- The Strategist - https://www.aspistrategist.org.au -

Cyber wrap

Posted By on June 14, 2017 @ 13:06

Image courtesy of Flickr user Jay Divinagracia.

Prime Minister Turnbull issued his national security statement [1] in Parliament yesterday, again calling on cooperation on decryption from social media and messaging platforms when countering violent extremists. The topic is set to be the key focus of an upcoming Five Eyes meeting in Canada this month, and Attorney-General George Brandis has announced that the government intends to improve warrant-based powers [2] to compel technology companies to decrypt communications, mirroring steps taken in the UK to introduce formal ‘technical capability notices’ [3]. The government has pushed the message [4] that these are reasonable adjustments to the current framework of warranted collection, but the move has re-ignited privacy debates regarding ‘backdoors’ [5] dating back to the infamous Apple vs. the FBI case [6].

Australia has continued to sign cyber diplomacy agreements in the Asia–Pacific region [7], with Australia and Thailand’s national-level policing forces agreeing to cooperate in building digital forensics and digital technology capability [8].

The government’s Digital Transformation Agency [9] (DTA) has seen 35 of its employees quit [10] as a result of changes to the agency late last year. Most of the departing staff are developers, designers and architects. The high-profile departure of Office head Paul Shetler [11] and internal frustrations over stalled government IT integration projects [12] are thought to be contributing factors. For an agency that has just over a hundred workers [13], of whom 71 are  Public Service members, the loss of in-house technical subject matter expertise could jeopardise ambitious plans unveiled in this year’s Federal Budget [14] to make the DTA an authoritative office for all things digital, including cyber security.

At the Emerging Cyber Threats Summit in Sydney there were renewed calls to expand the remit of the Australian Signals Directorate (ASD) to provide cybersecurity advice from ‘basement to boardroom [15]’. The Victorian audit office has expanded its cyber security back office audit and assurance role, announcing it will undertake [16] an ambitious series of eight audits [17] across central government agencies in Victoria, to improve public confidence in the security and privacy protections of state government IT systems. As well, former Atlassian exec and Australian Cyber Security Growth Network CEO Craig Davies has argued that customers need to demonstrate more confidence in Australian cyber security businesses, lambasting the current market for forcing Australian firms overseas [18] before they’re seen as ‘good enough’ to buy from domestically, thus stunting the growth of Australian cyber security innovation and collaboration.

Two sets of research into the cyber attack-induced blackouts [19] in Ukraine last December have found that, once again, hackers with ties to Russia are to blame. More ominously, the tooling used in that attack, Industroyer by ESET [20] and CrashOverride by Dragos [21], demonstrates a growing maturity compared to tools used in a 2015 attack on Ukraine’s electricity grid. The new malware is being described as a modular and holistic ‘swiss-army knife’ that has automated the attack process end-to-end, including infection, propagation and clean-up. Moreover, the malware can disable or cause physical damage [22] to any electric grid that uses similar industrial control software, making the threat of a ‘cyber storm’ [23] on critical infrastructure more likely.

On the other side of the offense spectrum, a report has found that decision makers have been largely disappointed by the limited effect of US offensive cyber measures against Islamic State’s online recruitment networks. The terrorist organisation has demonstrated significant resilience and adaptation against cyber weapons, leaving their ‘global reach largely intact [24]’. Similar limitations were found in the use of Stuxnet against Iran’s uranium enrichment centrifuges [25], which, despite successive iterations and upgrades to the Stuxnet virus, saw Iran’s nuclear program continue to reach new milestones. North Korea’s missile and nuclear weapons program [26] have reportedly demonstrated similar resilience [27] against cyber offensives, suggesting that while cyber weapons can delay weapons development programs and generate opportunities for policy solutions, they only produce temporary setbacks and must be part of a broader set of tools.

The UK’s general election has wrapped up, resulting in a surprise hung parliament and probably a coalition government between the Conservative party and the Democratic Unionist Party. The good news is that, so far, there’s been little to suggest [28] that cyberattacks affected the integrity of the election, despite earlier concerns [29], offering a welcome respite from the hacks that punctuated the French and US Presidential elections.

For fans of the duct-tape approach to webcam security [30], which include members as distinguished as Mark Zuckerberg [31] and James Comey [32], new research suggests [33] that anything with an indicator light on it might need the same treatment. Researchers have developed methods for exfiltrating data using the rapid blinking of indicator LEDs [34] on network routers. Try your binary skills at deciphering the message in this demonstration [35] (video). The technique builds on previous exfiltration methods [36] using drones and disk drive LEDs. Let this serve as a reminder that any device that signals can be co-opted to become a monitoring device!

Researchers have found [37] that Britney Spears’ Instagram profile has been used by Turla, a cyber-espionage group linked to Russian intelligence agencies [38], to communicate with a backdoor trojan [39]. While early analysis seems to indicate this was only a test run, it highlights a wider concern [40] that almost any communications channel can be used to control and command malware.



Article printed from The Strategist: https://www.aspistrategist.org.au

URL to article: https://www.aspistrategist.org.au/cyber-wrap-168/

URLs in this post:

[1] issued his national security statement: https://www.pm.gov.au/media/2017-06-13/national-security-statement

[2] has announced that the government intends to improve warrant-based powers: https://www.itnews.com.au/news/turnbull-govt-wants-to-force-companies-to-break-encryption-464861?utm_source=feed&utm_medium=rss&utm_campaign=iTnews+

[3] steps taken in the UK to introduce formal ‘technical capability notices’: https://www.scmagazineuk.com/uk-government-to-ask-for-anti-encryption-powers-post-manchester-attack/article/664816/

[4] pushed the message: https://www.theregister.co.uk/2017/06/12/australia_considers_copying_uk_investigatory_powers_act/

[5] privacy debates regarding ‘backdoors’: https://youtu.be/uLNjPSt0rb8?t=615

[6] Apple vs. the FBI case: https://www.digitaltrends.com/mobile/apple-encryption-court-order-news/

[7] cyber diplomacy agreements in the Asia–Pacific region: http://www.zdnet.com/article/australia-signs-cybercrime-agreement-with-thailand/

[8] building digital forensics and digital technology capability: http://www.innovationaus.com/2017/06/Dr-Feakin-Our-man-on-cyber/

[9] Digital Transformation Agency: https://www.dta.gov.au/

[10] seen 35 of its employees quit: https://www.itnews.com.au/news/exodus-of-talent-follows-dtas-restructure-464285

[11] high-profile departure of Office head Paul Shetler: https://www.cio.com.au/article/612460/paul-shetler-quit-over-philosophical-clash-minister/

[12] internal frustrations over stalled government IT integration projects: https://www.itnews.com.au/news/agency-pushback-killed-govau-454689

[13] just over a hundred workers: https://www.dta.gov.au/files/dto-annual-report-2015-16.pdf

[14] ambitious plans unveiled in this year’s Federal Budget: https://www.aspistrategist.org.au/cyber-wrap-164/

[15] basement to boardroom: http://www.zdnet.com/article/telstras-former-ciso-wants-asd-to-be-a-leading-light-for-private-enterprise/

[16] announcing it will undertake: http://www.audit.vic.gov.au/reports_and_publications/annual-plan.aspx?utm_medium=email&utm_campaign=Auditor-General%27s+report+and+Annual+Plan+2017%E2%80%9318+tabled+8+June+2017&utm_content=audit.vic.gov.au%2Freports_and_publications%2Fannual-plan.aspx&utm_source=www.vision6.com.au

[17] an ambitious series of eight audits: https://www.itnews.com.au/news/victorian-agencies-under-it-cyber-security-scrutiny-464531

[18] lambasting the current market for forcing Australian firms overseas: http://www.zdnet.com/article/cyber-security-growth-network-wants-the-world-to-buy-australian/

[19] research into the cyber attack-induced blackouts: https://securityledger.com/2017/06/security-firms-new-malware-built-to-hobble-grid/

[20] Industroyer by ESET: https://www.welivesecurity.com/wp-content/uploads/2017/06/Win32_Industroyer.pdf

[21] CrashOverride by Dragos: https://dragos.com/blog/crashoverride/CrashOverride-01.pdf

[22] can disable or cause physical damage: https://arstechnica.com/security/2017/06/crash-override-malware-may-sabotage-electric-grids-but-its-no-stuxnet/

[23] ‘cyber storm’: https://ministers.pmc.gov.au/tehan/2016/address-national-press-club-cyber-storm

[24] global reach largely intact: https://www.nytimes.com/2017/06/12/world/middleeast/isis-cyber.html

[25] the use of Stuxnet against Iran’s uranium enrichment centrifuges: https://www.wired.com/2014/11/countdown-to-zero-day-stuxnet/

[26] nuclear weapons program: http://www.reuters.com/article/us-usa-northkorea-stuxnet-idUSKBN0OE2DM20150529

[27] demonstrated similar resilience: https://www.nytimes.com/2017/03/04/world/asia/north-korea-missile-program-sabotage.html

[28] there’s been little to suggest: http://www.information-age.com/late-hackers-hit-uk-general-election-123466661/

[29] despite earlier concerns: http://www.cbronline.com/news/cybersecurity/breaches/uk-general-election-hacked-80-think-happen/

[30] duct-tape approach to webcam security: https://qz.com/602218/are-you-being-watched-right-now-theres-a-creepy-search-engine-for-unsecured-webcams/

[31] Mark Zuckerberg: https://www.theguardian.com/technology/2016/jun/22/mark-zuckerberg-tape-webcam-microphone-facebook

[32] James Comey: http://www.telegraph.co.uk/technology/2016/09/15/put-tape-over-your-webcam-fbi-director-warns/

[33] new research suggests: https://arxiv.org/ftp/arxiv/papers/1706/1706.01140.pdf

[34] exfiltrating data using the rapid blinking of indicator LEDs: https://threatpost.com/blinking-router-leds-leak-data-from-air-gapped-networks/126199/

[35] in this demonstration: https://youtu.be/mSNt4h7EDKo

[36] previous exfiltration methods: https://www.youtube.com/watch?v=4vIu8ld68fc

[37] Researchers have found: https://www.welivesecurity.com/2017/06/06/turlas-watering-hole-campaign-updated-firefox-extension-abusing-instagram/

[38] cyber-espionage group linked to Russian intelligence agencies: https://www.bleepingcomputer.com/news/security/21-years-later-experts-connect-the-dots-on-one-of-the-first-cyber-espionage-groups/

[39] a backdoor trojan: https://www.bleepingcomputer.com/news/security/russian-state-hackers-use-britney-spears-instagram-posts-to-control-malware/

[40] highlights a wider concern: https://link.springer.com/chapter/10.1007/978-3-642-13708-2_30

Copyright © 2024 The Strategist. All rights reserved.