By Harriet Ellis, Research Analyst and Administrative Assistant, Future Conflict and Cyber Security, and Samantha Hoffman, Research Consultant, Future Conflict and Cyber Security and Defence and Military Analysis.
National law and policy
- Security firm Symantec has linked exploits recently documented by Wikileaks to cyber attacks by a group they call Longhorn. This outfit – which they have been tracking since 2014 – is linked to the compromising of 40 targets across 16 countries.
- The US Justice Department announced an extensive effort to disrupt and dismantle the Kelihos botnet, a global network of tens of thousands of infected computers under the control of a cybercriminal. This botnet was used to distribute hundreds of millions of spam emails, steal login credentials and install malware. Russian national Peter Yuryevich Levashov was arrested in connection with this operation in Spain.
- Russian parliamentary deputy Vitaly Milonov introduced a bill proposing new internet initiatives. It calls for a government agency to regulate social media and would prevent children under 14 from having accounts on social networks. President Vladimir Putin’s spokesperson said the bill was not very realistic.
- 47% of respondents to a poll by the All-Russia Public Opinion Research Centre said their lives would not change if the internet was shut down. 26% said it would have a minor effect on them, 22% said a significant impact, and 5% couldn’t imagine life without the internet.
- The UK’s Public Administration and Constitutional Affairs Committee released a report on the June 2016 EU referendum, suggesting the collapse of the voter registration website hours before the deadline to register may have been the result of a foreign cyber attack.
- French presidential candidate Emmanuel Macron outlined a five-step plan for countering terrorism. Macron criticised technology companies and pledged to push for a common European initiative to enable lawful access to encrypted communications.
- Proposed legislation in Germany that targets hate speech and fake news on social networks has drawn criticism from coalition factions, who say technology companies should make decisions on what content to remove. The law must be adopted before June in order to come into force before September’s federal election.
- Israel’s government and companies were advised to treat the annual #OpIsrael cyber attack as training opportunity. It is so far unclear what impact this year’s attack, led by hacking collective Anonymous, had on the country.
- Kenya suffered more losses to cybercrime in 2016 than any other East African nation, a report has said. It claimed the country lost $171 million over the 12-month period.
- G7 foreign ministers met in Lucca, Italy to discuss a range of security issues, including cyber threats. G7 states adopted the G7 Declaration on Responsible States Behaviour in Cyberspace, which reaffirmed the applicability of international law online and promoted the development of voluntary norms of behavior and confidence building measures between states in this space.
- NATO and EU states formally agreed to open a European Centre of Excellence for Countering Hybrid Threats. Officials signed a memorandum of understanding for the centre, which will open in Helsinki in 2017.
- Ministers from G20 states attended the first Digital Ministerial Meeting on Digital Economy.
- The White House established a new high-level framework for negotiations between the US and China. The US–China Comprehensive Dialogue will have four pillars, including a law enforcement and cyber security dialogue.
- Representatives of Ukraine and Chile met to discuss defence cooperation, including in cyber security.
- Australian and Indian heads of state signed six pacts, including strengthening cooperation on counterterrorism. At the joint press conference Prime Minister Modi stated that cyber threats in the Indo-Pacific region require global solutions.
- India and Bangladesh signed 22 bilateral agreements, including one on cyber security.
- German Defence Minister said the military can use offensive measures against cyber attacks.
- The NSA’s Cybersecurity Operations hosted its annual Cyber Defense Exercise, which includes students from each of the military service academies, NSA specialists and military specialists.
- Facebook announced it would take steps to inhibit the spread of revenge porn on their platform, and introduced a new tool to help users identify fake news stories.
- Google also moved to reduce the spread of fake news, rolling out a feature that they have been trialling since last October. When users see search results, they will also see fact check labels for contentious stories.
- The New York State Court of Appeals decided platforms like Facebook are not allowed to challenge broad search warrants on behalf of users.
- Twitter sued the Department of Homeland Security, after it requested the company to identify the person behind an anti-Trump account. The case was dropped after the department withdrew its summons.
- Insurance company American International Group now offers personal cyber security insurance plans to individuals, covering theft of data, extortion and online bullying.
- Cyber security firm Fidelis released evidence that China-based hackers have conducted a cyber espionage campaign against US corporations, including the National Foreign Trade Council and lobbyists working to influence the Trump administration’s trade policy. This campaign appears to be linked to last week’s report on Operation Cloudhopper.
- There are reports that the CIA was aware as early as last summer about evidence that Russian election interference was aimed at electing President Trump.
- The Shadow Brokers – a group of hackers who offered last year to auction off Equation Group exploits – has now released the password for encrypted files they had already made available as well as some additional hacking tools. The action was taken in response to Trump’s Syria policy. It is so far unclear who is behind the leak, however some have speculated that the Shadow Brokers are either a Russian actor or a former NSA employee.
- An attempted cyber heist on an Indian bank last September appears to be similar to the Bangladesh bank hack from February 2016.
- A public emergency alert system in Dallas, Texas was hacked. Sirens sounded for over an hour, and officials had to shut down the system in order to turn off the sirens.
- In Uganda, a lecturer was arrested for social media posts in which she criticised the government for failing to provide sanitary pads to school girls. She was arrested for cyber harassment under the country’s Computer Misuse Act of 2011.
- Researchers found that pairs of apps on mobile phones can cooperate to gather sensitive data, such as the location of users. They discovered 33 apps with poor security settings, leading to 16,700 possibly malicious pairings that could secretly steal personal data.
- Following communal violence in Bhadrak, India, internet services were blocked for 48 hours to stop the spread of rumours through social media. Internet services were also blocked in the lead up to a by-election in Srinagar, to curb the spread of false information.