This report was prepared by The Institute for National Security Studies (INSS) and The Cyber Security Forum Initiative (CSFI) to create better cyber situational awareness (Cyber SA) of the nature and scope of threats and hazards to national security worldwide in the domains of cyberspace and open source intelligence. It is provided to Federal, State, Local, Tribal, Territorial and private sector officials to aid in the identification and development of appropriate actions, priorities, and follow-up measures.
USA and North America
University of Toronto’s domain hacked by a pro-Kurd
The University of Toronto domain was recently hacked before the Christmas holiday. The hacker, alias “Muhamad Emad,” left an anti-IS (“Islamic State”) message with the pro-Kurd anthem, including the Kurdish flag. This is not the first time Canada has been hacked regarding IS. A month ago, a Canadian church website was hacked and pinned with pro-IS posts, and Canadian universities and colleges in Toronto launched a new campaign targeting the ISIS’s recruitment process in the region—a counter action to several recruitments that had occured previously.
The FBI connects North Korea to Sony hack
The FBI found evidence blaming North Korea for the massive Sony hack. As White House Press Secretary, Josh Earnest, explained, this episode is being treated as a serious national security matter. Before the Christmas holiday, the FBI published a formal update presenting the connection between North Korea and the Sony hack. The Bureau claims they traced evidence connecting North Korea to that with evidence, including encryption algorithms, IP addresses, specific line of code, and specific tools used previously in attacking South Korea.
The White House neither confirmed nor denied the North Korean role. The prompting for the attack was a Sony comedy featuring the fictional assassination of the North Korean leader Kim Jong-un, and under duress of the attacks and threats of future physical harm against movie-goers, Sony cancelled its major theatrical release. US officials verified that the government did not ask Sony to cancel the film’s release as they viewed the cyber-attack and demands for cancelling the movie release as repressing freedom of expression.
The White House stated the administration was considering a “proportional response” against those responsible for the attack that could start a direct conflict between the US and North Korea. While vague about the possible US retaliatory action, the administration added there is evidence to indicating destructive activity with malicious intent initiated by a sophisticated actor but hinted at a covert operation. A cyber-attack on a company, such as Sony, is another reminder of the dangers lying in the insufficiently protected cyberspace.
ICANN hacked using “spear phishing”
The Internet Corporation for Assigned Names and Numbers (ICANN) announced a successful hack to servers. The attackers managed to access a number of systems within the ICANN, like the Centralized Zone Data Service (CZDS). The hackers accessed names, postal addresses, email addresses, fax and telephone numbers, and login credentials. The ICANN site is used to archive files, making it not up-to-date with essential files; this fact reduces the damage of the attack.
NATO helps Georgia train cybersecurity experts
Cybersecurity trainings were held in the professional development center at the Georgian Defense Ministry with the support of the NATO-Georgia professional development program. The aim of the exercise was to increase cybersecurity cooperation between government and non-government sectors in Georgia with senior Georgian officials attending the training. NATO offered Georgia the “Substantial Package,” which aims to develop Georgia’s defensive capacity by holding joint training and exercise sessions, provide intensive liaison, and improve interoperability opportunities.
Georgia also demonstrated its readiness to join the post-2014 Resolute Support mission in Afghanistan to train, advise, and assist the local Afghan National Security Forces after the termination of the ISAF mission. NATO support is welcoming in Georgia amid recent tense political relations with Russia (following the treaty between Russia and its separatist Abkhazia region).
France strengthening its cyber defense research
The French Ministry of Defense signed a cooperation agreement with 11 universities on cyber defense research. This agreement is part of the cyber defense pact launched by the Minister of Defence, Jean-Yves Le Drian. This new cooperation is supposed to mark a significant step forward for the Cyber Security Excellence Center established in the eastern region of France. This new center aims to be a national and international center to cooperate on research, exchange ideas, and share threats with other cyber research centers across the world.
Since 2009, France began to shift its cyber defense strategy after having to establish a national information security agency to protect the French government infrastructure. The government released a national cyber defense policy including the development of their national cyber security infrastructures, the creation of a national cyber defense reserve, and the establishment of a cyber command in the army. Similar to the United Kingdom, France is aiming to become the first European cyber super power capable of preventing cyber-attacks and effective responses in the threat of cyber warfare. However, the cyber budget of France remains lower than the UK, which invested hundreds of millions into its cyber security.
Massive cyber attack against German steel factory
A German steel factory has been targeted by a massive cyber-attack, which has caused heavy physical damage. According to a report from German officials, the hack caused severe damage to a blast furnace, as the attackers managed to modify the internal systems and its components, disrupting the industrial operation. The report explained the hackers employed an advanced spear phishing technique to gather credentials and gain access to the main networks of the plant. Moreover, the attackers infiltrated the network of the factory and managed to find the path to the industrial production network.
Officials speculated that this incident was similar to that of the Stuxnet cyber-attack. Since Stuxnet, cyber-attacks against electrical power grids and nuclear or water infrastructure have increased, along with the number of state or state sponsored groups that are performing these attacks against these critical infrastructures, which have only evolved to become more sophisticated attacks. To counter such cyber-attacks, several security companies, like the Israeli firm Waterfall, have developed advanced technologies taking into account the complex environment of these industrial systems (like SCADA).
Public and private organizations require President Klaus Iohannis to reject new proposal of cyber security law
The President of Romania, Klaus Iohannis, was asked by the Romanian country’s national intelligence agencies and private entities to reject the new cyber law. The new cyber security law would regulate the domain of cyberspace with warning and monitoring entities. The law has been developed based on the European Union Directive on Network and Information Security (NIS), requiring private entities and companies to make their data available for the National Security Authority (NSA).
This has caused uproar among intelligence agencies and stakeholders in the private sector, criticizing the Romanian Parliament of violating their constitutional rights on data privacy in cyberspace. Romania recently faced dozens of cyber-attacks associated with financial frauds, illegal copies of credit cards, and personal data braches. Therefore, a new regulation of this cyber law was deemed a necessary step for the future of cyber security in the country. As a response to persisting protests, President Klaus Iohannis asked the Parliament to review the law.
China and APAC
South Korea steps up cyber security at nuclear power plants
South Korean President, Park Geun-hye, increased their cyber security at the country’s nuclear power plants following a series of “grave” data leaks (all of which were considered non-critical information). South Korea’s 23 nuclear power reactors are operated by Korea Hydro and Nuclear Power (KHNP), whose computer systems had been hacked. As South Korea is still technically at war with North Korea, this raised the cyber crisis alert level for state-run companies from “caution” to “attention.”
Safeguards against “cyber terrorism” inspections were ordered for all national critical infrastructure facilities, including nuclear power plants. “Nuclear power plants are first-class security installations that directly impact the safety of the people,” Park said at a cabinet meeting. “A grave situation that is unacceptable has developed when there should have been not a trace of lapse as a matter of national security.”
NCCoE cooperates with Israeli companies to improve US private sectors
The US National Cybersecurity Center of Excellence (NCCoE) will be interacting with Israeli companies, the NCCoE’s deputy director revealed. The NCCoE, a laboratory for innovation, helps improve the cybersecurity in the private sector, recognizing the innovation within the Israeli market in the field of cybersecurity. The cooperation between the two will help the NCCoE improve cyber systems in sectors such as utilities, water, chemical, financial, and healthcare. The NCCoE, with the assistance from Israeli companies, will develop the security and general technology for updating firmware and general standards.
Hamas claims to have hacked IDF computers
Hamas recently released an unseen video from Operation “Protective Edge.” According to Hamas, they received the video through hacking into the IDF computers. This video shows the terror attack on Kibbutz Ein HaShlosha during the operation. The video shows the attack itself, as well as the fact that some of the terrorists managed to get back to the Gaza strip unharmed.
International Business Times website hacked by Syrian Electronic Army
The Syrian Electronic Army hacked the International Business Times website in order to remove the article: “The Syrian Army is Shrinking, and Assad is Running out of Soldiers.” The SEA also removed central features of the IBT from its pages and replaced them with new stories.
Islamic State suspected of cyber-attack on Raqqa opponents
The Citizen Lab, a cyber security group, released a report finding a possible link between IS (the “Islamic State”) and a digital attack on a Syrian citizen media organization that has repeatedly criticized the IS fighters. Raqqa Is Being Slaughtered Silently (RSS) recently exposed human rights abuses by IS forces who are occupying the northern Syrian city and the IS declared capital. Last month, RSS’s supporters were sent emails from a Gmail account containing a link of a supposed image of US air strikes against IS strongholds. When clicking on the link, it introduces malware on to the user’s computer that sent details of the IP address and network system each time the computer restarts.
Russia building a unified system to defend against cyber-attacks
By the end of 2014, the Russian government intended to review a law on critical information infrastructure that would enable the country to build a comprehensive defense system against cyber-attacks. A state system to detect and warn against computer attacks is being created under the guidance of the Federal Security Service (FSB). Igor Sheremet, one of the co-authors of the bill, said that three cyber intelligence networks belonging to foreign countries were identified in 2013, preventing the theft of two million pages of secret information.
These materials, including copyrighted materials, are intended for “fair use” as permitted under Title 17, Section 107 of the United States Code (“The Copyright Law”). Use of copyrighted material for unauthorized purposes requires permission from the copyright owner. Any feedback regarding this report or requests for changes to the distribution list should be directed to the Open Source Enterprise via unclassified e-‐mail at: firstname.lastname@example.org.
CSFI and the INSS would like to thank the Cyber Intelligence Analysts who worked on collecting and summarizing this report.