage. It appears China dropped the charade. This is the first time we ve seen an explicit acknowledgement of the existence of China s secretive cyber warfare forces from the Chinese side, says Joe McReynolds, who researches the country s network warfare strategy, doctrine, and capabilities at the Center for Intelligence Research and Analysis. It means that the Chinese have discarded their fig leaf of quasi-plausible deniability, McReynolds said. As recently as 2013, official PLA [People s Liberation Army] publications have issued blanket denials such as, The Chinese military has never supported any hacker attack or hacking activities. They cannot make that claim anymore. When asked, the Chinese as recently as a month ago denied they had a cyber command, James Lewis, a senior fellow at the Center for Strategic Studies and a 4

5 leading expert on China s cyber capabilities explained. Lewis said the new revelations will not come as earth-shattering to analysts and experts who closely follow statements by Chinese officials because we all assumed they were lying. McReynolds said China has dedicated cyber units operating in both the military and the civilian sphere. The report, published by the Daily Beast, goes on to state that China has specialized military network warfare forces for carrying out both offensive and defensive cyber operations and its organizations such as Ministry of State Security and the Ministry of Public Security are authorized by the military to carry out network warfare operations. The Chinese Army earlier revealed the existence of a 30 member Blue Army. The Blue Army s main target is self-defense. We won t initiate an attack on anyone, a senior PLA official insisted when news of the unit s existence broke. EUROPE France is changing its electronic surveillance legislation in order to improve counter terrorism The French Prime Minister, Manuel Valls, recently introduced a new legislation aiming to increase its electronic surveillance program. This new legislation would allow the French intelligence services to intercept and analyze any French citizen phone, cell phone conversations, and s. During a press conference Prime Minister Manuel Valls hoped this new legislation would be voted on soon, as it is pending a debate in the country s National Assembly. Furthermore, he declared: Legal means of action but no exceptional measures or widespread surveillance of civilians. The new legislation is countering French nationals encouraging jihad and committing terrorist attacks after the occurrence against the satiric French newspaper Charlie Hebdo in January According to the French authorities, around 1,900 French citizens are affiliated to jihadist networks in France or abroad. Furthermore, the Prime Minister added that 770 of them have already fought or are currently fighting alongside jihadist militants in Iraq, Syria, and other Muslim countries. This new surveillance legislation is actually the culmination of a project started before the rise of the communication technologies. With this new legislation, France will follow the United States and their Patriot Act, which has been modified for the same reasons after 9/11. Today with human intelligence, the electronic surveillance is one of the best methods to track jihadists and extremists. Technologies employed by intelligence services such as phone tracking, signal, and cyber intelligence appear to be the best solutions due to the number of jihadist supporters using smartphones and social networks. UK launching national cyber recruitment program The UK government recently announced the launch of a national cyber recruitment program to find new talent. The program, named Cyber First, is designed to find and train the next generation of cyber experts in order to protect UK cyberspace and critical infrastructures. According to the government, Cyber First is a preliminary sponsorship system designed to identify, recruit, and train those having the right skills for cyber security positions. In order to look for new talent, this program has been based on several initiatives such as the Cyber Security Challenge Schools Program and national mathematics competitions. The Cyber First program will offer scholarships to students who want to study subjects like mathematics, science, engineering, and technology at undergraduate level. The UK government declared this experimental 5

6 program is aiming to recruit 20 new talents who will receive 4,000 of funding each. According to the head of the UK intelligence communication agency GCHQ, Robert Hannigan, Cyber First will help UK protect it assets. The world leading young people we support through Cyber First will help protect the UK from the growing tide of cyberattacks and cybercrime. This new program is a great chance for public and private sectors to recruit new cyber experts, since UK government and businesses have claimed difficulties recruiting cyber security experts in recent years. With this new initiative, UK is without a doubt the most advanced country in Europe in terms or cyber security. In recent years, the United Kingdom invested a substantial budget to develop its cyber defense industry. Despite this, the United Kingdom created several cyber security programs in British universities; organized national cyber-attacks simulations and strengthens their international cooperation. 6