Cyber wrap
Posted By Michael Chi on July 12, 2017 @ 12:30
Despite the continuing concerns over Russia’s adversarial role in cybersecurity, President Trump announced [1] at the G20 that he and President Putin had discussed the formation of a joint US–Russian ‘impenetrable cyber security unit’ to ‘guard’ against ‘election hacking’. The announcement has unleashed [2] a [3] wave [4] of [5] disbelief [6]. Many have likened the move to trusting the fox to guard the henhouse [7], or accepting rings of power [8] from Sauron. Adding fuel to the fire, WikiLeaks has taken the opportunity [9] to suggest Julian Assange for the job of leading the proposed unit. President Trump has since clarified his position [10], characterising the unit as an avenue for ‘discussion’ and ‘ceasefires’. President Putin has since provided a much clearer and more sensible [11] description of the initiative, calling it a ‘working group’ that would define rules of engagement and propagate international legal norms.
While the idea of information-sharing and de-escalatory hotlines between adversaries has shown value in previous agreements [12] in other bilateral relationships, the specifics of what President Trump meant are unclear, and concern remains over Trump’s continuing refusal to publicly and clearly identify and penalise Russia as an interfering actor in the 2016 US election. And a similar agreement between the FBI and the Russian FSB fell apart earlier this year after the FSB partners were linked to the massive Yahoo hack [13] of 2014, which exposed 30 million Yahoo accounts.
Janus Cybercrime Solutions, the author of the original Petya ransomware, has argued that it was not behind the recent outbreak [14] of NotPetya, and has provided a link to download the master decryption key [15] for all past versions of Petya. The key has been tested and validated by a researcher from Kaspersky [16], suggesting that Janus is sincere in its desire to avoid blame. Meanwhile, the attackers behind NotPetya (exact identity unknown) have made their first public statement [17] on DeepPaste, offering NotPetya’s decryption key [18] in exchange for 100 Bitcoin, or US$250,000. On the other side of the NotPetya attack, ‘Intellect Service’, the Ukraine-based accounting software company that was hacked so that its legitimate software update mechanism could be used to distribute NotPetya, had its offices raided by heavily armed police [19] last week. The company’s servers were also seized [20], which seems to reinforce previous statements by Ukraine’s Cyberpolice unit that the company will be facing charges of negligence [21].
Critical infrastructure protection continued to be an area of concern this week, after US officials discovered that a foreign government [22] had gained unauthorised access to some administrative and business networks of at least 12 US power plants, including nuclear facilities. Analysts have pointed to Russia as the most likely source, and they are concerned that the attacks are part of the testing process for the development of advanced tooling that can knock out electrical grids. Germany’s domestic security agency, Bundesamt für Verfassungsschutz, has released its annual report [23], noting that there’s been an increase [24] in spying and cyberattacks from foreign governments, particularly from Turkey after Turkey’s July 2016 coup attempt, and from Russia in the lead up to the German parliamentary election in September 2016.
The Department of Immigration and Border Protection (DIBP) is looking for a new [25] chief information officer as the current one, Randall Brugeaud, moves over to become [26] deputy statistician at the Australian Bureau of Statistics (ABS). The move comes at a less than ideal time for DIBP, which is two years into a massive IT integration program [27] (PDF), but demonstrates the high regard in which DIBP’s IT staff are held by the public service and by ABS executives, who are looking to avoid a repeat of last year’s census troubles.
A dark-web seller was found to be offering Medicare numbers [28] for the equivalent of A$30.50 apiece since October 2016, raising concerns about the numbers’ use in re-identification attacks [29] on privacy. Initial speculation is suggesting [30] that Health Professionals Online Services, a Medicare name-to-number search system, is the source of the numbers. In a subsequent interview [31], Minister for Human Services Alan Tudge said that his department has no seen indications of an ongoing security breach, and that the ‘vulnerability’ in question is more likely a traditional, small-scale data breach from a clinic or surgery. The matter’s also been referred to the AFP. While the extent of the breach isn’t yet clear, the government has initiated a wider review [32] of Medicare security which will prove revealing when it’s completed in September.
It seems to be the time of the year for ambitious IT reviews. The Australian Electoral Commission has announced that it will be conducting a formal review [33] of its IT systems, to be completed in August 2017. The review comes as a timely response to recommendations [34] from a joint parliamentary committee [35]. Elsewhere in Australia, the Victorian government has concluded its own review of 54,000 fines, which were quarantined after WannaCry hit their issuing cameras. The review found that most fines were correctly allocated, despite minor disruptions, and that the majority of the 54,000 will stand [36].
Article printed from The Strategist: https://www.aspistrategist.org.au
URL to article: https://www.aspistrategist.org.au/cyber-wrap-172/
URLs in this post:
[1] President Trump announced: https://twitter.com/realDonaldTrump/status/884016887692234753
[2] unleashed: https://twitter.com/ChelseaClinton/status/884047735992832000
[3] a: https://twitter.com/marcorubio/status/884022979004428289
[4] wave: https://twitter.com/JoySharp58/status/884034421237612544
[5] of: https://twitter.com/anirvanghosh/status/884026841140523010
[6] disbelief: http://thehill.com/homenews/senate/341174-graham-unloads-on-trump-blind-spot-on-russia-undermining-his-entire
[7] fox to guard the henhouse: https://twitter.com/anirvanghosh/status/884024932098859008
[8] accepting rings of power: https://twitter.com/Futterish/status/884047162878947328
[9] taken the opportunity: https://twitter.com/wikileaks/status/884029003472003072
[10] clarified his position: https://twitter.com/realDonaldTrump/status/884211874518192128
[11] provided a much clearer and more sensible: https://www.bloomberg.com/view/articles/2017-07-10/how-trump-got-putin-wrong-on-cybersecurity
[12] has shown value in previous agreements: https://www.washingtonpost.com/news/monkey-cage/wp/2017/07/09/trumps-plan-to-work-with-putin-on-cybersecurity-makes-no-sense-heres-why/
[13] FSB partners were linked to the massive Yahoo hack: https://www.justice.gov/opa/pr/us-charges-russian-fsb-officers-and-their-criminal-conspirators-hacking-yahoo-and-millions
[14] was not behind the recent outbreak: https://www.bleepingcomputer.com/news/security/author-of-original-petya-ransomware-publishes-master-decryption-key/
[15] has provided a link to download the master decryption key: https://twitter.com/JanusSecretary/status/882663988429021184?ref_src=twsrc%5Etfw&ref_url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fauthor-of-original-petya-ransomware-publishes-master-decryption-key%2F
[16] researcher from Kaspersky: https://twitter.com/antonivanovm/status/883018977835921409?ref_src=twsrc%5Etfw&ref_url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fauthor-of-original-petya-ransomware-publishes-master-decryption-key%2F
[17] made their first public statement: https://motherboard.vice.com/en_us/article/8xagk4/hackers-connected-to-notpetya-ransomware-surface-online-empty-bitcoin-wallet
[18] offering NotPetya’s decryption key: https://www.theverge.com/2017/7/5/15922216/petya-notpetya-ransomware-authors-bitcoin-demand-decrypt
[19] offices raided by heavily armed police: https://thehackernews.com/2017/07/notpetya-ransomware-police-raid.html
[20] company’s servers were also seized: http://www.bbc.com/news/technology-40497026
[21] facing charges of negligence: http://www.abc.net.au/news/2017-07-03/cyber-attack-charge-ukarine/8675006
[22] discovered that a foreign government: https://www.bloomberg.com/news/articles/2017-07-07/russians-are-said-to-be-suspects-in-hacks-involving-nuclear-site
[23] released its annual report: https://www.verfassungsschutz.de/en/public-relations/publications/annual-reports/annual-report-2016-summary
[24] noting that there’s been an increase: https://www.usnews.com/news/world/articles/2017-07-04/germany-big-target-of-cyber-espionage-and-attacks-government-report
[25] is looking for a new: https://executiveintelligencegroup.com.au/wp-content/uploads/2017/07/583-CIO-DIBP-Candidate-Information.docx
[26] moves over to become: https://www.itnews.com.au/news/abs-lures-immigration-cio-to-lead-250m-transformation-468005
[27] massive IT integration program: https://www.border.gov.au/ReportsandPublications/Documents/technology-strategy-2020.pdf
[28] found to be offering Medicare numbers: https://www.theguardian.com/australia-news/2017/jul/04/the-medicare-machine-patient-details-of-any-australian-for-sale-on-darknet
[29] re-identification attacks: http://www.zdnet.com/article/why-the-medicare-information-leak-should-be-taken-seriously/
[30] speculation is suggesting: http://www.huffingtonpost.com.au/2017/07/09/government-pre-empts-medicare-investigation-with-security-review_a_23022973/
[31] a subsequent interview: https://www.mhs.gov.au/transcripts/2017-07-05-sky-news-interview-samantha-maiden-and-tom-connell
[32] wider review: http://www.news.com.au/national/politics/federal-government-announces-review-of-health-provider-online-access-of-medicare-data/news-story/fb9ef23633797c898617ba3becf0e179
[33] conducting a formal review: https://www.itnews.com.au/news/aec-to-review-resilience-of-electoral-systems-467809
[34] recommendations: http://www.idm.net.au/article/0011551-parliamentary-committee-votes-change-safeguard-aussie-elections
[35] joint parliamentary committee: http://www.aph.gov.au/Parliamentary_Business/Committees/Joint/Electoral_Matters/2016Election/Third_Interim_Report
[36] that the majority of the 54,000 will stand: http://www.zdnet.com/article/54000-fines-pulled-by-victorian-police-following-wannacry-will-stand-report/
Click here to print.