Cyber Round Up: REGIN Malware; Egyptian Cyber Army; Potential Iran Cyber Attacks; State-Sponsored Hackers VS Human Rights Groups
- REGIN – Top-tier espionage malware that Symantec and Kaspersky reports indicate was created by a nation state has been described as a highly sophisticated back door-type Trojan that is customizable with an extensive range of capabilities depending on the target. Stay tuned to Crossroads Blog this week for an in-depth look at “The Five Ws of Regin,” but until then, read the full reports here: Symantec; Kaspersky. As for which nation state is responsible for this malware, reports are inconsistent. While most articles circulating the news cycle claim uncertainty, the following reports attribute Western Sources: Wired; Intercept; The Guardian.
- An Egyptian Cyber Army is the hacktivist group behind ISIS propaganda attacks online, according to an article by Mashable. With its anti-ISIS stance, the group seems to join “a motley crew of hacktivists who are trying to counter the terrorist group’s influence on the Internet,” according to the article. The article points out that it is unclear whether the group is sanctioned by the Egyptian Government.
- Fears are growing that Iran will unleash cyber warfare on U.S. companies if negotiators are unable to reach a nuclear deal that would require Tehran to limit its nuclear program, according to The Hill. According to the article, the companies that could be targeted include U.S. financial firms, oil and gas companies, and water filtration systems. While researchers cited in the article describe Iran as a close fourth behind the U.S., Russia and China in terms of its ability to launch cyber attacks, they make up for their lagging position in their apparent willingness to go on the offensive.
- The Globe and Mail recently reported the findings of a study by The Citizen Lab into human rights groups targeted by state-sponsored hackers. The four year study examined eight groups engaged in “rights issues related to China and Tibet” and two larger human-rights groups operating globally. According to the report, a powerful hacking team run by the Chinese People’s Liberation Army is thought to be responsible for targeting one China-focused group and one international rights group. For the full report, click here. For a link to the actual study behind the report, click here.
From November 18 to November 20, NATO conducted its seventh annual Cyber Coalition Exercise, NATO reported. According to NATO, the three day exercise, dubbed “Cyber Coalition 2014”, was designed to test the “Alliance’s ability to defend its networks” from the myriad of threats that exist in the cyber domain. Additionally, NATO Assistant Secretary General for Enhanced Security Challenges Ambassador Sorin Ducaru highlighted the importance of ensuring that NATO’s cyber specialists “keeps pace with the evolving threat.”
During the Wales Summit that was held in September, NATO adopted a new policy making cyber defense a part of its core tasks. Although the new policy prioritizes NATO’s communications and information systems (“CIS”), according to NATO its operations require reliable and secure supporting national infrastructure. Accordingly, the new policy aims to increase cooperation between NATO, national authorities, international organizations and private industry. Additionally, NATO announced plans to improve its cyber defense through continued “cyber defense education, training, exercises and evaluation.”
Cyber Coalition 2014, NATO’s largest multinational cyber defense exercise, consisted of over 670 technical, government and cyber experts from over 30 countries, including all member nations and several non-member nations, NATO reported. Additionally, NATO revealed that representatives from academia and industry were present as observers. This marks the first time NATO has invited these representatives, and is in line with NATO’s recent initiative outlined during the Wales Summit. NATO further stated that industry plays a key role in cyberspace, and plans to foster its relationship with the private sector.
“The cyber threat is not just a potential threat, it is a daily reality,” Ambassador Ducaru said. Cyber Coalition 2014 is most certainly a part of NATO’s initiative to develop its ability to tackle these threats.
“The cyber threat is real, this is not theoretical.” – National Security Agency Director Admiral Michael Rogers.
At a hearing in Washington today of the House Intelligence Committee, National Security Agency Director Admiral Michael Rogers discussed the nation’s cyber vulnerabilities. Roger set out the three missions of the US Cyber Command: defend DOD’s network, generate a cyber commission force, and provide DOD capability to defend critical infrastructure.
According to Rogers, multiple nation states have already developed the capability to shut down our industrial control systems. Specifically, this means that these nation states can shut down or forestall the control systems that control our water, power, financial systems, and aviation. Not only that, Rogers states that these nation states have already been discovered hacking into these systems.
Nation states are not the only actors with the capability to launch a cyber attack. According to Rogers, organized crime groups also pose a risk to our nation’s security. These groups penetrate systems to gain information that they can sell on illegal markets. Rogers predicted a terrifying future trend: nation states using these groups as surrogates to create plausible deniability.
Rogers pointed to the absence of international norms in cyberspace as reason for our expanding cybersecurity risks. According to Rogers, this deficiency has resulted in the appearance of an online world without consequences. When Congressman Jim Hines asked Rogers what types of norms should be set, his first response dealt with emergency response. According to Rogers, an emergency response norm would involve an agreement not to attack a nation’s emergency response capabilities. Other norms mentioned by Rogers included norms protecting critical infrastructure, intellectual property, and anything else that could lead to loss of life or loss of control.
On the one hand, it is not surprising that it is taking time to develop these international cyber norms. Rogers compared the current cybersecurity risks to nuclear risks during the Cold War, pointing out that the policy of deterrence did not develop overnight. However, Rogers also suggested that the current cyber threat presents additional problems. While the execution of the nuclear threat was originally limited to a few nation states with the finances and power necessary to carry out that threat, the current cyber threat is not restricted by those obstacles. In addition to nation states, groups and individuals are able to carry out cyber attacks individually. Moreover, Rogers pointed out that unlike the nuclear model, developing the capability to perform a cyber attack is inexpensive.
With reports of breaches of the nations’ critical infrastructure on the rise, Sierra Nevada Corp. (“SNC”), a systems integrator and electronic systems provider, has partnered with the City of Fort Morgan in Colorado to protect the city’s infrastructure from cyber-attacks. The Binary Armor® SCADA protection system was integrated into the city’s electrical network, and is now fully operational at electric substations and city offices. According to SNC’s press release, the new protection system is designed to “prevent remote, electronic infiltration of public utility systems.” The press release further stated that a city official believes that this system will protect against unauthorized intrusion of computer networks connected to the city’s electrical system, especially with the changing trends and the emerging technology that could pose potential harms to the city’s infrastructure.
The fact that our nation’s critical infrastructure is at risk is not novel. Supervisory Control and Data Acquisition systems, more commonly known as SCADA, are the computer systems that control critical infrastructure, from water distribution and electric grids all the way to nuclear power plants. According to the press release, although SCADA systems are widely used for managing infrastructure systems, they remain vulnerable to breach. In fact, in 2011, hackers destroyed a pump after remotely accessing the control system of a city water utility in Springfield, Illinois. This was closely followed by an Information Age article reporting that the FBI announced that hackers accessed the SCADA systems of three American cities.
Early this month, the Department of Homeland Security reported that a destructive computer malware program called “BlackEnergy” had infected software integral to the nation’s industrial processes, including water distribution networks and electrical grids. More recently, KTVU News reported that the FBI warned that cyber-attacks on key infrastructure will likely result if a grand jury fails to indict a police officer accused of shooting 18 year old Michael Brown in Ferguson, Missouri in August. As early as 2011, when EWeek reported on the Springfield breach, SCADA systems have been generally recognized as easy targets, either because companies are using outdated software or insecure applications. However, the installation of a protection system that provide, as the press release reports, “customized, in-line protection” for SCADA networks, will likely reduce the risks of breach.
Chinese Hackers? Russian Hackers? Hacktivists? Uncertainty Behind the Source of the Recent Breaches of Government Agencies
It started late in October, when computer networks at the White House were breached by an outside group, causing disruptions throughout the entire system. Since then a number of agencies, including the U.S. Postal Service and the National Weather Service, have reported attacks. Then, this past Sunday, the State Department took the unprecedented step of shutting down its entire unclassified email system as technicians repair possible damage from a suspected hacker attack. Voice of America News (VOA) reports that the White House computer systems are among the most highly fortified in the world, and begs the question: who was behind these successful and brazen attacks? China? Russia? Political hacktivists? Or independent highly skilled hackers with their own agenda?
The White House hack is raising alarm that one of the most serious threats to online security may not be coming from China, but from Russia, reports Voice of America. According to Darren Hayes, the director of cyber-security at Pace University who is cited in the VOA article, the Russians are a lot more sophisticated in terms of state-sponsored attacks than the Chinese. VOA also cites Jeffrey Carr, who wrote the book Inside Cyber Warfare:
The threat from China is overinflated, (and) the threat from Russia is underestimated. Russia certainly has been more active than any other country in terms of combining cyber-attacks, or cyber-operations, with physical operations. . . . And nobody else has ever done that – China has never done anything like that.
Nonetheless, articles by major networks continue to point the finger in different directions. The Washington Post reported that Chinese hackers were behind the NOAA attack. The National Post reported that Chinese hackers were suspected of hacking the U.S. Postal Service. Both Russia and China deny involvement in these attacks. So how are these sources being attributed?
[S]ource attribution is practically impossible as cybercriminals have been known to use various techniques to keep themselves hidden, using different languages from their own in their code or work, constantly changing locations or working with a large organization of criminals. . . .Functionality found in malware or techniques can be misleading. It cannot be relied on to speculate that a specific campaign was operated out of one part of the world or another – analysis and identifying the source is much more complex than that. . . .Viruses don’t carry ID cards.
Not only that, but Hayes reported to VOA that another tactic is for governments to use non-governmental groups to give the government plausible deniability for involvement. The VOA article specifically noted that the Russian government is not afraid to use young hacker groups, but that does not isolate them as the only country willing to use this tactic.
So what does the United States need to accomplish to prevent future breaches on government systems? According to the VOA article, the U.S. needs to clearly define what cyber-warfare is, attribute it to various nations, and discuss repercussions for theft of intellectual property or money or just destructive attacks. In order to do that, the U.S. needs to find accurate ways to attribute attacks to sources. For the full VOA article, click here.
Cyber Round Up: Suspected Hacking at State Department; Cyber Bill Linked to NSA Reform; Chinese Government Hackers Suspected of US Postal Cyber Breach; President Obama’s Plan for Net Neutrality; Chinese Hackers Breach Australian Media Organisations;
- The State Department has taken the unprecedented step of shutting down its entire unclassified email system as technicians repair possible damage from a suspected hacker attack, reports The News Tribune. According to the report, a senior department official said Sunday that “activity of concern” was detected in the system around the same time as a previously reported incident that targeted the White House computer network. The report also noted that since then, a number of agencies, including the National Weather Service (for full articles on these Weather Service breaches click here for Washington Post, here for Reuters), have reported attacks. For New York Times coverage of the State Department breach, click here.
- Privacy groups are warning that they will oppose the Cybersecurity Intelligence Sharing Act (CISA) unless lawmakers first reform the NSA’s surveillance programs, according to The Hill. The Hill reports that the new cyber bill would enable critical infrastructure companies to exchange cyber threat information with the NSA, but passage of that bill appears dependent on the upcoming Senate vote on an NSA reform bill, the USA Freedom Act, which would rein in surveillance programs and strengthen the secret intelligence court overseeing the agency.
- Chinese government hackers are thought to be responsible for the breach of the computer networks of the United States Postal Service, compromising the data of more than 800,000 employees exposing everyone from the letter carrier to the postmaster general, according to National Post. National Post reports that while there is no evidence of malicious use of the compromised data, the United States has elevated cybersecurity as a top issue in the bilateral relationship with China. For the full article, click here. For coverage by CNN, click here.
- President Obama believes that ensuring a free and open Internet is the only way we can preserve the Internet’s power to connect our world. As a result, he has laid out a plan for “Net Neutrality” and has asked the FCC to implement the plan. For President Obama’s full statement laying out this plan, click here.
- Chinese hackers breached Australian media organizations prior to the G20 meeting, “. . . looking for questions they [could] expect from Australian reporters, what type of coverage, positive or negative, they can expect to see,” according to an ABC News report. According to ABC News, these Chinese hackers are from two different groups: Deep Panda and Vixen Panda. The report also states that Deep Panda was the same group that was outed as sneaking into the networks of US foreign policy think tanks at the height of the Iraq crisis in the middle of the year.
Cyber Round Up: Government Workers Responsible for Cyber-Incidents?; UK Research to Stop Flight Cyber Jacking; Cyber-Attack on U.S. Water Systems; New Cybersecurity Law in Japan; Israeli Researchers Remotely Hack a Car
- To what extend have government workers been responsible for reported cyber-incidents? According to an article by the Associated Press, workers scattered across more than a dozen agencies, from the Defense and Education departments to the National Weather Service, are responsible for at least half of the federal cyber-incidents reported each year since 2010. At a time when intelligence officials say cybersecurity now trumps terrorism as the No. 1 threat to the U.S., AP reports that the federal government isn’t required to publicize its own brushes with data loss. AP reports that it has filed dozens of Freedom of Information Act requests, interviewed hackers, cybersecurity experts and government officials, and obtained documents describing digital cracks in the system, in order to determine the extent of federal cyber-incidents, which include probing into network weak spots, stealing data and defacing websites.
- According to SC Magazine UK, a cyber-terrorism researcher is helping to develop a network that would act to stop “flight cyber-jacking.” According to the article, “hacking an aircraft is possible if a “cyber bomb” is used, where hackers place malware on a system and it ‘explodes’ onto the system. On airplanes, this could cause a crash. For a hacker to gain access to an aircraft, they need to figure out a way of navigating its network to control its systems.” To read how the new research could prevent such attacks, click here for the full article.
- The Department of Homeland Security (DHS) recently announced that much of the critical infrastructure in the U.S., including major water and wastewater systems, has been jeopardized by a destructive computer malware program, reports WaterWorld. According to the report, this “BlackEnergy” virus has breached integral software used to operate a variety of national industrial processes that include water distribution networks, water and wastewater treatment systems, oil and gas pipelines, wind turbines, power grids, and nuclear plants.
- The Japan News reports that a new law was passed to counter cyber-attacks. The article states that under the new law, the government will set up headquarters to be led by the chief cabinet secretary which will draw up a strategy to crack down on cyber-attacks and prevent damage from such attacks from spreading.
- Former members of an Israeli intelligence unit dedicated to thwarting cyber crimes announced Friday they had remotely hacked into a vehicle that contained an aftermarket device with a big security hole, reports AutoBlog. According to the article, the vulnerability allowed hackers to control vehicle functions, like unlocking doors and manipulating instrument-cluster readings. They could have also controlled the vehicle’s engine, brakes and steering components. For the full article, click here.
Cyber Round Up: Cyber Attack Simulations Promote Cybersecurity; Former NSA Official Views Recent White House Cyber Breach as Sign of Future Attacks; Chinese Officials Push for Tougher Enforcement of Cyber Governance; Navy’s Task Force Cyber Awakening; China Linked to Cyber Attacks on Hong Kong Protestors
- The new strategy to bulk up cyber security: cyber attack simulations. SCMagazine reports that cyber attack simulations can help organizations and industries stay, if not a step ahead, then on top of cyber threats and build a resilience. Read the full article here.
- Joel Brenner, the former Inspector General for the National Security Agency (NSA), warned that cyber attacks targeting networks and systems of government facilities will increase in the future, Design&Trend reported. According to the report, for the former NSA official, the recent cyber attacks against the White House’s network should serve as a wake-up call highlighting the flaws of government networks.
- The Obama administration has published a recent federal document that sets up a new framework for cyber threat information sharing, reports The Hill. According to The Hill, the document is part of a larger effort to create voluntary cybersecurity standards for government industry. However, the article goes on to explain that for the recommendations to have full effect, legislation is needed, which will be difficult in the lame-duck session after the elections. The article discusses two additional concerns: businesses are concerned about whether they will be protected from liability when sharing information with the government, and privacy advocates are wary of what personal data industries might share with the government. For the full article, click here.
- GlobalPost reports that Chinese Officials are pushing for tighter enforcement of law in cyberspace. The report quotes Ren Xianliang, deputy director of the Cyberspace Administration of China (CAC), the country’s top Internet watchdog, who said that officials in charge of Internet supervision should learn from past experiences and try to explore new ways to manage the virtual world.
- The Navy is embarking on a year-long effort to protect hardware and software servicewide, and calling the mission “Task Force Cyber Awakening,” reports The D Brief. “Task Force Cyber Awakening” will draw from U.S. Cyber Command Commander Adm. Michael Rogers’ reaction strategy to a major Navy computer system hack last year. For the full article, click here.
- According to TIME, a new report links China to Cyberattacks on Hong Kong protestors. Supporters of the pro-democracy movement, known as Occupy Central, have been the target of recent attacks that cybersecurity watchdogs believe are also the work of the Chinese government. The findings of cybersecurity forensics firm FireEye suggest that there may be a “common quartermaster” behind the two attacks, further supporting a running theory that Chinese officials are breaching Hong Kong’s networks to suppress or spy on the ongoing political uprising there, reports TIME.
“Since the time of Wyatt Earp, through the fighting of drug cartels in modern Mexico, there has been a recognized need in times of great societal imbalance or where specialized expertise is needed, for government to commission the support of the citizenry,” reports a recent Forbes’ article recommending the commission of a Cyber Posse. As a Nation, we have already turned to private enterprise to establish a cooperative environment to fight the collective risk of cyber-attacks, and we have done that through “public-private partnerships” or “PPPs.” However, according to the article, as a result of the current debate over the role of government and society, and security functions that many view as inherently governmental, the current framework of PPPs lack clearly defined roles and responsibilities. The article outlines the weaknesses of the current PPP framework and suggests a potential solution: deputizing a cyber posse. The idea of a cyber posse might seem radical, but it is not a new idea. Click here for a 2012 Crossroads blog that discusses the various roles of the private sector in cyber security.
There is ample proof that the current PPP structure is not working. In the summer of 2014, the Nation was hit with what the article deems an “onslaught” of point-of-sale (POS) attacks due to the thriving online black market known as the “Darknet.” According to the article, the rising supply and demand for stolen payment card information and full identity theft has hindered the progress of law enforcement. When law enforcement is able to shut down a store on the “Darknet,” another quickly takes its place. Law enforcement alone is not equipped to fight this growing battle. The article suggests that our current strategy, which is ill-equipped to fight against the demands of the black market, is at odds with our Nation’s core beliefs and values as a capitalist country that appreciates market forces. As a result, the cyber threat is our Nation’s number one security threat because it is a destabilizing force that undermines our Nation’s competitive advantage and our economic wealth. Additionally, the article notes that certain thresholds prevent many prosecutions when there is insufficient pecuniary loss or when the severity of the crimes does not stir enough concern.
Our current PPP framework fails to take advantage of the specialized expertise already developed within our private industry, specifically amongst the growing number of cyber intelligence firms. Instead of taking advantage of these firms, the current PPP framework “is not a partnership but rather a stiff arm,” reports Forbes. The government treats information shared by these firms as they would an anonymous “tip” to 911, according to the article, ignoring the cost and resources spent for the firms to gather the valuable intelligence information in the first place. Additionally, the incentive to produce information merely as a ‘good citizen’ is lost when “the sharing firm has no assurance or influence that the intelligence will be acted upon in a productive way,” reports Forbes. What does the article recommend? The government needs to develop a framework for PPPs which allows a working relationship between the government and these groups, rather than their current strategy of developing ad hoc relationships between private citizen cyber experts and law enforcement agents. Continue reading
Cyber Round Up: White House Breach Linked to Russian Government; New Law Against Cyber Squatting in Nigeria; DHS Probes Cybersecurity Dangers in Medical Devices; New Report Links Cyber Espionage Group to Chinese Intelligence; Justice Official Speaks on Government-Business Cooperation to Improve Cybersecurity
- The Washington Post reports that hackers thought to be working for the Russian government breached the unclassified White House computer networks in recent weeks resulting in temporary disruptions to some services while cybersecurity teams worked to contain the intrusion. However, the article also states that the intruders did not damage any of the systems and that, to date, there is no evidence the classified network was hacked. Nevertheless, sources state that the nature of the target is consistent with a state-sponsored campaign, according to the article. These findings are consistent with recent reports by private security firms which have identified cyber-espionage campaigns by Russian hackers thought to be working for the government. The New York Times reported on some of these recent reports by online experts linking breaches to the Russian government, click here for that full article.
- The Nigerian Senate has passed into law, a seven-year jail term for all kinds of computer-related fraud, computer-related forgery, offences relating to pornography, cyber-stalking and cyber-squatting on October 24, reports 360nobs.com. Read the full article here.
- The U.S. Department of Homeland Security is now looking into at least two dozen cases of possible cybersecurity flaws in medical devices ranging from artificial heart implants to hospital infusion pumps, reports IEEE Spectrum. According to the article, the agency wants to help manufacturers fix software bugs and other vulnerabilities that could be exploited by hackers.
- A highly sophisticated cyber espionage group has been linked to Chinese intelligence according to a report that was issued as a result of a joint effort among private cyber-security companies to identify and counter “a sophisticated advanced threat actor group.” The Diplomat wrote an in-depth article on the findings of the report, stating that the cyber threat, named “Axiom” in the report, is said to have targeted everything from government offices to NGOs and media outlets in a global campaign over the past six years. For the full report click here. For analysis by The Diplomat click here.
- The Justice Department speaks out on the importance of government and private businesses becoming allies in the fight to improve the nation’s cybersecurity, reports the Washington Times. The article quotes John Carlin, assistant attorney general for national security: “The attackers we face range in sophistication, and when it comes to nation states and terrorists, it is not fair to let the private sector face these threats alone.” To read more about the perspective of the Justice Department on this issue, read the full article here. For a look at the same topic from a different viewpoint, former Congressman Tom Davis from Virginia discussed the obstacles standing in the way of Congress creating these connections in an article by ThreatPost; to view that article click here.
Jennifer A. Camillo
is a third year student at Syracuse College of Law. She has served as a law clerk in the United States Attorney’s Office for the Northern District of New York and the Cayuga County District Attorney’s Office and as an extern in the Oneida County District Attorney’s Office. She is a member of the Syracuse National Trial Team and was recently awarded the Tiffany Cup by the New York Bar Association for her trial advocacy achievements.
holds Juris Doctor and Masters of Public Administration degrees from Syracuse University's Maxwell School of Citizenship and Public Affairs and its College of Law. She has served as a law clerk in the United States Attorney's Office for the Western District of New York and the Public Defender Service for the District of Columbia and as an extern in the United States District Court for the Western District of Washington.
Professor William Snyder
is a member of the faculty of the Institute for National Security and Counter-terrorism at Syracuse University after fifteen years with the United States Department of Justice.
- Cyber Round Up: REGIN Malware; Egyptian Cyber Army; Potential Iran Cyber Attacks; State-Sponsored Hackers VS Human Rights Groups
- NATO Conducts Seventh Annual Cyber Coalition Exercise
- US Control Systems Have Been Hacked By Nation States – NSA Director Warns “This Is Not Theoretical”
- New Tech Designed to Protect Infrastructure Against Hackers
- Chinese Hackers? Russian Hackers? Hacktivists? Uncertainty Behind the Source of the Recent Breaches of Government Agencies
- Cyber Round Up: Government Workers Responsible for Cyber-Incidents?; UK Research to Stop Flight Cyber Jacking; Cyber-Attack on U.S. Water Systems; New Cybersecurity Law in Japan; Israeli Researchers Remotely Hack a Car on
- Rethinking cybersecurity, retribution, and the role of the private sector: Stewart Baker on
- Justice Shifts to Cyber From Terrorists With Reorganization Announced Today on
- NATO’s Cyber Declaration: More Bark than Bite? on
- Cyber Provisions in NATO Wales Summit Declaration on
- November 2014
- October 2014
- September 2014
- May 2014
- April 2014
- March 2014
- February 2014
- January 2014
- December 2013
- November 2013
- October 2013
- September 2013
- July 2013
- June 2013
- May 2013
- April 2013
- March 2013
- February 2013
- January 2013
- December 2012
- November 2012
- October 2012
- September 2012
- August 2012
- July 2012
- June 2012
- May 2012
- April 2012
- March 2012
- February 2012
- January 2012
- December 2011
- November 2011
- October 2011
- September 2011
- August 2011
- July 2011
- June 2011
- May 2011
- April 2011
- March 2011
- February 2011
- January 2011
- December 2010
- November 2010
- October 2010
- September 2010
- August 2010
- July 2010
- June 2010
- May 2010