Category Archives: Cyber

Social Media and Foreign Influence: Implications for the December 2019 UK General Election

Posted on in Brexit, Britian, Cyber, United Kingdom title_rule

With less than a week until polling day, the 2019 UK general election campaign has been marred with accusations of fake news, misleading political propaganda and ‘dystopian’ electioneering tactics. The key issue is a lack of clear legal regulation regarding the use of social media for campaigning, leaving platforms open to abuse and misinformation. 

 

Attempts had been made before the departure of Theresa May to implement changes that would clearly define the legal role of social media platforms operating in the UK in regard to political advertising. However, according to senior civil servants and government officials, the current dominance of Brexit in the policy making schedule and uncomfortable questions about the legality of the Brexit referendum campaign make the implementation of sufficient safeguards difficult. Additionally, there is an inherent issue in tasking politicians who may benefit from lax social media regulation to legislate against their own interests. 

 

For individuals, there are two clear issues. First is the micro targeting of social media users. The information Commissioners Office and the Electoral Commission have warned against misusing individuals data, such as their address, age and interests to target potentially misleading ads directly at certain demographics. Secondly, and with specific regard to Facebook, adverts containing false information or misleading claims are allowed to go unverified, and against Facebook’s policies against fake news, due to the platform’s categorisation of political ads as ‘opinion pieces/satire’. This is problematic; over 5000 ads on Facebook alone have been purchased by the three major political parties. 

 

The responsibility for upholding advertising standards has fallen largely on social media platforms themselves. Twitter and Tiktok have banned political advertising across their platforms, however, fake accounts still have the potential to spread misleading political information disguised as ‘fact’. This issue was highlighted by the November 19th rebranding of the official Conservative Party Press Office account into ‘@factcheckUK’. Google has banned 8 separate Conservative advertisements for ‘violating advertising policies’, one of which saw the fake website ‘labourmanifesto.co.uk’, designed to mislead voters about Labour policies, removed for buying advertising in order to manipulate search traffic and shift interest from the real Labour manifesto. The Brexit Party too, has seen five of its adverts removed. Labour and the Liberal Democrats are yet to have advertisements removed by Google. 

 

It should be noted that due to long standing calls for reform, critique of the current regulatory system and examination of existing loopholes for the spread of disinformation, some researchers have voiced concerns that the government has created an ‘election interference playbook’, without sufficiently addressing any of these avenues of exploitation in law. This is where the discussion shifts from the underhanded tactics of party politics, and instead has implications for national security. 

 

There is concern that actors other than British political parties may seek to benefit from the spread of disinformation in the UK general election, specifically, the Russian government. Draft documents from the UK-US Trade and Investment Working Group were leaked online and later picked up by the Labour party in order to undermine Boris Johnson’s position on the National Health Service. The account, which published the documents on Reddit a month before they gained widespread media coverage, was determined to be of Russian origin, along with 60 other Reddit accounts linked to a ‘coordinated effort’ from Russia to spread misinformation. Despite claims from both Johnson and Corbyn that Russian interference is ‘nonsense’, given previous Russian involvement in the 2016 US presidential election, and the recently uncovered ‘Secondary Infektion’ disinformation scheme, also coordinated from Russia, concerns about attempted Russian interference in the upcoming election should be further investigated. 

 

Ideally, these issues would be addressed in the yet-to-be-published Intelligence and Security Committee report, which is expected to contain an examination of Russian interference in UK politics, the Brexit referendum and the Conservative Party. Until this report is published, the full scale of Russian attempts to undermine UK democracy is unknowable. Whatever the outcome of Thursday’s election, questions regarding the legitimacy, independence and democracy of the UK political system will remain. 

Cyber-attack against SingHealth’s IT System

Posted on in Cyber, Singapore title_rule

In July 2018, Singaporean healthcare system SingHealth was the victim of a cyber-attack. Approximately 1.5 million patients’ medical data was stolen, among them the medical record of the Singaporean Prime Minister Lee Hsien Loong. The Cyber Security Agency of Singapore (CSA) experts recognised unusual activity on one of SingHealth’s IT databases on 4 July, but by that time, the attackers had stolen online credentials and covered their tracks. A police investigation confirmed that data was stolen between June 27 and July 4.

Authorities suspect the attack was state-sponsored, particularly considering the high profile of the key target. The investigation showed that there were several attempts to obtain the Prime Minister’s data. Such data can be used by belligerent countries or local terrorist organisations to plan covert operations against politicians and decision makers. The CSA chief executive said at a news conference it is better not to speculate what the attacker had in mind. Further, the Communication and Information Minister did not name any state in the interest of national security.

Sophisticated attack

The attack on SingHealth shows a great deal of sophistication; according to the CSA, the attackers planned ahead and set up several entry points to the system to avoid detection. They were not preparing for a hit-and-run attack; rather, they built their persistence on the target network. It is also one of those rare cases when the final target of the attack is known, as evidenced by the attempts to breach the system and access the Prime Minister’s data. The other 1.5 million accounts gathered by the attackers are likely a “bonus”, however, this kind of data is highly sought by criminal organisations. Medical data contains not only information related to an individual’s health, but also contains easily identifiable personal and financial details. Until now, the medical data has not surfaced in the public domain and there is no information proving the authorities have tried to contact the attackers.

In most cases of cyber-attack, the final target is unknown. Even if it is unearthed, targets are unlikely to admit that their applied defences were not strong enough to protect their data, or that of their clients. According to SingHealth, they had taken steps to thwart the hackers, including closing entry points to their network and asking their employees to change their passwords. The latter is critical, as these passwords were used to penetrate the system and obtain the medical data.

Cyber attacks and mitigation

The attack on SingHealth is just one example of the dozens of different cyber-attacks, which can target not only people using the internet, but redirecting the online communication of any service, or the changing of commands of any program. All of these activities can have as devastating effects, such as stealing online credentials and using them to penetrate a system for financial gains. Cyber-attacks are among the most significant modern threats. According to Sonicwall’s 2018 Cyber Threat Report, there were 9.3 billion malware attacks registered in 2017, which is a nearly 20% increase compared to the number of attacks in 2016. These attacks are targeting not only individuals, but critical infrastructures, state organisations and businesses as well. Most people are familiar with malicious e-mails that include odd-looking attachments or have heard stories of stolen online credentials.

Unfortunately, there is no 100% perfect protection against cyber-attacks, but there are some best practices everyone advised to follow to minimise the chances of becoming a victim of a cyber-attack. One of the most important defences is our choice of passwords. Sometimes, choosing a simple password that is easy to remember can also be easy to break. Further, using only one password for all the online accounts would make one’s online presence extremely vulnerable to an attack. Once the password is obtained, access is granted to one’s social media accounts, online shopping accounts and so on. As most of the attacks targeting individuals arrive via e-mail, it is important to avoid opening e-mails with unknown origin. Security experts highly recommend building this awareness into our daily online routine. The human component in cyber security is perhaps the most critical, as ill-informed users are often the gateway for cyber-attackers to obtain personal data.

Tagged as: ,

Cyber-Security Concerns for the Shipping Industry

Posted on in Cyber title_rule

For several years, security experts have warned that outdated technological systems could lead to increased risks to shipping vessels. In recent months, the warnings have grown louder. Most computer based shipping technologies, developed in the 1990s, were initially designed as isolated systems. Over time, the industry has moved increasingly online. The change has opened the industry to more threats from outside actors. As technology and users become more sophisticated, the shipping industry has struggled to keep up to speed with the latest changes, leaving older systems vulnerable to targeting.

Two key risks are the hacking or spoofing of marine traffic. Hacking refers to the unauthorized access to data in a system. A hacker could gain entry into the internal systems of a company and access private information, such as cargo documents, or the personal details of crew members aboard a vessel. A hacker could also install malware into the system, allowing them access to sensitive material such as e-mail transmissions. In the past year, hackers have changed the banking information on email invoices going to shipping companies, redirecting millions of dollars before the issue was identified. In June, the NotPetya ransomware-attack targeted several large businesses, including shipping giant Maersk. The virus wormed through the company’s global network, forcing a stoppage at 76 port terminals globally, and costing the company nearly $300 million.

Spoofing, on the other hand, is a process of falsifying the origin or location of something in order to mislead a user. In terms of the shipping industry, it can be used to alter the coordinates of a vessel, or make the vessel simply disappear from tracking systems. Spoofing attempts are often spotted quickly, however sophisticated actors continue to construct ways to outsmart the systems, causing spoofing to remain a point of concern.

Aboard a vessel, security issues can be amplified. For example, the AIS system uses satellites and marine radar to pinpoint the location of a vessel. This information, often publicly available, can be used to track the location of vessels around the globe, and can be used by pirates as a sort of “shopping list”. Using spoofing, a malevolent actor can theoretically alter the location of a vessel, causing a ship to redirect its course into unknown waters. With hacking, they can access a cargo list, obtain the information about the content of specific crates, and if they successfully board a vessel, they target only the crates with goods they find valuable.

While there are numerous entry points for a hacker to target, aboard a vessel, perhaps the weakest point is maritime satellite communication (satcom) system. Satcom boxes are nearly always connected to the internet, and often do not have updated technology. They are often poorly secured, and can easily allow access to “protected” data and entry into a company’s larger systems.

Governments and corporations have long struggled to keep up with the changes in technology. Because of the rapid rate of sophistication, legacy systems often do not have the features or capacity to protect shipping companies from such attacks. Awareness is growing as cyber-security becomes a more prominent global concern. Experts have called for changes in the industry, including secure firmware, password complexity, penetration testing, and other preventative measures to ensure that vessels, cargo, and crew remain safe.

The International Chamber of Shipping has recently launched guidelines designed to help ship owners protect themselves from hackers. More information can be found here: http://www.ics-shipping.org/docs/default-source/resources/safety-security-and-operations/guidelines-on-cyber-security-onboard-ships.pdf?sfvrsn=16

Tagged as: , , ,

An Unconventional Warfare – Cyber bombs

Posted on in Cyber title_rule

 

A conflict which has lasted over five years; dismounted the infrastructures of a country set the entire surviving population to seek asylum in neighbors’ states: the Syrian civil-war. The perfect stage to allow terrorists and extremists to enforce their plans and gain territories. Syria is not the only battlefield of this unbalanced amorphous and revised war on terror. North Iraq, Southeastern Turkey and on a broader spectrum the whole of Europe remains a potential target. A conflict where superpowers as the US and Russia played a major role leading to a ceasefire and alleged peace talks in Ginevra; a conflict where actors, structures and outcomes are yet to be fully unveiled.

This conflict is another historical landmark for many foreign policies; it reshaped the approach to terrorism and justice; showed the world a climate of desperation and fear; cruelty and loss of lives have filled the daily newspapers. Europe has worked on resolving the collateral effect of migrations and has faced attacks within its capitals; other players have tried to eradicate ISIS. No winners; only an apparent and fragile ceasefire.

From any “problem solving” point of view the first step of the analysis is to acknowledge the problem; identify the causes beginning by minimizing the effects. Who is ISIS?

Before describing the organization we should consider the so widely used term “Terrorism”. Historically the term refers to the unlawful use of violence towards civilian’s targets in a desperate attempt to enforce political goals. The rise of ISIS, the Islamic State of Iraq and Syria or Islamic State of Iraq and al-Sham began in 2004 as al Qaeda in Iraq (AQI). It was initially an ally of Osama bin Laden’s al Qaeda and both were radical anti-Western militant groups devoted to establishing an independent Islamic state in the region. AQI was weakened in Iraq in 2007 as a result of what is known as the Sunni Awakening, when a large alliance of Iraqi Sunni tribes, supported by the US, fought against the jihadist group. AQI saw an opportunity to regain its power and expand its ranks in the Syrian conflict that started in 2011, moving into Syria from Iraq. By 2013, al-Baghdadi had spread his group’s influence back into Iraq and changed the group’s name to ISIS. It disowned the group in early 2014 proving to be more brutal and more effective at controlling seized territories.

While ISIL has not been able to seize ground in the past several months, that hasn’t precluded them from conducting terrorist attacks, and it hasn’t precluded them from conducting operations that are more akin to guerrilla operations than the conventional operations that we saw when they were seizing territory. The organization understood the value of pushing out content, specifically videos of atrocities, into the world. Therefore, they could recruit very brutal young men to come and join their struggle. As the organization evolved, it made media very central to its ideology and strategy. ISIS had harnessed the power of the “information arena” to propagate its ideology, recruit, move money and coordinate activities. The question arise naturally: “What can be done?”

A top Pentagon official reported that the US is hitting ISIS with “cyber bombs” as part of its new arsenal of tactics being deployed against the terrorist group. The cyber effort is focused primarily on ISIS terrorists in Syria and that the goal is to overload their network so that they cannot function. An attack of this magnitude can interrupt the group’s ability to command and control forces. Similar principle was applied over the power and water disruptions in the middle of a two-week truce between government forces and certain militant groups. Disruption of critical infrastructure was used in order to gain an advantage over the group. Moreover the Islamic State is clearly frightened by the outflow of refugees. A lot of media have been created excoriating those who flee from these territories. By taking advantage of those refugees a powerful tool could be created in order to tell their stories to the world.

The humanitarian issues, the fallout, the civil war, the core issues have not been addressed yet. So far the military intervention and the coalition of multiple air strikes, carried out by Russia and US, have diminished the capabilities of the group; however there is so much more to do and the future remains uncertain. It is highly likely that ISIS will not cease to exist in the near-medium term; their strategy, tactics and objectives are likely to remain unaffected. The struggle in the region and the level of threat to Europe are still primary concerns and subjects of ongoing discussions.

Tagged as: , , , , , , , , , , ,

China’s Offensive Cyber Warfare

Posted on in China, Cyber title_rule

Hacking is has been a rising trend within the PRC since the Internet entered the country in 1994 and on November 8th 2012 the Chinese president officially announced, “China will speed up full military IT applications”. China alone accounts for the largest national population of Internet users—some 300 million, nearly one-fifth of the global number. Ever since the 90’s, creation of a lot of hacking groups: The Green Corps, The Hong Kong Blonds and the most famous recent one: the Red Honker Union They created an important hacking culture in China. Some evidences link civilian hackers to the government and the States’ creation of a cyber army. Since 1998, according to Timothy Thomas of the U.S Foreign Military Studies Office, the Chinese army has even recruited civilians into its ‘net militia units’ (Militia Information Technology Battalions), the most famous being the unit 61398.

The State cyber army: unit 61398

As everything on the Internet, it is always difficult to prove the origin of a cyber attack. Nevertheless, the company Mandiant has investigated since 2004 the cyber capacity of China, especially through the unit 61398 considered as a part of the Communist Party of China under the Central Military Commission in the GSD 3rd department (2nd Bureau). Since 2006, a rising number of cyber attacks are believed to have come from this unit and most of them targeted the U.S.

The four most important sectors attacked are: Information Technology, Transportation, High-Tech Electronics and Financial Services. China seems to base its cyber warfare on a method often referred as “Acupuncture warfare”: based on attacking critical IT nodes or pressure points, this method capitalizes on optimizing effects on adversary vulnerabilities and follows the principle of acupuncture practiced for medicine—identifying points that serve as “a tunnel, or access route, to the deeper circulatory channels within”. One application of this theory would be finding the key choke points or supply chain vulnerabilities for an enemy military deployments and influencing them by attacking the supporting civilian infrastructure.

Intents and motivation of the cyber attacks

The first reason for China’s cyber offensive is to gain increased military knowledge through cyber espionage: China also has an interest in accelerating its military development since it is still behind the West, especially the U.S. who often has the lead for new military technology. Different cyber attacks can be quoted as examples, the most famous being the “Titain Rain” in 2007: a massive cyber attack against United States defence contractor computer networks (10 to 20 terabytes including Lockheed Martin and NASA) believed to come from China. Furthermore, numerous attackers originating in China have been accused of infiltrating government computers of numerous countries: the United States, Britain, France, Germany, South Korea, and Taiwan.

A second motivation is to make economic gains by stealing technological process. China’s general technological level is also behind that of the United States, which gives it an increased incentive for industrial espionage in order to achieve economic advantage. Numerous attacks believed to come from China supported this theory: the theft of data from U.S. network security company RSA Security in 2011. Moreover, in December 2007, the director-general of the British Security Service (MI5) informed 300 major UK companies that they were under constant attack from “Chinese state organisations”.

One of the last reasons for China to use cyber offensive is to deter other States by infiltrating their critical infrastructure. It puts the other States on notice that any technological edge it believes it enjoys will not be functional in a conflict with China. It also reminds China’s restive domestic audience that unfettered technological advancement alone does not bring security. Deterrence and possible military actions for this reason could be launching probes to identify vulnerabilities that could be exploited in armed conflict. Two main examples of this reason is Operation Aurora in 2009 where the U.S company Google’s source code has been stolen along with the attack of Denial of service on the White House website in 1999 after the U.S attacked the Chinese Embassy.

The characteristics of cyber warfare

  • Anonymous: China has an interest in avoiding exposure to political and military pressure from the West and the United States. Chinese embassy representative Geng Shuang maintains that the allegations against China are groundless, stating: The Chinese government prohibits online criminal offenses of all forms, including cyber attacks, and has done what it can to combat such activities in accordance with Chinese law.” The Chinese Defense Ministry in January 2013 stated,It is unprofessional and groundless to accuse the Chinese military of launching cyber attacks without any conclusive evidence.” Here lies a paradox with one of China’s reason for cyber offensive: anonymity prevent from any possible deterrence: China has to find the equilibrium between anonymous to avoid exposure and famous to create deterrence.
  • Cheap: cyber weapons are cheap to build and to use.
  • Diverse: cyber weapons can target multiple types of system.
  • Timeframe: cyber weapons can act quickly and against multiple targets at the same time.
  • Flexible: unlike nukes, a virus or any type of cyber weapon can be used multiple times.

China’s offensive cyber: information warfare

Fitting in the Sun Tzu’s spirit of the need of information, China focus on cyber capabilities as part of its strategy of national asymmetric warfare. The Chinese military and their civilian oversees have hit upon a military strategy that aims all at once to close the gap between U.S. and Chinese technological-military prowess. Hence, China considers the cyber domain to be a battle arena.

Tagged as: