Cyber wrap
10 Sep 2014|

Meeting of NATO Defence Ministers with counterparts from 24 partner countries - NATO Wales SummitThis week in cyber, New Zealand telco Spark suffered a massive internet meltdown over the weekend as its Domain Name System (DNS) infrastructure became overwhelmed in what the company said was a ‘dynamic cyber attack’. Some initial reports indicated customers might have caused the outage as they flocked to access leaked photos of celebrities via malware-infected links. While that may have left more than a few users feeling sheepish, Spark said it had yet to identify any such malware on customers’ computers and that it was possible hackers had exploited poorly-configured self-installed modems, or a combination of vulnerabilities.

Interestingly, the attack doesn’t appear to have been targeted at New Zealanders but rather at organisations in eastern Europe. A Spark spokeswoman stated that “It definitely appears it was ‘from overseas, to overseas’, but bouncing off our customers.”

Still with eastern European cyber concerns, discussions at the recent NATO Summit in Wales have resulted in NATO adding cyber-attacks to the list of offences that would trigger the retaliation of all 28 member states, with NATO Secretary-General Anders Fogh Rasmussen stating, ‘cyber defence is part of NATO’s core task of collective defence.’ While the statement didn’t outline the specifics surrounding the declaration (with the ambiguity adding a deterrent effect), NATO pledged more tangible support earlier in the summit with a ‘C4’ trust fund for Ukraine, which will see it provide capital for investment in ‘command, control, communications and computers’.

The NATO declaration led Jason Hart, of data protection firm SafeNet, to suggest that NATO should use the opportunity to influence its members to improve cyber defence capabilities and build competency within their private sectors. Hart stated that ‘NATO has the opportunity and obligation to ensure that member states are aware of cyber threats, are building a capability to address them and are supporting businesses to do the same.’

Hacktivist group Anonymous declared this week that they’ll be ramping up their online efforts against ISIS, which had commenced in June. The group claimed to have successfully targeted ISIS social media accounts and other parts of their online presence. Hackers working for ISIS retaliated against the group, with at least one Anonymous Twitter account being taken over by the jihadi outfit.

Sticking with hacking, a Trend Micro report published this week on the Chinese cybercriminal underworld makes for sober reading. The report found that economic and technical barriers to becoming a cybercriminal are much lower today and as a result, the market for tools to get started in cybercrime or improve ongoing operations is booming in Russia, China and Brazil.

The growing capability of commercial hackers was reported by eWeek in an article focused on a ‘watering-hole’ attack that saw hackers compromise a popular industrial engineering website using JavaScript to collect information on visitors and log their keystrokes. Attackers do not just seek to compromise victims, but also to reconnoitre potential targets and further refine methods for future attacks. Watering-hole attacks have become an increasingly common component in the toolbox of nation-states’ cyber-warriors, who are generally considered to be the most sophisticated adversaries in the cyber domain.

In an effort to address the ’cyber gap’, American educational institutions are endeavouring to generate interest in computer-based sciences by encouraging high schoolers to participate in programs focused on coding and cyber defence. Those efforts, focused on such activities as after-school groups and an IT Olympics, are aimed at encouraging more young Americans to consider pursuing a career and further education in the field.

Back closer to home, ACT Chief of Police Rudi Lammers used the retirement of outgoing Australian Federal Police Commissioner Tony Negus to encourage Negus’ replacement to steer the national law enforcement agency to tackle increased threats from cybercrime and homegrown terrorists. Chief police officer Lammers identified cybercrime and radicalisation as two of the main threats facing the national police force over the next 10 years.

Roy Birch is a visiting analyst at ASPI. Image courtesy of NATO.