In an attack linked to pro-Syrian government supporters, the sites of The New York Times, Twitter and up to ten other sites were compromised by the Syrian Electronic Army (SEA). Using stolen log-in credentials from Australian IT company hosting the domain names of the affected sites, the SEA is said to have effectively ‘walked through the front door’ of the websites. The subsequently rerouted traffic to SEA websites and attacked Twitter’s twimg.com domain, used to store image data and styling code. The Pentagon is reportedly preparing for a wave of retaliatory cyber attacks against US targets in the event of any US action against the al-Assad government. While the SEA remains a concern in Washington, Syria’s allies in the form of the Iranian Revolutionary Guard, and their state backed hackers, pose a much greater concern to officials.
Russia’s online marketplace for malicious software, code and stolen credit card details is growing. Students and young professionals are taking advantage of Russia’s established online black market in increasing numbers. They will only be encouraged by reports that domestic law enforcement posses little interest in apprehending them. Russia is one of only two Council of Europe Countries not to sign the Convention on Cybercrime, and unsurprisingly, the chance of facing prosecution for targeting overseas businesses or individuals remains low.
Maybe China was onto something? In 2011 the United States conducted 231 offensive cyber operations targeted towards China, Iran, North Korea and Russia among others. The report also details a $US652 million project code-named ‘GENIE’ that seeks to place ‘covert implants’ in foreign machines. This information is part of a wider leaked intelligence budget available here.
Securities regulators are stepping-up the cyber scrutiny on financial institutions. No longer happy to leave cyber security standards in the hands of businesses, regulators have introduced new baseline standards. Broker-dealers must now devise and implement cyber preparedness plans covering technical, corporate, employee, and information sharing procedures.
Jessica Woodall is a cyber analyst at ASPI.