Cyber wrap
28 May 2014|

The fallout and back-and-forth between China and America has continued after last week’s announcement by U.S. Attorney General Eric Holder of indictments against five Chinese military officers for ‘serious cybersecurity breaches’. (If you missed the news, the ABC had a solid run-down on developments, including an interview with ICPC’s Toby Feakin.) The charges represent a major change of strategy and policy for the Obama administration as it seeks to hold China accountable for what it sees as a cyber espionage campaign targeting American intellectual property. China hit back at claims that its government and military had been involved in the cyber theft of trade secrets, insisting rather that it had been a victim of US spying, name-dropping privacy-warhorse Edward Snowden to make their point.

The evidence levelled against the Chinese shows just how quickly the sands can shift on cyber matters: ICPC’s Simon Hansen concluded that ‘straight-faced deniability is no longer the smoke screen it once was’, while Thomas Rid noted that the indictment sets ‘a new bar for future attribution reports’. Peter Singer of Brookings has also turned in a comprehensive interview to Vox on the implications of the US move on cyber espionage.

US law-enforcement officials last week announced the arrest of 97 people in 19 countries —said to be the largest global cyber law enforcement operation ever undertaken—for using and distributing malware named the BlackShades Remote Access Tool. The malware ‘allows cybercriminals to take control of your computer:’ they can spy on you through your web camera, steal your files and account information and see what you are typing’. Gail Sullivan over at the Washington Post has some commentary on BlackShades, as does Brian Krebs on his blog Krebs on Security. In related news, a hacker formerly of the LulzSec group has had his 26-year prison term quashed after he cooperated with authorities in order to prevent in excess of 300 cyber attacks, including those against utilities companies and the US Senate website.

The Jakarta Post has this week reported on the development of Indonesia’s cyber defence force. The Cyber Operations Center, located at the MoD headquarters in Pondok Labu, South Jakarta, has teams across a range of tasks including intrusion prevention, threat analysis, hacker monitoring, recovery and attack. Beyond those staff in the Cyber Operations Center, there will be individual units across the TNI in the Army, Navy, Air Force and the ministry. Indonesian officials have recognised the program as operationally ready although ‘embryonic’ with ‘four to five skilled operators in each division’, which they hope to grow to 20 per group. No doubt the MoD was taking names when they hosted 30 teams from across Indonesia recently at the finals of the 2014 Cyber Defence Competition in Surabaya, East Java.

eBay recently found itself at the centre of what’s becoming a standard corporate crisis scenario when hackers accessed the personal data and passwords of all 145 million of its users. It’s been reported that the breach occurred in late February to early March, with eBay making the discovery in early May and publicly announcing the hack in the past week. The ecommerce giant was roundly criticised for its response to the breach, with more than 36 hours passing between the hacking announcement and eBay publishing the news on its homepage. Emails to users then appear to have gone out in dribs and drabs over some days, with eBay finally taking the decision to enforce a password change on users who hadn’t already done so.

The eBay story may well be one Apple should keep in mind, with some Australian iPhone/iPad users reporting in the last 24 hours that their devices were being held hostage by a hacker demanding payment via PayPal in order to restore control to the owner. While Apple is yet to provide any public comment or guidance to users, the tech community has given some standard advice: change your passwords!

Finally, at the launch of the ICPC’s Cyber Maturity in the Asia Pacific Region report, ICPC Director Toby Feakin sat down with Minister for Communications Malcolm Turnbull to discuss the findings of the study and how Australia rated against the region. The interview is now online.

David Lang is an intern in ASPI’s International Cyber Policy Centre.