Chinese hacker in US indictment linked to Beijing; Uber paid off hackers to conceal breach; Skype loses appeal against eavesdropping by authorities.

Cyber

By Harriet Ellis, Research Analyst and Administrative Assistant, Future Conflict and Cyber Security, and Samantha Hoffman, Research Consultant, Future Conflict and Cyber Security and Defence and Military Analysis.

POLICY

National law and policy

  • The United States indicted three Chinese nationals from an internet security firm known as Boyusec for computer hacking and theft of trade secrets against US companies. The indictment does not implicate the Chinese government, but Boyusec and at least one of the employees have previously been linked to APT3, a hacking group with ties to China’s state security agency.
  • A US district court also indicted Behzad Mesri for hacking HBO and attempting to extort US$6 million in ransom. Mesri has reportedly worked on offensive cyber operations for Iran’s military.
  • The US Federal Communications Commission has proposed to undo net neutrality regulation, which would enable internet providers to charge users more to visit certain sites.
  • Russian President Vladimir Putin signed a law that requires foreign-registered media companies that receive oversees funding to be registered as foreign agents, and to disclose this on their websites. This follows similar moves in the US that forced Russian outlet RT to register as a foreign agent.
  • Denmark’s defence minister announced the country would release a new cyber defence strategy in 2018. The plan includes an early warning system to protect critical infrastructure and companies from cyber attacks.
  • France appointed an ambassador for digital affairs. The ambassador will be responsible, among other things, for liaising with US tech companies on terrorist use of the internet.
  • A German official said the country may need to update its constitution to allow federal agencies to respond to cyber attacks.
  • Kazakhstan’s government approved an action plan to implement the country’s national cyber security strategy.

International policy

  • The Global Conference on Cyberspace took place in Delhi, the first time the conference was hosted by a non-OECD country.
  • European Union member states agreed on measures to strengthen cyber security across the union, in line with the recent directive on the topic from the European Commission.
  • Singapore and China launched a network to connect technology firms in the two countries.
  • A Commonwealth Heads of Government Meeting next April will address cyber security capacity building.
  • India and New Zealand held the first meeting of a bilateral cyber dialogue.
  • Qatar and Belarus discussed extending joint cooperation on security issues to cover cybercrime.
  • Philippines President Rodrigo Duterte reportedly invited China to enter the country’s telecommunications market.

Military

  • Former US Secretary of Defense Ash Carter described the challenges US Cyber Command faced in tackling the Islamic State, saying he was ‘largely disappointed’ in the effectiveness of US cyber operations.

Private sector

  • Google responded to a query from Russia’s telecommunication watchdog about the placement of stories from Russian news sites, such as RT and Sputnik, in search results. Eric Schmidt, the Executive Chairman of Google’s parent company Alphabet, said at a recent conference that the company was working to give less prominence to these sites. However Google clarified that this referred to improving the search algorithm, rather than manually changing results.
  • Facebook will show users whether they have followed or ‘liked’ pages set up as part of Russian efforts to influence the 2016 US presidential election.
  • Twitter suspended an additional 45 Russian propaganda accounts flagged by reporters, raising concerns about how aggressive the platform has been in identifying Russian trolls and bots.
  • Skype lost its appeal against a ruling by a Belgian court that handed down a €30,000 (US$35,000) fine to the company for failing to let law enforcement eavesdrop on Skype calls.
  • Uber is facing criticism for paying off hackers who accessed the personal information of 57 million users and drivers, rather than publicly reporting the breach.
  • Apple removed Skype from its Chinese app store. The company recently told US senators that it had deleted virtual private network apps from the Chinese online store to abide by local law, but thought its presence in China ‘helps promote greater openness’.

Apple store in China

NATIONAL SECURITY THREATS

Government breaches

  • The recent ban on the use of Kaspersky Lab software on US government networks may be less effective than desired, as it does not prevent contractors from using the products.
  • The United Kingdom’s National Cyber Security Centre issued an alert on Turla Group, a cyber threat group with links to the Russian government. The report describes a new form of reconnaissance malware being used against government, military, technology, energy and commercial organisations.
  • The US Federal Bureau of Investigations reportedly failed to notify numerous government officials that Russian hackers were targeting their personal email accounts.
  • The White House is considering banning employees from bringing personal mobile devices to work, after reports earlier this year that Chief of Staff John Kelly’s phone was compromised.
  • A contractor for an Australian government department exposed data relating to government employees for over a year.

Critical infrastructure

  • Australia’s 2016 foreign policy white paper includes a focus on the threats posed by cyber attacks, including the risk of an attack on critical infrastructure.

DIGITAL RIGHTS

  • Authorities shut down mobile internet services as a preventive measure in parts of Haryana, India while two political rallies took place.
  • The ban on social media networks in the English-speaking regions of Cameroon has been in place for two months.
  • Malaysian authorities censored reports of a massive data breach affecting over 45 million mobile phone numbers and addresses as well as medical records of over 80,000 people.
Back to content list

armed conflict database

Armed Conflict Database

A regularly updated IISS online resource providing detailed information on more than 70 conflicts worldwide.