Wednesday, September 30, 2009

Attack Aimed at Foreign Journalists in China

Infowar Monitor has posted a short analysis of a cyber attack targeting foreign journalists based in China including "Reuters, the Straits Times, Dow Jones, Agence France Presse, and Ansa." The attack consisted of an email from a purported journalists interested in visiting China containing an attached PDF file with malware. The technique appears to be related to previous attacks with political motivation in the region:
"The malware exploits vulnerabilities in the Adobe PDF Reader, and its behaviour matches that of malware used in previous attacks dating back to 2008. This malware was found on computers at the Offices of Tibet in London, and has used political themes in malware attachments in the past."
The post also provides some speculation on motives and attribution.

Targeted Malware Attack on Foreign Correspondents based in China

Singapore Creates Agency to Protect against IT Threats

The Singapore Government issued a press release announcing the creation of the Singapore Infocomm Technology Security Authority (SITSA) "to secure Singapore’s IT environment, especially vis-à-vis external threats to national security such as cyber-terrorism and cyber-espionage."

Specifically SITSA will provide:
  • IT Security Consultancy for strategic Government projects that have national security impact
  • Partnership Development to build relationships with key entities strategic to enhancing Singapore’s IT security
  • Critical Infocomm Infrastructure Protection to systematically harden the CIIs in nationally critical sectors
  • Technology Development to develop and maintain SITSA’s technical competencies and to provide insights on developments in IT security and threats
  • Singapore’s planning and preparedness, and response, against any major external cyber attack
The authority will be part of the Ministry of Home Affairs.

Singapore Infocomm Technology Security Authority Set Up to Safeguard Singapore against IT Security Threats

Tuesday, September 29, 2009

Changes to India's Cybercrime Laws

It appears that the Indian Government will soon amend the Information Technology Act of 2008 with changes to:

"...[strengthen] Extradition Law of India to effectively challenge the cyber crimes, including effective provisions regarding cyber war and cyber terrorism in India, International harmonisation of cyber law, providing sound cyber law and cyber security..."

It does not appear that an actual text of the proposed amendment is available online.

Cyber Law Of India to be amended soon

Report on Georgian Cyber Attacks

U.S. Cyber Consequences Unit, a U.S. based non-profit organization released the results of its study of the cyber attacks on Georgia in 2008.
"The study concludes that the cyberattacks against Georgian targets were carried out by civilians, many of them recruited via social networking forums devoted to dating, hobbies and politics."
It points out the complexities involved in politically motivated attacks due to the involvement of actors with varying skills and agendas:
"...sympathizers who were not hackers, and who didn't even know much about computers, could participate.

"The report says the civilian cyberattackers were aided and supported by Russian organized crime. Although they found no evidence of direct involvement by the Russian government or military, the report concludes that the organizers were tipped off about the timing of Russian military operations."

The report has not been made public.

Study warns of cyberwarfare during military conflicts