By Harriet Ellis, Research Analyst and Administrative Assistant, Future Conflict and Cyber Security, and Samantha Hoffman, Research Consultant, Future Conflict and Cyber Security and Defence and Military Analysis.
National law and policy
- The United States will increase the transparency of the country’s vulnerabilities equities process, giving the public more details about how many vulnerabilities the government reports to software companies and how many it retains for exploitation.
- A US think tank postponed an event featuring Guo Wengui, an exiled Chinese dissident, after it faced a denial of service attack emanating from Shanghai. China denied its involvement in the attacks.
- The United Kingdom government released an Internet Safety Strategy consultation document, which recommend a series of voluntary measures that social media companies could take to address online harassment and other concerns.
- The UK will make it a criminal offence to watch extremist content online, with those convicted facing prison sentences of up to 15 years.
- Poland announced it would set up a cyber security department within the office of the prime minister.
- The Australian government plans to introduce a national facial recognition database.
- Japan is reviewing national laws that prevent security researchers from detecting and investigating connected devices with poor security settings, and prevent telecommunications firms from reporting vulnerabilities to users.
- The Philippines’s Senate Committee on Public Information and Mass Media held a hearing on ‘fake news’. The President Rodrigo Duterte stated he did not believe legislation outlawing fake news was feasible as it would impinge upon the right to freedom of expression.
- Zimbabwe established a cyber security ministry, which will present long-awaited cyber crime legislation.
- US and Chinese officials took part in the first meeting of a bilateral law enforcement cyber security dialogue, where they reiterated their commitment to the 2015 agreement on commercially-motivated cyber espionage.
- The governments of Norway, Sweden, Denmark and Finland have agreed to strengthen cyber defence cooperation.
- New details about the China-Pakistan Economic Corridor were revealed, including plans for a fibre optic cable network directly connecting the two countries. This would enable the countries to avoid routing data through India, the US or Europe.
- The European Commission issued a communication on addressing illegal online content.
- The Organization of American States partnered with Amazon Web Services to improve regional cyber security capabilities.
- A Greek judge ruled that a Russian cybercriminal should be extradited to the US, however the courts will also hear a case for his extradition to Russia on different charges. Spain has agreed to extradite another Russian cyber criminal to the US.
- US President Donald Trump is expected to unveil a series of responses to Iran’s ‘bad behaviour’, including the country’s cyber operations.
- Qatar and Turkey launched a joint cyber security research initiative.
- Poland announced it would recruit 1,000 cyber soldiers charged with fighting in cyberspace.
- According to intelligence officials, Russia’s Zapad 2017 exercise included tests of a powerful mobile communications jammer, which disrupted mobile communications networks in Latvia.
- Mobile devices belonging to NATO troops are being hacked in a suspected nation-state campaign to gain location data and personal information.
- The US House and Senate intelligence committees will both hold open hearings inviting Facebook, Google and Twitter to give testimony on Russian interference in the US presidential election.
- Twitter found and deleted 200 Russian-linked accounts.
- Facebook is hiring 1,000 staff to review adverts on the platform. The company also stated that Russian advertising on the platform was seen by up to 10 million users.
- Chinese social media platform Weibo is recruiting 1,000 content supervisors who will be responsible for censoring posts. Weibo was one of the three firms fined by China’s internet regulator last week.
- Chinese search engine Baidu added a ‘rumour’ tag that will be used to distinguish fake news.
- Apple released its latest transparency report, showing the company received a record number of national security requests from the US in the first half of 2017. Google’s transparency report also showed US government requests reached a six-year high in the same period.
- Kenyan telecommunications firm Safaricom was accused by presidential candidate Raila Odinga of failing to transmit election results from polling stations to the central election servers. Safaricom denies the allegations.
- Chinese drone manufacturer DJI Technologies enabled a local data mode for its devices, after the US and Australian militaries halted use of its drones due to concerns about data privacy.
NATIONAL SECURITY THREATS
- In 2015 Russian state-backed hackers used Kaspersky products to hack a National Security Agency (NSA)contractor who stored NSA exploits on his personal computer. The breach, discovered in 2016, is thought to be the trigger for recent efforts to ban the use of Kaspersky products by government departments.
- Suspected North Korean hackers penetrated South Korean military networks last September, gaining access to 235 gigabytes of classified material, including wartime planning documents.
- White House Chief of Staff John Kelly’s personal mobile was compromised for up to nine months, potentially compromising sensitive information about government activities.
- Leaders of the US Senate Intelligence Committee warned that Russian operatives are likely to seek to influence future elections, including those scheduled to take place in November.
- The network of an Australian defence contractor was breached by a China-based hacker, who exfiltrated ‘significant’ data over an extended period.
- Sophisticated cyber criminals have carried out a series of attacks against banks in Russia and Eastern Europe, allowing them to steal up to US$40 million.
- A Taiwanese bank’s computer networks were compromised by hackers who paid out US$60 million in a series of transactions, using malware to generate false messages on SWIFT, the global banking network. The bank has since recovered much of the money, and two Sri Lankan citizens have been arrested.
- Internet and mobile services were shut down briefly in Kashmir, India to ‘keep rumours in check.’