Cyber wrap
23 Mar 2016|

Image courtesy of Flickr user Stuart Webster

The encryption debate has raged on this week with new developments in the rift between the US government and Apple over access to the iPhone used by Syed Farook, one of the San Bernardino attackers. Apple CEO Tim Cook recently described the FBI’s behaviour as ‘overreach’ and made it clear that the backdoor access being requested is ‘too dangerous to create’. At Apple’s product launch on Monday, Cook also stated that Apple ‘will not shrink from this responsibility’ to protect the privacy of their customers.

In an unexpected twist, the Department of Justice moved to postpone court proceedings, having apparently been offered an alternative method to access Farook’s phone data that may render Apple’s cooperation unnecessary. Magistrate Judge Sheri Pym cancelled Tuesday’s hearing and the government has until 5 April to determine whether it wishes to pursue the case. The Justice Department didn’t provide details of its prospective encryption-cracking methodology, but the announcement came only a day after researchers at John Hopkins University revealed a weakness in Apple’s encryption software.

The encryption discussion continues to simmer across the Atlantic. A report in the New York Times reveals new details of the tactics used by the perpetrators of the November Paris attacks. The discovery of a number of disposable phones in a rubbish bin outside the Bataclan Theatre suggests the team’s disciplined use of old-school burner phones, not encryption, might have been a key to their success in avoiding detection.

The tension between digital privacy and public security keeps finding new life. In the wake of the tragic events in Brussels last night, questions are already being asked over the role encryption played in the execution of the attacks.

Bangladesh’s central bank is considering a lawsuit against the Federal Reserve Bank of New York in response to the massive cyber breach it experienced earlier this month. Hackers successfully stole $81 million from Bangladesh Bank’s account with the NY Fed by instructing funds be transferred to bank accounts in the Philippines. It has been described as ‘one of the largest cyber robberies in history’ and has shaken confidence in the Fed despite the bank’s claim that ‘there is no evidence that any Fed systems were compromised.’ Bangladesh Bank has reportedly hired a US lawyer and according to an internal report is ‘preparing the ground to make a legitimate claim for the loss of funds against the FRB’. The disappearance of cyber crime expert, Tanveer Hassan Zoha, after his discussions with police and media about the incident, suggests this will be one to watch.

This week the UK has revealed its new national cyber security strategy will focus on protecting its economy. The first task of the new National Cyber Security Centre (NCSC), announced in November, will be to focus on engagement with the private sector. The NCSC will work with the Bank of England to develop industry’s understanding of cyber threats and help set standards of cyber resilience. The move is described as a response to the ‘industrial-scale theft’ of sensitive data that cost British businesses an average of £375,000 last year.

Finally, NATO’s Cooperative Cyber Defence Centre of Excellence has made another contribution to the cyber debate. Their new report, International Cyber Norms: Legal, Policy & Industry Perspectives, was developed through a series of workshops during 2014 and 2015, and seeks to explain the concept of cyber norms and the differing approaches to the issue across research areas. The book was launched on 18 March in Tallinn, Estonia—itself a notable city for cyber wonks—and features chapters by UNSW Canberra professors Toni Erskine and Greg Austin.