Cyber wrap
Posted By
Zoe Hawkins
on December 9, 2015 @ 12:30

Following on from Xi Jinping’s September state visit, Chinese Minister of Public Security Guo Shengkun
met with US Secretary of Homeland Security Jeh Johnson, US Attorney General Loretta Lynch in Washington last week to discuss bilateral collaboration on cybercrime issues. The talks
established guidelines around timely information sharing and cooperation on cyber-enabled crimes such as child exploitation, theft of trade secrets and terrorist communications. The US Justice Department has
announced plans for a Sino-US cyber table-top exercise on cybercrime and network protection in order to enhance mutual understanding of each other’s cyber processes and procedures. A Cold War-era
cyber hotline will also be established between Xi and Obama to enable better management of cyber incidents. Despite
questions about the authenticity of China’s new found attitude on cyber collaboration, the value of this partnership will likely become clear between now and the second ministerial meeting planned for June 2016.
However, fingers are being pointed at China after the networks of Australia’s Bureau of Meteorology (BoM) were
breached last week. BoM is a critical national asset, possessing one of the nation’s
largest supercomputers and providing vital environmental monitoring such as weather forecast and water supply analyses. The agency is
connected to multiple high-clearance departments, including Defence, and thus may have been targeted as the ‘
soft point of entry’ into more strategic networks. Unsurprisingly, China’s foreign ministry spokeswoman Hua Chunying has
denied claims that China was behind the breach. Despite the
official statement from BoM emphasising that its systems remain ‘fully operational’, it’s suggested that the incident may take years and hundreds of millions of dollars to fix.
On a positive note, the Commonwealth Bank of Australia (CBA) and the University of NSW have
announced a five-year partnership to address the national shortage of cybersecurity expertise. The $1.6 million deal will go towards a new cybersecurity lab, financial support for PhD students, and the development of an applied cyber engineering degree that teaches students to think like hackers. Ben Heyes, CBA’s chief information security and trust officer,
cited the growing difficulty of staffing important cybersecurity roles in Australia as a key driver behind the partnership. The new cybersecurity course content will be made available to study for free online in an effort to inspire other universities to adopt a more creative and practical approach to cybersecurity education.
Global hacktivist group Anonymous has
released the private details of more than 1,400 officials at the UN climate talks in Paris in response to the
arrest of more than 200 protesters who took to the streets as part of the
Global Climate March. The March had been banned in Paris, along with all other demonstrations, in wake of recent terrorist attacks in the French capital. The group breached the UN Framework Convention on Climate Change (UNFCCC) website, publishing the names, phone numbers, email addresses, encrypted passwords, answers to secret questions and office addresses of attendees on their website. The hack
exploited a well-known database vulnerability, SQL injection, and the basic encryption techniques used to protect the information.
Public anxiety over the growing ‘Internet of Things’ has turned its attention to the vulnerability of networked toys. Cybersecurity researchers have
discovered a series of fundamental security flaws in the software behind Mattel’s new talking doll, Hello Barbie. The wifi-connected doll, which can hold
real-time conversations by uploading audio to the cloud in return for an artificial intelligence-generated response, apparently fulfils the dreams of children and hackers alike. The toy’s use of weak authentication mechanisms made it possible for hackers to
eavesdrop on communication sent to the server, and the servers had also
not been patched for the infamous
POODLE bug that undermines secure connections. Those security problems had already been communicated to Mattel, who have since fixed the issues. However, this follows last month’s
hack of Hong Kong toy-company, Vtech, and the subsequent release of personal details and photos of tens of millions of parents and children. As such, networked toys will probably continue to be viewed with suspicion by the public in the near future.
Zoe Hawkins is a research intern at ASPI. Image courtesy of Flickr user Mike Mozart.
Article printed from The Strategist: https://www.aspistrategist.org.au
URL to article: https://www.aspistrategist.org.au/cyber-wrap-100/
[1] Image: http://www.aspistrategist.org.au/wp-content/uploads/2015/12/13137224964_096907f2d4_z.jpg
[2] met with US Secretary of Homeland Security Jeh Johnson, US Attorney General Loretta Lynch: http://www.itnews.com.au/news/us-china-agree-to-guidelines-for-requesting-cybercrime-assistance-412646
[3] established guidelines: http://thehill.com/policy/cybersecurity/261921-us-china-set-guidelines-for-fighting-cyber-crime
[4] announced: http://www.justice.gov/opa/pr/first-us-china-high-level-joint-dialogue-cybercrime-and-related-issues-summary-outcomes-0
[5] cyber hotline: http://www.usnews.com/news/articles/2015/12/03/hotline-bling-china-us-work-to-further-cybersecurity-pact
[6] questions about the authenticity: http://www.ft.com/cms/s/0/a31cb0c0-984a-11e5-9228-87e603d47bdc.html#axzz3tghH5dCV
[7] breached: http://www.abc.net.au/news/2015-12-02/china-blamed-for-cyber-attack-on-bureau-of-meteorology/6993278
[8] largest supercomputers: http://www.itnews.com.au/news/cray-to-build-australias-biggest-supercomputer-406827
[9] connected: http://theconversation.com/cyber-breach-at-the-bureau-of-meteorology-the-who-what-and-how-of-the-hack-51670
[10] soft point of entry: http://www.businessspectator.com.au/news/2015/12/3/technology/bom-soft-target-hackers
[11] denied claims: http://www.bbc.com/news/world-australia-34990807
[12] official statement: http://www.computerworld.com.au/article/590020/bureau-meteorology-closemouthed-hack-claims/
[13] announced: http://www.theaustralian.com.au/business/cba-unsw-team-up-to-train-cyber-security-experts/news-story/fe525797296f5e26e216ad0a8476961e
[14] cited: http://www.afr.com/technology/cba-and-unsw-to-overhaul-cyber-security-curriculum-in-16-million-partnership-20151202-gldkd2
[15] released the private details: https://www.hackread.com/anonymous-hacks-un-climate-change-website/
[16] arrest: http://www.ibtimes.co.uk/cop21-anonymous-leaks-phone-numbers-passwords-1000-un-officials-after-hacking-site-1531706
[17] Global Climate March: http://350.org/global-climate-march/
[18] exploited: http://www.theguardian.com/environment/2015/dec/03/paris-climate-summit-hackers-leak-login-details-of-more-than-1000-officials
[19] discovered: https://bluebox.com/hello-barbie-app-hello-security-issues/
[20] real-time conversations: http://arstechnica.com/security/2015/12/internet-connected-hello-barbie-doll-gets-bitten-by-nasty-poodle-crypto-bug/
[21] eavesdrop: http://edition.cnn.com/2015/12/04/opinions/linn-hello-barbie-privacy/
[22] not been patched: http://www.nbcnews.com/tech/gadgets/hello-barbie-goodbye-privacy-expert-says-connected-doll-has-security-n474446
[23] POODLE bug: http://www.wired.com/2014/10/poodle-explained/
[24] hack of Hong Kong toy-company: http://arstechnica.com/security/2015/11/when-children-are-breached-inside-the-massive-vtech-hack/