Cyber wrap
28 Oct 2015|

David Cameron and President Xi visit a local pub, The Plough at Cadsden during his visit to Chequers

The US Government is up in arms this week over Apple’s unwillingness to provide backdoors into its software. The iPhone 5s of a man charged with distributing meth has been deemed evidence in an investigation, but law enforcement agencies have been stumped by his phone’s passcode protection. The tech company refused to play ball and has been taken to court based on the Department of Justice’s argument that Apple owns the software that is ‘thwarting the execution of the warrant’. Technically, Apple has the ability to access the data, as the phone in question is using iOS 7 which doesn’t possess the same encryption features as the more recent versions. However, the company maintains that doing so would ‘substantially tarnish the brand’.

The division between Apple and Washington runs even deeper this week, after Apple joined the ranks of companies opposing the Cybersecurity Information Sharing Act. The bill, designed to encourage the flow of threat-information between the private sector and government, has advanced to the Senate and is expected to pass this week. Apple has united with a large group of tech companies—including Dropbox, Google and Facebook—that are taking a stand against the bill, stating that they don’t believe security should come at the expense of their customers’ privacy. Whilst CISA advocates maintain that personal privacy wouldn’t be exploited, in a post-Snowden era it’s simply good PR for tech companies to be seen as strict on customer privacy. Regardless of those protests, the senate voted 74 to 21 to pass the bill on Tuesday afternoon.

Across the Atlantic, the UK’s largest broadband and mobile phone service provider is having a tough time protecting its customers’ privacy. Talk Talk has been the victim of a data breach this week, resulting in the compromise an estimated 4 million customers’ personal information. The data affected includes sensitive information such as credit card numbers, bank account details, addresses and dates of birth, however CEO Dido Harding has emphasised that there was enough data protection to prevent hackers gaining bank account access. Regardless, Talk Talk is offering its customers a free year of credit monitoring to ensure they aren’t affected. There’s speculation that a Russian cyber-jihadist group was behind the attack. How this relates to the 15 year-old boy who has been arrested in Northern Island in connection to the hack, remains to be seen.

In more positive news, the UK has established some common ground with China in regards to cooperation in cyberspace. During his state visit this week, President Xi Jinping and Prime Minister David Cameron released a Joint Statement which made reference to their bilateral cyber interactions, stating that:

‘The UK and China agree not to conduct or support cyber-enabled theft of intellectual property, trade secrets or confidential business information with the intent of providing competitive advantage’.

This comes in the wake of a similar agreement, or ‘common understanding’, which was brokered between China and the US this month. While this is an important step in the dialogue towards cyber norm creation, this iteration isn’t a formal agreement but more a  simple statement—one which comes with no relevant enforcement mechanisms. For this reason, it’s expected to have as much immediate impact on hacking rates as the Sino–US common understanding, which according to US security company, Crowdstrike, has so far been minimal.

Global activist group Anonymous has taken issue with the Thai government this week. Anonymous hacked the government in a protest against the proposal of a ‘single gateway’ for all international internet traffic entering the country. This policy is seen as synonymous with a state-controlled internet, akin to China’s national firewall, and has generated public opposition as demonstrated by a petition with over 150,000 signatures. Anonymous decided to take action, targeting the state-owned company, CAT Teleco, which had been delegated the responsibility of controlling the government’s future gateway. Anonymous proceeded to post stolen CAT customer account information as well as Thai government officials’ ID names, numbers and passwords on Twitter.

Closer to home, ASPI’s International Cyber Policy Centre (ICPC) released its 2015 report, Cyber Maturity in the Asia Pacific Region, this week. The report provides a snapshot into the level of cyber development found in specific countries in the region in governance, law enforcement, economic, military and social terms. For a breakdown of the regional rankings and trends illuminated by the report, read this recent Strategist article by ICPC’s Director Tobias Feakin. David Irvine, the former head of ASIO, launched the publication and offered his insights into the relevance of cyberspace to today’s evolving security landscape. Check out Mr Irvine’s full address at the publication launch here.