Cyber Security Intelligence

Twitter< Follow on Twitter >

January Newsletter #1 2015

Will Hackers cause an aviation disaster in 2015?

Cyber crime is a serious threat to safety in the skies an aviation industry heavyweights said recently, vowing to fight the growing problem. Hackers, cyber criminals and other “terrorists” are stealing information but in a worst-case scenario could endanger lives by tampering with airline systems.

Among the organisations getting together to take action against hacking are the International Air Transport Association (IATA) that signed a new cyber security agreement, formalising their front against cyber crime.

“Our common goal in developing this agreement is to work more effectively together to establish and promote a robust cyber security culture and strategy for the benefit of all actors in our industry,” said Raymond Benjamin, secretary general of the International Civil Aviation Organization (ICAO).

He added: “As technologies rapidly evolve and become more readily accessible to all, cyber threats cannot be ignored.

“This is an important new area of aviation security concern and our global community will ensure that it is met with a strong level of commitment and response.”

The problem of cyber attacks on airline systems is seen as a real and growing issue and one that could cause serious problems in 2015 before some improved cyber security systems are put in place.

Mass Surveillance: The Internet’s Best Engineers are Fighting Back

The Internet Engineering Task Force (IETF) has played down suggestions that the NSA is weakening the security of the Internet through its standardization processes, and has insisted that the nature of those processes will result in better online privacy for all.

After the Snowden documents dropped in mid 2013, the IETF said it was going to do something about mass surveillance. After all, the Internet technology standards body is one of the groups that’s best placed to do so and a year and a half after the NSA contractor blew the lid on the activities of the NSA and its international partners, it looks like real progress is being made.

The IETF doesn’t have members as such, only participants from a huge variety of companies and other organizations that have an interest in the way the Internet develops. Adoption of its standards is voluntary and as a result sometimes patchy, but they are used. This is a key forum for the standardization of Web-RTC and the Internet of Things, for example, and the place where the IPv6 communications protocol was born. And security is now a very high priority across many of these disparate strands.

With trust in the Internet having been severely shaken by Snowden’s revelations, the battle is back on. In May last year, the IETF published a “best practice” document stating baldly that, “pervasive monitoring is an attack.” Stephen Farrell, one of the document’s co-authors and one of the two IETF Security Area Directors, explained that this new stance meant focusing on embedding security in a variety of different projects that the IETF is working on.

Recently Germany’s Der Spiegel published details of some of the efforts by the NSA and its partners, such as British signals intelligence agency GCHQ, to bypass Internet security mechanisms, in some cases by trying to weaken encryption standards. The piece stated that NSA agents go to IETF meetings “to gather information but presumably also to influence the discussions there,” referring in particular to a GCHQ Wiki page that included a write-up of an IETF gathering in San Diego some years ago.

Snowden’s revelations prompted a fundamental rethink within the IETF about what kind of security the Internet should be aiming for overall. Specifically, the IETF is in the process of formalizing a concept called “opportunistic security” whereby, even if full end-to-end security isn’t practical for whatever reason, some security is now officially recognized as being better than nothing.

Facebook and Google have stepped up mail-server-to-mail-server encryption in the wake of Snowden. Facebook sends a lot of emails to its users and, according to Farrell, 90 percent of those are now encrypted between servers. Google has also done a lot of work to send encrypted mail to more providers.

Meanwhile, a separate working group is trying to develop a new DNS Private Exchange (DPRIVE) mechanism to make DNS transactions – where someone enters a web address and a Domain Name System server translates it to a machine-friendly IP address – more private.

Artificial Intelligence & The US Military’s New Year Resolution

In November, US Undersecretary of Defense Frank Kendall quietly issued a memo to the Defense Science Board that could go on to play a role in history. The memo calls for a new study that would “identify the science, engineering, and policy problems that must be solved to permit greater operational use of autonomy across all war-fighting domains…Emphasis will be given to exploration of the bounds-both technological and social-that limit the use of autonomy across a wide range of military operations.

The study will ask questions such as: What activities cannot today be performed autonomously? When is human intervention required? What limits the use of autonomy? How might we overcome those limits and expand the use of autonomy in the near term as well as over the next 2 decades?”

In the event that robots one day attempt to destroy humanity, 2014 will be remembered as the year that two of technology’s great geek heroes, Elon Musk and Stephen Hawking, predicted it would happen. And if that never comes to pass, 2014 will go down as the year two of the world’s smartest people had a media panic attack about robots for no reason.

In August, Musk tweeted that artificial intelligence could be more dangerous than nuclear weapons and in October, likened it to “summoning a demon.” Hawking, meanwhile, told the BBC in December that humanistic artificial intelligence could “spell the end of the human race.” The context for the claim was a discussion of the AI aide that helps Hawking to speak despite the theoretical physicist’s crippling ALS.

The route to a humanistic artificial brain is as murky as ever. Inventor and Google director of engineering Ray Kurzweil has suggested that it will only be possible only after humanity creates a map of the human brain accurate to the sub-cellular level, a prize that seems far off.
Elon Musk’s freak-out was prompted not by any technological breakthrough but by philosopher Nick Bostrom’s book titled Super Intelligence (Oxford 2014).

It’s a remarkable read for many reasons, but principally, it offers a deep exploration of a threat for which there is no precedence or any real world example in the present day. It is a text of brilliant speculation rather than observation. Here’s how Bostrom describes the inevitable rise of malevolent super-intelligence in chapter six, evolving from a limited AI program, somewhat like Siri, but one capable of recursive learning.

In his book Moral Machines, Wallach, with co-author Colin Allen, argues convincingly that a robotic intelligence need not be “super” or even particularly smart in order to be extremely dangerous. It needs only to have the authority, autonomy if you will, to make extremely important, life or death, decisions.

“Within the next few years, we predict there will be a catastrophic incident brought about by a computer system making a decision independent of human oversight,” the authors write. “Already, in October 2007, a semiautonomous robotic cannon deployed by the South African army malfunctioned, killing 9 soldiers and wounding others… although early reports conflicted about whether it was a software or hardware malfunction. The potential for an even bigger disaster will increase as such machines become more fully autonomous.”

Earlier this year, the Defense Advanced Research Projects Agency, or DARPA, put out a proposal for a system, called the Aircrew Labor In-Cockpit Automation System, to effectively automate most of the piloting of an aircraft, in order to “reduce pilot workload,” according to the agency. Even those planes that are piloted are becoming less so.

Then, of course, there are unmanned systems, which usually require a two-person team, at least. But that’s rapidly changing. The high-tech, largely classified RQ-180, developed by Northrup Grumman, will show off new more autonomous features, in addition to stealth capabilities unprecedented in a UAV when it becomes operational. It’s currently in testing.

Of course, the United States military isn’t the only player building autonomy robotic systems, either weapons or consumer devices. For example, Google’s self-driving cars are legal and in-use in several US states at this point. in any kind of military domain where lives are at stake.”

In conversation with Defense One, the Pentagon official reiterated that point, that regardless of what the military does or does not build, the national security community has a big interest in understanding the possibilities and limitations of AI, especially as those will be tested by other nations, by corporations and by hobbyists.

Huge Raid Shuts Down 400-plus Dark Net sites

Silk Road 2.0 and 400 other sites believed to be selling illegal items including drugs and weapons have been shut down. The sites operated on the Tor network, which is a more secure software for Internet search - a system that also gives access to otherwise hard-to-reach parts of the net.

The joint operation between 16 European countries and the US saw 17 arrests, including Blake Benthall who is said to be behind Silk Road 2.0. Experts believe the shutdown represents a breakthrough for fighting cybercrime. Six Britons were also arrested, including a 20-year-old man from Liverpool, a 19-year-old man from New Waltham, a 30 year-old-man from Cleethorpes and a man and woman, both aged 58, from Aberdovey, Wales. All were interviewed and bailed according to the National Crime Agency.

As well as providing anonymous access to legitimate sites, Tor also lets people hide their visits to thousands of illegal marketplaces, trading in drugs, child abuse images as well as sites for extremist groups.

It was the operation last year to take down the drugs marketplace Silk Road, which was the first major success in the battle against criminal use of the dark net.

Now this much bigger operation involving global cooperation amongst law enforcement agencies sees that battle taken to a new level, with Silk Road 2.0 amongst 400 sites closed. Still, the number of arrests may be telling - 400 sites closed, but just 17 arrests. That would suggest there is a lot of work still to be done. Silk Road 2.0 was resurrected after the original Silk Road site was shut down and its alleged owner arrested. The operation also saw the seizure of Bitcoins worth approximately $1m (£632,000).

Tor is a special way to access the Internet that requires software, known as the Tor Browser bundle, to use it. The name is an acronym for The Onion Router - just as there are many layers to the vegetable, there are many layers of encryption on the network. It was originally designed by the US Naval Research Laboratory, and continues to receive funding from the US State Department.

It attempts to hide a person's location and identity by sending data across the Internet via a very circuitous route involving several "nodes" - which, in this context, means using volunteers' PCs and computer servers as connection points. Encryption applied at each hop along this route makes it very hard to connect a person to any particular activity.

Tor hides a user's identity by routing their traffic through a series of other computers. And Tor's users include the military, law enforcement officers and journalists - who use it as a way of communicating with whistle-blowers - as well as members of the public who wish to keep their browser activity secret. But it has also been associated with illegal activity, allowing people to visit sites offering illegal drugs for sale and access to child abuse images, which do not show up in normal search engine results and would not be available to those who did not know where to look.

Many experts believe that this is an ongoing process and that Tor 3.0 which is now available will become more viable and sophisticated.

Cyber Security Insurance Underwriters Demand
their Clients Understand the Threat Landcsape

Insurance underwriters aren't looking for companies impervious to risk. They want clients that understand the threat landscape and have demonstrated abilities to mitigate attacks.

With security breaches on the rise, IT professionals spend a lot of time questioning what kinds of cyber risk their companies’ insurance policies will cover. However, as those policies quickly move from optional to necessary, insurance companies are the ones asking the hard questions.

Before underwriters give the green light to cyber liability coverage, they want to see proof of insurability. That doesn’t mean they’re looking at your actuarial risk. To the contrary, regardless of past history, virtually every company today is susceptible to hacking or insider threats. That is the new reality. Therefore, insurance companies are focusing on factors beyond historic risk to inform their decisions.

When you seek out cyber insurance, underwriters will ask that you demonstrate your insurability as part of the pre-binding due diligence process. Doing so involves three primary factors:

Your understanding of cyber risk The days when cyber risk was considered an IT problem are over. Today, cyber risk is an issue your entire business must address. In order to demonstrate that your organization fully understands the scope of cyber risk, evaluate it in a holistic manner. Consider the many directions from which an attack might come, the many forms it might take, the many information assets it might target, and the many motives that might spur it. Possibilities might include:

Savvy companies know that the risks come in many forms, so be ready to explain what policies and tools you have in place to address a variety of threats.

Your ability to mitigate a cyber attack The ultimate goal for any security strategy is to prevent an attack from occurring in the first place, but unfortunately that’s not entirely reasonable. The next best thing is to minimize the harm it causes. No company is entirely inoculated from risk, but those that are prepared for it in advance suffer less. To prepare, your company needs to understand the threat landscape outlined above. That means assessing real-time risk across the entire ecosystem of your business: upstream, downstream, and inside your own organization. Unless you’re evaluating your weaknesses in a holistic manner, you won’t convince an insurer of your ability to identify an attack, never mind stop one.

You’ll need to show underwriters that you’re serious about security by conducting a holistic risk assessment before you face any known threats. Gather intelligence about which assets are your highest priorities, and which are most exposed. Then, align your security investments and resources to address those vulnerabilities. This can include a combination of perimeter and end-point solutions, and should incorporate extensive employee training. Showing that your organization has a strong cyber security culture goes a long way toward establishing security maturity.

Your likelihood of returning to business operations quickly Cyber insurers know that your business is at risk -- all businesses are. However, you can increase your organization’s chances of receiving a policy by demonstrating cyber resilience. Do this by adopting mature security practices, continuously assessing risk, and creating a plan for business continuity during and after an attack. This is of great interest to cyber insurance underwriters, who want to see that you can stem data loss, protect your brand, and retain customer loyalty, even after an attack. All parties will benefit from an organization’s ability to mitigate risk, shorten attacks, and get back to business quickly, thereby reducing losses.

Insurance underwriters aren’t looking for clients that are impervious to cyber risk. There are no longer any companies that fall into that category, unfortunately. What they are looking for are businesses that understand the threat landscape and their own risks and have established a cyber security culture demonstrated through mature security practices. As you seek out the most beneficial cyber insurance policy your company can find, be prepared to prove that your organization is committed to not only improving its cyber security company-wide, but also to reducing data and financial loss resulting from an attack.

Major Cyber Attack Will Cause Significant Loss of Life By 2025, Experts Predict

A major cyber attack will happen between now and 2025 and it will be large enough to cause “significant loss of life or property losses/damage/theft at the levels of tens of billions of dollars,” according to more than 60 percent of technology experts interviewed by the Pew Internet and American Life Project.

But other experts interviewed for the project “Digital Life in 2015,” released Wednesday, said the current preoccupation with cyber conflict is product of software merchants looking to hype public anxiety against an eternally unconquerable threat.

You may believe that a major cyber attack is likely to occur between now and 2025, or you may view the entire cyber menace as a scheme by security software companies. (The truth may be a mixture of both.) However, one thing that the threat of cyberwar will certainly do is increase the amount of computer, and particularly network government, surveillance to detect “anomalous behaviors,” possibly related to cyber attacks. The same recently released Pentagon paper on offensive cyber operations made a pointed mention of networks and the cloud as a potential source of signals intelligence of relevance to cyber-operators. Networks were “a primary target for signals intelligence (SIGINT), including computer network exploitation (CNE), measurement and signature intelligence, open source intelligence, and human intelligence.”

Make no mistake, signals intelligence collection means watching how individuals behave online.
As for the Pew’s 2025 date, Jason Healey, director of the Cyber Statecraft Initiative of the Atlantic Council, told Defense One that he considered it to be arbitrary. “We just don’t have a clue when it’s going to happen,” he said, adding that a single cyber attack on the scale of Pearl Harbor frightened him less than the prospect of a massive cyber failure, absent of malice but with real-time market implications.

“I’m less concerned about attacks and more about a shock” of the size of a major market collapse, he said and argued that pre-occupation with a “cyber Pearl Harbor” ignores the “larger complexity” of the issue. “What do we do if one of these IT companies that’s too big to fail has a Lehman Brother’s moment? The data was there on Monday and is gone on Friday? If a major cloud provider fails, how do we get our data back?”

While Healey was incredulous that a country like Russia would launch a cyber attack resulting in loss of life, he acknowledged that much has changed between today and 1991 when the electronic Pearl Harbor concept first emerged. And the changes are coming only more rapidly, as are potential vulnerabilities.

“The more that we plug things to the Internet, things of concrete and steel and connect them to the Internet, the more likely we are to get ourselves into the state where this will happen in 2025. The dynamic that will make that more and more true is the Internet of Things,” he said.

Egyptian Cyber Army: The Hacker Group Attacking ISIS online

There's a new hacking group in cyberspace, and it's going after the Islamic State's online propaganda.

After ISIS social media accounts posted a threatening message from the group's leader, the audio recording was replaced with a song and its transcript with a logo resembling that of the Egyptian military, accompanied by a writing in Arabic that read "Egyptian Cyber Army."

Abu Bakr al-Baghdadi's recording had been hacked, and the operation carried all the hallmarks of a group such as the Syrian Electronic Army.

The Egyptian Cyber Army is clearly inspired by the infamous Syrian hacktivist group, but a spokesperson told Mashable that the group's members are all Egyptians — some civilians, some with a military or police background — all sympathizers of the Egyptian government led by former Commander-in-Chief Abdel Fattah el-Sisi.

Their goal is to defend al-Sisi's governments against any opponent, such as the Muslim Brotherhood or ISIS, according to the group as well as experts who've been tracking it. With its anti-ISIS stance, the group seems to join a motley crew of hacktivists who are trying to counter the terrorist group's influence on the Internet.

Baghdadi "was delivering a message to all extremists all over the Middle East and my country that you have to use your weapons in the faces of the government and our people so we took it down and replaced it with a very popular song," the spokesman of the Egyptian Cyber Army, who claimed to be a 37-year-old former Cairo police officer named Khaled Abubakr (he declined to offer any proof of his identity), told Mashable. "All the people instead of hearing this pig heard our song and laughed."

Experts who have been tracking the group confirmed to Mashable that the group's actions suggest they're pro-government and anti-ISIS, but it's unclear who is really behind the group, and whether they're sanctioned by the Egyptian government.

We are an idea, not only a team," Abubakr said, explaining that the group is a loose-knit collective. "When we started the team we accepted that all the people can work in screwing the Brotherhood or ISIS or any radical Islamic party."

The group has claimed to have infiltrated top Islamic State web forums, according to Laith Alkhouri, a researcher with Flashpoint Partners, a company that tracks online jihadists, but they have also claimed to have hit American pro-democracy websites like the Open Society Foundation and the U.S.-Middle East Partnership Initiative. In March, they also claimed to have jammed the signal of a popular Egyptian satirical show, though Abubakr now admits his group was not responsible for it.

Despite their claims, there's "no proof or solid evidence" of their hacks, according to Ramy Raoof, an Egyptian technologist and human rights advocate.

"I have never taken them seriously," he told Mashable.

Not everyone agrees, though. The group is focused on disrupting the flow of information from al-Sisi's opponents, but also on trying to compromise them and expose anonymous online activists to identify them and facilitate their arrest, according to Helmi Noman, a researcher with the Berkman Center at Harvard University and the Ciizen Lab at University of Toronto.

"They should be taken seriously because of the potential [harm] their attacks can cause, even if they use low level skills such as phishing," he told Mashable.

Ali-Reza Anghaie, a security researcher who tracks hackers online, said that "some of the alleged supporters do indeed show some highly capable technical background, but I have yet to see a substantial claim of military background."

As for their apparent connection to the Syrian Electronic Army, it seems like it stops at the name. Abubakr said that while the Egyptian Electronic Army was inspired by the group, they do not "cooperate with them at all," and a member of the Syrian Electronic Army told Mashable that they have nothing to do with the Egyptian group.

The Egyptian Embassy in D.C. did not respond to Mashable's request for comment.
It remains unclear how the Egyptian Cyber Army replaced Baghdadi's message. Abubakr refused to disclose how the attack went down, and a spokesman for the Internet Archive, a nonprofit digital library where the recording was hosted, said that no outside account "made any modifications" to the files other than the original uploader. But that doesn't rule out the possibility that the account was taken over by the hackers.

What's next for the group? More hacks, of course, or so they claim.

"We have our people spying on al-Furqan [the media arm of ISIS] which is the media of the terrorists and this will not be the last thing we are going to do," Abubakr said. "They must expect us any time."

UK Police Arrest Alleged Lizard Squad Hacker

Vinnie Omari, alleged member of the Lizard Squad, the hacking crew that took down both Xbox Live and the Playstation Network on Christmas, was arrested in Twickenham on December 31. Omari provided details to the Daily Dot regarding the arrest and the police issued a press release announcing the raid.

From the release:

The South East Regional Organised Crime Unit (SEROCU) has arrested a 22-year-old man from Twickenham on suspicion of fraud by false representation and Computer Misuse Act offences.

The arrest yesterday (30/12) is in connection with an ongoing investigation in to cyber fraud offences which took place between 2013 and August 2014 during which victims reported funds being stolen from their PayPal accounts.

Omari said police took his computers, game consoles, and USB drives.

The Lizard Squad are a loosely affiliated hacking group and are accused of taking down Xbox Live and PSN by directly attacking the game servers. The group also recently announced the launch of something called the Lizard Stresser, a paid tool that allows sysadmin to send denial of service attacks at their own servers. Omari is currently out on bail.


The full web site is currently under development and will be available during 2015