Editor’s note: is the sumarry of the cyber security news by the International Institute for Strategic Studies (IISS) for the week July 20-26, 2018.
Russia hacks away at US elections
Hackers from Russia’s military intelligence agency sent spear-phishing emails to at least three candidates running in the November 2018 midterm elections in the United States, according to Microsoft. The company did not disclose which candidates were targeted, but noted that they were likely people of interest ‘from an espionage standpoint as well as an election disruption standpoint’. Also last week, the Federal Bureau of Investigation told Maryland officials that their voter registration vendor had been purchased by a Russian oligarch in 2015, leading to concerns that the system could have been compromised.
Without an apparent strategy for countering Russian interference, the White House has sent mixed messages on the veracity of the threat and who is actually being targeted. Meanwhile, the official in charge of election security at the Department of Homeland Security testified to a congressional oversight committee that the department was ‘planning and preparing’ to counter sustained election interference efforts by Russia, both in the 2018 midterms and beyond. The Director of National Security Agency and Commander of US Cyber Command Paul Nakasone reportedly told staff that the two organisations would coordinate their efforts to counter potential Russian interference in the 2018 midterms. He also publicly confirmed that he had set up a task force called the ‘Russia Small Group’ to tackle the issue. The Department of Justice announced its own policy aimed at countering foreign hacking and disinformation campaigns. Under the new policy, the department will notify US companies, organisations and individuals if they are being targeted by foreign influence campaigns seeking to undermine political processes in the US.
Growing cyber threat from Iran
Unnamed senior US officials reported that Iranian hackers now have the ability to execute sophisticated cyber attacks on US and European infrastructure and private companies. Germany’s domestic intelligence agency also reported a growing incidence of attacks likely originating in Iran since 2014, and noted in particular a sharp increase last year.
While the US has yet to decide whether to retaliate in the event of an attack, Germany is considering laws that would allow the country to respond more aggressively to foreign cyber attacks. Attacks from Iran are of particular salience for both Germany and the US, as the former endeavours to preserve the 2015 Iran nuclear deal following Washington’s withdrawal from the agreement earlier this year.
UK secret service’s access to citizen data deemed illegal
The United Kingdom’s Investigatory Powers Tribunal ruled that the British government broke the law by giving GCHQ, the intelligence service, illegal access to citizens’ data. The Foreign Office is accused of giving GCHQ free rein to request and amass private data from telecommunication companies and internet service providers without proper oversight. The decision comes as the UK is working to secure its data transfer partnership with the European Union ahead of the country’s exit from the bloc next year.
Chinese hackers target Helsinki Summit
Cyber security company F5 reported a spike in hostile traffic aimed at Finnish internet-connected devices in the run-up to the Helsinki meeting between US President Donald Trump and Russian President Vladimir Putin. While Finland is not typically among the countries most targeted, attacks reportedly increased by 2,800% leading up to the summit. Breaches originating from China, which normally account for 29% of Finland’s total attacks, jumped to 34% during 14–16 July. Conversely, the number of attacks originating from Russia dropped from 14% to 7%.
Making cents of bank cyber heists
A cyber attack that resulted in the theft of nearly US$1 million from a Russian bank has been attributed to the hacking group MoneyTaker. The group used commonly available methods and tools to penetrate the bank’s network and money transfer system. Since 2016, MoneyTaker has carried out more than 20 attacks on financial and legal institutions in Russia, the UK and the US.
Hackers steal Singaporean medical records
Singapore’s Ministry of Health confirmed that hackers breached the networks of SingHealth, the country’s largest healthcare group, stealing the medical records of 1.5m people, including those of Prime Minister Lee Hsien Loong. The government stated that no medical records had been tampered with. An investigation by the Cyber Security Agency of Singapore found the attack was a ‘deliberate, targeted and well-planned cyberattack… not the work of casual hackers or criminal gangs’, suggesting that the attack may have been state-sponsored espionage.
UK watchdog troubled by Huawei
The annual report from the UK’s Huawei Cyber Security Evaluation Centre found that it has ‘only limited assurance’ that Huawei products pose no threat to national security. The centre was established in 2010 and is staffed by the country’s signals intelligence agency to assess the risk of using Huawei in critically important networks. The UK has had a less stringent policy towards Huawei products than the US or Australia, using the company’s hardware and software in mobile and broadband networks. This latest report found Huawei had not demonstrated appropriate oversight of suppliers of third party components, leading to concerns that the source code examined was not the entirety of the code used in the UK’s networks.
Tech giants seek to improve data portability
Google, Facebook, Microsoft and Twitter announced a joint data portability project. The Data Transfer Project outlines a set of open standards that will enable user data to be easily shared and moved between different online platforms. The project seeks to establish an industry standard for importing and exporting user data to make it easier for the public to migrate their data from one platform to another. This initiative will also make it easier for new start-ups to challenge the incumbent platforms, which have an entrenched advantage in terms of the user data they hold.
Insight from Sean Kanuck, IISS Director of Cyber, Space and Future Conflict
While blockchain technologies gained initial popularity in the financial sector, several nations are now exploring their application for military purposes. On 29 June, Russian news sources announced the construction of a new Ministry of Defence research laboratory to study how blockchain or other distributed ledger systems can enhance military cyber security measures. In China, a 13 July People’s Liberation Army Daily article considered the use of blockchain for decentralised storage of military information, secure human intelligence transactions and data integrity management. The US Department of Defense and European Defence Agency are also studying new blockchain-based methods for countering cyber threats and improving military logistics.
Beyond defensive information security, blockchain could also be used as an operational technology. Practical military applications include drone operations, weapons control systems, supply chain risk management and even additive manufacturing of defence materiel.