Executive Cyber Intelligence Report: September 1, 2014

This report was prepared by The Institute for National Security Studies (INSS) and The Cyber Security Forum Initiative (CSFI) to create better cyber situational awareness (Cyber SA) of the nature and scope of threats and hazards to national security worldwide in the domains of cyberspace and open source intelligence. It is provided to Federal, State, Local, Tribal, Territorial and private sector officials to aid in the identification and development of appropriate actions, priorities, and follow-­up measures.


Major cyber-attack against United States banks

A week ago, the US financial sector experienced a massive cyber-attack. Several banks, including JP Morgan Chase and others, were targeted by a series of cyber-attacks. According to a vast investigation, the hackers infiltrated the bank’s networks and stole gigabytes of data, including customers’ details and employees’ information.

According to the FBI (who are conducting the investigation in cooperation with the United States Secret Service), the identities and motivation of the hackers have not been yet determined. However, without any certitude, it appears the hackers originated from Russian or Eastern European countries.

This is not the first time US banks are experiencing cyber-­attacks. US banks have often been victims of hackers targeting credit card numbers and CVVs to sell on the Internet. Moreover, iSight Partners, a security company, warned banks about online threats and insisted banks should prepare to face several cyber-­attacks from Russia in retaliation for Western economic sanctions. When it comes to financial fraud and banks, Russian hackers are the most organized and powerful cyber-criminals. They are well-skilled and very motivated.


Behind Israeli cyber battle of Operation Protective Edge

According to an article written by Daniel Cohen and Danielle Levin, researchers from the Institute for National  Security Studies, cyber-­attacks targeting Israel during Operation Protective Edge demonstrated Israel’s implementation of government policy in the cyber sphere and application of the systematization learned since 2012’s Operation Pillar of Defense.

There was a significant improvement in coordination of Israel’s cyber defense organizations, including the functioning of Israel’s security systems and the increased cooperation between the civilian and defense sectors. The objective of the main attack during the Operation was to cause Israeli networks to collapse by overloading the system. Cohen and Levin explain that these attacks focused on distributed denial of service (DDoS) and Domain Name Service (DNS) attacks on communication and Internet companies in an attempt to swamp the Israeli Internet networks.

The Shin Bet stated that international hacking groups conducted the attacks during the operation. The Israel Defense Force (IDF) mentioned Iran had a large role in the increase of cyber-­attacks on civilian infrastructure. An Israeli security firm later confirmed that most of the attacks were from the Middle East origin, and later the IDF confirmed Iran partook in cyber-­attacks targeted to Israel. Both the IDF and the Shin Bet were able to foil any damaging attempts to Israeli government networks and critical infrastructure. The Shin Bet confirmed they were able to secure all cyber-­attacks targeted towards the Israeli government’s networks and systems.

Shin Bet, through its cyber division, acted in coordination with private contractors, the Israeli Ministry of Communications, and the media in taking preemptive measures against these straightforward cyber-­attacks. The IDF worked with an integrated communications network of the Military Intelligence and cyber companies related to the Ministry of Defense, which assisted in recognizing and removing all cyber threats from attackers related to these attacks. The Head of the IDF cyber defense unit revealed that infiltration had also been attempted on IDF networks, but he verified Israel’s high technological capabilities were elevated in order to ensure breaches did not occur.


Most cyber-­attacks targeting Western Europe come from Russia

According to a study conducted by Alert Logic, a Houston Web Security Company, hackers directly from Russia conducted the vast majority of cyber-­attacks targeted at Western Europe. In turn, China has become the leader in the number of hacking attacks against the United States.

Analysis showed that 40% of hackers targeting users in Northern European countries were carried out from Russia. Western European countries subjected to hacking attacks were conducted from China (32%), United States (21%), India (17%), and Russia (9%). Exports also reported 63% of attacks on the countries of the Asia-­Pacific region have been carried out from the USA. The most frequent were infections caused by the Conficker-A malware.


Iranian cyber offense during Operation Protective Edge

An analysis of Iran’s cyber activity during Operation Protective Edge indicates growing maturity in the Islamic Republic’s operational capabilities, showing it is capable of conducting an extensive military cyber operation against a range of targets using a wide spectrum of methods, according to an article by Dr. Gabi Siboni and Sami Kronenfeld, researchers from the Institute for National Security Studies.

Moreover, Iran’s focus on cyberspace during Operation Protective Edge may indicate the start of a process in which cyberwar replaces classical terrorism as the main tool in Iran’s doctrine of asymmetrical warfare. Cyberwar, which offers the attacker distance and deniability, two features the Iranians consider extremely valuable, enables serious damage to the civilian front of an enemy enjoying military and geostrategic superiority. Thus far, Iran’s cyberspace capabilities remain inferior to Israel’s and to those of the leading technological powerhouses, but it is rapidly and efficiently closing the gap.

Hackers related to ISIS took down Sony PlayStation’s network

“Lizard Squad,” a pro ISIS cyber group, claimed responsibility for hacking the Sony PlayStation’s network. Using a distributed denial of service (DDoS) attack, the group managed to overload the SPN server and cause the crash. Other services affected included Xbox LIVE, Battle.net log-­ins for Blizzard titles, League of Legends, and Path of Exile. As posted on Twitter, the group is connected with the Islamic State (IS), claiming to be loyal to the Calipha and acting as part of the IS against the greediness of corporations, such as Sony. Nevertheless, many of the hackers from Lizard Squad were traced back to IPs in Europe.

Qatari technology helps Hamas build sophisticated cyber systems to attack Israel

Before and during Operation Protective Edge, Hamas was funded by Qatar. Qatar invested hundreds of millions of currency in both defensive and offensive cyber-­capabilities for the terrorist organization. According to Aviad Dadon of the Israeli cyber-­security firm AdoreGroup: “We have sourced 70% of the cyber-­attacks on Israeli government sites in recent weeks to IP addresses associated with Qatar.”

According to Dadon, not only is Qatar investing time and money into cyber-­attacks, but it is also training Hamas terrorists in how to use sophisticated equipment and systems to manage its extensive terror tunnel system in addition to systems for firing rockets at Israel using automatic, timed launching systems. Qatar has hired hackers to hit Israeli government and infrastructure sites trying to disrupt the operations of electricity, water and other critical systems during the 50-day operation.


Budget cuts increase Australian cyber-­security risks

Australia’s cyber-­security-­focused Co-­Operative Research Centre (CRC) had not been funded for the second time. CRC dates back to 1990 and had provided funds and guidance to encourage research collaboration between universities and the private sector. Once the cuts hit the research institutes, a significant drop in R&D is imminent. However, a plan for the Australian Cyber-­Security Research Institute is supposed to be announced later this year. Experts think this may be a little too late.

Hacker targets info on MH370 probe

The computers of high-­ranking officials in agencies involved in the MH370 investigation were hacked and classified information was stolen. The stolen information was allegedly being sent to a computer in China before Cybersecurity Malaysia (a Ministry of Science, Technology and Innovation agency in Malaysia) had the transmissions blocked and the infected machines shut down.

The national cyber-­security specialist agency revealed that sophisticated malware or malicious software, disguised as a news article reporting that the missing Boeing 777 had been found and was e-­mailed to the officials on March 9, a day after the Malaysia Airlines plane vanished during its flight from Kuala Lumpur to Beijing.


Ecuador is latest country to face cyber-­espionage campaign

Kaspersky Labs revealed that Ecuador is the latest country faced with a cyber-­espionage campaign known as “Machete.” The campaign started in 2010 with hundreds of gigabytes of classified information breached, beginning with infected PowerPoints. Once accessed, the attackers intercepted messages from the keyboard, recorded audio from the computer microphone, took screenshots and stole files from remote serves.

Stolen information was also used through a special USB. “The attackers were not interested in money, but in highly classified information of military… basically everything that involves national security of a government,” Dmitry Bestuzhev explained, Director of the Security Team for Latin America at Kaspersky Lab. Latin American countries of Colombia and Venezuela were also affected, in addition to the embassies of Russia, France, China and more.


UK Ministry of Defense launching £2 million cyber defense project

The UK Ministry of Defense decided to launch a £2 million cyber defense project. This project is a competition aimed at finding a solution to automate cyber response, collect data and identify cyber-­attacks to ensure better protection to the UK MoD computer systems.

The competition has been organized by the MoD’s Centre for Defence Enterprise, which explained, “Once a system is compromised, a cyber-­attack can quickly escalate, so automated responses are an essential part of cyber defense processes, while recognizing that the user may wish to revert to human decision making.”

The MoD declared it does not necessarily expect one winner for this competition and all good ideas will be reviewed. The budget has been split into two parts, £1 million each. The first part will be launched in September at an Innovation Network event in London. Then, the second part will be awarded on a per-­project basis to the most successful bidders.

The UK MoD spokesperson explained that “the whole aim is to support people with ideas or small businesses that have ideas that don’t necessarily have the funds to develop them further. If they do prove successful, then there’s the potential to take them forward.” The UK, which is one of the most advanced countries for cyber defense, seems to adopt a participatory strategy involving British civilian companies to get involved in the UK defense. This type of project is a plus for countries that are looking to develop their response capabilities to multiple cyber-­attacks.

Germany working on cyber security law to protect critical infrastructure

The German interior ministry is thinking of launching a cyber security law to protect its national critical infrastructure. The Interior Minister, Thomas de Maiziere, submitted a draft law imposing stronger cyber security requirements on companies and national agencies in charge of critical infrastructure, such as information technology, telecommunications, energy, transportation, health, water, food supply, finance and insurance.

Part of this new cyber security law is to oblige these companies to report any hacking incidents of which they were victims. According to the Minister, Germany’s critical infrastructure needs to be “the safest in the world.” Moreover, other German federal government departments have been asked to look at the proposals and then the debate will take place. The Ministry also declared that the cyber security draft proposals are part of Germany’s 2014-­2017 ‘digital agenda,’ which has been approved by the German federal government.

Despite a great cyber security strategy, Germany still suffers from several cyber-­attacks against its critical infrastructure. This new proposal should help to strengthen their critical infrastructure and national security.


South Africa’s IT Governance launched four ISO 27001 package solutions to help South African organizations tackle cyber crime

IT Governance’s ISO 27001 package solutions offer world-­class cyber security resources, training and consultancy online to help businesses protect their information assets. In a recent statement from the University of Johannesburg’s Centre for Cyber Security, Professor Basie von Solms said, “Business is also guilty of not doing enough to tackle cyber crime.” According to the 2013 Norton Report, South Africa has the third highest number of cyber crime victims after Russia and China.

Kenya urges concerted efforts to fight crime

Kenya called for concerted efforts in the fight against organized crime in Africa in order to help spur development in the continent.

Deputy President William Ruto told a regional conference for spy chiefs that working together will eliminate competition and create synergy in the fight against crime, which he said was threatening economic efforts. He also mentioned that there was need for closer collaboration among the police, military officers, national intelligence service and immigration officers in the fight against crime.

The spy chiefs will review security challenges in the continent and exchange intelligence to develop a shared understanding of common security problems.

These materials, including copyrighted materials, are intended for “fair use” as permitted under Title 17, Section 107 of the United States Code (“The Copyright Law”). Use of copyrighted material for unauthorized purposes requires permission from the copyright owner. Any feedback regarding this report or requests for changes to the distribution list should be directed to the Open Source Enterprise via unclassified e-­‐mail at: inssdcoi@gmail.com.

CSFI and the INSS would like to thank the Cyber Intelligence Analysts who worked on collecting and summarizing this report.



CREDIT: Cyber Security Forum Initiative


Israel between cyber war and cyber warfare business

This article posted by paganinip, Security Affairs on June 6th, 2012. I decided to post this article as external point of view to Israel’s cyber warfare.

It’s not a secret, Israel military is one of the most advanced and active cyber army that is using cyber-warfare to attack its enemy in the cyber space. For years Israel conducts cyber espionage and cyber offensive operations that allow the state to operate undisturbed, away from media pressure always attentive to the controversial international policy of the government of the country.

To Israel must recognized the great merit of having invested significantly in cyber warfare in advance respect other states,  pushing the mostly on internal resources and on forming their own militias to cyber offensive techniques.

“The IDF has been engaged in cyber activity consistently and relentlessly, gathering intelligence and defending its own cyber space. Additionally if necessary the cyber space will be used to execute attacks and intelligence operations,”

This statement published on the Israel Defense Forces (IDF) website, summarized the Israeli military approach to cyber warfare considering it in same way of conventional conflicts, admitting intelligence operations and cyber attacks against foreign governments.

According the information published on the IDF website the IDF Operations Department is the real core of IDF cyber warfare, giving the guidelines for the definition of cyber operations against the enemy of Israel.

But what’s the meaning for “cyber operations”?

With the term cyber operation is referred the usage of technology to interfere and destroy enemy projects with cyber attacks and cyber espionage activities, this new area of military discipline is often associated to conventional interventions to increase their efficiency and force.

“There are many, diverse, operational cyber warfare goals, including thwarting and disrupting enemy projects that attempt to limit operational freedom of both the IDF and the State of Israel, as well as incorporating cyber warfare activity in completing objectives at all fronts and in every kind of conflict,” according to declarations published.

Reading the declaration it’s impossible to don’t think to the recent events of Flame malware detecting and the revelations on Stuxnet project and the US “Olympic Games” operation. Both cases represents good example of the destructive power of cyber weapon used against critical infrastructure of a country. Meanwhile it seems sure the involvement of Israeli in the attacks against Iran conducted in collaboration with US using Stuxnet malware, no verified information are available on the creators of Flame agent.

According Israeli software companies, their country’s expertise with cyber weapons is very high supported by a strong government commitment that has created a pool of army-trained hacking talent.

Let’s propose the case of the Gil Shwed, founder, CEO, and chairman of board of Check Point Software Technologies Ltd, who served in an elite intelligence unit and that, according his declarations, has recruited from the military cyber corps high skilled personnel for his company. The case is not isolated , Cyber-Ark Software Ltd., a firm specialized in cyber-defense drew on the same source to recruit specialists in the computer industry, has reported its Chief Executive Officer Udi Mokady said.

Israel has transformed the hacking in an impressive business that today has a great impact on national security and also on the economy of the country.

Its security sector is considered one of the most advanced all over the world, foreign governments and private companies refer it to protect their critical system, it has been estimated the official market amount is around $18 billion, but it is just the tip of the iceberg.

The awareness on the efficiency of a cyber attack is shared in the high level of the Israeli government, Prime Minister Benjamin Netanyahu said:

“This is an era that we’re entering into where entire societies can be paralyzed by cyber attack, and Israel is no different,”  “We are committed to being one of the three leading cyber powers of the world.”

Government of Israel is massive investing on cyber security demonstrating a great attention to incoming cyber threats, it has announced that it will expend more than $13 million in the coming years to develop new technologies for cyber defense.

Networks, critical infrastructures, military environments and private companies must be protected from foreign cyber attacks.

Israeli networks are daily goal of thousands of cyber attacks conducted by hostile governments, hacktivist and independent hackers who want to compete with one of the most advanced nations, for obvious reasons are reported only in presence of substantial losses or sensational data breach.

The National Cyber Committee, a department under direct control of the Prime Minister’s Office, will coordinate with the Science and Technology Ministry the project during at least three years,  reserving each year $525,000 for advanced cyber security projects sponsored by corporations, and $80,000 to generation with scholarships.

The government of course has a great interest to improve security of its critical infrastructures, due this reason it will push the researchers to develop project that will cover there delicate areas such as banking, defense, government and smart grids in general.

The same thought is shared by hostile countries that daily attack Israeli system stressing the critical infrastructure of the country.

In January 2012 massive attacks against The Tel Aviv Stock Exchange and El Al Israel Airlines Ltd. (ELAL) have blocked the operations leaving their websites down.

Israeli security services are engaging a security challenge with external hackers trying to put in place defense systems also able to trace back the origins of the attacks.

Yitzhak Ben Israel responsible for the creation of the National Cyber Directorate declared:

“We’re in pretty good shape with current threats, but the threats next year and two years from now are just going to get higher and we need to keep up,”

“Our biggest worry is damage to our major life systems that are all controlled by computers.”

A so complex situation is stimulating the security market and its growth, to give an example let’s analyze the progress made by the Check Point’s Software Technologies, traded on the Nasdaq Stock Market, that has increase its quotation more over 70 percent in the past two years reducing market share of its direct competitors Cisco Systems Inc. and Juniper Network, both have fallen more than 30 percent in the same period.

Other private companies are also investing on the creation of new solutions that could be proposed to te cyber security market, for example Elbit Systems Ltd., maybe the Israel’s biggest non-government defense contractor, will propose to the market a new cyber-security simulator, designed to train government and private companies to the proper response to cyber attacks.

Israeli private companies are proofing the hacking methods proposing high level consulting to the businesses of the world, developing and studying the most sophisticated attacks technologies and creating powerful tools and systems for both cyber offense and defense.

The reliability of Israeli companies is worldwide recognized, companies such as  Check Point have a 10.7 percent share of the world cyber security market by revenue in 2009, according to a November 2010 study by market researcher IDC.

The proceeds from information technology products are around $4.2 billion in 2010, with more than half of that coming from security, stating to the declaration of Yafit Katz- Rubin, business development manager for the industry at the Israel Export Institute in Tel Aviv.

Of course a so sustained market is attracting also external capital and investors, Goldman joined Jerusalem Venture Partners in a $40 million investment in Cyber- Ark, which has its research and development facilities in Petach Tikva, Israel.

In my personal opinion the investments in cyber defense are really judicious and profitable but we must also consider drawbacks to a totally opening to the security markets. The same companies that propose defense systems could arm foreign state militia with serious consequences. The belief that these concerns are only present in spy story films is wrong, the business follow only the money reason and it is already happened in the past that security companies has violated the technological embargo decided for rogue states such as Syria and Iran.

So let’s support the growth of the security industry, but beware the lure of the money god. Safety is everyone’s responsibility.

Exploit Research and Development Course

I.C.F is proud to announce of the new official Exploit’s Research and Development course as part of the cyber warfare intelligence program. The workshop is the first out of a total of three courses all from the cyber warfare intelligence program.

About the workshop

Exploit’s Research and Development is the field of finding security vulnerabilities in software, while writing programs and tools to exploit them. This field is very interesting yet requires a lot of technical background and knowledge as a baseline in order to go in depth into.

In this workshop:

  •  We will start from the very basics and learn assembly language programming in order to prepare you for the task ahead.
  • We will learn how to exploit different vulnerabilities and bypass various security mechanisms such as DEP and ASLR.
  • We will conclude by looking at how to integrate our exploit code with frameworks such as Metasploit.

Location: Herzelia, Israel.

For additional information, please contact via email: icf@frogteam.co.il

Download Syllabus