Cyber wrap
14 Oct 2015|
iOS apps

Following up on last week’s cliffhanger, the Safe Harbour agreement was deemed invalid by the European Court of Justice. For the last 15 years, this agreement has allowed the transfer of EU data across the Atlantic by US businesses, based on corporate self-regulation. EU concerns over the US approach to data privacy were exacerbated by the Snowden saga, and undoubtedly contributed to the recent decision. This verdict has potentially significant implications for the more than 3,000 businesses in Europe and the US that depended on the agreement.

In the wake of last month’s historic agreement on cyber security between the US and China, the Washington Post reported this week that China has arrested several suspected hackers at the request of the US. The US identified the culprits as guilty of stealing US commercial secrets and they were arrested by the Chinese two weeks before Xi Jinping’s visit to Washington DC. This move is a far cry from the normal denials; however it’s unclear whether the arrests demonstrate a lasting policy change or simply a short-term strategy to avoid Obama’s threatened sanctions.

In a Clinton-esque move, new PM Malcolm Turnbull has come under fire for sending official emails from a private server, separate to Parliamentary systems. Greens Senator Scott Ludlum has called for an audit of the server, and criticised the PM for making the role of Government cyber security experts more difficult. Commentators have drawn parallels between this scandal and Hillary Clinton’s use of a private server to handle classified information during her time as Secretary of State. Keenly aware of cyber security threats, Turnbull has denied his communication involved restricted information. The Parliamentary network has in the past been the subject of numerous attempts by hackers to extract sensitive data from members and ministers.

The Internet of Things promises to change the way people interact with cyberspace. Harbor Research has produced a handy infographic which illustrates the potential impact of the growing ubiquity of digital sensors in everyday items.

Cisco researchers have successfully disrupted a group of cyber criminals operating the infamous Angler Exploit Kit. One of the most advanced ransomware on the market, Angler EK restricts a user’s access to their system, often through encryption, demanding payment in exchange for data restoration. The investigators at the company’s Talos Security Unit noticed that the majority of Angler victims were connected to a Limestone Networks server and after a process of server examination with the cooperation of Limestone it was discovered that the operation was exploiting up to 90,000 users every day. The exposed operation was responsible for up to half of all Angler Exploit Kit activity and is estimated to have been generating up to US$30 million of revenue every year.

The recent spotlight on automotive cybersecurity hasn’t gone unnoticed in Canada. The Canadian Government is making moves to secure its cars by offering a contract for the fortification of the electronic control units (ECUs) of government and military vehicles against cyber threats. A Tender Notice titled ‘Cybersecurity of Automotive Systems’ was released last week, emphasising the ‘need to study the security of automotive vehicles, including understanding their vulnerabilities and assessing the potential mitigation measures’. Defence Research and Development Canada is offering up to US$825,000 for the job.

The Great Firewall seems to still be up and running, with Apple News being blocked in China. The new app, officially launched in the US and under testing in the UK and Australia, can be accessed around the world by travelling iPhone users, even in Hong Kong. However, when connecting from within mainland China, the app presents the message: ‘Story Unavailable: News isn’t supported in your current region’. The source of the block is unclear, however it’s being suggested that Apple is self-censoring in order to comply with China’s restrictive media laws. China is Apple’s second largest consumer and made sales of over US$13 billion in the third quarter.

It’s been an interesting week for smartphone cyber hygiene. Apple has cleaned out its iOS App store of several programs that were capable of disrupting the encrypted connections between servers and users. The nefarious apps install root certificates in smartphones, enabling the monitoring of personal data. Apple has urged its users to delete these apps in order to protect their privacy, however has neglected to disclose the apps’ names, making this advice difficult to follow. In Washington, the White House has decided not to pursue legislation that would force tech companies to install ‘backdoors’ in their encryption software. The overruling of this law is seen as a victory for privacy advocates; however this fight between law enforcement imperatives and customer privacy has been going on since the mid-90s and is far from over.