Shellshock (n) 1. psychological disturbance caused by prolonged exposure to active warfare, especially being under bombardment; 2. a particularly alarming software bug that could be used to take control of hundreds of millions of machines around the world.
This week researchers uncovered a 22-year-old bug in a piece of free software that’s built into more than 70% of devices connected to the Internet. The command line utility, known as Bourne-Again Shell or Bash, is widely used in Unix-based operating systems and the flaw could allow cyber ne’er-do-wells to gain control of vulnerable devices. Always quick to exploit a weakness, reports suggest hackers are already taking advantage of the discovery, with one particular botnet—‘wopbot’—targeting the US Department of Defense and security company Akamai. Australia’s Privacy Commissioner has warned that government agencies and businesses not addressing Shellshock could run afoul of the Privacy Act.
Described as only ‘slightly worse than Heartbleed’, Shellshock rains on what should have been a feel-good week for law enforcement. In Singapore, Interpol announced its plan to open a Global Complex for Innovation next April to combat cybercrime. Moreover, this week saw a solid raft of cyber security initiatives launched in Europe. The UK took the lead partnering with the British Bankers’ Association to launch the Financial Crime Alerts Service (a major public–private information-sharing platform) and requiring public–sector supply chains to comply with the Cyber Essential Scheme security controls. The larger EU followed suit with Europol’s European Cybercrime Centre signing a Memorandum of Understanding with the European Banking Federation to increase cooperation. ASPI’s David Connery and Anthony Bergin think Australia should be upping its game in cyberspace as well, calling for a new Minister for Security and Resilience position with an Assistant Minister for Cyber Policy in tow.
Of course for some governments, financial cybercrime isn’t the only threat posed by the digital domain. Ongoing pro-democracy protests in Hong Kong have spurred the Chinese government to take down the Internet menace Instagram while President Putin has tasked Russia’s security council to study the possibility of disconnecting Russian-language internet domains and sites, known commonly as Runet, from the global Internet ‘in an emergency’. Even Iran’s President Rouhani, who has previously taken a more moderate stance on social media, is being pressured by the judiciary to crack down on WhatsApp, Viber, and Tango.
Australia’s also facing its own challenges on social media, as extremists have increasingly begun to utilise the space to shape the Islamic State narrative. In what some have labelled Jihad 3.0, governments need innovation and partnership to keep up, or so says ICPC Director Tobias Feakin.
The misuse of social media has also been identified as one of the biggest threats to social cohesion and regional security in east Africa. New technologies and tools are opening new avenues to cyber crime according to reports. Of course, the spread of ICT technology isn’t all bad. Diálogo Regional sobre Sociedad de la Información, an ICT network based in Latin America, has released a report on an in-depth study titled The Internet and Poverty: Opening the Black Box (PDF) which finds that—generally speaking—the spread of broadband contributes to positive growth and development.
And on that note, Happy Cyber Security Awareness Month!