ICD Brief 99.
04.09.2018.-09.09.2018.
Ninety-nine editions ago our mission was to report on the cyber global progress from plans to execution. It was frustratingly thin.
No longer the case! In two years, the global community shares similar progress and problems: cyber-crime, espionage and hacking attacks; prosecution of cyber spies and criminals; building public awareness, engagement and cyber talent pools; cyber legislation and secure systems and exploding markets for innovation and novel multi stakeholder partnerships.
ICD Reader David Pittfield shares a report on one state’s outrage at the espionage by another and asks: “Am I missing something? Everyone is spying.”
What do you think? Drop us a line at acbader@protonmail.com.
Here’s a sampling:
Featured: Beyond the Cyber Leviathan: White Hats and U.S. Cyber DefenseWar on the Rocks by Nina Kollars
- DHS secretary cites cyber ‘pandemic’ in call for Congress to pass stalled legislation | TheHill
- How US authorities tracked down the North Korean hacker behind WannaCry | ZDNet
- NIST’s Next Framework Focuses on Protecting Consumers’ Privacy – Nextgov
- Russian accused of hacking the data of 80 million people extradited to US CNNPolitics
- France accuses Russia of trying to spy on Franco-Italian military satellite
- German spy chief warning on ‘sleeper’ cyber sabotage – Finance – Security – iTnews
- Iran Targeting Israelis with Fake News Sites Cybersecurity Firm Warns
- Beer Sheva: The next Silicon Valley of Asia BLITZ
- Ukraine, Turkey agree on cooperation in fight against terrorism, cyber threats – 112.international
- Russians hacked Catholic, Orthodox clergy amid Ukrainian push for autocephaly
- Elite Flying Squad detectives use old school methods to catch cyber criminals, says Met The Telegraph
USA
How US Authorities Tracked Down the North Korean Hacker Behind WannaCry
“On September 6, the US Department of Justice formally charged a North Korean programmer for some of the biggest cyber-attacks in recent years. According to a 179-page DOJ indictment, the US believes that Park Jin Hyok, a 34-year-old North Korean, is one of the many individuals behind a long string of malware attacks and intrusions, such as:
- The WannaCry ransomware outbreak of 2017;
- Attempts of hacking US defense contractor Lockheed Martin in 2016;
- The 2016 Bangladesh Central Bank cyber-heist;
- The breach at Sony Pictures Entertainment in 2014;
- Breaches at US movie theatre chains AMC Theatres and Mammoth Screen in 2014;
- A long string of hacks of South Korean news media organizations, banks, and military entities across several years, and;
- Hacks of banks all over the world from 2015 through 2018.”
DHS Secretary Cites Cyber ‘Pandemic’ in Call for Congress to Pass Stalled Legislation
“Department of Homeland Security Secretary Kirstjen Nielsen on Wednesday urged lawmakers to pass legislation to reorganize a DHS cyber division as a full-fledged agency as the measure struggles to gain support in the Senate.”
Lawmakers Demand More Action from Top Twitter, Facebook execs – Axios
NIST’s Next Framework Focuses on Protecting Consumers’ Privacy
“The National Institute of Standards and Technology, or NIST, will be gathering public feedback for the effort beginning with an Oct. 16 public workshop in Austin, Texas, according to a news release… alongside an annual meeting of the International Association of Privacy Professionals, NIST said. “ Most privacy fact sheet
Federal Trade Commission Consumer Information Tech Support – Scams
Russian accused of Hacking the Data of 80 Million People Extradited to US
“(CNN)Federal authorities on Friday announced the extradition of a Russian man who they say took part in an extensive computer-hacking campaign that included the largest theft of customer data from a US financial institution in history. Andrei Tyurin, 35, who was extradited from the country of Georgia, faces several charges stemming from the scheme, which targeted American financial institutions, brokerage firms and financial news publishers, among other US companies, according to a statement from the Manhattan US attorney’s office.”
Australia
Australian Government Appoints Elbit Systems to Train Defence in Cyber
ZDNet
“The federal government said Elbit will provide an interim cyber range, network design, and build; cyber range training; and teaching materials. Under the contract, 49 cyber warfare specialists that graduated from the Australian Defence Force’s (ADF) inaugural Accelerated Defensive Cyber Training program will use the new cyber training range to develop and maintain their skills.”
Canada
Ottawa Probes Huawei Equipment for Security Threats
“The Canadian government has publicly acknowledged it has been conducting security tests since 2013 on telecommunication equipment sold in Canada by Chinese giant Huawei, a company the United States and Australia regard as a potential tool for state-sponsored cyberspying.”
WestJet Exec on the Evolving Cybersecurity Threats
“The cyber threat to airlines is growing as hackers use more and more sophisticated techniques to gain access to valuable customer data. Devon Smibert, director of cybersecurity at Canadian airline WestJet spoke on Sept. 5 at the Aviation Festival in London about the cyber challenges facing an airline such as WestJet, as the challenges are relevant to customers in the satellite sector.” ’Our friends at IATA say that the annual global revenues for the airline industry is $754 billion,’ Smibert said. ’The cyber crime industry is double of the airline industry. Hackers are extremely well funded, and largely act with impunity. A lot of these hackers operate in countries where there is tacit compliance. In North Korea, you have a State that has severe economic sanctions against them, and they use cyber to generate revenues. It is $1.5 trillion business with very low risk.’”
China
China’s Cybersecurity Market to Reach $15 Billion by 2022
“China’s cybersecurity market is expected to reach RMB100 billion (US$14.6 billion) by 2022, nearly tripling from the current RMB35 billion (US$5.1 billion), said a Chinese cybersecurity expert at the China Internet Security Conference (ISC) yesterday. (04.09.2018)”
EU
EU to Crack Down on Online Terrorism and Cyber Threats
“The European Union is poised to adopt sweeping new powers against abuse of internet technologies, including measures to ensure the rapid removal of online terrorist message and an overhaul of regulations designed to counter cyber security threats.”
France
France Accuses Russia of Trying to Spy on Franco-Italian Military Satellite
“‘Russia last year attempted to intercept transmissions from a Franco-Italian satellite used by both nations’ armies for secure communications, French Defence Minister Florence Parly said on Friday, describing the move as an ‘act of espionage’.
GDPR
BA Hack Leaves Airline Open to Fines Under Tough Data Rules
“British Airways may become the first high-profile company to run afoul of Europe’s far-reaching data privacy rules — and face potentially hefty fines — after a computer hack compromised credit card data from some 380,000 customers.
Germany
German Spy Chief Warning on ‘Sleeper’ Cyber Sabotage
“China, Russia and other countries continued to try to break into German companies’ computers to steal industrial information, Hans-Georg Maassen, head of the BfV domestic intelligence agency, told a security conference. ‘In the case of China, Russia, we clearly see measures like espionage, but it could also be sabotage with the goal of attacking companies in Germany – infrastructure firms in the widest sense – at some future point,’ Maassen said. ‘That is a scenario that we view with concern.’”
Ghana
CDA Consult Commends GSA Modern Ghana
“The CDA Consult noted that the GSA market surveillance report affirms its campaign against counterfeit electrical products and electrical appliances embarked on since December 2017. The first phase of the campaign was covering the ten regional capitals and 150 district capitals over a period of three years.”
India
Security Agencies to Get Social Media Data Mining, Face Recognition Tools
“Security agencies are trying to obtain new software and improved face-recognition technology to enable themselves to dig deeper into social media about a criminal whose record is unavailable in police database, Union Home Minister Rajnath Singh said Thursday.”
India Loops in Cybersecurity Group to Strengthen Vital Military Data Networks
My Voice Indiadefnetwork / Reports /
“Australian security and risk management company Ava Risk Group announced today that a data network security solution developed by its Technology Division has been selected to protect one of the world’s largest closed user group data networks for the exclusive use of more than one million military personnel.”
Iran
Iran Targeting Israelis with Fake News Sites Cybersecurity Firm Warns
“Hebrew-language “Tel Aviv Times,” two Arabic news outlets aim to promote Iranian agenda in Israel by making “crucial changes” in news items, says Israeli firm ClearSky • Iranian propaganda network comprises 100 media sites in 29 languages, company says.”
Israel
Beer Sheva: The Next Silicon Valley of Asia
Beersheba has all of the ingredients of a vibrant security technology ecosystem, including Ben-Gurion University with its graduate program in cybersecurity and Cyber Security Research Center, and the presence of companies such as EMC, Deutsche Telekom, Paypal, Oracle, IBM, and Lockheed Martin. It’s also the future home of the INCB (Israeli National Cyber Bureau); offers a special income tax incentive for cyber security companies, and was the site for the relocation of the army’s intelligence corps units. ‘All in all, projections are that 20,000-30,000 cyber and related jobs would be created in Beersheba over the next 10 years,’ said Yoav Tzurya, partner at JVP, an Israeli venture capital firm with a cybertech accelerator in Beersheba.
Netherlands
The Netherlands Emerges as a Global Leader in Cybersecurity
Netherlands Foreign Investment Agency
“Long recognized as the digital gateway to Europe, The Netherlands has emerged as a hotbed for cybersecurity. There are now more than 400 cybersecurity companies in The Hague, the Netherlands, alone – the location of the third-annual Cyber Security Week. The conference, taking place Oct. 2-5, will bring together industry leaders from 70 countries to discuss emerging trends and innovations in cybersecurity.
Serbia
“Serbia is one of 7 Open Innovation Labs [OIL] established in the region within the Interreg Danube Transnational Programme project DA-SPACE (Open Innovation to Raise Entrepreneurship Skills and Public Private Partnership). Programme co-funded by European Union funds (ERDF, IPA, ENI)”
Singapore
MAS Consults on Measures to Strengthen Cyber Resilience of Financial Institutions
“Singapore, 6 September 2018…The Monetary Authority of Singapore (MAS) today issued for consultation proposed requirements for financial institutions (FIs) in Singapore to implement essential cyber security measures to protect their IT systems. strengthen user authentication for system administrator accounts on critical systems.”
Turkey
Ukraine, Turkey Agree on Cooperation in Fight against Terrorism, Cyber Threats – 112.international
“Ukraine and Turkey intend to cooperate in the sphere of the fight against terrorism, illegal transporting of the migrants and human trafficking, cybercrime, money laundering, drug trafficking and transnational organized crime. The documents were signed at the meeting of Ukrainian Interior Minister Arsen Avakov and his Turkish colleague Süleyman Soylu took place as the press service of the Interior Ministry of Ukraine.”
Ukraine
Russians Hacked Catholic, Orthodox Clergy amid Ukrainian Push for Autocephaly
“Kyiv, Ukraine, Sep 7, 2018 / 11:27 am (CNA/EWTN News).- Russian hackers infiltrated the email inboxes of Orthodox, Catholic, and other religious leaders connected to Ukraine amid conflict between Kyiv and Moscow over Ukraine’s political and religious independence. Archbishop Claudio Gugerotti, apostolic nuncio to Ukraine, was among the 4,700 global targets of the “Fancy Bear” cyber espionage group, the same Russian hackers who were indicted in the special counsel Robert Mueller’s investigation, according to the Associated Press.”
United Kingdom
Elite Flying Squad Detectives Use Old-School Methods to Catch Cyber Criminals, Says Met
“Scotland Yard’s Flying Squad are going undercover to fight cybercrime, as police use “older ways” because they can’t crack technology, the Head of the Met Police’s Organised Crime Command has said. But the latest encryption software makes it difficult for the police to track users online, and the Met’s Flying Squad detectives have turned to tactics like going undercover and using informants.”
Russia “Front of the Queue” When It Comes to Hacking, Says Security Minister
“Hackers from hostile states continue to probe and attempt to access UK computer networks on a daily basis, according to security minister Ben Wallace, with Russia leading the pack.”
Feature
Beyond the Cyber Leviathan: White Hats and U.S. Cyber Defense
War on the Rocks by Nina Kollars
“Who creates cyber security? Who creates the systems, tools, and technical knowledge necessary to defend U.S. civilians and their networks? As it turns out, much of the world’s front-line knowledge about vulnerabilities, threat patterns, and malicious code is derived from the efforts of the cyber defender community. This is a global association of security firms, independent researchers, and not-for-profit organizations. They are the foundation of cyber defense in the United States and much of the rest of the world.