Cyber wrap
2 Dec 2015|
Rubber ducks

This week marks the first anniversary of the Australian Cyber Security Centre. Launched by former prime minister Tony Abbott, the ACSC had a busy year. According to this Department of the Prime Minister and Cabinet press release, 2016 will be another big one as initiatives from the yet-to-be-released Cyber Security Review and Strategy increase ACSC’s engagement with the private sector.

In its new National Security Strategy and Strategic Defence and Security Review, the British Government has announced that it’ll renew the country’s Cyber Security Strategy in 2016 and establish its own National Cyber Centre, led by GCHQ. This comes several days after Chancellor of the Exchequer George Osborne announced an increase cyber security spending to £1.9 billon by 2020 to develop sovereign cyber capability and protect the UK. This additional investment is almost double previous funding, and brings the UK’s total spending on cyber security to £3.2 billion. It’s not apparent if GCHQ’s latest recruitment campaign of spray painting pavements is part of this program.

Anonymous’ counter daesh campaign #OpISIS has been canned by rival Ghost Security Group, who slammed the amateurish tactics of Anonymous and the limited effectiveness of the movement. Anonymous has targeted Twitter accounts related to daesh, claiming to have shut down more than 20,000 accounts and has posted lists compiled of daesh-related Twitter accounts. However Twitter hasn’t reviewed the lists, noting that third party reviews have found them to be inaccurate. Perhaps more effective has been the campaign by users of 4Chan to replace images of daesh fighters with pictures of rubber ducks.

With the debate on privacy vs security reignited by the Paris attacks, The Economist has made some interesting points about the value of encryption for an open internet and the protection of personal privacy. There’s been a similar debate in Canada. Royal Canadian Mountain Police Commissioner Bob Paulson has warned that police can do little to prevent or protect people from cyber crime because of the need to gain warrants to collect basic information about people’s online activities. Paulson wants Canadian police to have warrantless access to subscriber information, but stated he doesn’t agree with any additional powers that might interfere with privacy.

Following the September deal between presidents Obama and Xi to have ministerial-level cybersecurity discussions, Chinese state media has reported on a high-level dialogue between the Secretary of Homeland Security, Jeh Johnson, and Chinese Minister for Public Security, Guo Shegkun, to strike a deal on cyber crime cooperation. Despite the possibility of cooperation, Commander of US Cyber Command and head of the NSA Admiral Mike Rogers warned China at the Halifax Security Forum that it wasn’t immune to cyber attack, and that it should remain cognisant of this vulnerability in its broader security policy and actions.

The Washington Post has reported that Chinese PLA cyber-espionage has in fact decreased since five of its officers were indicted in May 2014, but that the Ministry of State Security has continued undeterred by US legal actions. China’s cyber espionage capabilities were on show during the ongoing campaign to shut down pro-democracy campaigners in Hong Kong, with US firm FireEye reporting on new tactics to lure victims with infected Dropbox files. FireEye has previously connected DDoS attacks on pro-democracy newspaper Apple Daily with the Chinese government. Iranian hackers have also reportedly targeted State Department officials involved in designing and implementing the Joint Comprehensive Plan of Action. Victims were alerted by a new Facebook feature that alerts people Facebook believes were targets of state actors.