By Harriet Ellis, Research Analyst and Administrative Assistant, Future Conflict and Cyber Security, and Samantha Hoffman, Research Consultant, Future Conflict and Cyber Security and Defence and Military Analysis.
National law and policy
- China’s cyber security law took effect on 1 June. Authorities said on 31 May that regulations for cross-border data flows will be delayed until 31 December 2018. The Cyberspace Administration of China also provided more information about some of the controversial aspects of the law.
- Russian President Vladimir Putin said that patriotic Russian hackers may have been involved in cyber attacks during foreign elections, but are ‘free people like artists’. He maintained that the Russian government never engaged in this activity but may have been made to appear guilty of it by others. He further claimed to be ‘deeply convinced that no hackers can have a real impact on an election campaign in another country’.
- The United States Supreme Court agreed to rule on whether law enforcement must obtain a warrant before accessing a suspect’s real-time and historical cellphone location data.
- British Prime Minister Theresa May called for more regulation of the internet to improve counter-terrorism efforts, and said companies must counter the spread of extremist material.
- Italy adopted a new national strategy to improve national and international cooperation on cyber security, strengthen critical infrastructure protection and tackle illegal activities online.
- The Czech senate amended the country’s Cyber Security Act to comply with EU legislation and establish a ministry-level body responsible for cyber security. The bill must be signed by the Czech president before entering into law.
- Dubai launched a national cyber security strategy covering innovation, the ‘smart nation’, cyber resilience, and national and international collaboration. The strategy will be implemented by the Dubai Electronic Security Centre.
- India’s Aadhar card biometric identification system, which faces numerous pending court cases, is being rolled out across the country. Holding an Aadhar card will now be mandatory for taking civil service exams, receiving school lunches, filing tax returns and receiving select government subsidies. Telecommunications providers have also been asked to verify the identities of all users against their Aadhar cards.
- India’s Ministry of Women and Child Development is reportedly considering changes to the country’s cybercrime legislation to take account of a recent surge in ‘revenge porn’.
- Indonesia’s President Joko Widodo signed a presidential order to establish a national cyber agency. The Cyber Body and National Encryption Agency (BSSN) will be responsible for cyber defence and innovation.
- Andres Eloy Mendez, the head of Venezuela’s state telecoms regulator Conatel, said his agency was working on measures that would enable them to monitor social media content and take action against users.
- Rwanda’s National Electoral Commission has rescinded a regulation that would have given the body responsibility for screening the social media use of candidates in the country’s upcoming presidential elections.
- Signatory states to the Budapest Convention on Cybercrime are considering an amendment that would improve cooperation on access to digital evidence in criminal investigations.
- Secretary of Ukraine’s National Security and Defence Council Oleksandr Turchynov met with UK counterparts to discuss strengthening bilateral cooperation on information and cyber security.
- The director of France’s national cyber defence agency called for greater global cooperation on cyber security and warned of the risk of a ‘permanent war’ between states and criminal or extremist actors.
- France and India will release a concrete plan to strengthen cooperation on fighting ‘terrorism on the internet’ by the end of the year.
- Singapore and Australia signed a two-year memorandum of understanding that would boost cyber security collaboration.
- Vietnam and Japan will enhance bilateral partnerships to counter cyber attacks.
- Spain and India signed seven bilateral agreements, including one to increase cooperation in cyber security.
- Brig. Gen. Christos Athanasiadis, NATO assistant chief of staff cyber at Supreme Headquarters Allied Powers Europe, said the Alliance would improve its ability to deter cyber attacks by boosting information sharing and developing new tools to detect, evaluate and respond to interferences.
- The US Army’s Cyber Center of Excellence in Fort Gordon, Georgia, began Cyber Quest 2017, a 26-day digital warfare training exercise on 5 June.
- The US Department of Defense assigned a ‘cyber protection team’ to the Terminal High Altitude Area Defense (THAAD) system deployed in South Korea.
- The Indian Air Force opened an inquiry into reports last week that a Sukhoi-30 crash along the India–China border may have been caused by cyber interference with onboard computers.
- Following the UK’s third terrorist attack in three months, Google, Facebook and Twitter each responded to UK Prime Minister Theresa May’s calls for stronger regulation of online content and weaker encryption.
- Facebook CEO Mark Zuckerberg voted against a proposal that would have seen the company post an annual report detailing its treatment of ‘fake news’. He argued that Facebook is already taking action to reduce the spread of misinformation online.
- US intelligence officials believe that Russian hackers were behind the breach of Qatar’s state news agency, and planted news stories that caused Saudi Arabia, the United Arab Emriates, Bahrain and Egypt to sever ties with Qatar.
- A top-secret NSA report leaked to media describes Russian cyber efforts against US election and voting infrastructure in the days leading up to the Presidential election. While the report does not conclude that hacking efforts did interfere with voter registration databases or vote counting, it describes a successful spear-phishing operation against VR Systems, a vendor of electronic voting services and equipment used in eight states, and a second spear-phishing campaign targeting local elections officials. The activities described in the report, which are attributed to the Russian military intelligence agency, would likely constitute a cyber attack against US critical national infrastructure. A spokesperson for the Kremlin said the report was unfounded. A federal contractor has been charged with leaking the document.
- Cyber security firm FireEye found that Montenegro had been targeted with a spear-phishing campaign by APT28, a hacking group linked to Russia’s military intelligence.
- Cyber security researchers suspect Vietnamese cyber espionage group APT32 of publishing sensitive documents relating to the Philippine government online, including a transcript of a phone conversation between President Trump and Philippines president Duterte, as well as a manual for an alleged NSA tool, ‘ODDJOB’.
- US defence contractor Booz Allen Hamilton was found to be storing over 60,000 files related to a US defence project on a publicly-accessible Amazon server, including the security credentials of a senior engineer.
- The head of France’s cyber security agency said the investigation of the leaks from President Emmanuel Macron’s election campaign had not revealed a link to Russian actors.
- WikiLeaks released the latest batch of ‘Vault7’ documents. The leak details a project called Pandemic, allegedly developed and used by the CIA, which can covertly spread malware to other computers in the same network once implanted on a host machine.
- The government of Bahrain said a ‘terrorist group’ was responsible for hacking the Twitter account of Foreign Minister Khaled bin Ahmad al-Khalifa and posting images of bloodied bodies and demolished mosques.
- Iran’s computer emergency response team announced it thwarted a coordinated cyber attack against several Iranian government websites.
- A hacking group called GlobalLeaks released emails belonging to the United Arab Emirate’s ambassador to the US that show him supposedly coordinating with a pro-Israel think tank over Iran.
- Japan’s Ministry of Land, Infrastructure, Transport and Tourism announced that up to 200,000 accounts on real estate transactions may have been compromised by unauthorised access to its database.
- Japan launched a satellite that will form part of the country’s own Global Positioning System, which has been in operation since the launch of the first satellite in 2010.
- Chinese state-owned China Electronics Group Corporation will expand its $20million partnership with the University of Technology, Sydney, to include other Australian and Chinese universities, as well as Australia’s Commonwealth [HE1] Scientific and Industrial Research Organisation (CSIRO). The partnership’s aim is to create an international innovation hub for Information and Electronics Technology innovation, with a specific focus on artificial intelligence, autonomous systems and quantum computing.
- Japan’s Ministry of Economy, Trade and Industry provided around $90,600 USD to support the exhibition of home-grown cybersecurity technologies at Interpol World 2017 next month.
- Ethiopia’s government blocked nationwide internet access, claiming that the move would stop students from cheating during exams. A government official said only social media had been blocked, but the media reported widespread disruption to mobile networks and fixed internet services.
- The US has developed a new questionnaire for visa applicants which requests social media handles used over the past five years.
- Chinese social media platform Weibo prevented overseas users from posting photos and videos on their feeds on 4 June, the 28th anniversary of the Tiananmen Square massacre.
- Brazil’s Supreme Court held the first of two public hearings on the government’s blocking of WhatsApp.
- A Swiss court has fined a man for liking six Facebook comments about Erwin Kessler, the head of an animal protection group, that were deemed to be defamatory.