Effective: 28 October 2014
Validity Period: 28 Oct – 4 Nov 2014
CYBER INTELLIGENCE SUMMARY
EXECUTIVE SUMMARY
Para 2. PRC accused of hacking iCloud
Para 6. Russia Ruled out as attacker in J.P. Morgan Chase Breach
INTRODUCTION
1. This is a cyber intelligence summary based on a variety of sources, expertise and analysis. It is intended as a weekly summary of events and incidents that may impact on computer security and / or computer operations. This is a general information product for executive awareness.
GENERAL
2. PRC accused of hacking iCloud: On 20 Oct Greatfire.org1, an organization that monitors and researches Internet Censorship in the People’s Republic of China, said that Apple Inc’s iCloud and backup storage was under attack. The blog stated that the attackers were using a “man in the middle attack” by getting users to utilize false security certificates. The blog noted that the attack resembled the attacks on Microsoft’s Hotmail, Google Inc and most recently Yahoo Inc. Apple Inc has confirmed the attack, without attributing it to the government of the PRC.
3. A spokesman for the People’s Republic of China’s Foreign Ministry, Hua Chunying, told a daily news briefing that Beijing was “resolutely opposed” to hacking. She said the Chinese government itself was a major victim of such attacks.
4. Erik Hjelmvik, a network forensics expert, analyzed the attack and concluded that it was taking place on Chinese Internet infrastructure, particularly on the backbone networks of China Telecom and China Unicom, which are both state-owned. Other experts agree that all signs point to official involvement, given China’s Internet infrastructure2.
5. COMMENT: This is a consistent pattern of behaviour from the PRC government. For example Microsoft has stated the “Outlook” has been the recipient of a long-term man-in-the-middle3 attack. All of the attacks are reported to have “deep access” to the servers of Chinese Internet Service Providers. Security researchers say that GreatFire’s claims appear accurate.
6. Russia Ruled out as attacker in J.P. Morgan Chase Breach: According to a report in Reuters4 dated 20 Oct, Joseph Demarest, assistant director of the FBI’s cyber division, stated there is no indication this is the result of sanctions”. Officials from the FBI and the Secret Service said they believed the attack was the product of cyber criminals.
7. Cyber Attack on Hong Kong Protestors: On Oct 23 a report in the South China Morning Post5 quoted a government source as warning that the People’s Republic of China could take a “tougher line” on Hong Kong protestors if the protests continue. Background documents located by Hong Kong journalists revealed that China threatened to invade Hong Kong if the British introduced democracy to the colony. Recently disclosed diplomatic documents between the PRC and Britain date back to the 1950’s6.
8. COMMENT: It is rare to have such a clear and long-term political statement. The documents are British reports from Hong Kong back to the Foreign Office. As British government reports, they are difficult to refute.
ASSESSMENT
9. PRC accused of hacking iCloud: It is ASSESSED that the government of the People’s Republic of China is consistently attacking ALL western based e-mail and cloud storage systems. The objective APPEARS to be to access ( read ) all material in the accounts. Although the government of the PRC categorically denies involvement, given that the government owns the service providers AND that deep access to those servers is required to make the attacks work, it is virtually certain that the PRC government is involved in the attacks. This is a consistent security posture for communist China.
10. Russia Ruled out as attacker in J.P. Morgan Chase Breach: This is not credible analysis. Criminals attack for profit. The J.P. Morgan attack was conducted over a long period of time and required significant resources. Given that criminals don’t operate for free, the groups that conducted the attacks had to be funded. Further, Russian telecommunications are effectively stated controlled. It is inconceivable that a telecommunications effort of this scope could be mounted from within Russia without the Internet Service Provider ( ISP ) knowing – and therefore without the government knowing.
11. There is no change to our ASSESSMENT: We believe that the forensic work is correct and that the J.P. Morgan Chase breach was correctly and accurately traced to cyber criminal organizations in Russia. As stated above, there is highly probably some level of active Russian government involvement. It is our ASSESSMENT that there is government approval of the attack and PROBABLY monetary / logistics support to the cyber crime group.
12. Cyber Attack on Hong Kong Protestors: Given the historical context of the British documents, the PRC sources hinting at a “tougher line” and the malware for Android and iPhones already introduced, it is ASSESSED that a long-term cyber security campaign will be waged by the People’s Republic of China against pro-democracy forces in Hong Kong. Organizations working in or communicating with Hong Kong based people or organizations should establish and maintain robust security protocols in order to protect their computers, networks and systems from PRC intrusion.
