Cyber wrap
26 Aug 2015|

Canadian dollars

The US Department of Commerce announced last week that it’s extended its Internet Assigned Numbers Authority (IANA) contract with the Internet Corporation for Assigned Names and Numbers until 30 September 2016. While originally scheduled for handover this September, the delay in formulating a transition plan has made it necessary to extend US Government involvement in managing the Domain Names System. Comments on the draft IANA transition plan are due by 8 September.

Impact Team, the group that have claimed responsibility for the Ashley Madison hack, carried through with their threat to release a database containing information on 37 million members worldwide. Ashley Madison’s parent company Avid Life Media has now offered a CAD$500,000 reward for information that leads to the prosecution of the hackers. Some scammers are reportedly now targeting Ashley Madison members, fraudulently offering to remove the leaked data from the internet, and using interest in the hack to entice others to visit compromised websites. Sadly, the release of data identifying members of the site has so far allegedly been linked with two suicides in Canada and one in the US.

This week, the Council for Foreign Relations (CFR) released its third Cyber Brief on developing proportionate responses to cyber incidents, penned by Tobias Feakin, the director of ASPI’s International Cyber Policy Centre. The brief proposes a framework that policymakers can use to respond to disruptive or destructive state-sponsored cyber activity in a proportionate, legal, timely and discriminatory manner. It notes that determining attribution is critical to crafting an appropriate response, a point also cited by computer security expert Bruce Schneier as a complicating factor in responding to what he sees as the beginning of a cyber arms race.

Also at CFR, Elaine Korzak has dissected the bilateral agreement signed by Russia and China in May this year. She notes that the agreement, which includes a non-aggression clause, is a continuation of the international initiatives that China and Russia have pursued since 2009, notably their 2011 proposal for a code of conduct in cyberspace.

The theft of personal data from Japan’s Pension Service has prompted the release of a draft Cybersecurity Strategy by the Japanese government this week. The draft of the strategy was released in May, but was revised to expand the scope of the NISC cybersecurity monitoring to include non-core government agencies. Japan’s cybersecurity posture will become increasingly critical as the country hosts major international events in the coming years, notably the 2020 Olympic Games. The strategy calls for greater public–private cooperation including a joint response team that can be activated in cyber emergencies.

And finally, those of you with an evil twin should feel comforted that they won’t be able to use Microsoft’s new facial recognition login feature—Windows Hello—to access your computer. The Australian gathered a group of identical twins and attempted to fool the system into logging in the wrong person. Windows Hello wasn’t fooled once, although it did lock out one genuine user.