Greetings and fair warning. The week’s news advances clarity and awareness but is all about conflict and concern. ICD 191 opens with warnings from NCSC Director William Evanina and NSA and CyberCom General Paul Nakasone of the importance of informing the public of the dangers surrounding the US election.
It closes with the long awaited UK Intelligence and Security Committee of the Parliament’s Report on Russia. Our Commentary Stop Russia hacking our minds is given by Sir David Omand, former UK Security and Intelligence Coordinator and Director of GCHQ.
This will be our last issue until the first week of September. In the meantime, I wish you some rest and refreshment during August. We hope to have a special addition upon our return.
Here is a sampling.
- U.S. counterspy gives rare warning on foreign meddling in U.S. election
- Spy chief sees 2020 election security as ‘number one goal’
- Bug bounty leader Clément Domingo on cybersecurity in Africa, hacking events, and chaining vulnerabilities for maximum impact
- Popular Chinese-Made Drone Is Found to Have Security Weakness
- Two Chinese Nationals Indicted for Stealing Trade Secrets, Coronavirus Research
- Remote Working India in Dire Need of Cybersecurity Training
- COVID19 Home Working Leads to Cybersecurity Hiring Spree
- NATO’s approach to countering disinformation: a focus on COVID-19
- Russia’s GRU Hackers Hit US Government and Energy Targets
- Russia launched cyberattacks and disinformation campaigns on U.K., study says
- UK Report on Russian Interference: Key Points Explained
Commentary
Stop Russia hacking our minds
By Sir David Omand
United States of America
U.S. counterspy gives rare warning on foreign meddling in U.S. election
Reuters, Mark Hosenball
“WASHINGTON (Reuters) – Voters should be on high alert for foreign interference in the Nov. 3 U.S. election, the U.S. counterintelligence agency chief said on Friday in a rare warning that the public should screen information, check online sources and report suspicious actions.”
Spy chief sees 2020 election security as ‘number one goal’
FCW, Lauren C. Williams, Derek B. Johnson
“’Our number one goal, our number one objective at the National Security Agency and U.S. Cyber Command — a safe, secure and legitimate 2020 elections,’ said Gen. Paul Nakasone, who leads both agencies, during an Association of the U.S. Army (AUSA) virtual event on July 20.”
Facebook Sweetens Biometric Privacy Accord to $650 Million
Bloomberg, Malathi Nayak
“Facebook Inc. bowed to a judge’s concerns and proposed increasing its settlement offer to $650 million to resolve claims by users that the company illegally gathered biometric data through a photo-tagging tool.”
Garmin services and production go down after ransomware attack
ZDNet Catalin Cimpanu for Zero Day
“Smartwatch and wearable maker Garmin planning multi-day maintenance window to deal with ransomware incident.”
Africa
Bug bounty leader Clément Domingo on cybersecurity in Africa, hacking events, and chaining vulnerabilities for maximum impact
The Daily Swig, Adam Bannister
“Critical infrastructure in Africa represents an alarmingly easy target for cybercriminals, a French-Senegalese bug bounty hunter tells The Daily Swig.
In a wide-ranging interview, Clément Domingo, who also works as a security engineer for a major French company, reflects on the gap between French and US attitudes to ethical hacking, why patience can be a virtue when reporting vulnerabilities, and participating in capture the flag competitions for the Hexpresso team.”
Cambodia
Khmer version of UNESCO’s handbook on “Journalism, ‘Fake News’ and Disinformation launched
Khmer Times
“UNESCO in collaboration with the Ministry of Information launched here this morning the Khmer version of UNESCO’s handbook titled ‘Journalism, ‘Fake News’ and Disinformation: A Handbook for Journalism Education and Training’”.
Canada
Top Women in Cyber Security Celebration: Honouree roundup
ITWorld Canada, Alex Coop
“Earlier this year, ITWC and WISECRA reached out to the technology community and asked for nominations of individuals who deserved to be recognized as one of the Top Women in Cyber Security.”
China
Popular Chinese-Made Drone Is Found to Have Security Weakness
New York Times, By Paul Mozur, Julian E. Barnes and Aaron Krolik
“The world’s largest maker of commercial drones, DJI has found itself increasingly in the cross hairs of the United States government, as have other successful Chinese companies. The Pentagon has banned the use of its drones, and in January the Interior Department decided to continue grounding its fleet of the company’s drones over security fears. DJI said the decision was about politics, not software vulnerabilities.”
Two Chinese Nationals Indicted for Stealing Trade Secrets, Coronavirus Research
NextGov, Mila Jasper
“Federal prosecutors allege the pair hacked into corporations and research institutions on behalf of the Chinese government.”
India
Standoff With China Figures Prominently In India-Israel Defence Talks: Report
NDTV
India-China Standoff: In a statement, the Defence Ministry said Mr Singh and Lt Gen Gantz expressed satisfaction at the progress of strategic cooperation between the two countries and discussed possibilities of further strengthening the defence engagements.
Remote Working India in Dire Need of Cybersecurity Training
TechPanda, Navanwita Bora Sachdev
“The demand for cybersecurity professionals in India is on an all-time rise, but the dearth of educational institutions that impart cybersecurity training is a key factor responsible for the shortage of skilled professionals in the country.”
India to Train 5000 Women in Cyber-Safety
InfoSecurity, Sarah Coble
“Responsible Netism has teamed up with the Maharashtra State Commission for Women to develop a cyber-safety training program for young women in India.
The Digital Stree Shakti program aims to teach 5000 females in 10 Maharashtra cities about how to stay safe while online. Participating students will be aged between 16 and 25. “
Jobs
COVID19 Home Working Leads to Cybersecurity Hiring Spree
InfoSecurity, James Coker
“The COVID-19 pandemic has led to a major boost in cybersecurity job vacancies in the US, data from the Cybersecurity Jobs Report: Q2, has revealed. The study, produced by the International Consortium of Minority Cybersecurity Professionals (ICMCP) and CyberVista, indicates that the shift to remote working in the crisis has led to organizations investing more heavily in protecting themselves from cyber-threats.”
North Atlantic Treaty Organization
NATO’s approach to countering disinformation: a focus on COVID-19
NATO
“COVID-19 has affected almost every person in every NATO state. It is vital that this global health crisis does not turn into a global security crisis as well.
That is because international organisations such as NATO, as well as NATO Allies and partners, have faced a proliferation of disinformation, propaganda and misinformation during the pandemic.
The Alliance has been dealing with these challenges since its inception and has been actively countering a significant increase in disinformation and propaganda since Russia illegally annexed Crimea, Ukraine, in 2014.”
Russia
Russia’s GRU Hackers Hit US Government and Energy Targets
Wired, Andy Greenberg
“RUSSIA’S GRU MILITARY intelligence agency has carried out many of the most aggressive acts of hacking in history: destructive worms, blackouts, and—closest to home for Americans—a broad hacking-and-leaking operation designed to influence the outcome of the 2016 US presidential election. Now it appears the GRU has been hitting US networks again, in a series of previously unreported intrusions that targeted organizations ranging from government agencies to critical infrastructure.”
Online piracy on the rise again in Russia in lockdown
Bne IntelliNews
“The Russian market of pirated online content is growing due to the activity of illegal online casinos and bookmakers, The Bell reports on July 23 citing the study of Group-IB cyber security experts.
As reported by bne IntelliNews, Russia used to be the world’s second-largest market for pirated content, but the illegal market was purged in 2019 as legitimate online streaming services started gaining speed.”
The United Kingdom
Russia launched cyberattacks and disinformation campaigns on U.K., study says
NBC News, Patrick Smith
“The report from the Intelligence and Security Committee of Parliament, which was delayed for nine months and has been heavily redacted, says the U.K. is clearly a target for Russian disinformation and described Russian influence in Britain as ‘the new normal.’”
UK Report on Russian Interference: Key Points Explained
The Guardian, Simon Murphy
Russian satellite test had ‘characteristics of a weapon’, says UK
Sky News, Alistair Bunkall
“The man in charge of Britain’s space programmes has publicly criticised Russia for a satellite test launch ‘with the characteristics of a weapon’
In an unusual intervention, Air Vice-Marshal Harvey Smyth said Russia‘s actions could ‘threaten the peaceful use of space and risk causing debris that could pose a threat to satellites and the space systems on which the world depends.’”
Original Documents
- Publication of the Intelligence and Security Committee’s Russia Report: Written statement – HCWS403
- Intelligence and Security Committee of Parliament : Russia
- Government response to the Intelligence and Security Committee of Parliament report ‘Russia’
Blackbaud hack: More UK universities confirm breach
BBC, By Joe Tidy
“More than 20 universities and charities in the UK, US and Canada have confirmed they are victims of a cyber-attack that compromised a software supplier. The US-based firm is the world’s largest provider of education administration, fundraising, and financial management software. Blackbaud is not revealing the scale of the breach.”
Commentary
Stop Russia hacking our minds
The Article
David Ormand: Professor Sir David Omand is the former UK Security and Intelligence Coordinator and Director GCHQ.
“The first Government response to the Report out this week includes the disturbing admission that “following extensive analysis, the Government has concluded that it is almost certain that Russian actors sought to interfere in the 2019 General Election through the online amplification of illicitly acquired and leaked Government documents”. This confirms what a mistake it was not to allow the Report, with its dramatic description of hostile Russian activities, to be published before the December 2019 election.”