Cyber wrap
12 Jul 2017|

Despite the continuing concerns over Russia’s adversarial role in cybersecurity, President Trump announced at the G20 that he and President Putin had discussed the formation of a joint US–Russian ‘impenetrable cyber security unit’ to ‘guard’ against ‘election hacking’. The announcement has unleashed a wave of disbelief. Many have likened the move to trusting the fox to guard the henhouse, or accepting rings of power from Sauron. Adding fuel to the fire, WikiLeaks has taken the opportunity to suggest Julian Assange for the job of leading the proposed unit. President Trump has since clarified his position, characterising the unit as an avenue for ‘discussion’ and ‘ceasefires’. President Putin has since provided a much clearer and more sensible description of the initiative, calling it a ‘working group’ that would define rules of engagement and propagate international legal norms.

While the idea of information-sharing and de-escalatory hotlines between adversaries has shown value in previous agreements in other bilateral relationships, the specifics of what President Trump meant are unclear, and concern remains over Trump’s continuing refusal to publicly and clearly identify and penalise Russia as an interfering actor in the 2016 US election. And a similar agreement between the FBI and the Russian FSB fell apart earlier this year after the FSB partners were linked to the massive Yahoo hack of 2014, which exposed 30 million Yahoo accounts.

Janus Cybercrime Solutions, the author of the original Petya ransomware, has argued that it was not behind the recent outbreak of NotPetya, and has provided a link to download the master decryption key for all past versions of Petya. The key has been tested and validated by a researcher from Kaspersky, suggesting that Janus is sincere in its desire to avoid blame. Meanwhile, the attackers behind NotPetya (exact identity unknown) have made their first public statement on DeepPaste, offering NotPetya’s decryption key in exchange for 100 Bitcoin, or US$250,000. On the other side of the NotPetya attack, ‘Intellect Service’, the Ukraine-based accounting software company that was hacked so that its legitimate software update mechanism could be used to distribute NotPetya, had its offices raided by heavily armed police last week. The company’s servers were also seized, which seems to reinforce previous statements by Ukraine’s Cyberpolice unit that the company will be facing charges of negligence.

Critical infrastructure protection continued to be an area of concern this week, after US officials discovered that a foreign government had gained unauthorised access to some administrative and business networks of at least 12 US power plants, including nuclear facilities. Analysts have pointed to Russia as the most likely source, and they are concerned that the attacks are part of the testing process for the development of advanced tooling that can knock out electrical grids. Germany’s domestic security agency, Bundesamt für Verfassungsschutz, has released its annual report, noting that there’s been an increase in spying and cyberattacks from foreign governments, particularly from Turkey after Turkey’s July 2016 coup attempt, and from Russia in the lead up to the German parliamentary election in September 2016.

The Department of Immigration and Border Protection (DIBP) is looking for a new chief information officer as the current one, Randall Brugeaud, moves over to become deputy statistician at the Australian Bureau of Statistics (ABS). The move comes at a less than ideal time for DIBP, which is two years into a massive IT integration program (PDF), but demonstrates the high regard in which DIBP’s IT staff are held by the public service and by ABS executives, who are looking to avoid a repeat of last year’s census troubles.

A dark-web seller was found to be offering Medicare numbers for the equivalent of A$30.50 apiece since October 2016, raising concerns about the numbers’ use in re-identification attacks on privacy. Initial speculation is suggesting that Health Professionals Online Services, a Medicare name-to-number search system, is the source of the numbers. In a subsequent interview, Minister for Human Services Alan Tudge said that his department has no seen indications of an ongoing security breach, and that the ‘vulnerability’ in question is more likely a traditional, small-scale data breach from a clinic or surgery. The matter’s also been referred to the AFP. While the extent of the breach isn’t yet clear, the government has initiated a wider review of Medicare security which will prove revealing when it’s completed in September.

It seems to be the time of the year for ambitious IT reviews. The Australian Electoral Commission has announced that it will be conducting a formal review of its IT systems, to be completed in August 2017. The review comes as a timely response to recommendations from a joint parliamentary committee. Elsewhere in Australia, the Victorian government has concluded its own review of 54,000 fines, which were quarantined after WannaCry hit their issuing cameras. The review found that most fines were correctly allocated, despite minor disruptions, and that the majority of the 54,000 will stand.