Cyber Security Intelligence

Twitter< Follow on Twitter >

October Newsletter #4 2014

Four Snowden Stories

1 - Snowden Attacks Spying by UK Intelligence Agencies

In what amounts to a wake up call directed at a British public generally considered apathetic on privacy issues, NSA whistleblower Edward Snowden has warned that UK spy agencies are using digital technology to conduct mass population surveillance without any checks and balances at all, overreaching and encroaching on privacy rights in a way that he characterized as even worse than the US National Security Agency’s inroads into citizens’ rights.

Asked whether U.K. spy agency, GCHQ, is a bigger player in mass surveillance than the cache of NSA documents he leaked suggests, Snowden said this is indeed the case, and went on to explain why, pointing specifically to the lack of constitutional protections in the UK as an enabler for what he deemed a ‘limitless’ government intrusion into citizens’ privacy via digital channels.
“GCHQ and other British spy agencies can do anything they want. There are really no limits on their capabilities. What they do is they collect everything that might be interesting to them, which includes basically a five year backlog of all the activities of citizens in the UK.” This is done for example by the collection of their metadata records, which is who they call, the locations that they travel where their cell phones are associated with towers.

“Even if you thought it was reasonable for [governments] to collect this information, the reality is that these policy restrictions and these rules and regulations for accessing this data is not uniformly applied,” argues Snowden.

He also argued that unlawfully gathered intelligence poses a danger to the UK’s legal and justice systems because evidence is being collected against individuals who don’t have the ability to challenge it in courts.

“If judges are not aware of where this information, where this evidence originated from, it undermines the system of laws and the system of justice upon which we all rely,” he said.
He was asked whether he was surprised that other whistleblowers have emerged since he came forward, a reference to the apparent second NSA whistleblower revealed in Laura Poitras’ documentary about Snowden.

“I’m not,” said Snowden. “I actually think it was inevitable.”

“I don’t care whether they are the deepest darkest criminal. That is something we should respect. That is something we should value. And it is something that we should promote. Everyone has a role to play in their government, everyone has a role to play in their society, and if you believe in something you have to stand for something.”

2 - A Second Snowden In Leaky US intelligence?

Edward Snowden won’t be the last whistleblower. Transparency is coming, whether the government likes it or not. The only question is whether they decide to bring it to the public before whistleblowers do it for them.

That’s the underlying message of Laura Poitras’ mesmerizing new documentary, Citizenfour about Edward Snowden and the National Security Agency

Citizenfour, the new film on Edward Snowden, shows journalist Greenwald discussing with a second source, which is disclosing classified information.

There is another whistleblower inside the US Intelligence, according to the popular journalist Glenn Greenwald Edward Snowden was not alone as revealed in the new documentary about Edward Snowden that premiered in New York last week.

The two-hour documentary was the highlight of the New York Film Festival, it was directed by filmmaker and journalist Laura Poitras, it describes the story about Edward Snowden and has revealed the existence of a second classified document leaker.

“Towards the end of filmmaker Laura Poitras’s portrait of Snowden – titled Citizenfour, the label he used when he first contacted her – Greenwald is seen telling Snowden about a second source.” reports a blog post on The Guardian on the case.

During a meeting in Moscow between the journalist Greenwald and Edward Snowden, the whistleblower expressed his surprise for the level of information apparently coming from this second whistleblower.

The second source provided high confidential data on the extension of the US surveillance activity and on the real number of the people on the US government’s watch-list, nearly 1.2 million individuals.

3 - NSA 'Core Secrets' points to Spies within companies

New documents leaked by Edward Snowden suggest the National Security Agency (NSA) has agents working under deep cover in US and other international companies.

First published by The Intercept, the classified document points to the NSA having a small group of well-placed and heavily vetted insiders, whose mission is to infiltrate commercial companies and work from within.

The collection of six programs, under the umbrella "Sentry Eagle" program, is said to be the "core" part of the NSA's secret mission to "protect America's cyberspace."

The NSA has infiltrated a number of companies critical to its mission of targeted exploitation (TATEX). These agents, whose names are not disclosed, are said to be working in companies based in adversarial nations like China, but also allied and friendly countries, notably South Korea and Germany.

Some of the documents also suggest that some agents may be working for US-based firms, or companies that are owned by US corporations.

The 2004-dated document says the contents "constitute a combination of the greatest number of highly sensitive facts related to NSA/CSS's overall cryptologic," referring also to the Central Security Service, the NSA's sister agency.

4 - Snowden says end Dropbox, Facebook and Google

Edward Snowden has stated that Dropbox and similar other services are “hostile to privacy” and has urged that users need to abandon these kind of unencrypted communication modes.
Snowden further added that web users should adjust their privacy settings so that spying acts from governments get prevented since such kind of intrusions are one the rise nowadays.
Snowden, in an hour-long interview to The New Yorker magazine stated that:

“We are no longer citizens, we no longer have leaders. We’re subjects, and we have rulers.” He says there has been insufficient investment in security-based research through which metadata could be well protected and this is urgently required.

POODLE attack on SSL menaces Internet

A new attack on SSL is threatening the Internet again and it allows bad actors to decrypt traffic over secure channels.

Another critical flaw affects one of the protocols most used to secure Internet traffic, Secure Sockets Layer (SSL) and attacker could exploit the attack dubbed POODLE (Padding Oracle On Downgraded Legacy Encryption) to run a man-in-the-middle.

The problem is related to the extended support implemented by the majority of Web servers and Web browsers to the SSL version 3 protocol to secure communication channels despite it has been replaced by the Transport Layer Security (TLS).

In a real attack scenario a threat actor could set up a bogus WI-Fi hotspot, which injects a piece of JavaScript on the non secure HTTP connection while on secure HTTP connections, it intercepts the traffic and reorganizes it.

The injected JavaScript force the browser to repeatedly try to load an image from the targeted website (e.g. Banking website), each image request will include the session cookie, and the JavaScript ensures that each of these requests is specifically crafted to ensure that the one byte of the session cookie is placed in a specific position within each SSL message.

The bogus router will then reorganize the SSL message, copying the portion with the session cookie to the end of the message. In many cases the server is not able to decrypt it, causing connection failure, but occasionally (1 in 256 attempts), the message will decrypt successfully allowing the attacker to decipher a single byte of the session cookie.

The malicious JavaScript iterates the process for the different bytes that make up the session cookie, despite most of the time this will result in the connection being broken because it doesn’t decrypt properly, the attacker will be able to reconstruct the session cookie.

ISIS Is Better Than Al-Qaeda At Using the Internet

Al-Qaida has an Internet presence nearly two decades old, using various platforms and, more recently, social media to push its message. But it is ISIS, the relative newcomer, that has escalated its Internet efforts to the point that governments are beginning to see winning the Internet as central to the fight against terrorism.

European government officials met in Luxembourg with heads of tech companies, including Twitter, Facebook, and Google, to discuss how to combat online extremism.

Much of ISIS’s online strategy stems from lessons learned while its members were still in al-Qaida’s fold. But when the groups split apart, their online strategies diverged as well, especially in how they use social media.

From 9/11 to the executions of James Foley and Scott Sotloff, there seem to be no limits to the violence the two terrorist groups are willing to carry out. Now both groups use social media to wage their own brand of jihad, but they use it very differently. And their separate techniques not only reveal key divisions between the two terrorist groups, but also illustrate the depths of extremism that ISIS will plumb and that al-Qaida won’t.

Here are three key distinctions:

1. ISIS more successfully uses social media to recruit members.

Both groups use social media to target and recruit foreigners, but ISIS is much better at it. The number of Westerners fighting alongside ISIS in Syria and Iraq could number in the thousands, thanks in large part to Twitter and Facebook, and this spooks the West.

ISIS showcases its recruiting success via Twitter and Facebook, where foreign recruits themselves become propaganda tools of the group’s digital war, according to Gabriel Weimann, a professor of communication at Haifa University, Israel, who has been tracking terrorists’ use of the Internet for nearly 15 years.

2. Al-Qaida relies on ‘older’ Web platforms.

Al-Qaida never managed to find this kind of success, according to Weimann. Even though al-Qaida paved the way for ISIS on the Internet, the group has quickly outpaced al-Qaida at exploiting social media to its fullest potential. Al-Qaida certainly has a presence on social media, but the group still relies heavily on “older” platforms, like websites and forums, according to Weimann.

And while ISIS focuses on fighting a nearby enemy to defend the Islamic State, al-Qaida focuses on fighting an external enemy, i.e. the United States., and is therefore more focused on stirring “lone-wolf” terrorists to carry out acts of terror on their own.

Take, for example, al-Qaida’s online magazine, Inspire, which aims to build an army of “lone-wolf” terrorists to carry out attacks in Western countries with articles like “Car Bombs Inside America” and “Why Did I Choose Al-Qaeda.”

The polished digital magazine gave the Boston Marathon bombers the instructions to build the pressure-cooker bombs that exploded at the marathon’s finish line. Al-Qaida readily claimed credit.

3. ISIS videos glorify extreme violence.

Video channels like YouTube are also important platforms for both groups to spread their propaganda. Videos are far-reaching, provide forums for discussion, and even allow a type of cyber martyrdom.

But al-Qaida’s and ISIS’s styles are noticeably different. ISIS glorifies violence in the images and videos it disseminates around the Web, whereas al-Qaida’s content is more restrained.
While most people react with disgust to ISIS’s graphic videos, there are some who are inspired by it, and that is exactly whom the group is trying to reach. ISIS’s propaganda documentary Flames of War is produced in a Hollywood-esque fashion, complete with pyrotechnics and voiceovers. Again, these images appeal to a younger audience with a thirst for revenge, says Weimann.

However Weimann predicts al-Qaida will outlast ISIS. ISIS has successfully maneuvered social media to achieve its desired effect, fear and recognition, but al-Qaida’s network is much wider and more deeply rooted than that of ISIS.

Google: Schmidt Stands Firm On De-Listing To Google.Com

Google’s Eric Schmidt has held the line against extending European search de-listing requests to Google’s .com domain. As it stands, successful requests made by private individuals under the ruling for information to be de-indexed by Google in a search associated with their name are only implemented by Google on European sub domains, such as or, not on That’s not about to change, according to comments made by Schmidt today — presumably unless Google is compelled to expand de-indexing to .com by the European Court of Justice (ECJ) in the future.

It’s one of several problematic loopholes with Google’s implementation of the ECJ ruling, which was handed down in May. Problematic since it undermines the intended impact of the ruling by allowing for a simple workaround (i.e. searching on to circumvent a de-listed search result on a private individual’s name.

The ECJ ruling judged Google and other search engines to be data controllers and therefore requires them to accept and process individual search de-listing requests where the information in question is deemed outdated, irrelevant or otherwise erroneous, weighing requests against any public interest considerations in the information remaining associated with a search for an individual’s name.

Google: The UK wants to scrape 60,000 web pages

Ten per cent of links expunged from the web under the European ‘right to be forgotten’ laws were based on requests from the good people of Blighty, Google has confirmed.

The ad giant said it has removed nearly 499,000 links in the past five months, and this includes more than 63,000 pages from Brits that wanted them erased from the net.

Some 18,304 requests were instigated from Britain, the third highest number of referrals in the European Union behind the French and the Germans, who made 29,010 and 25,078 applications respectively.

The stats show the Chocolate Factory expelled some 35 per cent or 18,459 of undesirable links to web pages at the behest of folk in the UK.

Facebook is the domain where most URLs from search results were binned, some 3353, with Profile Engine and YouTube next with 3298 and 2397 pages struck off respectively.

Some examples of ‘right to be forgotten’ requests from people include a media professional from the UK who asked Google to remove four links to articles reporting on embarrassing content he’d posted to the web.

The UK argued there must be a balance between freedom of expression and a ‘right to be forgotten’, and this can only be determined on a case by case basis, while Austria stated privacy and free speech should not be decided by Google.

Anonymous Take Down Chinese Government Websites

In support of pro-democracy protests in Hong Kong, the online hacktivist Anonymous previously announced ‘Operation Hong Kong’ against the government and its supporters.

Now the group has taken down high profile Chinese government websites and leak hundreds of IP addresses, email address, passwords and phone numbers.

The two main servers targeted by Anonymous belong to a job search portal and Ningbo Free Trade Zone in Zhejiang province.

We have effectively hacked and shutdown government websites and their supporters. Some noticeable Chinese and Hong Kong government domains and networks have already acquired American services for their domains. Such actions prove that the attacks we have conducted cannot be handled, and they must turn to U.S. based providers, Anonymous said in a statement.

5 Things Company Boards should do about Cyber Security ~ Now

The Wall Street Journal sat down with two top-tier experts in cybersecurity and risk management. Raj Samani, CTO EMEA at McAfee; and Stephen Bonner, Partner in the Information Protection and Business Resilience team at KPMG, laid out the key issues boardrooms need to look at to secure their company’s data and reputation.

1 Understand the Problem

Cybercrime is a murky business. The cybersecurity industry itself is not very transparent. It’s very difficult to get a handle on what the dangers are, and the size and cost of the problem. Still, many organizations have cybersecurity tucked away in their IT departments. It’s time to bring it up and dust it off.

2 Know Your Risk

IIf you are hacked, what are some obvious operational losses that will have a tangible impact on your business? What happens to your business if it becomes unavailable to your customers for a period of time? What about strategic plans and M&A pricing data: What if you don’t know if this information has been compromised? Manage these risks now.

What are you trying to protect? Is it customer data? Is it financials? Is it just your consumer-facing website? Or does it go much deeper than this, to intellectual property and patents? Decide what’s crucial to you, and build security architecture around that.

4 Know the Regulations

New regulations coming through the European Parliament, which are likely to come into force at the end of 2015, will make breach disclosure mandatory. There will be huge fines for companies who actively fail to disclose breaches of their systems. It’s a good idea now to begin discussing your companies’ compliance to data privacy and breach notification regulations.

5 Know where to spend it

Once you have a clearer picture of the risk to your critical information assets, decide how to deploy resources. If you are breached, you will need to deal with a fast-developing crisis with lots of moving parts. Consider now the costs you might need to lay out, including any losses the breach may cause, consulting costs, potential liability, potential court cases, and insurance. Practice your response now.

US is at war in cyberspace, says House Intelligence Chairman

Mike Rogers, a Republican from Michigan, is stepping down as chairman of the House Intelligence Committee. He was in San Antonio to discuss the widening threat of cyber-security attacks from hostile nations.

The United States is at war in cyberspace, although most people can’t see it, the chairman of the House Intelligence Committee said in San Antonio.

Thousands of attacks are being launched everyday against US businesses by nation-states like China, Russia and Iran with the potential of creating chaos in our economy if they are successful. Fortunately, most of these attacks are caught or deflected before they can do any harm, but the threat is serious. Individual companies are outmatched against these organized attacks from nation-states and that is why the US government needs to take an aggressive stand in defending its cyber-borders.

Cyber crime a challenge: Met chief

Police have still not "got to grips" with online fraud despite a huge rise in the crime, the UK's most senior officer has admitted. The Metropolitan Police has seen a 54% rise in reports of so-called cyber crime in the past year, with half of the 17,000 cases referred to the force by Action Fraud involving the use of technology.

Speaking at a security conference in London, Met Commissioner Sir Bernard Hogan-Howe said: "There is an emerging and great criminal challenge that we need to confront and I would argue that police have not yet got to grips with this very significant, different type of crime." The Scotland Yard chief told delegates at the British Library that investigators have a challenge to gather evidence linked to a crime that has no immediate witnesses.

Despite a 20% budget cut, the Metropolitan Police has moved hundreds of officers and staff to a specialised unit to try tackle the problem.

Falcon - which stands for Fraud and Linked Crime Online - is the biggest anti-cybercrime unit in Europe, and was officially launched earlier this month with a team of 300 staff, which is expected to rise to 500. Sir Bernard said his force had to find officers and staff for the new unit despite slashed budgets.

Israel Hackers Takes Cyber War Revenge and Shut Down Palestinian and Gaza Government Websites

Israel hackers took their revenge in the cyber war as they shut down Palestinian and Gaza websites. In the current cyber war happening between cyber warriors of Gaza and Israel made sure that they can get back with all of the attacks that Gaza cyber warriors have caused them. If in the start of the war Gaza has shut down various government websites Israel is now standing to show their guts in attacking back.

Given that Palestinian attackers have currently disabled hundreds of government websites Israeli attackers secured their country with the current war as they launch their attacks with various government websites of Gaza and Palestine.

The cyber war between the Palestinian and Gaza hackers and the Israeli hackers started when the Palestinian hackers started leaking the databases of the government websites of Israel. As a result of the disturbing hacking activities of the Palestinian and Gaza hackers Israel has organized the Anonymous group and is now known as the biggest player in the current cyber war. Both groups are continuously hacking the websites owned by the government and continuously leaking them. Due to the hundreds of attacks made in the past by the Gaza hacktivists Israel is now starting to get back with the attacks made with launching consistent attacks with various sectors of government websites and shutting down as much websites as possible with unexpected attacks.

How US Spies Could Detect Lying in the Future

Polygraph-based lie detection technology remains the standard method of deceit spotting in the government. MRI-based lie detection systems are better, so long as you can get the person you are evaluating over to a huge neural imager and can afford $2,600 per scan. But what the national security community has long wanted is lie detection system that works in the field, can be deployed anywhere and can spot deceit on site and immediately, a polygraph encoded in software.

In February, the Intelligence Advanced Research Projects Activity (IARPA) announced a rather unique competition called INSTINCT, which stands for Investigating Novel Statistical Techniques to Identify Neurophysiological Correlates of Trustworthiness. The goal was to develop “innovative algorithms that can use data from one participant to accurately predict whether their partner will make trusting decisions and/or act in a trustworthy manner.”

According to IARPA, the researchers “found that someone’s heart rate and reaction time were among the most useful signals for predicting how likely their partner was to keep a promise.” The methodology of the experiments has not yet been released.

How might the government’s lie-detecting software robots benefit society? Stopping people from lying about whether they’ve come in contact with Ebola is an obvious one but there are others.

A quick look at the military’s efforts to quantify truthiness in recent years offers some clues about where the research is headed.

What would this look like? Imagine that you are asked to make a promise. It’s one you do not intend to keep but you say ‘yes’ anyway, after a moment’s hesitation. Your pulse rises in a way that causes your cheeks to feel warm. This is not noticeable to anyone — but a computer analyzing your neural, physiological, and behavioral signals has determined what you already know, you’re lying.

Gartner’s Top 10 Strategic Technology Trends for 2015

1 Computing Everywhere

As mobile devices continue to proliferate, Gartner predicts an increased emphasis on serving the needs of the mobile user in diverse contexts and environments, as opposed to focusing on devices alone. The overall environment will need to adapt to the requirements of the mobile user. This will continue to raise significant management challenges for IT organizations as they lose control of user endpoint devices.

2 The Internet of Things

The combination of data streams and services created by digitizing everything creates four basic usage models — Manage, Monetize, Operate and Extend. Enterprises should not limit themselves to thinking that only the Internet of Things has the potential to leverage these four models. For example, the pay-per-use model can be applied to assets such as industrial equipment, services such as pay-as-you-drive insurance, people, places such as parking spots and systems such as cloud services. Enterprises from all industries can leverage these four models.

3 3D Printing

Worldwide shipments of 3D printers are expected to grow 98 percent in 2015, followed by a doubling of unit shipments in 2016. 3D printing will reach a tipping point over the next three years as the market for relatively low-cost 3D printing devices continues to grow rapidly and industrial use expands significantly.

4 Advanced, Pervasive and Invisible Analytics

Analytics will take center stage as the volume of data generated by embedded systems increases and vast pools of structured and unstructured data inside and outside the enterprise are analyzed. Organizations need to manage how best to filter the huge amounts of data coming from the IoT, social media and wearable devices, and then deliver exactly the right information to the right person, at the right time.

5 Context-Rich Systems

Ubiquitous embedded intelligence combined with pervasive analytics will drive the development of systems that are alert to their surroundings and able to respond appropriately. Context-aware security is an early application of this new capability, but others will emerge.

6 Smart Machines

Deep analytics applied to an understanding of context provide the preconditions for a world of smart machines. This foundation combines with advanced algorithms that allow systems to understand their environment, learn for themselves, and act autonomously. Prototype autonomous vehicles, advanced robots, virtual personal assistants and smart advisors already exist and will evolve rapidly, ushering in a new age of machine helpers.

7 Cloud/Client Computing

The convergence of cloud and mobile computing will continue to promote the growth of centrally coordinated applications that can be delivered to any device. Cloud is the new style of elastically scalable, self-service computing, and both internal applications and external applications will be built on this new style.

8 Software-Defined Applications and Infrastructure

Agile programming of everything from applications to basic infrastructure is essential to enable organizations to deliver the flexibility required to make the digital business work. To deal with the rapidly changing demands of digital business and scale systems up, or down, rapidly, computing has to move away from static to dynamic models.

9 Web-Scale IT

Web-scale IT is a pattern of global-class computing that delivers the capabilities of large cloud service providers within an enterprise IT setting. More organizations will begin thinking, acting and building applications and infrastructure like Web giants such as Amazon, Google and Facebook. The first step toward the Web-scale IT future for many organizations should be DevOps — bringing development and operations together in a coordinated way to drive rapid, continuous incremental development of applications and services.

10 Risk-Based Security and Self-Protection

All roads to the digital future lead through security. However, in a digital business world, security cannot be a roadblock that stops all progress. Organizations will increasingly recognize that it is not possible to provide a 100 percent secured environment. Once organizations acknowledge that, they can begin to apply more-sophisticated risk assessment and mitigation tools. This will lead to new models of building security directly into applications. Perimeters and firewalls are no longer enough; every app needs to be self-aware and self-protecting.

(ISC)²Security Congress EMEA 2014

9-10 December | The Bloomsbury Hotel, London

Featuring Five Security Tracks
Governance, Risk & Compliance • Mobile Security • Human Factor • Security Architecture • Data Security

Pre-Conference Workshops

Digital Forensics • Application Security

The (ISC)² Security Congress EMEA , organised in partnership with MIS Training Institute features top level keynote speakers from Europe to share insights and best practices from their security leadership experience.

The full web site is currently under development and will be available during 2014