Cyber wrap
14 Jun 2017|

Image courtesy of Flickr user Jay Divinagracia.

Prime Minister Turnbull issued his national security statement in Parliament yesterday, again calling on cooperation on decryption from social media and messaging platforms when countering violent extremists. The topic is set to be the key focus of an upcoming Five Eyes meeting in Canada this month, and Attorney-General George Brandis has announced that the government intends to improve warrant-based powers to compel technology companies to decrypt communications, mirroring steps taken in the UK to introduce formal ‘technical capability notices’. The government has pushed the message that these are reasonable adjustments to the current framework of warranted collection, but the move has re-ignited privacy debates regarding ‘backdoors’ dating back to the infamous Apple vs. the FBI case.

Australia has continued to sign cyber diplomacy agreements in the Asia–Pacific region, with Australia and Thailand’s national-level policing forces agreeing to cooperate in building digital forensics and digital technology capability.

The government’s Digital Transformation Agency (DTA) has seen 35 of its employees quit as a result of changes to the agency late last year. Most of the departing staff are developers, designers and architects. The high-profile departure of Office head Paul Shetler and internal frustrations over stalled government IT integration projects are thought to be contributing factors. For an agency that has just over a hundred workers, of whom 71 are  Public Service members, the loss of in-house technical subject matter expertise could jeopardise ambitious plans unveiled in this year’s Federal Budget to make the DTA an authoritative office for all things digital, including cyber security.

At the Emerging Cyber Threats Summit in Sydney there were renewed calls to expand the remit of the Australian Signals Directorate (ASD) to provide cybersecurity advice from ‘basement to boardroom’. The Victorian audit office has expanded its cyber security back office audit and assurance role, announcing it will undertake an ambitious series of eight audits across central government agencies in Victoria, to improve public confidence in the security and privacy protections of state government IT systems. As well, former Atlassian exec and Australian Cyber Security Growth Network CEO Craig Davies has argued that customers need to demonstrate more confidence in Australian cyber security businesses, lambasting the current market for forcing Australian firms overseas before they’re seen as ‘good enough’ to buy from domestically, thus stunting the growth of Australian cyber security innovation and collaboration.

Two sets of research into the cyber attack-induced blackouts in Ukraine last December have found that, once again, hackers with ties to Russia are to blame. More ominously, the tooling used in that attack, Industroyer by ESET and CrashOverride by Dragos, demonstrates a growing maturity compared to tools used in a 2015 attack on Ukraine’s electricity grid. The new malware is being described as a modular and holistic ‘swiss-army knife’ that has automated the attack process end-to-end, including infection, propagation and clean-up. Moreover, the malware can disable or cause physical damage to any electric grid that uses similar industrial control software, making the threat of a ‘cyber storm’ on critical infrastructure more likely.

On the other side of the offense spectrum, a report has found that decision makers have been largely disappointed by the limited effect of US offensive cyber measures against Islamic State’s online recruitment networks. The terrorist organisation has demonstrated significant resilience and adaptation against cyber weapons, leaving their ‘global reach largely intact’. Similar limitations were found in the use of Stuxnet against Iran’s uranium enrichment centrifuges, which, despite successive iterations and upgrades to the Stuxnet virus, saw Iran’s nuclear program continue to reach new milestones. North Korea’s missile and nuclear weapons program have reportedly demonstrated similar resilience against cyber offensives, suggesting that while cyber weapons can delay weapons development programs and generate opportunities for policy solutions, they only produce temporary setbacks and must be part of a broader set of tools.

The UK’s general election has wrapped up, resulting in a surprise hung parliament and probably a coalition government between the Conservative party and the Democratic Unionist Party. The good news is that, so far, there’s been little to suggest that cyberattacks affected the integrity of the election, despite earlier concerns, offering a welcome respite from the hacks that punctuated the French and US Presidential elections.

For fans of the duct-tape approach to webcam security, which include members as distinguished as Mark Zuckerberg and James Comey, new research suggests that anything with an indicator light on it might need the same treatment. Researchers have developed methods for exfiltrating data using the rapid blinking of indicator LEDs on network routers. Try your binary skills at deciphering the message in this demonstration (video). The technique builds on previous exfiltration methods using drones and disk drive LEDs. Let this serve as a reminder that any device that signals can be co-opted to become a monitoring device!

Researchers have found that Britney Spears’ Instagram profile has been used by Turla, a cyber-espionage group linked to Russian intelligence agencies, to communicate with a backdoor trojan. While early analysis seems to indicate this was only a test run, it highlights a wider concern that almost any communications channel can be used to control and command malware.