Cyber wrap
15 Mar 2017|

It’s now been a week since WikiLeaks released a cache of documents exposing the CIA’s cyber espionage tools and techniques. The discussion has this week turned to how the documents got into WikiLeaks’ hands. The tools released in the leak are not as sophisticated as the NSA’s, and it isn’t clear if it’s the entire CIA capability or just a portion of a larger collection. The zero-days contained in the documents are either old, or only affect older versions of operating systems like Android and iOS, and Apple said it has already patched most of the vulnerabilities revealed. More serious concerns have been raised about the “hoarding” of vulnerabilities by the agency, which groups like Electronic Frontier Foundation have said undermine the Vulnerability Equity Process, making people less safe online by hiding known vulnerabilities from vendors.

The UN’s Special Rapporteur on the Right to Privacy, Joe Cannataci, last week called for an international treaty to protect privacy. In his report to the UN Human Rights Council, Cannataci said that ‘it’s time to start reclaiming cyberspace from the menace of over-surveillance.’ China, Iran, Venezuela and Cuba have apparently welcomed the report and discussions of a draft text have begun.

Staying in the US, President Trump last week released the Office of Management and Budget’s annual report to Congress on the cyber security performance of US federal agencies. OMB reported that there were 30,899 cyber incidents in 2016 that compromised information or system functionality. Of these incidents, 16 were classified as ‘major’, affecting national security, public confidence, civil liberties, foreign relations or the economy. Elsewhere The Cipher Brief has an Expert Commentary series on the possibility of splitting Cyber Command and the NSA, including an article by former NSA Director General Michael Hayden.

Australia’s cyber leadership has called for a doubling down of efforts on cyber security. In the wake of the Australian Energy Market Operator arguing for greater energy resilience (PDF) as part of the country’s cybersecurity, the Minister Assisting the Prime Minister on Cyber Security Dan Tehan announced that the government was ‘making implementation of the strategy ahead of time a priority.’ Special Adviser to the Prime Minister on Cyber Security Alastair MacGibbon took to the stage in Melbourne at Cisco Live! to remind the country’s innovators that the ‘particularly remarkable’ uptick in hiring and policy development was an opportunity not to be missed by industry.

In South Korea there’s been a spate of DDoS attacks and website defacements associated with Chinese hackers angry at the deployment of the Terminal High Altitude Area Defense (THAAD) missile defence system. Websites for ten South Korean companies were vandalised, as was the website of the Seoul Metropolitan Government. In Taiwan, the latest quadrennial defence review has suggested that Taiwan focus on cyberwarfare skills and capability to enhance its ability to resist Chinese coercion. However the review did not include plans for a new cyber branch for the military, a pledge by the Democratic Progressive Party during the 2016 election.

In cybercrime news, a new report from INTERPOL and Trend Micro has identified that West African cybercrime grew 132% between 2013 and 2015. The paper shows that West African cyber criminals are becoming more sophisticated, fuelling an emerging cybercrime market in the region. And the FBI announced a US$3 million bounty for the capture of Russian cyber criminal Evgeniy Bogachev. Bogachev, who’s also on the US sanctions list, is thought to have at one time controlled over one million computers across the world.

Also in the news this week, an October 2016 breach at a UK National Health Service contractor saw exfiltration of data associated with several thousand NHS employees. A security firm in the US has uncovered a misconfigured US Air Force hard drive which left unsecured documents completely accessible online, including the names, addresses and social security numbers of 4,000 serving members and spouses. The US retailer, Home Depot, will pay US$27.25 million in compensation, and possibly additional damages, to financial institutions over its loss of 56 million credit card numbers in 2014, on top of US$134.5 million already paid to card issuing companies and US$19 million to customers. And researchers at Palo Alto Networks have uncovered ‘RanRan’, a new family of ransomware targeting the computer systems of several Middle Eastern government organisations. So please stay safe out there online—maybe cover your microwave’s camera?