- The Strategist - https://www.aspistrategist.org.au -

Cyber wrap

Posted By on March 23, 2016 @ 12:00

Image courtesy of Flickr user Stuart Webster

The encryption debate has raged on this week with new developments in the rift between the US government and Apple over access to the iPhone used by Syed Farook, one of the San Bernardino attackers [1]. Apple CEO Tim Cook recently described [2] the FBI’s behaviour as ‘overreach’ and made it clear that the backdoor access being requested is ‘too dangerous to create’. At Apple’s product launch on Monday, Cook also stated [3] that Apple ‘will not shrink from this responsibility’ to protect the privacy of their customers.

In an unexpected twist, the Department of Justice moved to postpone court proceedings, having apparently been offered an alternative method [4] to access Farook’s phone data that may render Apple’s cooperation unnecessary. Magistrate Judge Sheri Pym cancelled [5] Tuesday’s hearing and the government has until 5 April [6] to determine whether it wishes to pursue the case. The Justice Department didn’t provide details of its prospective encryption-cracking methodology, but the announcement came only a day [7] after researchers at John Hopkins University revealed a weakness [8] in Apple’s encryption software.

The encryption discussion continues to simmer across the Atlantic. A report [9] in the New York Times reveals new details of the tactics used by the perpetrators of the November Paris attacks [10]. The discovery [11] of a number of disposable phones in a rubbish bin outside the Bataclan Theatre suggests the team’s disciplined use of old-school burner phones, not encryption, might have been a key to their success in avoiding detection.

The tension between digital privacy and public security keeps finding new life. In the wake of the tragic events in Brussels [12] last night, questions are already being asked [13] over the role encryption played in the execution of the attacks.

Bangladesh’s central bank is considering a lawsuit [14] against the Federal Reserve Bank of New York in response to the massive cyber breach it experienced earlier this month. Hackers successfully stole $81 million [15] from Bangladesh Bank’s account with the NY Fed by instructing funds be transferred to bank accounts in the Philippines. It has been described [16] as ‘one of the largest cyber robberies in history’ and has shaken confidence in the Fed despite the bank’s claim [17] that ‘there is no evidence that any Fed systems were compromised.’ Bangladesh Bank has reportedly hired a US lawyer [18] and according to an internal report is ‘preparing the ground to make a legitimate claim for the loss of funds against the FRB’. The disappearance [19] of cyber crime expert, Tanveer Hassan Zoha, after his discussions with police and media about the incident, suggests this will be one to watch.

This week the UK has revealed [20] its new national cyber security strategy will focus on protecting its economy. The first task [21] of the new National Cyber Security Centre (NCSC), announced [22] in November, will be to focus on engagement with the private sector. The NCSC will work with the Bank of England [23] to develop industry’s understanding of cyber threats and help set standards of cyber resilience. The move is described as a response to the ‘industrial-scale theft [24]’ of sensitive data that cost British businesses an average of £375,000 last year.

Finally, NATO’s Cooperative Cyber Defence Centre of Excellence has made another contribution to the cyber debate. Their new report, International Cyber Norms: Legal, Policy & Industry Perspectives [25], was developed through a series of workshops during 2014 and 2015, and seeks to explain the concept of cyber norms and the differing approaches to the issue across research areas. The book was launched on 18 March in Tallinn, Estonia—itself a notable city for cyber wonks [26]—and features [27] chapters by UNSW Canberra professors Toni Erskine and Greg Austin.



Article printed from The Strategist: https://www.aspistrategist.org.au

URL to article: https://www.aspistrategist.org.au/cyber-wrap-112/

URLs in this post:

[1] San Bernardino attackers: http://www.ibtimes.com/san-bernardino-shooting-syed-rizwan-farook-tashfeen-malik-get-muslim-burials-fbi-2229577

[2] described: http://www.apple.com/customer-letter/

[3] Cook also stated: http://abcnews.go.com/Business/apple-ceo-tim-cook-addresses-encryption-battle-fbi/story?id=37814564

[4] alternative method: http://www.politico.com/story/2016/03/feds-move-to-cancel-iphone-hearing-221062

[5] cancelled: http://thehill.com/policy/cybersecurity/273828-doj-asks-to-cancel-apple-hearing-may-be-able-to-hack-iphone

[6] until 5 April: http://www.theguardian.com/technology/2016/mar/21/fbi-apple-court-hearing-postpone-unlock-terrorist-iphone

[7] only a day: http://www.wired.com/2016/03/hack-brief-update-ios-fix-serious-imessage-crypto-flaw/

[8] revealed a weakness: https://www.washingtonpost.com/world/national-security/johns-hopkins-researchers-discovered-encryption-flaw-in-apples-imessage/2016/03/20/a323f9a0-eca7-11e5-a6f3-21ccdbc5f74e_story.html

[9] report: http://www.nytimes.com/2016/03/20/world/europe/a-view-of-isiss-evolution-in-new-details-of-paris-attacks.html?_r=0

[10] November Paris attacks: http://www.bbc.com/news/world-europe-34818994

[11] discovery: http://arstechnica.com/tech-policy/2016/03/paris-terrorist-attacks-burner-phones-not-encryption/

[12] events in Brussels: http://edition.cnn.com/2016/03/22/europe/brussels-explosions/

[13] questions are already being asked: http://thehill.com/policy/cybersecurity/273858-house-intel-dem-unclear-if-encryption-helped-brussels-bombers

[14] considering a lawsuit: http://www.reuters.com/article/us-usa-fed-bangladesh-idUSKCN0WO2JQ?feedType=RSS&feedName=technologyNews

[15] stole $81 million: http://www.theguardian.com/world/2016/mar/15/bangladesh-central-bank-governor-resigns-over-81m-dollar-cyber-heist

[16] described: http://fortune.com/2016/03/20/cyber-expert-disappears-bangladesh/

[17] the bank’s claim: http://www.bbc.com/news/business-35874531

[18] hired a US lawyer: http://thehill.com/policy/cybersecurity/273928-bangladesh-central-bank-considers-lawsuit-against-ny-fed-over-cyber

[19] disappearance: http://www.cnbc.com/2016/03/20/reuters-america-cyber-expert-disappears-after-comments-on-bangladesh-central-bank-heist.html

[20] UK has revealed: http://www.bbc.com/news/technology-35843218

[21] first task: http://www.computerweekly.com/news/4500279563/National-Cyber-Security-Centre-to-be-UK-authority-on-information-security

[22] announced: https://www.gov.uk/government/speeches/chancellors-speech-to-gchq-on-cyber-security

[23] Bank of England: http://www.infosecurity-magazine.com/news/uk-cyber-security-centre-to-open/

[24] industrial-scale theft: http://www.telegraph.co.uk/news/uknews/law-and-order/12197993/Business-suffering-industrial-scale-cyber-theft-warns-GCHQ-head.html

[25] International Cyber Norms: Legal, Policy & Industry Perspectives: https://ccdcoe.org/multimedia/international-cyber-norms-legal-policy-industry-perspectives.html

[26] itself a notable city for cyber wonks: https://ccdcoe.org/tallinn-manual.html

[27] features: https://www.unsw.adfa.edu.au/australian-centre-for-cyber-security/news/cyber-norms-nato-china-new-research

Copyright © 2016 The Strategist. All rights reserved.