We’re starting this week off in the States with the FBI successfully crossing off a name on their most wanted cyber list. John Gordon Baden, wanted in connection with the identify theft of 40,000 individuals, was apprehended in Tijuana, Mexico. He and his co-conspirators allegedly used the stolen details to siphon millions of dollars from victims’ bank accounts by buying expensive products and taking out loans. Baden’s arrest was the result of several anonymous tip-offs and quick work on the ground by the Tijuana Municipal Police. The collaboration serves as a good example of what can be achieved through international collaboration on the cybercrime-fighting front.
Thousands of international delegates and media representatives are streaming into Brisbane this week ahead of the G20 Summit. Large international summits have proven to be attractive targets for both state-backed intelligence gathering and hacktivist operations. A phishing campaign was used during a G20 Finance Minister’s meeting in Paris 2011 to try and gain access to sensitive information. During the London Olympics plans were also laid to target critical national infrastructure. The Australian Signals Directorate’s CSOC has released a handy Protect Notice on the G20 Summit for Australian government attendees, but it also contains sound advice for all those attending.
China has allegedly ‘gone postal’ this week, stealing the personal details of the US Postal Service’s 800,000 employees. Whilst the Postal Service may seem like a strange target for the Chinese government, ICPC’s international fellow James Lewis has a simple explanation for the Washington Post. ‘They’re just looking for big pots of data on government employees’, Lewis said. ‘For the Chinese, this is probably a way of building their inventory on U.S. persons for counterintelligence and recruitment purposes.’ The information stolen included addresses, dates of birth and social security numbers. But the infiltrators seemed to be motivated by intelligence gathering, not crime or monetary gain. That led investigators to connect the attack to more traditional government-backed hackers driven by espionage.
Keen not to be left out, hackers linked to the Malaysian government have allegedly crashed an American environmental news website. The website had run an article publicising a new book critical of Abdul Taib Mahmud, a senior politician in Malaysia’s ruling coalition, the Barisan Nasional. The attack follows earlier threats to a domestic news organisation based in Sarawak that had reported on government corruption.
A man in the United Kingdom has been convicted on charges of posting a ‘malicious web link’ and encouraging a DDOS attack after he lent support to an Anonymous campaign in 2012 via his Twitter feed. The attack brought down the website of the UK Home Office and targeted the website of Home Secretary Theresa May. The man admitted supporting the group but argued that he hadn’t posted the links and his Twitter feed had been hacked.
Over in Vienna, the OSCE just wants us all to get along. Cyber Confidence Building Measures (CBMs) were the latest topic of discussion in a meeting held in the Austrian capital on Friday. Convened by the Swiss OSCE Chairmanship, the group met to discuss the implementation of a set of CBMs decided upon by the OSCE last year and to seek the advice of several NGO and CNI providers. The group was also keen to engage with representatives from other regional groupings including Asia.
Ambassador Benno Laggner, Head of the Division for Security Policy, at the Swiss Foreign Ministry explained: ‘Cyberspace constitutes an area with much room for speculation, doubt, and ambiguity. The use of ICTs for malicious purposes is not directly visible and it is even less tangible’. ‘Therefore, confidence-building measures designed to increase transparency and trust are crucial in order to reduce the danger of miscalculation, misperception and misunderstanding.’