Cyber wrap
Posted By
Zoe Hawkins
on March 29, 2017 @ 12:30
A second instalment of Wikileaks’ CIA series ‘Vault 7’
came out this week, following the
first leak earlier this month. This new tranche, comprising 12 documents and codenamed ‘
Dark Matter’, purports to outline how the CIA could hack Mac computers and iPhones that it had physical access to around a decade ago. The documents allege that the CIA would compromise a
device’s firmware, which loads the computer’s operating system, meaning that the infection would be out of reach for antivirus scanners and most forensic tools. But there’s probably no need to ditch your iPhone just yet: Apple
says that the exploits detailed in the leak are outdated and were resolved for iPhones in 2009 and Macs in 2013.
US House Intelligence Committee Chair, Republican Devin Nunes, has
claimed that the US intelligence community ‘incidentally’ collected information on members of President Trump’s transition team, possibly including Trump himself, since the election. Republicans are jumping on this as
vindication of Trump’s
controversial claims of Obama’s wiretapping, while Democrats are
enraged that Nunes went straight to the media and the White House with this new information before briefing the committee. While Nunes has
apologised for his misguided priorities, it may be too late now to say sorry, with the
The New York Times describing Nunes as ‘a lapdog in a watchdog role’ and House Minority Leader Nany Pelosi
calling him a ‘stooge for the President of the United States’. This incident has to several calls, including from Senator John McCain,
for a select committee or independent commission to run the enquiry from this point.
The UK and the US have both temporarily
banned airline passengers travelling from some Middle Eastern airports from bringing on board devices larger than a smartphone, including laptops, tablets and cameras. The US Department of Homeland Security
justified the decision by saying that they had intelligence suggesting that terrorists are looking at ‘smuggling explosive devices in various consumer items’. The ban
will apply to nonstop flights arriving into the US from eight Muslim-majority countries: Egypt, Jordan, Kuwait, Morocco, Qatar, Saudi Arabia, Turkey and the UAE. The UK
announced a similar ban, described by Downing Street as ‘necessary, effective and proportionate’. According to Transport Minister Darren Chester,
Australia has no plans to follow suit.
Google and sister company Jigsaw are taking the fate of democracy into their own hands, releasing a suite of cybersecurity tools called ‘
Protect Your Election’. The technology behind the announcement isn’t new, but what’s ground-breaking is that these tools are being offered for free on an application basis to
news organisation, human rights groups and election monitoring sites. to protect the integrity of democratic processes. It’s hoped that
tools such as Project Shield, Password Alert and 2-Step Verification will help ensure information access and accuracy in the
lead up to elections in France, South Korea and Germany later this year. Nice one, Google!
North Korea is back in the spotlight this week, with the US
reportedly preparing to accuse the hermit kingdom of the high profile cyber heist that stole
US$81 million from Bangladesh’s Central Bank in February last year. The US Federal Attorney’s office in LA is looking into whether the North Korean government is
responsible for the incident that exploited weaknesses in the global SWIFT transaction network. This new development comes only one month after cybersecurity researchers at
Symantec indicated that fingerprints of the infamous APT Lazarus group have been found on the
2014 Sony Pictures hack, the Bangladesh heist and
more recent malware campaign against banks and other institutions in 31 countries.
A recent piece from TIME has indicated that the pariah government may have turned to state sponsored cybercrime in order to prop up its national economy in the face of crippling sanctions—so watch this space to see if North Korea increases its footprint in the cybercrime arena.
The debate around the use of encrypted messaging service WhatsApp has flared again around the world this week. The perpetrator of the
tragic incident at Westminster Bridge allegedly sent a
WhatsApp message immediately before driving into the pedestrians, which law enforcement are unable to access—a conundrum reminiscent of the
FBI’s frustration over the Apple’s refusal to decrypt the iPhone of the San Bernadino shooter last year. British Home Secretary Amber Rudd
said ‘we need to make sure that organisations like WhatsApp …don’t provide a secret place for terrorists to communicate with each other’. Meanwhile closer to home, Shadow Minister for Cyber Security Gai Brodtmann has
criticised the Turnbull government for failing to seek clear guidelines from government security agencies on the use of WhatsApp by ministers and government employees.
Microsoft has finalised
a custom version of its Windows 10 operating system for the Chinese government. Post-Snowden paranoia that US tech companies are synonymous with NSA backdoors has left companies like Microsoft
struggling for Chinese business since 2013. Microsoft worked with the China Electronics Technology Group on the joint venture, but has
declined to explain how the software has been altered.
Lastly, New Zealand has released its first annual
Action Plan Annual Report on the implementation of its
2016 Cyber Security Strategy. Check it out to see how the Kiwis are
progressing towards their goals of cyber resilience, cyber capability, addressing cybercrime and international cooperation.
Zoe Hawkins is an analyst in ASPI’s International Cyber Policy Centre. Image courtesy of Wikimedia Commons.
Article printed from The Strategist: https://www.aspistrategist.org.au
URL to article: https://www.aspistrategist.org.au/cyber-wrap-157/
[1] came out this week: https://motherboard.vice.com/en_us/article/wikileaks-new-dump-shows-how-cia-allegedly-hacked-macs-and-iphones-almost-a-decade-ago
[2] first leak: http://www.abc.net.au/news/2017-03-08/wikileaks-releases-thousands-of-documents-cia-revelation/8334366
[3] Dark Matter: https://wikileaks.org/vault7/darkmatter/
[4] device’s firmware: https://techcrunch.com/2017/03/23/wikileaks-releases-new-cia-documents-describing-mac-exploits/
[5] says: https://techcrunch.com/2017/03/23/apple-says-recent-wikileaks-cia-docs-detail-old-fixed-iphone-and-mac-exploits/
[6] claimed: http://thehill.com/policy/cybersecurity/325218-nunes-intelligence-community-collected-information-on-trump-transition?utm_source=&utm_medium=email&utm_campaign=6867
[7] vindication: http://thehill.com/homenews/administration/325274-trump-feels-somewhat-vindicated-by-nunes-findings
[8] controversial claims: http://www.independent.co.uk/news/world/americas/us-politics/barack-obama-donald-trump-wiretap-claims-ridiculous-responds-trump-tower-us-election-fbi-james-comey-a7648596.html
[9] enraged: http://www.politico.com/story/2017/03/devin-nunes-donald-trump-surveillance-obama-236366
[10] apologised: http://edition.cnn.com/2017/03/23/politics/devin-nunes-reaction-house-intelligence-committee-congress/
[11] describing: https://www.nytimes.com/2017/03/23/opinion/rep-nunes-is-a-lapdog-in-a-watchdog-role.html?action=click&pgtype=Homepage&clickSource=story-heading&module=opinion-c-col-left-region®ion=opinion-c-col-left-region&WT.nav=opinion-c-col-left-region
[12] calling: http://www.politico.com/story/2017/03/nunes-apologizes-after-going-directly-to-white-house-with-monitoring-claims-236415
[13] for a select committee: http://time.com/4710342/john-mccain-russian-investigation-special-committee/
[14] bann: http://www.abc.net.au/news/2017-03-22/uk-us-ban-electronics-in-carry-on-luggage-on-certain-flights/8375238
[15] justified: https://www.dhs.gov/news/2017/03/21/fact-sheet-aviation-security-enhancements-select-last-point-departure-airports
[16] will apply: http://www.aljazeera.com/news/2017/03/electronics-flights-middle-east-170320232426035.html
[17] announced a similar ban: http://www.bbc.com/news/uk-39343971
[18] Australia has no plans: http://www.skynews.com.au/news/top-stories/2017/03/22/uk-follows-the-us-with-carry-on-devices-ban.html
[19] Protect Your Election: https://protectyourelection.withgoogle.com/intl/en/
[20] news organisation, human rights groups and election monitoring sites: https://www.wired.com/2017/03/cybersecurity-arsenal-thatll-help-protect-election/
[21] tools: https://medium.com/jigsaw/protect-your-election-helping-everyone-get-the-full-story-faea40934dd2#.rzu4v4rtq
[22] lead up to elections: https://www.cyberscoop.com/google-will-provide-free-cybersecurity-tools-election-organizers-europe/
[23] reportedly: http://www.reuters.com/article/us-cyber-heist-bangladesh-northkorea-idUSKBN16T2Z3
[24] US$81 million from Bangladesh’s Central Bank: https://www.wired.com/2016/05/insane-81m-bangladesh-bank-heist-heres-know/
[25] responsible: https://www.nytimes.com/2017/03/22/business/dealbook/north-korea-said-to-be-target-of-inquiry-over-81-million-cyberheist.html?rref=collection%2Fsectioncollection%2Ftechnology&action=click&contentCollection=technology®ion=stream&module=stream_unit&version=latest&contentPlacement=5&pgtype=sectionfront&_r=1
[26] Symantec indicated: https://www.symantec.com/connect/blogs/attackers-target-dozens-global-banks-new-malware-0
[27] 2014 Sony Pictures hack: https://www.itnews.com.au/news/north-korea-linked-to-sony-hack-attack-researchers-415603
[28] more recent malware campaign: https://www.nytimes.com/2017/03/25/technology/north-korea-hackers-global-banks.html?_r=0
[29] A recent piece from TIME: http://time.com/4676204/north-korea-cyber-crime-hacking-china-coal/
[30] tragic incident at Westminster Bridge: http://www.telegraph.co.uk/news/2017/03/22/terror-attack-westminster-bridge-unfolded/
[31] WhatsApp message: https://www.washingtonpost.com/world/europe/uk-police-still-think-westminster-attacker-acted-alone/2017/03/26/38f38daa-11f6-11e7-aa57-2ca1b05c41b8_story.html?utm_term=.2dc4e95d1d74
[32] FBI’s frustration: http://www.cnbc.com/2016/03/29/apple-vs-fbi-all-you-need-to-know.html
[33] criticised: http://www.sbs.com.au/news/article/2017/03/27/labor-slams-gov-over-cyber-security-threat
[34] a custom version of its Windows 10 operating system: https://arstechnica.com/information-technology/2017/03/red-flag-windows-microsoft-modifies-windows-os-for-chinese-government/
[35] struggling: http://www.theverge.com/2017/3/21/14998644/microsoft-windows-10-china-custom-version
[36] declined to explain: https://www.wsj.com/articles/microsoft-modifies-windows-10-for-chinas-government-1490097182
[37] Action Plan Annual Report: http://www.dpmc.govt.nz/sites/all/files/publications/nzcss-action-plan-annual-report-2016.pdf
[38] 2016 Cyber Security Strategy: https://www.dpmc.govt.nz/dpmc/publications/nzcss
[39] progressing: https://www.national.org.nz/nz_cyber_security_strategy_tracking_well
Print This Post