Print Page | Contact Us | Sign In | Register
News & Press: Industry News

Congressional Cybersecurity Caucus News Round-up by Nick Leiserson

Monday, May 8, 2017   (0 Comments)
Posted by: Mary Wei
Share |

Congressional Cybersecurity Caucus News Round-up

Clips from around the globe, web and Hill

 

May 5, 2017

 

HILL

New Dems Urge OPM to Hire More Cyber Pros Without 4-Year Degrees

Senator Says FBI Paid $900K for iPhone Hacking Tool

How a Fake Cyber Statistic Raced Through Washington

GOP senator: I'll try to add Russia sanctions to Iran bill

IT Modernization Bill Sails Through House Committee

Compromise Spending Bill Includes Cyber Goodies

 

ADMINISTRATION

Homeland Security Issues Warning on Cyberattack Campaign

Pentagon automating its Cybersecurity Scorecard

DHS: Time to Beef Up Mobile Security

Why CFOs and CIOs need to partner on cybersecurity

Illinois voting records hack didn't target specific records, says IT staff

Latest Cyber Executive Order Draft Focuses on Workforce Competitiveness

Cybersecurity task force seeks new security framework, exemption to the Stark law

Marine Corps ‘owes the nation’ 4 more cyber teams

Small Budgets Cripple Cybersecurity Efforts of Local Governments

Nearly half of federal IT managers report breach in last six months: research

White House creates a second office to focus on federal IT

Trump Says China Could Have Hacked Democratic Emails

 

INDUSTRY

New cyber ‘guerrilla’ attacks evade detection

Google phishing attack was foretold by researchers—and it may have used their code

Sabre hires Mandiant to probe breach in hotel reservation system

Watch Hackers Sabotage an Industrial Robot Arm

IBM Shipped Malware-Infected Flash Drives to Customers

Intel patches remote hijacking vulnerability that lurked in chips for 7 years

Hacker Leaks Episodes From Netflix Show and Threatens Other Networks

 

INTERNATIONAL

Germany Challenges Russia Over Alleged Cyberattacks

US, Japan deepen cyber information sharing

MPs vulnerable to cyberattacks after dissolution of parliament – report

Behind The Mystery Of Russia's 'Dyre' Hackers Who Stole Millions From American Business

China Clamps Down on Online News With New Security Rules

Israel, Japan sign economic, cyber cooperation agreements

Germany Sees Rise in Cybercrime, but Reporting Rates Still Low

Putin, Merkel spar in Russia over election meddling

Swiss Spy Agency Defends Practices After German Arrest in Tax Case

Russian Election Hacking 'Wildly Successful' in Creating Discord: Former U.S. Lawmaker

We knew the U.S. and Russia were hacking powers, but Ethiopia and Pakistan?

Czech cybersecurity experts win cyber defense exercise

 

TECHNOLOGY

Cybercrime on the high seas: the new threat facing billionaire superyacht owners

Thieves drain 2fa-protected bank accounts by abusing SS7 routing protocol

Dan Geer: Cybersecurity is 'paramount national security risk'

 

 

HILL

 

New Dems Urge OPM to Hire More Cyber Pros Without 4-Year Degrees

Nextgov

May 5, 2017

A trio of moderate congressional Democrats pushed the Office of Personnel Management this week to update its hiring practices to open up more federal jobs to cybersecurity workers without 4-year degrees. There’s no official requirement cybersecurity-focused federal employees have bachelor’s degrees, but in practice, most do because of requirements in job postings. “Given the increasing need for cybersecurity personnel, OPM should be more flexible with job requirements,” the co-chairs of the New Democrat Coalition Cybersecurity Task Force write. “For many of these jobs, a 2-year degree or other nontraditional education paths, such as industry-recognized certification testing, can sufficiently prepare workers, especially in combination with high-value experience.” Cybersecurity is one of seven policy task forces the coalition of 61 moderate Democrats launched in February, along with task forces on 21st-century infrastructure, the future of work and trade.

 

Senator Says FBI Paid $900K for iPhone Hacking Tool

AP

May 5, 2017

Sen. Dianne Feinstein, the top Democrat on the Senate committee that oversees the FBI, said publicly this week that the government paid $900,000 to break into the locked iPhone of a gunman in the San Bernardino, California, shootings. The FBI considers the figure to be classified information. It also has protected the identity of the vendor it paid to do the work. Both pieces of information are the subject of a federal lawsuit by The Associated Press and other news organizations that have sued to force the FBI to reveal them. An FBI spokeswoman declined to comment Friday. Feinstein cited the amount while questioning FBI Director James Comey at a Senate Judiciary Committee oversight hearing Wednesday. "I was so struck when San Bernardino happened and you made overtures to allow that device to be opened, and then the FBI had to spend $900,000 to hack it open," said Feinstein, D-Calif. "And as I subsequently learned of some of the reason for it, there were good reasons to get into that device."

 

How a Fake Cyber Statistic Raced Through Washington

Nextgov

May 3, 2017

It’s the kind of figure that can make your jaw drop, the kind that forces lawmakers and public officials to get off their duffs and do something, that drives home the way cyber insecurity is ravaging small businesspeople across the nation. House and Senate lawmakers have cited it in bills that would redirect federal resources and are awaiting action on their chambers’ floors. Top executive branch officials have cited it in official testimony to Congress. But it’s completely erroneous, not based on any existing study, according to an exhaustive Nextgov search. The statistic, typically attributed to the National Cyber Security Alliance, is that 60 percent of small businesses that suffer a cyberattack will go out of business within six months. It appears in a House bill that won unanimous support from that chamber’s Science Committee this week, cited as evidence the federal government must devote more resources to helping small businesses shore up their cybersecurity. It’s also in a companion Senate bill that sailed through the Commerce Committee in April.

 

GOP senator: I'll try to add Russia sanctions to Iran bill

The Hill

May 2, 2017

Sen. Lindsey Graham (R-S.C.) is pledging to try to attach a stalled Russia sanctions proposal to a separate bill tightening financial penalties against Iran. 

"I'm glad we're doing something on Iran [sanctions], but if the bill comes out of committee on the floor I'm going to add Russian sanctions to it. Try to anyway," Graham told reporters on Tuesday evening. Supporters of slapping further financial penalties on Russia are looking for a new path forward after Sen. Bob Corker (R-Tenn.), the chairman of the Foreign Relations Committee, told reporters this week that his committee wouldn't move sanctions legislation in the immediate future. Sen. John McCain (R-Ariz.) told reporters that he, Graham and other senators are "looking at other options" for how to get sanctions targeting Moscow through the upper chamber. "We will be looking at other options, including the Senate Armed Services Committee," McCain, who chairs that committee, told reporters.

 

IT Modernization Bill Sails Through House Committee

Nextgov

May 2, 2017

The Modernizing Government Technology Act on Tuesday swiftly cleared the House Oversight and Government Reform Committee with unanimous support and no amendments. The next step for the IT modernization legislation, introduced Tuesday by Rep. Will Hurd, R-Texas, with bipartisan support, will be a House vote that could come within weeks. The bill—the second version of legislation Hurd authored last year that cleared the House—is gaining momentum behind the premise that government systems are old, expensive and susceptible to cyberattacks. “Some of [these systems] go back half a century, at IRS, for example,” said Rep. Gerry Connolly, D-Va., who leads a bipartisan wave of support for the bill with Rep. Robin Kelly, D-Ill. Powerful Republicans, including House Oversight Chairman Jason Chaffetz, R-Utah, and House Majority Leader Kevin McCarthy, R-Calif., have also expressed support, as have powerful industry groups, including the Professional Services Council and IT Alliance for Public Sector.

 

Compromise Spending Bill Includes Cyber Goodies

Nextgov

May 1, 2017

A $1 trillion spending bill that would fund the government through September includes cybersecurity spending hikes at the Homeland Security Department, FBI and Secret Service. Most prominently, the bill includes a $183 million boost for the DHS’ cyber operations division, raising that division's budget to a total of $1.8 billion. All but $400,000 of that money should go toward securing dot-gov networks and modernizing emergency communications, the bill states. Lawmakers must approve the omnibus spending bill by Friday to avert a government shutdown. The bill also includes a $277 million spending bump for the FBI, which is targeted in part at combating cyber crime, and directs that part of a $92 million spending hike at the Immigration and Customs Enforcement agency go toward cyber crime investigations.

 

 

ADMINISTRATION

 

Homeland Security Issues Warning on Cyberattack Campaign

Gov Info Security

May 5, 2017

The Department of Homeland Security is warning IT services providers, healthcare organizations and three other business sectors about a sophisticated cyberattack campaign that involves using stolen administrative credentials and implanting malware, including PLUGX/SOGU and RedLeaves, on critical systems. The alert notes that DHS' National Cybersecurity and Communications Integration Center "has become aware of an emerging sophisticated campaign, occurring since at least May 2016, that uses multiple malware implants. Initial victims have been identified in several sectors, including information technology, energy, healthcare and public health, communications and critical manufacturing." Mac McMillan, president of the security consulting firm CynergisTek, says the threat is serious. "These attacks could lead to full network compromise, long-term undetected attacks, and compromise/exploitation of systems and data, essentially putting both operations and patient safety at risk," he says. The April 27 alert, which was updated on May 2, says preliminary analysis has found that threat actors appear to be leveraging stolen administrative credentials - local and domain - and certificates.

 

Pentagon automating its Cybersecurity Scorecard

Fed Scoop

May 5, 2017

The Pentagon is updating its Cybersecurity Scorecard to deliver more-automated results to Defense Department leaders. The department is looking to release Scorecard 2.0 in the near future to replace the current “static” version, which is compiled via self-reported information from agencies, said acting DOD CIO John Zangardi. “It’s [not very] dynamic,” Zangardi said of the original scorecard at the Adobe Digital Government Symposium this week. “The idea with Cyber Scorecard 2.0 is to be dynamic, to get automated reporting. It’s to look at things in sort of a heat map so we understand the threat better.” DOD CISO Essye Miller has been focused on automating the reporting of the scorecard since she took her position in December, Zangardi said. “There’s a lot of work for us to mature this, to move it forward. We want to be dynamic. We want to be able to get to the latest information quickly.”

 

DHS: Time to Beef Up Mobile Security

Nextgov

May 4, 2017

The federal government should take a more active role in organizations that develop technology standards for mobile devices and networks, according to a Homeland Security Department study submitted Thursday to Congress. DHS should also expand the Continuous Diagnostics and Mitigation cybersecurity service it provides to federal agencies to better address mobile vulnerabilities, the study stated, and update metrics used in federal agencies’ main annual cybersecurity audit, required by the Federal Information Security Management Act, to better focus on mobile device security. The study, which was mandated by landmark 2015 legislation focused on cyber threat information sharing, paints a concerning picture of government’s ability to maintain the security of federal employee’s mobile devices.

 

Why CFOs and CIOs need to partner on cybersecurity

FCW

May 4, 2017

Washington happy hours are known for cheap drinks and networking, and federal agency CIOs and chief financial officers might consider lifting a glass together to deepen their working relationships, current and former officials said. As the government confronts the growing need to invest in cybersecurity and IT modernization, CIOs and CFOs must find ways to understand each other’s needs and budget accordingly, said panelists at the Association of Government Accountants CFO/CIO summit. “In the old days when your CIO and CFO had no relationship and didn't talk to one another, it was bad management,” said Lee Lofthus, assistant attorney general for administration at the Department of Justice. “Now, if you don't talk to one another, it's a real cyber risk for the whole agency.” Other panelists pointed to DOJ as a federal leader in institutionalizing the relationship between the CFO and CIO.  The CIO sits on the working capital board at Justice, while the deputy CFO sits on the department’s investment review board.

 

Illinois voting records hack didn't target specific records, says IT staff

The Hill

May 4, 2017

The hackers that breached the Illinois election database do not appear to have been looking for anything in particular, IT professionals told the state Senate subcommittee on cybersecurity during a hearing Thursday. In August, federal intelligence agencies believe one of the same Russian hacking operations that struck the Democratic National Convention last summer breeched an online voter database in Illinois. A similar attack struck Arizona as well, the only other known state breach attributed to Russia in the 2016 election season. Reports emerged in August that hackers broke into the database by taking advantage of a common coding error in web forms that allows visitors to trick the database into running commands. That is known as an SQL injection, where SQL, pronounced "sequel," is the type of database in use. While those reports had pegged the number of breached files at 200,000, the IT officials that testified Thursday said that figure was incorrect. The actual number was 70,000. At the hearing, state elections employees described the attack in detail, including reasons that they did not believe the attackers had data they were specifically targeting. The hackers amassed records by searching by local voter identification numbers, systematically searching nine-digit codes starting from "000000001" and incrementally adding one.

 

Latest Cyber Executive Order Draft Focuses on Workforce Competitiveness

Nextgov

May 3, 2017

Government agencies must assess the state of American cybersecurity education and workforce training as compared to other leading nations, according to an updated version of a long-delayed Trump administration cybersecurity executive order. Other elements of the recent executive order draft are broadly similar to an earlier version floated in February, though some of the language has been changed significantly, especially on a plan to foster international cooperation in cyberspace. Those similar elements include mandating federal agencies adopt cybersecurity best practices outlined in the National Institute of Standards and Technology’s cybersecurity framework and a requirement that government leaders be held accountable for cyber lapses at their agencies. The White House was initially scheduled to publish the cybersecurity executive order in the first weeks of the Trump administration, but then abruptly pulled it. The order is currently “in a holding pattern” after being “leapfrogged” by Monday’s executive order creating an American Technology Council with President Donald Trump at its head, an industry source told Nextgov.

 

Cybersecurity task force seeks new security framework, exemption to the Stark law

Modern Healthcare

May 3, 2017

In a draft of a cybersecurity report to be released later this month, the Health Care Industry Cybersecurity Task Force called on the government to create new policies that would help healthcare organizations strengthen their cybersecurity. While some of the details of the report's six "imperatives" were vague—a call for more awareness, for instance—others were directed at specific standards and laws that might have more apparent effects across the industry. These include a new cybersecurity framework specific to healthcare and amendments to the Physician Self-Referral Law (Stark Law) and the Anti-Kickback Statute to allow healthcare organizations to assist physicians with cybersecurity. These, along with other imperatives set out in the report, would "help to increase awareness, manage threats, reduce risks and vulnerabilities, and implement protections not currently present across a majority of the health care industry." That's especially necessary given the push of late of providers to share more information, said Mari Savickis, vice president of federal affairs at the College of Healthcare Information Management Executives. "As providers have been pushed to share more information more quickly, that increases the threat landscape for providers and for patients," she said.

 

Marine Corps ‘owes the nation’ 4 more cyber teams

Fifth Domain Cyber

May 3, 2017

The U.S. Marine Corps has nine fully operational cyber teams defending networks and conducting operations in cyberspace but it’s not done building. The Corps’ goal is to have 13 teams stood up by the end of 2017, Maj. Gen. Lori Reynolds, commander of U.S. Marine Corps Forces Cyberspace Command, said during the 2017 C4 Conference on May 3. USMC Cyberspace Command’s main priority is to “secure, operate and defend” the Corps’ networks – the basics of cybersecurity. The second priority is to “provide a warfighting capability” to the troops, Reynolds explained, which includes cyber teams working in tandem with Marines on the front lines, defending forward networks and conducting offensive operations. “We owe 13 teams to the nation,” she said. “Nine of them are built; four of them will be finished building this year.” The next step will be ensuring those Marines, once trained, stay with the service in a cyber capacity.

 

Small Budgets Cripple Cybersecurity Efforts of Local Governments

Dark Reading

May 3, 2017

A survey of local government chief information officers finds that insufficient funding for cybersecurity is the biggest obstacle in achieving high levels of cyber safety. Inadequate budgets are the largest obstacle for local government chief information officers in obtaining the highest level of cybersecurity for their organization, according to a survey released today by the International City/County Management Association. According to 411 respondents in the Cybersecurity 2016 survey, 32% reported seeing an increase in cyberattacks to their organizations within the past 12 months. But despite this increase, more than half of the CIOs surveyed found steep obstacles still stood in their way of achieving the highest level of cybersecurity as possible.

 

Nearly half of federal IT managers report breach in last six months: research

The Hill

May 3, 2017

Forty-two percent of high-level federal IT managers surveyed in new research reported experiencing a data breach in the last six months. According to the survey released by cybersecurity company BeyondTrust on Wednesday, 1 in 8 said their systems weathered a data breach in the last 30 days. The research comes as lawmakers raise concerns about the vulnerability of federal government systems to criminal hackers and nation-state spies. The cyber firm commissioned a survey of senior federal IT managers at the start of the year, finding that respondents singled out application vulnerabilities, nation-state attacks and malware as the top security threats.  Those surveyed said that a data breach, on average, costs over $91,000. Across the federal IT systems, data breaches are estimated to cost $637 million each year.

 

White House creates a second office to focus on federal IT

Federal News Radio

May 1, 2017

First, President Donald Trump created the Office of American Innovation to bring in private sector expertise to help the government tackle tough technology problems. Now, the President is complimenting OAI with the American Technology Council (ATC). Trump signed an executive order establishing the council to “transform and modernize [the federal government’s] information technology and how it uses and delivers digital services.” White House Press Secretary Sean Spicer said during the May 1 briefing that the President signed the order over the weekend, and it will be led by Chris Liddell, director of Strategic Initiatives at the White House. Liddell also is playing a key role along with Reed Cordish, the assistant to the President for intragovernmental and technology initiatives, on OAI. Cordish also will have a seat on the new technology council.

 

Trump Says China Could Have Hacked Democratic Emails

Reuters

April 30, 2017

President Donald Trump said China may have hacked the emails of Democratic officials to meddle with the 2016 presidential election, countering the view of U.S. intelligence officials who have said Moscow orchestrated the hacks. In an interview transcript published on Sunday, Trump gave no evidence backing his allegation, first made on the eve of the Nov. 8 presidential election, that China could have hacked the emails of his rivals. "If you don't catch a hacker, okay, in the act, it's very hard to say who did the hacking," the president said in an interview with CBS "Face the Nation." "(It) could have been China, could have been a lot of different groups." The hackers roiled the presidential campaign by making public embarrassing emails sent by Democratic operatives and aides to Democratic presidential candidate Hillary Clinton. One email showed party leaders favouring Clinton over her rival in the campaign for the party's internal nomination contest. Trump has been dismissive of the statements by intelligence officials that Moscow hacked the emails to help Trump win the election. During the Sept 26 presidential debate with Clinton, Trump said China was one of many actors that could have been behind the hack, including "somebody sitting on their bed that weighs 400 pounds."

 

 

INDUSTRY

 

New cyber ‘guerrilla’ attacks evade detection

The Financial Times

May 5, 2017

Researchers have unearthed a cyber espionage campaign that has compromised more than 500 government ministries and departments worldwide — by hiding in plain sight. The hackers behind the attacks are waging the equivalent of guerrilla war in cyber space, using open-source tools to crack into networks and evade sophisticated cyber sentry systems trained to spot more sophisticated software. In a report published on Friday, cyber security company Bitdefender said it had amassed evidence of hundreds of intrusions by the hackers, including breaches into classified government networks, over at least 12 months. Bitdefender has dubbed the malware the group uses “Netrepser”. Some of the script in phishing emails and command and control infrastructure associated with the malware is in Cyrillic, Bitdefender’s report said, but the company stressed it had been unable to attribute responsibility to any particular nation state because of an almost complete lack of digital fingerprints in the code.

 

Google phishing attack was foretold by researchers—and it may have used their code

Ars Technica

May 5, 2017

The "Google Docs" phishing attack that wormed its way through thousands of e-mail inboxes earlier this week exploited a threat that had been flagged earlier by at least three security researchers—one raised issues about the threat as early as October of 2011. In fact, the person or persons behind the attack may have copied the technique from a proof of concept posted by one security researcher to GitHub in February. The issue may not technically be a vulnerability, but the way Google has implemented its application permissions interface—based on the OAuth 2 standard used by a large number of Web application providers—makes it far too easy to fool unsuspecting targets into giving away access to their cloud, e-mail, storage, and other Google-associated accounts. The websites used in the phishing attack each used domains that mimicked Google's in some way. The sites would call a Google Apps Script that used Google's own authentication system against itself. The malicious Web application (named "Google Docs") was delivered by an HTML e-mail message that looked so much like a genuine Google Docs sharing request that many users just sailed right through the permissions requested without thinking.

 

Sabre hires Mandiant to probe breach in hotel reservation system

Reuters

May 3, 2017

Sabre Corp said on Tuesday there had been a breach in its hospitality unit's hotel reservation system and had hired FireEye Inc's Mandiant forensics division to probe the incident. "The unauthorized access has been shut off and there is no evidence of continued unauthorized activity," Sabre said in a statement. The company, which offers hotel and airline booking services, said it had informed law enforcement about the breach in its SynXis Central Reservations. Sabre does not believe any other system was affected. "32,000 properties use Sabre's reservation system, so the attackers were able to penetrate a single system and potentially access 32,000 additional targets," said Jeff Hill, Director of Product Management, Prevalent, which manages third-party risk. Mandiant did not immediately respond to a request for comment. Hotel groups are increasingly coming under attacks from hackers, who seek to steal payment card data.

 

Watch Hackers Sabotage an Industrial Robot Arm

Wired

May 3, 2017

When the cybersecurity industry warns of digital threats to the “internet of things,” the targets that come to mind are ill-conceived, insecure consumer products like hackable lightbulbs and refrigerators. But one group of researchers has shown how hackers can perform far more serious physical sabotage: tweaking an industrial robotic arm to cost millions of dollars worth of product defects, and possibly to damage the machinery itself or its human operator. Researchers at the security firm Trend Micro and Italy’s Politecnico Milano have spent the last year and a half exploring that risk of a networked and internet-connected industrial robot. At the IEEE Security & Privacy conference later this month, they plan to present a case study of attack techniques they developed to subtly sabotage and even fully hijack a 220-pound industrial robotic arm capable of wielding gripping claws, welding tools, or even lasers. The ABB IRB140 they compromised has applications in everything from automotive manufacturing to food processing and packaging to pharmaceuticals.

 

IBM Shipped Malware-Infected Flash Drives to Customers

Gov Info Security

May 2, 2017

In a security alert, IBM is warning that it inadvertently shipped malware-infected USB flash drives to some of its storage hardware customers as well as to customers of some Lenovo-branded products. A Trojan - known as Faedevour, Pondre and Reconyc - is present on USB flash drives that have been distributed to some users of IBM and Lenovo Storwize systems, which are virtualizing RAID computer data storage systems. "IBM has detected that some USB flash drives containing the initialization tool shipped with the IBM Storwize V3500, V3700 and V5000 Gen 1 systems contain a file that has been infected with malicious code," IBM says in its alert. The infected USB flash drives have the part number "01AC585" on them, IBM notes. The malware does not infect Storwize systems, IBM's security alert says, and USB flash drives issued for encryption key management do not contain the malware. It also says that while inserting the infected drive into a Windows, Mac or Linux system will result in the malware being placed onto that system, it does not automatically execute.

 

Intel patches remote hijacking vulnerability that lurked in chips for 7 years

Ars Technica

May 1, 2017

Remote management features that have shipped with Intel processors since 2010 contain a critical flaw that gives attackers full control over the computers that run on vulnerable networks, according to advisories published by Intel and the researcher credited with discovering the critical flaw. Intel has released a patch for the vulnerability, which resides in the chipmaker's Active Management Technology, Intel Small Business Technology, and Intel Standard Manageability. Business customers who buy computers running vPro processors use those services to remotely administer large fleets of computers. The bug doesn't affect chips running on consumer PCs. The chipmaker has rated the vulnerability critical and is recommending vulnerable customers install a firmware patch.

 

Hacker Leaks Episodes From Netflix Show and Threatens Other Networks

The New York Times

April 29, 2017

A hacker who claims to have stolen unreleased television shows from several major networks shared the coming season of the Netflix series “Orange Is the New Black” on Saturday after the person said the streaming service failed to meet its ransom requests. The breach appears to have occurred at the postproduction company Larson Studios, a popular digital-mixing service in Los Angeles for television networks and movie studios. The hacker or hackers, who go by the name “thedarkoverlord,” also claim to have stolen unreleased content from ABC, Fox, National Geographic and IFC. The Federal Bureau of Investigation learned of the episode at Larson Studios in January but did not start notifying the content companies until a month ago. A message to Larson Studios was not immediately returned. On Twitter, thedarkoverlord suggested that other networks would have their shows released next. “Oh, what fun we’re all going to have,” the hacker said. “We’re not playing any games anymore.”

 

 

INTERNATIONAL

 

Germany Challenges Russia Over Alleged Cyberattacks

Reuters

May 4, 2017

The head of Germany's domestic intelligence agency accused Russian rivals of gathering large amounts of political data in cyber attacks and said it was up to the Kremlin to decide whether it wanted to put it to use ahead of Germany's September elections. Moscow denies it has in any way been involved in cyber attacks on the German political establishment. Hans-Georg Maassen, president of the BfV agency, said "large amounts of data" were seized during a May 2015 cyber attack on the Bundestag, or lower house of parliament, which has previously been blamed on APT28, a Russian hacking group. Maassen, speaking with reporters after a cyber conference in Potsdam, repeated his warning from last December in which he said Russia was increasing cyber attacks, propaganda and other efforts to destabilize German society.

 

US, Japan deepen cyber information sharing

The Hill

May 4, 2017

Japan has inked an agreement with the U.S. Department of Homeland Security (DHS) to deepen cyber information sharing between the governments of the two nations, officials said Thursday. Tokyo has signed on to participate in the DHS’s Automated Indicator Sharing (AIS), a platform that allows two-way sharing of cyber threat indicators between the U.S. government and the private sector as well as other organizations worldwide. The development was announced by officials at an event hosted by the Center for Strategic and International Studies in Washington early Thursday afternoon. “This morning, I was honored to receive the signed terms of use from Japan to join AIS, and this is indicative of the priority of both of our organizations place on information sharing,” Thomas McDermott, DHS deputy assistant secretary for cyber policy, said. McDermott said that Japan’s participation “dramatically increases the reach of AIS and the scope of the ecosystem that we are trying to build. We are grateful for Japan for its commitment and look forward to working with them on next steps to implement the AIS program.”

 

MPs vulnerable to cyberattacks after dissolution of parliament – report

The Guardian

May 4, 2017

MPs who are leaving the protection of parliament for the campaign trail will render the election significantly more vulnerable to hacking, leading security researchers have warned. According to Dr Udo Helmbrecht, executive director of the European Union’s Agency for Network and Information Security (ENISA), hackers have their best opportunity to intervene in democracies in the weeks running up to the election because parliament’s information security services are no longer overseeing their accounts. If hackers want to disrupt a democracy, elections are the time to do it, he said. As MPs head out on the campaign trail after Wednesday’s dissolution of parliament, they are no longer granted the special status of MPs and hence lose the protection of Westminster’s IT security infrastructure. This gives attackers increased opportunities to obtain data and gain access to sensitive networks.

 

Behind The Mystery Of Russia's 'Dyre' Hackers Who Stole Millions From American Business

Forbes

May 4, 2017

Around Halloween 2014, Ohio-based building materials and paint company Sherwin-Williams got an expensive scare - a cyberattack. Seven suspect wires worth around $6.45 million were sent from its French subsidiary's corporate account at Morgan Chase to organizations across China, Latvia, Liechtenstein and the Netherlands between October 27 and 30. They were not legitimate transactions. And those organizations were being used as part of a huge illegal operation. This is according to a just-unsealed search warrant unearthed by Forbes, which revealed the $30 billion-valued Sherwin-Williams was hit by one of the Russia's most successful criminal gangs, known as Dyre. A source with knowledge of the fraudulent transfers confirmed the facts outlined in the FBI warrant. It seemed that the Dyre crew's rapid rise to prominence was curtailed in late 2015, when Russia's FSB made multiple arrests of individuals suspected of being part of the group. Now sources say the hackers are likely active again with Trickbot, new but remarkably similar malware. Those sources also tell Forbes they believe many of those arrested for the multi-million criminal operation were released without being charged. And those allegations have only intensified fears that the Russian government does little to stop hackers carrying out costly cyberattacks against foreign businesses.

 

China Clamps Down on Online News With New Security Rules

AP

May 3, 2017

China is tightening rules for online news as censors try to control a flood of information spread through instant-messaging apps, blogs and other media sources that are proliferating across the country. The rules announced Tuesday will require online publishers to obtain government licenses and block foreign or private companies from investing in online news services or directly disseminating news. Chinese news outlets will have to undergo a security review before working with foreign companies, according to a statement from the Cyberspace Administration of China, the agency charged with enforcing the rules, which take effect June 1. The move follows a crackdown on dissent under Communist Party leader Xi Jinping that has led to tighter controls on what can be published online. With the latest rules, the government will require internet companies to censor what their customers see or risk losing their right to distribute news, Chinese media expert Qiao Mu said. "This is aimed at the companies rather than the individual users," he said. "It's not only to ideologically control information, but also to control the source of the information."

 

Israel, Japan sign economic, cyber cooperation agreements

The Jerusalem Post

May 3, 2017

The Israeli and Japanese economy ministers on Wednesday signed two agreements in Jerusalem that call for collaboration on both business and cyber security ventures in a bid to double the trade volume between the two countries. In the first agreement, Economy Minister Eli Cohen and his Japanese counterpart, Hiroshige Seko, signed a joint statement that calls for increased cooperation among government bodies, economic organizations and companies across a wide range of sectors. Central to the arrangement will be the establishment of a body unifying and promoting collaborative work in artificial intelligence, robotics, Internet of things and autonomous driving, according to the Economy Ministry. “I see cooperation with Japan, the third biggest economy after China and the United States, as a strategic goal for the Israeli economy,” Cohen said. “Minister Seko’s visit to Israel is a sign of Japan’s serious intentions to become closer to Israel and increase our economic relations.”

 

Germany Sees Rise in Cybercrime, but Reporting Rates Still Low

Reuters

May 3, 2017

Cybercrime is expanding at a rapid rate in Germany, one of the most digitally advanced countries in the world, but the vast majority of attacks against individuals and companies are not reported, government and industry executives said on Wednesday. Markus Koths, head of the cyber crime unit at the German Federal Crime Office, told a conference that numbers of cybercrimes reported in 2016 nearly doubled to over 82,000, resulting in damages of over 51 million euros ($55.7 million). But he said that number likely represented just a tenth of all such crimes, which some industry groups had said could range into the millions with damage estimates as high as 22.4 billion euros. The biggest trend driving the increase was the area of "cybercrime as a service," with growing numbers of hackers offering hacking services and malicious software on the hidden part of the Internet, or "dark net," Koths said.

 

Putin, Merkel spar in Russia over election meddling

AP

May 2, 2017

During a tense appearance with German Chancellor Angela Merkel, Russian President Vladimir Putin denied on Tuesday that Moscow ever interferes in elections in other countries. Speaking during a joint news conference following talks at his Black Sea residence, Putin said accusations of meddling in the 2016 U.S. presidential election were "simply rumors" that were being used as part of the political fight in Washington. He also denied interfering in European elections. U.S. intelligence agencies say they have definitive evidence that Russia was behind the hacking of Democratic email accounts, with the aim of benefiting Donald Trump's campaign and harming his Democratic opponent, Hillary Clinton. Merkel said she was confident that Germany can weather any disinformation campaign targeting Germany's upcoming election. Asked about the threat during the news conference, she cited two recent incidents of what she described as "gross misinformation."

 

Swiss Spy Agency Defends Practices After German Arrest in Tax Case

Reuters

May 2, 2017

Switzerland's Federal Intelligence Service (FIS) on Tuesday defended its efforts to combat theft of business secrets after a Swiss man was arrested in Germany on suspicion of working for the spy agency. The 54-year-old man, identified only as Daniel M., was arrested on Friday. His lawyer told a Swiss newspaper he was suspected of trying to find out how German states have obtained CDs containing details of secret Swiss bank accounts set up by Germans to evade tax. The man was detained in Frankfurt, and officers from Germany's federal criminal police carried out searches at several addresses in the region. While Swiss authorities declined to comment directly on the case, they defended domestic efforts to uphold Swiss laws. "When someone in Switzerland uses illegal methods in Switzerland to steal state or business secrets, that is espionage, and we have the task to fight that," FIS director Markus Seiler told reporters at a briefing in Bern.

 

Russian Election Hacking 'Wildly Successful' in Creating Discord: Former U.S. Lawmaker

Reuters

May 2, 2017

Russia succeeded in its goals of sowing discord in U.S. politics by meddling in the 2016 presidential election, which will likely inspire similar future efforts, two top former U.S. voices on intelligence said on Tuesday. Former Director of National Intelligence James Clapper and former House Intelligence Committee Chairman Mike Rogers agreed at a panel at Harvard University that Russia likely believed it had achieved its goals and could attempt to repeat its performance in elections in other countries. "Their purpose was to sew discontent and mistrust in our elections they wanted us to be at each others' throat when it was over," Rogers said at the panel at Harvard's Kennedy School of Government. "It's influencing, I would say, legislative process today. That's wildly successful."

 

We knew the U.S. and Russia were hacking powers, but Ethiopia and Pakistan?

McClatchy

May 1, 2017

Russian state hackers get the headlines, but nations across the globe are pouring money into cyber espionage units, a development, security experts say, that is allowing smaller nations to close the espionage gap without the satellites or tech muscle of big nations. “It’s very inexpensive. It’s very efficient,” said John Hultquist, a cyber espionage analyst who’s studied the growth of hacking among smaller nations for iSight Partners, a division of FireEye, a Milpitas, California, cybersecurity firm. Hultquist said his firm was tracking several new players, which he declined to identify – “I’d get in trouble for naming them” – that had no prior experience in cyber espionage. These would be smaller developing countries that would appear to be building out their own capability,” Hultquist said. “It’s not just the Chinese anymore or the North Koreans. Some of them are quite good.”

 

Czech cybersecurity experts win cyber defense exercise

Fifth Domain Cyber

May 1, 2017

International security experts focused on protecting national IT systems have competed and completed Locked Shields 2017, the annual live-fire cyber defense exercise organized by the NATO Cooperative Cyber Defence Centre of Excellence in Tallinn, Estonia. The team from the Czech Republic won the scenario-based real-time exercise to maintain the networks and services of a military air base of a fictional country, with the defensive team also taking the special prize for the scenario inject. The Estonian team and the NATO Computer Incident Response Capability team took second and third place respectively. Components of the exercise included the technical defense of virtualized infrastructure, as well as handling and reporting incidents, solving forensic challenges, and responding to legal and strategic communications and scenario injects.

 

 

TECHNOLOGY

 

Cybercrime on the high seas: the new threat facing billionaire superyacht owners

The Guardian

May 5, 2017

Within a few hours of mooring up and opening his laptop, Campbell Murray had taken complete control of a nearby multimillion-dollar superyacht. He could easily have sailed it – and its super rich owner – off into the sunset. “We had control of the satellite communications,” said Murray, an IT specialist. “We had control of the telephone system, the Wi-Fi, the navigation … And we could wipe the data to erase any evidence of what we had done.” The ease with which ocean-going oligarchs or other billionaires can be hijacked on the high seas was revealed at a superyacht conference held in a private members club in central London this week. Murray, a cybercrime expert at BlackBerry, was demonstrating how criminal gangs could exploit lax data security on superyachts to steal their owners’ financial information, private photos – and even force the yacht off course.

 

Thieves drain 2fa-protected bank accounts by abusing SS7 routing protocol

Ars Technica

May 3, 2017

A known security hole in the networking protocol used by cellphone providers around the world played a key role in a recent string of attacks that drained bank customer accounts, according to a report published Wednesday. The unidentified attackers exploited weaknesses in Signalling System No. 7, a telephony signaling language that more than 800 telecommunications companies around the world use to ensure their networks interoperate. SS7, as the protocol is known, makes it possible for a person in one country to send text messages to someone in another country. It also allows phone calls to go uninterrupted when the caller is traveling on a train. The same functionality can be used to eavesdrop on conversations, track geographic whereabouts, or intercept text messages. Security researchers demonstrated this dark side of SS7 last year when they stalked US Representative Ted Lieu using nothing more than his 10-digit cell phone number and access to an SS7 network.

 

Dan Geer: Cybersecurity is 'paramount national security risk'

CSO

May 1, 2017

Dan Geer probably wouldn't call himself a prophet. But he may come about as close to it as anyone in IT security. And his view is that while current trends in the online world are not necessarily irreversible, they are headed in a dystopian direction. Geer, CISO at the venture capital firm In-Q-Tel, who gave the closing keynote at SOURCE Boston 2017 this past week, even cited a New Testament prophecy early on – I Corinthians 13:12: "For now we see through a glass, darkly; but then face to face: now I know in part; but then shall I know even as also I am known.” But while he doesn’t claim prophet status, he is all about predictions. “The future is once and always the topic for any security talk,” he said, because, “cybersecurity and the future of humanity are conjoined now.” Also because while geologic evolution can take millions of years, the cyber world is evolving, as he put it with significant understatement, “at a faster clock rate.”

 

 

 

Nick Leiserson

Legislative Director

Office of Rep. James R. Langevin (RI-02)

(202) 225-2735

nick.leiserson@mail.house.gov