CyberSecurity Pulse 2016-01-14

CyberSecurity Pulse 2016-01-14

Analyst Insight

Tech Companies Warned by the China's Law against Terrorism

The anti-terrorism law approved by China's rubber-stamp parliament could force foreing tech firms to hand over sensitive information. The government says that the law is necessary to prevent terrorist attacks either in China or abroad but several companies and human rights groups are worried because it could be used to gain access to personal information and muzzle critics.

ciber1Although the last version of the law doesn't required tech companies operating in China to store their data locally and share encryption codes with the authorities, it does require that companies "provide technical support and assistance, including decryption, to police and national security authorities in prevention and investigation of terrorist activities". In this way, companies consider the terms "technical support and assistance" too vague in a country where the concept of terrorism is defined as "any proposition or activity that undermines public security with the aim to realize certain political and ideological purposes".

Finally, the new law also authorizes the People’s Liberation Army to conduct counterterrorism operations overseas. Chinese citizens have recently suffered thef terrorist violence in Syria and Mali while at least 300 Chinese people are already fighting with ISIS from late 2014, according to state media reports. The Chinese leaders in Beijing may feel they can no longer afford to stay on the sidelines of the fight against groups like ISIS but, at what price?

» More information at The Washington Post

Top Stories

Former Secretary of State For Defence Wants to Make Illegal Not Informing about Breaches

ciber2Liam Fox, former Secretary of State for Defence, has recently stated the need of prosecuting those companies and institutions who do not confess to breaches. Fox admits that the the "denial of a cyber-intrusion is too often the response of companies worried about their reputation", an attitude that encourages actions in the wrong direction which should be corrected by the Government by changing the law "to make it illegal to be hacked without informing shareholders and other stakeholders". Facing this issue in an open way will result in a broader reaction capacity for those stakeholders that may have been affected by each data breach.

» More information at SC Magazine UK

Analysis Confirms That a Coordinated Attack Caused Ukrainian Power Outage

ciber3According to information published by SANS Industrial Control Systems (ICS) team, the cyberattack against the Ukrainian electric companies demostrated planning and coordination. While malware was used to gain access to networks, the attackers also used direct intervention to try to mask their actions to the power systems operators. They also conducted denial-of-service attacks on the utilities' phone systems "to block complaints from affected customers", the organization said. The security firm iSight Partners of Dallas said that malware has been used in the past by a group with strong Russian interests nicknamed the Sandworm Team.

» More information at SANS Institute

Rest of the Week´s News

Juniper Drops NSA-developed Code Following New Backdoor Revelations

Last month, Juniper Networks company made the startling announcement that its NetScreen line of firewalls contained unauthorized code that can surreptitiously decrypt traffic sent through virtual private networks. This week, the company has also stated that it will remove a National Security Agency-developed function widely suspected of containing a backdoor that could allegedly be used for eavesdropping.

» More information at Ars Technica UK

US Intelligence Chief Hacked by the Teen Who Hacked CIA Director

The same teenage hacker who broke into the AOL email inbox of CIA Director John Brennan last October has now claimed to have broken into personal email and phone accounts of the US Director of National Intelligence James Clapper. The spokesperson for the Office of the Director of National Intelligence (DNI) Brian Hale confirmed the intrusion on Tuesday, saying that they were aware of the hacking incident which has been reported to the appropriate authorities.

» More information at The Hacker News

Group Using DDoS Attacks to Extort Bussines Gets Hit By European Law Enforcement

On 15 and 16 December, law enforcement agencies from Austria, Bosnia and Herzegovina, Germany and the United Kingdom joined forces with Europol in the framework of an operation against the cybercriminal group DD4BC (Distributed Denial of Service for Bitcoin). The organized group primarily targeted the online gambling industry, but has recently broadened their activity to the financial services and entertainment sector as well as other high-profile companies.

» More information at Europol