Cyber Scene #72 - The Widening Cybersecurity Gyre
Cyber Scene #72 -
The Widening Cybersecurity Gyre
This month's Cyber Scene intends to capture a snapshot of cybersecurity past, present, and a glance at the future, stretching from major players like the US and China, to one of NATO's tiniest countries—Albania—and even some examples where participants in four countries were engaged in one big hack. This also involves private sector players.
On 15 September, the New York Times' (NYT or "the Times") Kate Conger and Kevin Roose published an overview of Uber's computer systems breach which is identified as "full access to Uber." The Times notes that the hackers contacted the Times itself as well as cybersecurity researchers and included deliveries of email, cloud storage and code repositories. The success was due to one of the hackers who convinced an Uber worker that he/she was a corporate IT person. This was Uber's second round, following a 2016 hack. And Uber is, well, nearly everywhere.
The Wall Street Journal's (WSJ) Robert McMillan follows up on 20 September by identifying the hacker group: Lapsus$, a teenage hacker group that surfaced from organizations training for youthful cybercrime.
The good news is Lapsus$ does not appear to be cashing in on this hack; it is looking for notoriety. The bad news is that recent other cyberattacks are likely linked to Lapsus$ including Samsung Electronics, Nvidia, Microsoft, and Okta Inc.
BBC News reports on September 1 that BBC News articles were stolen and re-named to be sent to Australian politicians by likely Chinese hackers, who were identified by US cyber "Proofpoint" experts supported by the US Department of Justice (DOJ). The Australian politicians, journalists and others received emails claiming to be from Australian news outlets; the victims were then directed to a malicious website. And how sure is the DOJ that these hackers are connected to the Chinese government? Very. One of the criminals, known as "Leviathan," has already been indicted for past intrusions into the UK's National Cyber Security Centre in 2021. Unlike the teen criminals seeking attention, the UK/AUS/US/CC attack is considered espionage, which dates to 2013.
These are major consumers from longstanding democracies. What about the little nations? Albania has one of the most multi-faceted recent histories of any NATO nation. This country is dominantly Muslim but features Jewish synagogues and Christian churches as well. On 7 September, BBC News' David Gritten reports an astounding headline: "Albania severs diplomatic ties with Iran over cyber-attack." For other readers not focused on Albania, this is likely due to the country accepting thousands of Iranian dissidents which seems to be the linchpin. The hackers "…tried to paralyse (sic) public services, delete and steal government data, and incite chaos." The US National Security Council said experts concluded that Iran "conducted this reckless and irresponsible cyber-attack.(sic)" The US is supportive of Albania as a NATO nation, and plans "…to hold Iran accountable."
The UK's reaction is similar to that of the US. The 14 September Economist's "Iran's cyberwar goes global" proceeds to annotate earlier, simultaneous, and ongoing Iranian cyber offensives. The planned summit/rally in Albania led by the Iranian opposition "movement-cum-cult" was canceled due to hacking by Iran. One of Iran's diplomats in Vienna had been convicted by a Belgian court in 2021 for planning to bomb such a rally.
Iran's simultaneous cyberattacks in Israel are far more forceful. Bilateral "…sparring is often violent and also, increasingly, digital." These attacks, begun in 2020, have continued to the present. The targets include water supplies, steel plants, fuel distribution, and vulnerable and critical systems that remained connected to the internet. The bottom line looks like this: "These campaigns of sabotage, subversion and propaganda represent some of the most aggressive competition conducted over computer networks to date….and is unlikely to abate."
The Times' David Leonhardt on 26 September sums it up on with "Iran is aflame with protests." He explores five significant issues that are fueling these fires, including Iranians firing on civilians. He cites the current dissent as the greatest in a decade, exacerbated by the 16 September murder of a 22-year-old Iranian whose head scarf did not completely cover her face. Leonhardt goes on to cite colleague David E. Sanger: "The technology available today makes it easier for Iranians to communicate in secret than ever before. That's why the Iranians are trying to bring down the whole internet inside Iran. That's real desperation."
Both articles focus on Iran, but China also continues to be on the White House agenda in a very serious manner. David E. Sanger reports President Biden signed an executive order to address Sino-US technology investment, limiting access to data on private American citizens. The implementation is managed by the Committee on Foreign Investments in the United States (CFIUS) and expands CFIUS' remit on what it can control; it may now consider "…whether a pending deal involves the purchase of a business with access to Americans' sensitive data, and whether a foreign company or government could exploit that information." The initial thrust concerns inbound investment first, particularly since China orders, by law, its citizens to help intelligence agencies, usually in secret. But Sanger believes "outbound investment by American companies in foreign nations" might be considered as well. Critical technologies in the mix include microelectronics, AI, biotechnology, biomanufacturing, quantum computing, advanced clean energy, and climate adaptation technologies. All these technologies figure in the "Made in China 2025" strategic plan. And the bottom line? "The order also authorizes the committee to block any deal that erodes United States cybersecurity."
Also in the picture, The Hill, on 21 September, reports a call by Senator Angus King (I-ME) and Representative Mike Gallagher (R-WI), co-chairs of the Cyberspace Solarium Commission pushing for the entire Cyber Diplomacy Act to be passed by the Senate. It was passed last year by the House. Some of the issues have been implemented at State Department, but the Act itself has been sitting in the Foreign Relations Committee waiting for a vote. On a positive note, the Senate confirmed Nathaniel Fick in mid-September to head up, as the first cyber ambassador-at-large to do so, State's Cyber Bureau. The bipartisan confirmation was unanimous.
Last but not least, on 23 September the Washington Post's Tory Newmyer reports on the Department of Defense's Defense Advanced Research Projects Agency (DARPA) which is taking on a "…sweeping review of cryptocurrencies to assess threats to national security and law enforcement posed by the rise of digital assets." This will be a year-long project. There have been related advances by Treasury Department and the Justice Department. The latter has 150 prosecutors to coordinate crypto-related investigations and prosecutions. Blockchain technology was one example of an early overlap of cryptocurrency issues and vulnerabilities. However, DARPA is devoted to its "R"-Research—but has many partners who can coordinate other related issues.
DARPA should be great at assessments and collaboration; this comes from the research treasure trove that assisted at the birth of the internet.