Cyber wrap
17 Dec 2014|

PipelineWell done (or commiserations) to those diligent souls that have yet to decamp for the summer break. To help soften the blow, here’s the last cyber wrap for the year from the ICPC.

Last week Bloomberg released an interesting report speculating on the reason behind the Baku-Tbilisi-Ceyhan (BTC) pipeline explosion in 2008. The explosion, in Erzincan, eastern Turkey, had largely been attributed to the Kurdistan Workers’ Party, or PKK. Bloomberg asserts that the explosion was evidence of one of the first instances of kinetic cyber attack. Apparently, Western intelligence agencies who investigated the attack found that ‘hackers had shut down alarms, cut off communications and super-pressurized the crude oil in the line’. The article links the sabotage to the Russians, who, don’t forget, were the alleged victims of a cyber-linked pipeline bomb in 1982.

The Chinese Communist Party is slowly trying to become ‘hip to the youth’ with its propaganda campaigns. The Economist is reporting that to maintain currency with a tech-savvy and younger audience the Party is supporting and encouraging traditional print media outlets to build an online presence. Interestingly, this type of reporting has ‘repackaged’ traditional forms of propaganda into grabs and headlines that are most likely to attract the eyeballs of a younger crowd. The article even claims that the latest online offering from Shanghai Observer, dubbed ‘The Paper’ is similar in style to the US-based Huffington Post (minus the independent reporting). We wait with anticipation for the propaganda machine to discover lolcats and memes.

Two separate computer security firms released reports last week into diplomat-targeting malware. The malware, dubbed Inception or Cloud Atlas depending on your preference, is a professional (most likely state-backed) attempt to steal data from devices running Windows, Android, BlackBerry, and iOS. Kaspersky Lab reports:

It’s almost certainly an update of the Red October malware platform that previously infected hundreds of diplomatic, governmental, and scientific research organizations around the world. One of the most sophisticated so-called advanced persistent threats (APTs) ever discovered, Red October seemed to vanish once Kaspersky Lab researchers brought it to light.

Well now it’s back and it’s going after the data of officials in Russia, Central and Eastern Europe and South America, among others.

The ITU has released its Global Cybersecurity Index (GCI), a study designed to rank the cyber capabilities of nation-states across five sets of criteria: Legal Measures, Technical Measures, Organisational Measures, Capacity Building and Cooperation. The study utilised a combination of surveys, which were completed by some of the countries, and open-source research as the basis of the assessment. Most of the usual suspects fill out the top ten, except perhaps for Oman, which unexpectedly pops up at number four, ahead of traditional players such as Germany, the United Kingdom and Japan.

‘Major General Stephen Day wants you!… To report cyber crime’. The Australian Cyber Security Centre has launched a new, streamlined reporting system on its website and is calling on businesses and government agencies to make use of the service. The major general explained:

Every report helps the ACSC to develop a better understanding of the threat environment and will assist other organisations who are also at risk…Cyber security incident reports are also used in aggregate for developing new defensive techniques and training measures to help prevent future incidents.

That’s it from us here at ICPC for 2014. Thanks to all for your support, have a great break and we’ll see you in the New Year!

Jessica Woodall is an analyst in ASPI’s International Cyber Policy Centre. Image courtesy of Flickr user Travis.