Cyber Security Intelligence

Twitter< Follow on Twitter >

February Newsletter #2 2015

GCHQ spying on British citizens was unlawful

GCHQ unlawfully spied on British citizens, a secretive UK court has ruled.

The Investigatory Powers Tribunal (IPT), the secretive court that was created to keep Britain's intelligence agencies in check, said that GCHQ's access to information intercepted by the NSA breached human rights laws. The IPT has never ruled against any intelligence agency since it was set up in 2000. It found in December that GCHQ's access to the data was lawful from that point onward. That decision is now being appealed.

But the court said that historical collection was unlawful because the rules governing how the UK could access information received from the NSA were kept secret. It concerned practices disclosed as part of documents disclosed by Edward Snowden, and related to information found through the NSA's PRISM and UPSTREAM surveillance programmes.

PRISM allegedly allowed the NSA access to data from companies including Google, Facebook, Microsoft and Skype. UPSTREAM allowed the NSA to intercept data through the fibre optic cables that power the Internet. The ruling comes after a legal challenge brought by civil liberties groups Privacy International, Bytes for All, Amnesty International and Liberty.

The Tribunal declared that intelligence sharing between the United States and the United Kingdom had been unlawful prior to December 2014, because the rules governing the UK's access to the NSA's PRISM and UPSTREAM programmes were kept secret.

Prior to December last year, the secret policy breached Article 8, the right to a private life, and Article 10, the right to freedom of expression without State interference, the tribunal said.
Yet it was only due to revelations contained in the documents leaked by Snowden that the intelligence sharing relationship became subject to public scrutiny.

The decision marks the first time that the Tribunal, the only UK court empowered to oversee GHCQ, MI5 and MI6, has ever ruled against the intelligence and security services in its 15 year history, said watchdog charity Privacy International.

The claimants in the case are Privacy International, Bytes for All, Liberty and Amnesty International. Eric King, deputy director of Privacy International, said: "The only reason why the NSA-GCHQ sharing relationship is still legal today is because of a last-minute clean up effort by Government to release previously secret 'arrangements'. That is plainly not enough to fix what remains a massive loophole in the law, and we hope that the European Court decides to rule in favour of privacy rather than unchecked State power."

German Spy Agency is in on mass surveillance metadata

The Bundesnachrichtendienst, or BND, Germany's foreign intelligence agency, collects metadata on 220 million calls every day, with at least some of this data passed onto the NSA.

BND carries out surveillance of international communications sent by both satellites and Internet cables that pass through one of several key locations, Die Zeit Online reports. Metadata vacuumed up across the world (220 million pieces a day) flows into BND branch offices in the German towns of Schöningen, Reinhausen, Bad Aibling and Gablingen. There, they are stored for between a week and six months and sorted according to still-unknown criteria.

But the data aren't just collected; they are also used to keep tabs on, and track of, suspects. The collection of telecoms traffic of German citizens would breach national data protection laws. The "classified files" omit a full explanation of either how this data is collected or how the call records of German citizens are filtered off before this information is stored.

Privacy group Access Now, which according to its website "defends and extends the digital rights of users at risk around the world", called on the BND to curtail its NSA-style "collect-it-all" programme, with Germany being one of the most vocal international critics of NSA surveillance.
Peter Micek, a policy counsel and telecoms expert at Access, said the revelations about German spying showed the importance of getting international safeguards and agreements about online privacy rights.

Sony Pictures hacked by Russian blackhats

After months of suspects a new revelation on Sony hack states that Russian hackers hacked and still have access to Sony Pictures Entertainment's network.

It seems Sony Pictures Entertainment might have been hacked by Russian blackhat hackers and not the Democratic People Republic of Korea. This news emerged after renowned Russian blackhat YamaTough revealed that a group of Russian hackers had shown him evidence that they still, as of January 2015, have access to Sony's network.

When Sony Entertainment was hacked in November 2014, the Sony security committee and US cybercrime investigators were quick to assign blame to the DPRK cyber army claiming that the motivation for the attacks was to stop the release of the movie "The Interview" which makes fun of the DPRK's leader.

This is now being strongly doubted after reports emerged that Russian blackhats hacked Sony. The attack was carefully planned and perpetrated over some period of time with the precision of a military operation. The Russian hackers first hacked into the Sony Entertainment computers in their Asian branches. The hackers first accessed SPE's Culver City, California network in late 2014 through a spear phishing attack on Sony employees in Russia, India and other parts of Asia, US security intelligence firm Taia Global explained a report. The bad news is that the hackers are still inside the network, according to Taia Global.

When the Russian group gained access to the Sony computers, they downloaded thousands of sensitive documents and confidential emails. Some of the stolen files were scripts to unreleased movies, budgets, casting information for future movies and financial information on the different movie franchises that Sony works with. The employees in the Sony offices realized they had been attacked after their computers started displaying a skulls and a message purportedly from a group calling itself the Guardians of Peace (GOP).

After it emerged that Sony Pictures Entertainment had been hacked, the company's cyber security team and the US experts investigating the matter were quick to assign blame to the North Koreans. But thankfully for Korea, China didn't back the US to get aggressive against them.

The revelations carried by the Taia Global have now raised concerns over the qualification of the Sony Pictures security team. More importantly, the question that now begs answers is why the US authorities did not know that the hack attack was perpetrated by Russians.

This is further strengthened by the fact that a linguistic analysis of the message by the GOP points towards the authors being Russian rather than Korean.?As it is of now, experts across the world are saying that there are two possible scenarios regarding the Sony hack. Either the Russians hacked the company or both (the Koreans and Russians) were involved. In both cases, the involvement of the Russians cannot be denied. There is also some belief that the hacking was assisted by recently, unemployed, Sony IT workers.

UK Police: 'Innocent people' on unregulated photo database

Police forces in England and Wales have uploaded up to 18 million "mugshots" to a facial recognition database. This is despite a court ruling it could be unlawful. They include photos of people never charged, or others cleared of an offence, and were uploaded without Home Office approval.

Photos of "hundreds of thousands" of innocent people may be on the database, an independent commissioner said.

The database complies with the Data Protection Act the police insisted.

It comes despite a ruling in 2012, when two people went to the High Court to force the Metropolitan Police to delete their photos from databases. The judge warned forces should revise their policies in "months, not years".

Met Police Commissioner Sir Bernard Hogan-Howe told the BBC that since the court case, his force had stopped putting images on the national database until the law had been clarified.
"So the broad concern is - are we keeping images of people who aren't convicted, and are we using them?" he said. "I don't think this is against the law but of course we always want to catch criminals." He added that he would look into the matter.

Biometrics Commissioner Alastair MacGregor QC said he was concerned about the implications of the system for privacy and civil liberties. MacGregor said police had been warned to put rules in place regarding the use of police mugshots - but had not done so.

He said he recognised the potential value of the database to the police, but warned senior officers had rushed in without considering all the implications. "These are important issues and it does seem to me surprising that they have not been addressed more carefully," he said.

Chief Constable Mike Barton, of the Association of Chief Police Officers, said forces had to stay up-to-date with new technology. "Everybody is very keen that the police enter the cyber world," he said. "I hear much criticism of policing that we're not up to speed and it does come as a surprise to me that we're now being admonished for being ahead of the game."

However, the use of the system has been criticised by some MPs and David Davis, the former Tory shadow home secretary, said that police forces should not "misuse the data in this way. There is a mind-set here, which is flawed…It's quite understandable, police always want more powers, but I'm afraid the courts and parliament say there are limits," he said. "You cannot treat innocent people the same way you treat guilty people."

AI will not kill us, says Microsoft Research chief

Microsoft Research's chief has said he thinks artificial intelligence systems could achieve consciousness, but has played down the threat to human life. Last December, Prof Stephen Hawking told the BBC that such machines could "spell the end of the human race".

Mr. Horvitz also revealed that "over a quarter of all attention and resources" at his research unit were now focused on AI-related activities.

"There have been concerns about the long-term prospect that we lose control of certain kinds of intelligences," he said. "I fundamentally don't think that's going to happen.

The division's work on AI has already helped give rise to Cortana - a voice-controlled virtual assistant that runs on the Windows Phone platform and will shortly come to desktop PCs when Windows 10 is released. "The next if not last enduring competitive battlefield among major IT companies will be artificial intelligence," he said.

"The notion that systems that can think, listen, hear, collect data from thousands of user experiences - and we synthesise it back to enhance its services over time - has come to the forefront now.

"We have Cortana and Siri and Google Now setting up a competitive tournament for where's the best intelligent assistant going to come from... and that kind of competition is going to heat up the research and investment, and bring it more into the spotlight."

But while the Microsoft executive describes himself as being "optimistic" about how humans might live alongside artificial intelligences, others are more cautious. The physicist Prof Hawking has warned that conscious machines would develop at an ever-increasing rate once they began to redesign themselves. "Humans, who are limited by slow biological evolution, couldn't compete, and would be superseded," he said.

Prof Murray Shanahan provides an introduction to artificial intelligence

The Spectrum computer's inventor Sir Clive Sinclair has gone even further, saying he believes it is unavoidable that artificial intelligences will wipe out mankind.

"Once you start to make machines that are rivaling and surpassing humans with intelligence, it's going to be very difficult for us to survive," he told the BBC. "It's just an inevitability."

Pirate Bay back online after Swedish raid

The notorious file-sharing website The Pirate Bay is back online more than seven weeks after Swedish police Comment in Stockholm and seized servers and computers, causing it to go dark.

The Pirate Bay is operating from the .se domain and data loss is minimal, according to TorrentFreak. There are currently no ads on the site but the look and feel is familiar and most of the functionality has returned. Copyright authorities have been playing a game of cat-and-mouse with The Pirate Bay for years, in a bid to close down the site, which facilitates peer-to-peer file sharing using the BitTorrent protocol.

The site was expected to relaunch on 1 February, after administrators added a countdown to its temporary homepage alongside a waving pirate flag. However, it reappeared online a day early. The site has been taken offline numerous times in the past and has had its domain seized, but it has always came back to life – even when its co-founders were in prison.

A growing number of Internet service providers across Europe now block access to The Pirate Bay, following a concerted effort by music and film industry rightsholders to blacklist thse site. The raid in December was the result of a criminal complaint by anti-piracy group Rights Alliance.

Snowden reveals that China stole plans for a new F-35

The documents leaked by Edward Snowden have uncovered a new large-scale industrial espionage campaign conducted by the Chinese Government. State-sponsored hackers have operated to steal sensitive information on advanced fighter aircraft, the US-built F-35 Joint Strike Fighter (JSF). The Australian Government has ordered 72 F-35 jets that will be operational in 2020.

According to Snowden, the US Intelligence was aware that Chinese cyber spies have stolen "many terabytes of data" about the design of Australia's Lockheed Martin F-35 Lightning II JSF. The details of the operation are described in a set of top-secret documents published by the Der Spiegel magazine.

Chinese hackers have allegedly stolen as much as 50 terabytes of data, including the details of the fighter's radar systems, engine schematics, "aft deck heating contour maps," designs to cool exhaust gases and the method the jet uses to track targets.

The purpose of the Chinese Government is to acquire intellectual property on advanced technologies, benefiting Chinese companies on the market and narrowed the gap in the research of advanced technological solution. Military experts speculated that the stolen blue prints could help the country to develop a new generation of advanced aircraft fighter, so called "fifth-generation" fighters.

Military experts confirmed a striking resemblance with the Chinese advanced fighter jets, the Chengdu J-20 and the Shenyang J-31 Falcon Hawk, this second vehicle quite similar to F-35 JSF.

Not only F-35 documents were stolen, sensitive military data stolen by the foreign Intelligence included information relating to the Northrop-Grumman B-2 stealth bomber, the F-22 Raptor stealth fighter, nuclear submarine and naval air-defence missile designs. The hackers also accessed tens of thousands of military personnel records. Defence missile designs. The total data theft was estimated to be equivalent to "five Libraries of Congress (50 terabytes).

Denmark Plans $75 Million for Cyber Control

By 2017, Denmark is planning to have $75 million invested in the enhancement of cyber control, due to the emerging dangers in the field of hostile attacks and other incidents that may trigger further problems to the country.

According to a recent report, the Danish Government is considering taking the extra step and shielding its cyber division with quite a few offensive schemes. Besides being protected from cyber attacks, another aspect to focus on is in fact the requirement to be capable of launching cyber attacks against hostile countries, if needed.

What has led to this decision was indeed the increase in the overall incidents of cyber attacks against Denmark, with at least four businesses being the target of sophisticated DDoS attacks.
Of course, the defence of the country was also at stake due to these attacks. In order to prevent any additional damage and in order to limit the breaches and empower the tools used on behalf of the cyber division of the country, Denmark is convinced about how to deal with the issue.

Shoot the messenger: France could make social networks pay for 'hate chat'

French President François Hollande rather fancies the idea of making companies like Google and Facebook culpable, at least in part, for the offensive hate chat that some of their users post.

Hollande has announced plans to get more of a lid on the way social networks operate in European waters, and has proposed an act that could hold such companies responsible for extreme posts. His announcement came during a speech in which he discussed atrocities like the Holocaust and ongoing anti-Semitism.

Hollande has said, that a "legal framework" needs to be put in place whereby any social network found to be hosting hate speech could face consequences. "We need to act at a European level, and even internationally, for a legal framework, and ensure that Internet platforms that manage social networks are put in front of their responsibilities and that sanctions are imposed in case of a breach," he said in a speech that we have had to auto-translate.

France does not have a history of going easy on social networks. Facebook and Google have both endured scrutiny and grilling from various French parties, including the country's data protection watchdog.

Air Asia pilot may have turned off computer system

Co-pilot of the ill-fated Malaysian air carrier Air Asia flight QZ8501, Remi Emmanuel Plesel, poses in front of an Air Asia aircraft at an unknown location. The French co-pilot was at the controls of the Air Asia plane before it crashed into the sea.

The pilots of the Air Asia flight which plunged into the Java sea last month had cut power to a critical computer system as they struggled to deal with the unfolding crisis, a report has suggested.

All 162 people on board were killed when flight 8501 crashed on 28 December, en route from Surabaya in Indonesia to Singapore, in stormy weather. Indonesian investigators have recently said that the less experienced co-pilot was flying the plane as stall warnings began to sound, while the captain was monitoring him and communicating air traffic control.

The Airbus A320-200 climbed so rapidly - probably to avoid the bad weather in the area - that it lost lift and began falling.

A news report has said that pilots had shut down power to a flight protection system after trying to deal with a string of alerts from it. The separate computers, which serve as backup to each other, control the plane's rudder - preventing it from making turns that are too sharp - and prevent the aircraft from going too slowly. If they lose power or go wrong they will shut down. But it is not clear why the crew should have turned them off, nor why the plane then went into a steep climb, as the pilots should still have been able to fly the plane manually.

Investigators did not comment publicly on whether the flight augmentation computers were turned off. They said their final report would not be ready for at least six to seven months. The flight and cockpit data recorders showed that the jet was cruising at a stable altitude of 32,000 feet when the plane made a sharp left and the crew contacted ground control requesting permission to climb to 38,000 feet. Controllers in Jakarta asked them to stand by.

The chief investigator of Indonesia's National Transportation Safety Committee, Marjono Siswosuwarno, said satellite images from the time of the crash showed storm clouds in the area reaching up to 44,000 feet.

He added that the jet had been in a dangerously fast climb and stalled before falling to 24,000 feet, the last position recorded on radar. ?"In many cases, the engine is not strong enough to fly in this high angle," Siswosuwarno said. He said investigators were examining whether turbulence or updrafts were a factor in the steep climb.

The Wall Street Journal reported that unnamed sources indicated that it was the first officer's control stick, which pulled the plane's nose up.

Reuters meanwhile reported that officials believed Captain Iriyanto, 53, an Indonesia air force veteran with about 20,000 flying hours logged, had taken over control of the aircraft from his less experienced French co-pilot Remi-Emmanuel Plesel when it started to climb and then descend.

Indonesian rescuers have so far retrieved 72 bodies.

News organisations to develop Robot Journalists

In a development whose potential sinister consequences would be difficult to exaggerate, a number of major US news organisations have banded together in an alliance for the purpose of developing news gathering robots.

Organisations already signed up include Advance Publications Inc., A H Belo Corp, the Associated Press, Fusion, Gannett, Getty Images, NBCUniversal, The E W Scripps Company, the New York Times, Sinclair Broadcast Group, and the Washington Post.

Initially the plans call for the robot journalists to confine themselves to flying about in the skies overhead, in the fashion of US military surveillance drones and providing a similarly complete and unavoidable gaze. But there can't be much doubt that if this proves a success, the robot-journo plans will progress to include machines capable of voxpopping or door stepping members of the public, ones capable of going through people's bins etc. And of course the operatives of the machine media might find various electronically based questionable tactics especially suitable.

Global shortage of skilled CyberSecurity professionals

A new global survey of more than 3,400 ISACA members shows that 46 percent of respondents expect their organization to face a cyberattack in 2015 and 83 percent believe cyberattacks are one of the top three threats facing organizations today.

An alarming 86 percent say there is a global shortage of skilled cybersecurity professionals and only 38 percent feel prepared to fend off a sophisticated attack.

"ISACA supports increased discussion and activity to address escalating high-profile cyberattacks on organizations worldwide," said Robert E Stroud, international president of ISACA. "As Washington calls for action, we hope they take a clear and straight-forward approach, working in close coordination with industry. Cybersecurity is everyone's business, and creating a workforce trained to prevent and respond to today's sophisticated attacks is a critical priority."

Survey results show that 76 percent agree or strongly agree with President Obama's proposed federal law requiring companies to notify consumers of a data breach within 30 days.

When asked about obstacles to timely notification, respondents ranked company concern about corporate reputation first (55 percent), followed by inadequate system design (15 percent), increased cost (13 percent) and insufficient staffing (10 percent).

Data breaches at a series of well-known retailers in 2014 made the issue of data security highly visible to consumers and highlighted the struggles that companies face in keeping data safe. Finding and retaining skilled cybersecurity employees is one of those challenges. In fact, 92 percent of ISACA's survey respondents whose organizations will be hiring cybersecurity professionals in 2015 say it will be difficult to find skilled candidates.