Syrian cyber attacks could threaten Asian nations

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://apdforum.com/en_GB/article/rmiap/articles/online/features/2013/09/25/asia-cyber-attack

Attacks by a shadowy group called the Syrian Electronic Army [SEA]
disrupted major Australian and U.S. online sites and web platforms in late
August and generated concern across Asia about the possibility of more
serious electronic assaults against targets in Japan, India, the
Philippines and Vietnam.

The SEA “managed to gain control of The New York Times web address by
penetrating Melbourne IT, an Australian internet service provider that
sells and manages domain,” Australia’s Financial Review reported.

“Media companies including The New York Times, Twitter and the Huffington
Post lost control of some of their websites on [Aug. 27] after hackers
supporting the Syrian government breached the Australian Internet company
that manages many major site addresses,” the India-based Asian Age reported
on Aug. 28.

“The Syrian Electronic Army, a hacker group that has previously attacked
media organizations that it considers hostile to the regime of Syrian
President Bashar al-Assad, claimed credit for the Twitter and Huffington
Post hacks in a series of Twitter messages,” Asian Age reported.

News of growing concerns over potential cyber attacks arises as Syria
agrees to get rid of its stockpile of chemical weapons through a deal
involving Russia and the U.S. The deal calls for the stockpile to be
eliminated by the middle of next year.

United Nations inspectors, who reported that sarin gas was used against
citizens, are returning to Syria to investigate more allegations of
chemical weapons use.

Cyber attack danger greater than Pearl Harbor

The attacks “confirmed the real potential for an electronic Pearl Harbor –
a surprise attack with the potential and goal of wrecking major economic
activities and disrupting military common and control cybernetic systems in
major nations,” Arnaud de Borchgrave, co-director of Transnational Threats
at the Center for Strategic and International Studies, told Asia Pacific
Defense Forum [APDF].

“The danger, in fact, is potentially far greater and more lasting than
Pearl Harbor ever was,” said de Borchgrave, who authored a pioneering study
into the vulnerability of military and civilian online systems to
cybernetic attack in 1995. “The Dec. 7, 1941, air attack on Pearl Harbor
caused no damage at all to the domestic U.S. economy and its industrial
might. Consequently, the naval losses incurred in the attack were rapidly
replaced and made good. However, a full-scale electronic attack on an
unprepared and undefended cybernetic infrastructure could take years to
recover from.

“The risk is heightened by Syria’s alliance with Iran, which has built up
its cyber capability in the past three years, and already gives the country
technical and other support,” Financial Review reported.

“Organized cyber attacks have already been carried out by the [SEA], a
hacking group loyal to the government of President Bashar al-Assad,”
Financial Review reported.

“The [SEA’s] servers are based in Russia, and that alliance could
strengthen if matters in Syria became more dramatic,” Paul Ferguson of the
U.S.-based Internet security company IID, told Financial Review. “We
already have a bad geopolitical situation. This could play into the entire
narrative I don’t want to see happen.”

“It’s likely that the [SEA] does something in response, perhaps with some
assistance from Iranian-related groups,” former White House cyber security
and counter terror advisor Richard Clarke told the Australian journal.

SEA sent fictional tweets

In April, the SEA successfully broke into the Associated Press’s Twitter
account and sent fictional tweets falsely claiming there had been
explosions in the White House. The false statements were quickly corrected,
but not before they had briefly set off panic selling that temporarily
slashed more than $100 billion in value from stocks on the New York Stock
Exchange.

So far, U.S. financial, media and business institutions have been the main
target for such attacks. “In three waves of attacks since last September,
consumers have reported inability to conduct online transactions at more
than a dozen banks, including Wells Fargo & Co., Citigroup Inc., JPMorgan
Chase & Co. and Bank of America. Banks have spent millions of dollars to
fend off the hackers and restore service,” Financial Review said.

The Asian Age noted that the SEA’s attacks that month “simultaneously
targeted websites belonging to CNN, Time and the Washington Post by
breaching a third party service used by those sites.”

“Because Melbourne IT serves as the registrar for some of the best known
domain names on the Internet, including Microsoft.com and Yahoo.com, the
breach could have had potentially catastrophic consequences,” it said.

Cyber attacks highlight system deficiencies

“The SEA’s motivations may be abstract but it has at least highlighted the
significant deficiencies still present, which frankly make the job of
hackers much easier than it needs to be,” IT analyst Supratim Adhikari
wrote in the Australian-based Business Spectator.

Adhikari spelled out basic security principles for Asian-based companies
and government agencies to take to defend their websites and cybernetic
operations from attacks by the SEA and similar transnational cyber-threats.

“When outfits like the SEA make a splash they highlight the porosity of the
current security strategies in place within organizations,” he wrote.

“This isn’t just about services procurement and network visibility. It’s
about building a robust security culture within an organization that
mitigates the weakest link – human error,” Adhikari wrote. “The biggest
challenge today isn’t the technology, it’s education and we are making it
just too easy for the hackers. Poorly configured firewalls and the use of
single factor authentication are just some of the simple mistakes that
leave the door open for attackers.”

Mike Sentonas, chief technology officer for McAfee Inc. in the Asia Pacific
region, told Adhikari that Asian government agencies and business
corporations facing disruptive cyber attacks should start by studying the
security guidelines, or directives, issued by the Australian Signals
Directorate [ASD], which outline four basic steps – “application
whitelisting, patching applications and operating systems and using the
latest versions, and minimizing administrative privileges.”

“This practical primer is absolutely essential reading and is the platform
on which any education strategy should be based,” Adhikari wrote.

Meanwhile, “the SEA’s increasingly big – and sophisticated – takedowns have
led some security experts to ask if the group isn’t getting outside help,”
noted Information Age, the London-based IT magazine.

“I don’t think it would be unreasonable to suspect someone more skilled is
helping them out,” Adam Myers, vice president of intelligence for security
firm CrowdStrike, told The Sydney Morning Herald in Australia.

De Borchgrave advised companies and governments across Asia to take the
possibilities of electronic disruption of their cyber-operations seriously,
to upgrade their security systems and to prepare back-up contingences for
emergency scenarios.

“Expertice in this kind of warfare is growing exponentially and is not
limited to the superpowers,” he told APDF. “The capabilities of potential
players are almost always underestimated.”

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

# OWASP http://www.appsecusa.org
# Builders, Breakers and Defenders
# Time Square, NYC 20-21 Nov
o()xxxx[{::::::::::::::::::::::::::::::::::::::::>

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security offers security intelligence, risk management services and customized security solutions. The 
YourCISO portal gives decision makers access to tools for evaluating their security posture and prioritizing risk 
mitigation strategies. Cyber Risk Analytics offers actionable threat information and breach analysis.