Governance & Risk Management , Incident & Breach Response , Managed Detection & Response (MDR)
U.S., UK Plan 'Cyber War Games'
Online Attacks Slam France After Paris MassacreThe United States and Great Britain plan to hold "cyber war games" to increase cooperation between the two nation's law enforcement and intelligence agencies and better defend the countries against online attacks. The move comes as France reveals that it has seen a massive spike in online attacks and defacements targeting French websites following the Paris massacre.
See Also: Gartner Market Guide for DFIR Retainer Services
British Prime Minister Cameron arrived in Washington late Jan. 15 for meetings with President Barack Obama. Once there, Cameron announced that their two countries plan to participate in their first-ever joint "cyber attack war games," the BBC reports. Agents from both the FBI and British domestic intelligence service MI5 will comprise what Cameron dubbed the "cyber cells" that will participate in the exercises, which are designed to increase information sharing. The drills will begin with a simulated attack against the Bank of England and commercial banks, although no related date has been announced, the BBC reports.
For fighting online attacks, "GCHQ has massive expertise," Cameron said in a Jan. 15 press conference, referring to the U.K. intelligence agency, according to IBTimes. "Cyber-attacks is one of the big modern threats that we face. This is a real signal it's time to step up the efforts and to do more."
President Obama also characterized online attacks - such as the hack against Sony Pictures - as being an "urgent and growing danger."
Cameron plans to lobby Obama to support new laws that would require social networks to monitor their users more carefully, as well as to weaken encryption, by giving intelligence agencies a way to monitor communications that are encrypted from end to end (see: Cameron to Ask Obama to Help Weaken Crypto).
But information security experts and privacy rights groups have characterized the anti-crypto moves as being technically unworkable, especially given the array of free, full-strength encryption tools that are currently available. Furthermore, civil rights groups have warned that those plans weaken the banking and e-commerce sectors, in particular, thus putting people at greater risk from online attackers. "Ban encryption and you cause much more damage than the most ambitious terrorist can imagine," Peter Sommer, professor of cybersecurity and digital evidence at Britain's de Montfort and the Open Universities, tells Information Security Media Group.
France Sees Online Attack Spike
In France, meanwhile, hackers have targeted 19,000 of the country's websites since the Paris massacre, says Rear Admiral Arnaud Coustillière, who heads the Cyber Security Department of the General Headquarters of the French Army.
Since the Jan. 7 attacks that began with the massacre at Charlie Hebdo and ultimately left 20 people dead, the French sites have largely been disrupted via distributed denial-of-service attacks or else vandalized, with attackers leaving messages such as "Death to France" and "Death to Charlie," reports French daily newspaper Le Parisien. Some sites have also been defaced with a picture of the flag of the terrorist group that calls itself the Islamic State, which is also known as ISIS or ISIL.
In France, the attacks are being labeled as a "cyber-jihad," and sites of every description have reportedly been defaced - ranging from government websites for military regiments, to mom-and-pop pizza shops. "What's new, what's important, is that this is 19,000 sites - that's never been seen before," said Coustillière, the Associated Press reports. "This is the first time that a country has been faced with such a large wave of cyber-contestation."
Coustillière ascribed the attacks to "more or less structured" groups, including what he says are some well-known, Islamist extremist organizations. The French government has reportedly beefed up its online defenses and instituted nonstop monitoring of websites in response to the increase in disruptions and defacements.
The brothers Said and Cherif Kouachi carried out the massacre at the Charlie Hebdo offices in the name of al-Qaida in Yemen, while Paris attacker Amedy Coulibaly - who targeted a kosher supermarket - claimed allegiance to ISIS.
In the United States, meanwhile, the Twitter and YouTube accounts of U.S. Central Command were hacked and defaced Jan. 12, reportedly by ISIS sympathizers.
Quantifying Online Attacks
DDoS defense firm Arbor Networks reports Jan. 16 that over a 24-hour period, France had been targeted by 1,004 DDoS attacks. For reference sake, that was 25 percent of the attack volume directed at the United States, despite the U.S. hosting 30 times as many websites as France.
This isn't the first time that website disruptions have followed a major geopolitical event. A May 2014 report from information security vendor FireEye, for example, detailed a massive increase in malware attacks as the Russia-Ukraine conflict intensified. FireEye said these attacks were likely the work of "lone hackers, 'patriotic hackers,' cybercriminals, Russian and Ukrainian government operations, and cyber operations initiated by other nations."
Governments Seeks Greater Surveillance
Following the Paris attacks, a number of European countries have announced plans to beef up their online surveillance capabilities or collect communications data in bulk. But those same officials have released no evidence to substantiate that such measures would help prevent the type of attacks seen in Paris. Indeed, critics have noted that the Kouachi brothers and Coulibaly were already known to French intelligence before the attacks.
In Britain, Cameron has used the attacks to push the controversial draft Communications Data Bill, which would increase the amount of data retention demanded of Internet and mobile service providers, and require that they retain numerous types of subscriber-related data for 12 months. The bill, which has been branded the "Snooper's Charter" by critics, has remained blocked - since 2013 - by Deputy Prime Minister Nick Clegg, who leads the Liberal Democrat party that comprises the collation government with the Tories.
In the United States, President Barack Obama has promised to introduce new cybersecurity legislation aimed at increasing threat-related information sharing between the private sector and the Department of Homeland Security, as well as replacing the current patchwork of 47 state-level data breach notification laws with a national breach notification law.
Secret, Pro-Encryption U.S. Report
Cameron's anti-encryption plans have been further called into question after the new revelation from documents leaked by former National Security Administration contractor Edward Snowden that the U.S. government has, in fact, called for much greater use of encryption on the part of government agencies, businesses and consumers. In 2009, a secret forecast from the U.S. National Intelligence Council - which reports directly to the U.S. Director of National Intelligence - recommended much greater use of encryption, especially to defend against the increasing sophistication of groups operating from Russia and China. That leaked report was cited Jan. 15 by the Guardian.
"Almost all current and potential adversaries - nations, criminal groups, terrorists, and individual hackers - now have the capability to exploit, and in some cases attack, unclassified access-controlled U.S. and allied information systems," the report warned. It also argued that encryption, together with two-factor authentication - was the "best defense" to improve security.
Given the scale of successful attacks, the report added that "organizations should assume that any controlled but unclassified networks of intelligence, operational or commercial value directly accessible from the Internet are already potentially compromised by foreign adversaries."
Another secret document cited by the Guardian was a memo addressed to the then U.K. foreign secretary - David Miliband - which sought a renewal of a legal warrant allowing GCHQ to require software developers to "modify" their code. Samples of applications that had been modified included website administration and Web forum management tools. The report said that GCHQ had also been working to exploit anti-virus software manufactured by Moscow-based Kaspersky Lab. But Eugene Kaspersky, who heads the security firm, has responded to that report by noting that GCHQ never said it had succeeded.
A hacking attempt and successful hack are different things. GCHQ tried to exploit us, but they didn't say they succeeded. Good news for us!
� Eugene Kaspersky (@e_kaspersky) January 16, 2015