By Harriet Ellis, Research Analyst and Administrative Assistant, Future Conflict and Cyber Security, and Samantha Hoffman, Research Consultant, Future Conflict and Cyber Security and Defence and Military Analysis.
National law and policy
- United States Deputy Attorny General Rod Rosenstein stated the US constitution doesn’t enshrine a right to sell warrant-proof encryption and argued that technology firms need government regulation in order to develop ‘responsible encryption’.
- The US Supreme Court announced it would decide whether the US has the right to access data stored on overseas servers.
- The Chinese government reportedly wants a 1% stake in the country’s social media firms in order to influence corporate decision making.
- China’s social media platforms have put in place restrictive measures for the duration of China’s 19th Party Congress, including blocks on updating profile pictures.
- Russia issued a fine of US$14,000 to Telegram after the secure messaging app refused to comply with national laws that require companies to provide encryption keys to state security services.
- Russia is considering regulating cryptocurrencies.
- The United Kingdom government proposed new regulations to safeguard national security interests within the merger system. The proposal would help the government scrutinise mergers involving the technology sector and the military and defence technology industry.
- The United Arab Emirates released a national strategy for artificial intelligence.
- Australia is the first country to launch a national portal for victims to report revenge porn.
- India’s long-awaited Defence Cyber Agency is reportedly likely to be approved in the coming months, and when established will house 1,000 personnel.
- Indonesia’s communications ministry purchased software that will enable them to automate internet censorship. The ministry has already blocked over 800,000 individual websites, but hopes to be able to block an estimated 3 million sites with the new system.
- Costa Rica launched a national cyber security strategy.
- Brazil’s congress approved legislation that allows political parties and candidates to force social media companies to remove content deemed offensive or critical
- Ghana’s National Cyber Security Advisor announced the country would ratify the Convention on Cybercrime of the Council of Europe by end of year.
- Interpol and Kaspersky agreed to continue sharing cyber threat intelligence information.
- A meeting of G7 interior ministers is expected to discuss preventing terrorist use of the internet.
- US Cyber Command stood up planning cells within the four service cyber commands to ‘improve the coordination of offensive and defensive cyber effects.’
- Electronic weaponry tested by Russia during its Zapad 2017 exercises is suspected to be behind disruptions to GPS systems in Norway, as well as to Latvia’s communication networks.
- Following revelations about its infiltration by Russian security services, security firm Kaspersky Lab is expanding its operations in the Philippines, seeking more customers in South-East Asia.
- An internal Microsoft database used to log bugs and vulnerabilities in the company software was reportedly breached in 2013. Microsoft did not publically announce the hack, which could have provided helpful information to malicious individuals or organisations seeking to find and exploit vulnerabilities in the company’s widely-used software.
- Google rolled out ‘advanced protection’ for high-risk users of the platform, including politicians and journalists.
- The US House Permanent Select Committee on Intelligence is investigating Cambridge Analytica’s work for the Trump campaign as part of their investigation into Russian interference in the election
NATIONAL SECURITY THREATS
- Ukraine’s security service issued a warning about a possible large-scale cyber attack against state institutions and private companies, suggesting the attack could be similar to the recent NotPetya ransomware epidemic which originated in Ukraine.
- UK media reported on a classified intelligence assessment that attributed the June cyber attack against parliamentary email accounts to Iran.
- Germany’s federal cyber agency stated it had no evidence that Kaspersky Lab products were used by Russian hackers for espionage, and did not plan to warn against the use of its products.
- Black Oasis, a hacking group in the Middle East, is using spyware as part of a broad cyber espionage campaign against regional targets, United Nations officials, opposition activists and news correspondents. Activity appears to align with Saudi Arabia’s national security and economic interests.
- Security researchers alleged a hacking group linked to the Chinese government was responsible for hacking UK software developer Piriform and planting malware on its popular file cleaning programme. The group appears to have targeted a small number of multinational organisations, leading to suggestions that the activity was geared towards intellectual property theft.
- Hackers linked to North Korea allegedly carried out a spearphishing campaign against US electricity companies, although there was no evidence that the operation was successful.
- Sweden’s rail service was disrupted over two days by denial-of-service attacks that brought down the IT system that coordinates train times. The attacks also targeted the transport administration’s website and email system, pushing agency staff to use Facebook to notify customers of the problem.
- An unidentified Western aerospace firm was reportedly breached by a sophisticated hacking group linked to China.
- North Korean hackers are reportedly targeting companies, the financial sector and utility companies in Ireland. Officials now believe North Korea was behind the attempt to steal US$5 million from a local council in October 2016.
- A senior official at Society for Worldwide Interbank Financial Telecommunication, SWIFT, stated the organisation sees continuing attempts by hackers to penetrate the computers used by banks to access the SWIFT network.
- Various organisations in Japan, including companies involved in critical infrastructure, heavy industry, manufacturing and international relations, have been targeted by a commercially-motivated cyber espionage actor operating out of China
- 39 individuals have been arrested in China for illegally acquiring and selling personal information relating to millions of citizens.
- A challenge to the UK’s use of broad warrants to enable the collection and analysis of bulk surveillance will be heard at a court of appeal.
- Spanish authorities’ use of internet censorship tactics to undermine Catalonia’s independence referendum has been criticised by civil liberties groups.