Data is assessed by our team members

Investigations can reveal some very sensitive & personal data. This intel is assessed by us & closely guarded used only for the purpose of fullfilling the needs of our clients to achieve the results we are commissioned to undertake More »

Team leader heads a group of professional investigators on the ready

We are proud to have access to the finest team members & discreet qualified persons who pride themselves in obtaining results for our clients where others fail. More »

The latest technology & equipment allow us to keep our finger on the intel pulse

Scientific apparatus & technical staff allow us to get sensitive & usefull information by utilizing the latest technology in getting information for our clients.The storage, use & availability of this data is done with great care More »

Communications between team members & networks is critical

In these days of world wide communications being at a peak of efficiency, the task of passing on & receiving information in the blink of an eye becomes possible between our team members & the network we have access to More »

Team leader & CEO of the intel agencies group is Donna-Lee Sapiecha Eyers

Donna-Lee is here at her graduation law degree ceremony proudly supported by her mother Karen, her sister Sharah-Lee & father Henry More »

 

ASIO restructuring strategy and resources in the face of cyber threat

The country’s intelligence agency has aligned its resources to focus on the growing threat of cyber espionage targeting ‘a range’ of Australian interests.

In the wake of accusations from United States intelligence agencies that Russia hacked into Democratic Party emails, thus helping Donald Trump to election victory last year, a report from Australia’s intelligence agency said the country’s national security resources are focused on preventing foreign threat actors from “targeting a range of Australian interests”.

In its 2016-17 Annual Report [PDF], the Australian Security Intelligence Organisation (ASIO) explained that Australia continued to be a target of espionage and foreign interference, noting in particular that foreign intelligence services sought access to privileged and/or classified information on Australia’s alliances and partnerships; the country’s position on international diplomatic, economic, and military issues; as well as energy and mineral resources, and innovations in science and technology-related fields.

ASIO called the threat from espionage and foreign interference to Australian interests “extensive, unrelenting, and increasingly sophisticated”.

“Foreign intelligence services are targeting a range of Australian interests, including clandestine acquisition of intellectual property, science and technology, and commercially sensitive information,” the report explains.

“Foreign intelligence services are also using a wider range of techniques to obtain intelligence and clandestinely interfere in Australia’s affairs, notably including covert influence operations in addition to the tried and tested human-enabled collection, technical collection, and exploitation of the internet and information technology.”

During the reported period, ASIO said it identified foreign powers clandestinely seeking to shape the opinions of members of the Australian public, media organisations, and government officials, motivated by the appeal of “advancing their country’s own political objectives”.

As highlighted by ASIO, rapid technological change continued to provide people who are engaging in activities that threaten Australia’s security with new tools to conceal their activities from security and law enforcement agencies. In particular, ASIO said the use of encrypted communications by security intelligence targets was — and still is — an area of particular concern.

“Australia continues to be a target of espionage through cyber means; the cyber threat is persistent, sophisticated, and not limited by geography,” ASIO warned.

“Increasingly, foreign states have acquired, or are in the process of acquiring, cyber espionage capabilities designed to satisfy strategic, operational, and commercial intelligence requirements.”

Watching carefully the area of investment flows, ASIO said that while Australia’s open and transparent economy, which invites foreign investment, is a welcome and important contributor to Australia’s national wealth, it is not without national security risks.

“For example, foreign intelligence services are interested in accessing bulk data sets and privileged public or private sector information, including Australian intellectual property. Developing and implementing effective mitigation strategies for these issues is critical to reducing the threat to an acceptable level,” the report says.

Another emerging issue of potential national security concern to ASIO is the lack of diversity of ownership within certain infrastructure sectors.

The agency also said that the number of cybersecurity incidents either detected or reported within Australia represents a fraction of the total threat the country legitimately faces.

While technology provided security and law enforcement agencies with new opportunities to identify activities of security concern, ASIO said building and maintaining technical collection capabilities to stay ahead of the threats proved to be resource intensive.

“Transforming existing agency information and communications technology infrastructure to effectively exploit new capabilities, manage the large volume and variety of data available, and to be adapted easily to new technologies is a major challenge, and one that will require significant, ongoing investment,” the agency wrote.

“In addition to technological challenges in the operating environment, we faced heightened threats to our staff, facilities, and information.”

ASIO said such challenges required the diversion of resources to “ensure the security and effectiveness” of the agency’s operations.

Throughout the period, ASIO said it worked closely with Australia’s national security partner agencies, which included work to progress shared national security objectives through joint agency bodies such as the federal, state, and territory Joint Counter Terrorism Teams (JCTT), the National Threat Assessment Centre (NTAC), the Jihadist Network Mapping and Targeting Unit, and the Australian Cyber Security Centre (ACSC).

Similarly, work with international peers was maintained with over 350 partner agencies in 130 countries, ASIO explained.

The intelligence agency specifically worked with counter-terrorism prosecution in New South Wales, Victoria, and Queensland, providing assistance and evidence on telecommunications intercepts, physical surveillance, listening, and tracking devices.

“In 2016-17, we continued to work closely with telecommunications companies regarding the security risks associated with the use of certain companies in their supply chains and risks arising from foreign ownership arrangements,” the report says.

“We provided sensitive briefings to the Australian government and the telecommunications sector to outline the threat and, where possible, recommended appropriate mitigation measures.”

ASIO said that through its work with ACSC, it regularly observed cyber espionage activity targeting Australia.

“Foreign state-sponsored adversaries targeted the networks of the Australian government, industry, and individuals to gain access to information and progress other intelligence objectives,” the agency wrote.

“ASIO provided support to the ACSC’s investigations of these harmful activities as well as the centre’s work to remediate compromised systems. The number of countries pursuing cyber espionage programs is expected to increase … as technology evolves, there will be an increase in the sophistication and complexity of attacks.”

It isn’t just foreign threats on ASIO’s radar, with the agency noting it remained alert to, and investigated threats from, malicious insiders.

“Those trusted employees and contractors who deliberately breach their duty to maintain the security of privileged information,” ASIO explained. “These investigations continued to be complex, resource-intensive, and highly sensitive.”

In-house, ASIO said it also worked to build an enterprise technology program to enable the agency to “excel in using technology and data” to achieve its purpose.

“Given the increasing opportunities and challenges brought about by rapid advances in technology, it is imperative that ASIO is a ‘data-enabled organisation’, connected to its partners, accountable to the people, innovative in its approach, and sustainable for the long term,” the report says.

From July 2018, Australia’s new Home Affairs ministry will be responsible for ASIO, Australian Federal Police, Border Force, Australian Criminal Intelligence Commission, Austrac, and the office of transport security. It will see Attorney-General George Brandis hand over some national security responsibility to Minister for Immigration and Border Protection Peter Dutton.

Of the ministerial changes and the recommendations of the 2017 Independent Intelligence Review, ASIO Director-General of Security Duncan Lewis said he believes the new measures will play an important role in strengthening the agency’s strategic direction, effectiveness, and coordination of Australia’s national security and intelligence efforts, at a time when “the nation is facing complex, long-term threats” to its security.

Henry Sapiecha

Call for stricter access to Medicare cards after numbers sold on dark web

Australians could be handed greater control over who can access their Medicare card details amid fears the information can be too easily obtained.

An independent report, released on Saturday, has suggested tighter security following a review ordered by the federal government in July after a small batch of card numbers were sold on the dark web.

Medicare healthcare cards in Sydney, Wednesday, Jan. 21, 2015. The Federal government has indicated there could be further changes to planned Medicare reforms after dumping a controversial GP rebate. (AAP Image/Joel Carrett) NO ARCHIVING

It noted that while there had been no risk to patients’ health records as a result of the sale, Medicare card numbers are susceptible to theft for identity fraud and other “illicit activities”.

Illegally obtained Medicare details can also be used to fraudulently make claims and access taxpayer-funded health services.

The report has recommended that doctors and other health professionals be required to get consent from patients – either in writing or verbally – before accessing their Medicare numbers.

“In addition to providing patients with more control, this would also increase consumer awareness about how their Medicare information is used and shared,” it said.

The federal government is also being urged to phase out the ability to access Medicare numbers over the phone.

Roughly 580,000 calls are made to the Department of Human Services requesting card access, but security checks aren’t as robust as the online portal.

“The information required in the provider security check to access a Medicare card number could be accessible by someone other than the provider,” the report found.

While the review panel didn’t see any evidence of fraudulent requests for Medicare numbers over the phone, it “remains concerned about the potential risks presented by the channels”.

It recommends that, while phasing it out, conditions for the release or confirmation of card information by phone should be strengthened with additional security questions to whoever is calling in the request.

The panel – led by Peter Shergold, former secretary of the Department of Prime Minister and Cabinet – stopped short of calling for mandatory identity checks whenever someone uses their Medicare card, but suggested health professionals be required to take “reasonable steps” to confirm a patient’s identity when they are first treated.

It has also recommended that Australians be able to request an audit log of people who have sought access to their card number through the online portal, and that batch requests for numbers over the web be limited to 50 numbers at a time day – a dramatic reduction in the existing 500 record limit.

Last financial year, about 10.2 million searches for Medicare card numbers were made via the online service.

Human Services Minister Alan Tudge and Health Minister Greg Hunt welcomed the report and promised the government will respond by the end of the year.

AAP  www.scamsfakes.com    www.newcures.info

Henry Sapiecha

Data stolen in Australian defence contractor hack

Secret F-35, P-8, C-130 data stolen in Australian defence contractor hack

Around 30 gigabytes of ITAR-restricted aerospace and commercial data was exfiltrated by an unknown malicious actor during the months-long ‘Alf’s Mystery Happy Fun Time’ attack.

In November 2016, the Australian Signals Directorate (ASD) was alerted by a “partner organisation” that an attacker had gained access to the network of a 50-person aerospace engineering firm that subcontracts to the Department of Defence.

Restricted technical information on the F-35 Joint Strike Fighter, the P-8 Poseidon maritime patrol aircraft, the C-130 transport aircraft, the Joint Direct Attack Munition (JDAM) smart bomb kit, and “a few Australian naval vessels” was among the sensitive data stolen from a small Australian defence contractor in 2016.

The secret information was restricted under the International Traffic in Arms Regulations (ITAR), the US system designed to control the export of defence- and military-related technologies, according to Mitchell Clarke, an incident response manager at the ASD who worked on the case.

One document was a wireframe diagram of “one of the navy’s new ships”. A viewer could “zoom in down to the captain’s chair and see that it’s, you know, 1 metre away from nav chair”, Clarke said.

The data theft was first reported on Tuesday as part of the 2017 Threat Report from the Australian Cyber Security Centre (ACSC). Little information was given at the time. The victim was described as a “small Australian company with contracting links to national security projects”. The attacker had “sustained access to the network for an extended period of time” and had stolen a “significant amount of data”.

Clarke provided significantly more detail in his presentation to the national conference of the Australian Information Security Association (AISA) in Sydney on Wednesday.

ASD named this advanced persistent threat (APT) actor “APT ALF”, after a character in the long-running Australian TV soap opera Home and Away.

The attacker had in fact been in the network since at least mid July 2016, with data exfiltration starting around two weeks later. ASD refers to the three months between the attacker gaining access, and the ASD becoming aware of it, as “Alf’s Mystery Happy Fun Time”.

The attacker would have had little trouble gaining access.

The victim’s network was small. One person managed all IT-related functions, and they’d only been in the role for nine months. High staff turnover was typical.

There was no protective DMZ network, no regular patching regime, and a common Local Administrator account password on all servers. Hosts had many internet-facing services.

Access was initially gained by exploiting a 12-month-old vulnerability in the company’s IT Helpdesk Portal, which was mounting the company’s file server using the Domain Administrator account. Lateral movement using those same credentials eventually gave the attacker access to the domain controller and the remote desktop server, and to email and other sensitive information.

“This isn’t uncommon,” Clarke said. “Only about 12 months old, if you look at government, that’s not that out of date, unfortunately.”

The attacker needn’t have bothered with that, however. The ASD’s investigation found that internet-facing services still had their default passwords, admin::admin and guest::guest.

An important aspect of this incident is that a small company, with resources that were clearly inadequate given the sensitivity of the data they held, still managed to obtain and hold ITAR certification.

According to Clarke, an application for ITAR certification is usually only “two or three pages”, and asks only basic questions about organisations’ security posture.

“One of the learning outcomes from this particular case study for at least the Australian government is that we need to find a way to start to be a little bit more granular in our contracting to mandate what type of security controls are required,” Clarke said.

“That’s not for my team to answer, but that’s going to be an outcome of this sort of thing.”

Clarke emphasised the importance of following best practices to secure networks, including the ASD’s Essential Eight strategies to mitigate cybersecurity incidents.

USA Air Force’s Mini Crypto Chip Keeps Data Out Of Enemy Hands

When Airmen are active in the field, securing a line of communication is essential to keep sensitive intelligence away from enemy forces. To help navigate this digital world, the U.S. Air Force has created the new Mini Crypto chip to fortify communications and data between military systems.

“We think (Mini Crypto chip) will really help forward-deployed warfighters secure sensors, or communications devices, in areas where risk of interception is high, and still protect sensitive data, without burdening folks on the front lines with extra equipment or steps to safeguard the encryption device,” says Heidi Beason, the Mini Crypto program manager at the Air Force Life Cycle Management Center, Cryptologic and Cyber System Division, Joint Base-San Antonio, Texas.

At its core, the chip is an independent encryption engine that is small, lightweight, and creates its own session-based “key.” It has a power requirement of 400 milliwatts, “meaning it can be installed on equipment carried by one-person parties operating as scouts and forward air controllers.”

Once a session key is established between the sender and receiver, the key is used to read messages after the encryption process. The key management system boosts data protection and ticks off the National Security Agency check list, which is the highest standards for encryption.

“Communications devices all have a processor, where a message is formatted for transmission,” says Mini Crypto Deputy Program Manager Christopher Edsall.

“In the case of a computer, it’s the (central processing unit). Mini Crypto is located after the processing center, but before the transmission center, which is usually a radio. Another Mini Crypto chip is installed at the receiver end, after the receiving antennae, but before the CPU. The second Mini Crypto chip decrypts the received message as it comes through the radio where the unencrypted message is processed, and then it is displayed or heard,” Edsall adds.

The chip’s encryption creates a resource-intensive decryption process, according to Edsall. If the enemy does manage to make the data readable, the amount of time taken forfeits the information’s usefulness.

According to Beason, two years of program development led to the Mini Crypto chip design we see today. After a quick turnaround of concept, development, and testing, the device is now ready for production.

State-sponsored hackers turn on each other

State-funded hackers are not only stealing from you but also fighting amongst themselves

Researchers have revealed that nation-state hacking groups are not only dedicated to striking targets issued to them, but also to fighting each other.

On Wednesday, Kaspersky Labs researchers presented their findings at the Virus Bulletin conference in Woburn, MA, claiming that sophisticated threat actors are proactively targeting other groups in a land-grab for victim data, as well as a means to copy each others’ tools and probe each other’s infrastructure.

Also known as SIGINT, or the “fourth-party collection practice of spying on a spy spying on someone else,” according to the Global Research & Analysis Team (GReAT), such attacks are most likely to be launched by nation-state sponsored groups in order to target less sophisticated groups and foreign rivals.

There are two main approaches to this internal warfare that groups tend to take. The first, a “passive” model, involves intercepting each others’ data and communication — for example, when commands are issued to a slave system via a command-and-control (C&C) server. Kaspersky says that such attacks, when conducted properly, can be “almost impossible to detect.”

The “active” approach, however, involves infiltrating a hacking group’s infrastructure. While more likely to be detected, these attacks can result in the theft of victim information, tools, and a deep insight into how other threat actors operate.

A common tactic used by state-sponsored groups against each other is the installation of backdoors into C&C infrastructure, which creates persistence. Kaspersky discovered two such examples in wild, one of which in the NetTraveler malicious server, used to target activists in Asia by a Chinese group.

The second was found in the C&C infrastructure employed by Crouching Yeti also known as Energetic Bear, a Russian-speaking threat group which has been linked to attacks against the industrial industry.

However, the team was not able to trace the groups that engineered the backdoors.

Another tactic employed is the surveillance of malicious websites. In 2016, a Korean-speaking state-sponsored group dubbed DarkHotel hosted malicious scripts for another group called ScarCruft, which targeted Russian, Chinese, and South Korean victims.

“The DarkHotel operation dates from April 2016, while the ScarCruft attacks were implemented a month later, suggesting that ScarCruft may have observed the DarkHotel attacks before launching its own,” the team says.

Sometimes, however, threat groups decide to play nice and share, rather than steal.

Kaspersky found that a server belonging to the Magnet of Threats, a group from the Middle East, also hosted implants and malicious tools used by hacking groups Regin, Equation Group, Turla, ItaDuke, Animal Farm, and Careto — English, Russian, French and Spanish-speaking communities, respectively.

Sharing sophisticated tools and data does have a downside — as it was this server which led to the discovery of the Equation Group, later revealed to be linked to the US National Security Agency (NSA).

The constant theft, copying, and internal battles between state-sponsored groups are making the role of security researcher more difficult as time goes on. Without clear “signatures” of each group, tracking who is responsible for what can be very difficult, and without being cautious, could attribute attacks from different countries and groups incorrectly.

“Attribution is hard at the best of times as clues are rare and easily manipulated, and now we also have to factor in the impact of threat actors hacking each other,” said Juan Andres Guerrero-Saade, Principal Security Researcher at Kaspersky. “As more groups leverage each other’s toolkits, victims, and infrastructure, insert their own implants or adopt the identity of their victim to mount further attacks, where will that leave threat hunters trying to build a clear, accurate picture?”

Henry Sapiecha

Facebook, Microsoft, Twitter, YouTube up the ante on curbing terrorist propaganda

The companies have furthered their commitment to curb online terrorist content, pumping funds into research and pledging to work with 50 smaller tech players to keep the content away from their platforms.

The Global Internet Forum to Counter Terrorism, comprised of Facebook, Microsoft, Twitter, and YouTube, has made a “multimillion-dollar” commitment it said will support research on terrorist abuse of the internet.

In a blog post on Wednesday, Google’s SVP and general counsel Kent Walker said the new commitment focuses on conducting and sharing research about how terrorists use the internet to influence their audiences so the forum can stay one step ahead.

In a bid to better tackle terrorist content on the companies’ respective platforms, Walker told the United Nations in New York on Wednesday that the forum, which formed earlier this year, has now set a goal of working with 50 smaller tech companies to help them curb online terrorist propaganda.

“On Monday, we hosted dozens of companies for a workshop with our partners under the UN Counter Terrorism Executive Directorate,” he said. “There will be a workshop in Brussels in December and another in Indonesia in the coming months. And we are also working to expand the hash-sharing database to smaller companies.”

The forum also hopes to determine how governments, tech companies, and civil society can fight back against online radicalisation. Walker revealed that the third and final pillar of the consortium’s plan is to work together to find “powerful messages and avenues to reach out to those at greatest risk of radicalisation”.

The group of companies announced they would be joining forces last year at the EU Internet Forum to curb terrorist content, specifically promising at the time to build a shared database of unique digital fingerprints — or hashes — for violent terrorist imagery, or terrorist recruitment videos and images, which have been removed from their services.

On Wednesday, Walker said the companies are putting their best talent and technology against the task of removing terrorist content and are “doing a better job of sharing breakthroughs with each other”, pointing to the forum’s hash-sharing database as being an early success.

“We have to deal with these problems at tremendous scale. The haystacks are unimaginably large and the needles are both very small and constantly changing,” he explained.

“In recent months we have more than doubled the number of videos we’ve removed for violent extremism and have located these videos twice as fast.”

Between August 2015 and June 2017, Twitter suspended more than 935,000 accounts for the promotion of terrorism. According to a company blog post, during the first half of 2017, over 95 percent of the accounts it removed were detected using its in-house technology.

Facebook, Walker said, is also leveraging artificial intelligence to root out “terrorist clusters” by mapping out pages, posts, and profiles with terrorist material before shutting them down.

“There is no magic computer program that will eliminate online terrorist content, but we are committed to working with everyone in this room [during his UN address] as we continue to ramp up our own efforts to stop terrorists’ abuse of our services,” Walker added.

Also addressing the UN in New York on Wednesday was Australia’s Foreign Minister Julie Bishop, who said Australia is keen to work with communications companies to crack encrypted messages used by terrorists, and congratulated Facebook, Microsoft, Twitter, Google, and YouTube for joining with governments to combat terrorists online.

While Australia supports an open, free, and secure internet, Bishop said encrypted messaging apps used by extremist groups are in the Australian government’s sights.

“Australia is very keen to work constructively with communications service providers to prevent terrorists from using encryption to hide online,” said Bishop, who was expected to hold a bilateral meeting with Microsoft co-founder Bill Gates following the UN proceedings.

“This is a significant challenge as encryption is vital for the protection of many legitimate activities including national security ecommerce and personal privacy.”

PREVIOUS AND RELATED CONTENT

Google: Here’s how we’re going to crack down on terrorist propaganda

Google responds to criticism that it and other platforms aren’t doing enough to prevent online indoctrination.

Facebook outlines its AI-driven efforts to fight terrorism

After facing criticism from EU leaders following the string of terrorist attacks in the UK, Facebook is stepping up its efforts to curb extremist content online.

The laws of Australia will trump the laws of mathematics: Turnbull

Despite calling the laws of mathematics “commendable”, the prime minister of Australia told ZDNet the only law that applies in Australia is the law of Australia when it comes to legislating decryption.

Henry Sapiecha

This is how much access Australian police already have to your data

The Australian government now wants further powers to access encrypted communications, but does it need them?

Police and intelligence agencies already have significant abilities to access data about our emails, phone calls and text messages if we’re suspected of committing a crime, although it can be difficult to tell exactly what they’re doing with them.

The government argues existing interception capabilities are inadequate to protect national security. According to Attorney-General George Brandis, backdoor access to encrypted communications would redress the “degradation of our intelligence capability” to prevent terrorism.

Many Australians are unaware of current police and intelligence powers when it comes to accessing our data. As the government lobbies for new levels of access, that needs to change.

‘Backdoor’ access

The government’s proposal to compel technology companies to provide access to encrypted messaging services is modelled on laws passed by other members of the Five Eyes surveillance alliance, of which Australia is a member.

Deputy US Attorney-General Rod Rosenstein recently announced the Department of Justice intends to demand interception of encrypted communications. New Zealand already requires technology companies to grant access. In the UK, authorities may force decryption where it is technologically feasible.

As with our allies, it is unclear if Australia’s laws will require so-called “backdoor” vulnerabilities to be built into messaging applications like Facebook Messenger or WhatsApp.

They could compel access via decryption keys or they might enable remote access to devices for interception of communications “at the ends”.

In response, cryptographers argue it is not mathematically possible to access end-to-end encrypted messages via interception without undermining online privacy for everyone.

The current state of telecommunications surveillance

The government already has various powers to access metadata, the contents of digital conversations and computer networks.

The Attorney-General’s Department recently released its annual report on telecommunications surveillance.

Thanks to the Telecommunications (Interception and Access) Act (TIA Act), law enforcement and other agencies can access stored communications with a warrant. This can include “email, SMS or voice messages stored on a carrier’s network”. In other words, the contents of any communication not encoded via encryption.

Agencies may also apply for “preservation notices” to compel telecommunications companies to preserve data.

During the 2015-16 financial year, there were 712 warrants issued for access to stored communications. Data is not available about the types of offences these warrants were used for. It is also not clear how the telecommunications information was used in investigations.

Applications for stored communications warrants (issued)

Agency 2014-2015 2015-2016
ACC 4 2
ACCC 4
AFP 94 80
ASIC 1
CCC (QLD) 3
CCC (WA) 5
DIBP 10 1
NSW CC 3 4
NSW Police 290 345
NT Police 16 11
PIC 7 16
QLD Police 123 132
SA Police 38 19
TAS Police 29 17
VIC Police 40 41
WA Police 38 35
Total 696 712

Source: Telecommunications (Interception and Access) Act 1979 Annual Report 2015–16

The issue of metadata retention

A controversial 2015 amendment to the TIA Act requires telecommunication service providers to retain metadata for two years.

This allows authorised law enforcement agencies warrantless access to information about digital communications such as the recipient or time sent, but not their content.

However, some agencies that aren’t meant to be able to access metadata are still making requests under different legal regimes, according to the Communications Alliance, and there have already been reported breaches where an Australian Federal Police officer accessed a journalist’s metadata without an appropriate warrant.

The 2015-16 financial year was a grace period for service providers to comply with retention requirements. During this time, there were 332,639 authorisations by criminal law-enforcement agencies.

Authorisations occurred most for drugs or homicide investigations. It’s possible this may indicate police are relying on ready access to metadata rather than pursuing traditional investigatory methods.

Oversight of Australia’s intelligence agencies

The Parliamentary Joint Committee on Intelligence and Security has today fulfilled one of its key statutory oversight responsibilities with the tabling of its review into the administration and expenditure of the Australian intelligence agencies for the 2015–16 financial year.

The Committee concluded that the six agencies making up the Australian Intelligence Community are overseeing their administration and expenditure appropriately.

On presenting the report to the Parliament, the Committee Chair, Mr Andrew Hastie MP, highlighted the changing security environment in which the agencies work. This includes ongoing challenges in relation to terrorism, communal violence, border integrity, espionage and foreign interference.

“Agencies have continued to respond to the changing security environment”, Mr Hastie said. “The Committee has previously noted its concerns about the constant resourcing pressure on agencies as they carry out their work to secure the Australian people and our interests.”

He added, “During the period, agencies benefited from additional funding under a range of new funding measures. As the Committee notes in its report, both ASIO and ASIS were provided with additional funding by the Government to support their operations and strengthen their capacity to meet strategic priorities. These measures are welcomed by the Committee as they will offset some of the resourcing pressures on the agencies. The Committee will continue to monitor the resourcing of both agencies in future reviews.”

The six agencies of the Australian Intelligence Community are the Australian Security Intelligence Organisation (ASIO), the Australian Secret Intelligence Service (ASIS), the Office of National Assessments (ONA), the Australian Signals Directorate (ASD), the Australian Geospatial-Intelligence Organisation (AGO), and the Defence Intelligence Organisation (DIO).

Through its review, the Committee received comprehensive submissions and conducted private hearings with each of the agencies. The Committee also took evidence from the Australian National Audit Office and the Inspector-General of Intelligence and Security.

Further information about the inquiry, including the Committee’s report, can be accessed via the Committee’s website at http://www.aph.gov.au/pjcis.

www.ozrural.com.au

Henry Sapiecha

Telstra launches Sydney cybersecurity centre Australia

Telstra now has security operations centres live in Sydney, Melbourne, and Canberra, and is also launching its learning initiative to help businesses educate staff members on cybersecurity.

Telstra’s Sydney SOC

(Image: Corinne Reichert/ZDNet)

Telstra has launched its Sydney-based cybersecurity centre, with the telecommunications provider also announcing a new “secure internet initiative”.

With the latest security operations centre (SOC) officially open for customers from Thursday, Telstra now has centres live in Sydney, Melbourne, and Canberra ahead of launching more across the globe, Telstra CEO Andy Penn told ZDNet.

“There will be more [centres] in the next year or two,” the chief executive told ZDNet during the Sydney SOC launch on Thursday afternoon.

“The thing to bear in mind, though, is that they’re virtual; this centre is virtually connected to the centre in Melbourne, and every future centre that we’ll have will be virtually connected as well, plus they’ll have 24/7 capabilities.

“So in that sense, these centres once established have the capacity to service thousands of customers and as our business grows — particularly internationally with our submarine cable network where we have about 400,000 kilometres of submarine cable network where we’re doing all the data transmission services for international customers — we’ll build out more centres as that demand requires, but we certainly have plans for a small number of extra centres internationally.”

According to Penn, Telstra’s position as Australia’s largest telecommunications service provider gives it the responsibility and obligation of delivering services that will protect its customers domestically and globally.

“Today, we’re announcing a new initiative that will add significantly to our existing capabilities … it is the creation of a new network of security operations centres,” he said.

“These centres support our global network of more than 500 cybersecurity experts, and will uniquely position Telstra to better monitor, detect, and respond to security incidents for all of our customers. The security operations centres will provide enterprise customers with access to our world-class security teams and increase visibility and insight for managing their business cyber risk.”

Telstra built the security centres to an Australian Security and Intelligence Organisation (ASIO) T4 standard, with all cables colour coded and physically separated according to what level of intelligence is carried across them, and the centre’s entry guarded by a time-sensitive airlock equipped with biometric security including facial recognition, gait recognition, and a retina scanner that can read from up to 10 metres away.

Under the T4 security standard, audio and video cannot be recorded inside the SOCs, and all mobile devices are required to be locked away prior to entering the centre.

The Sydney centre took seven months to build, with Telstra saying it took “an agile approach to both software and facilities”. In this regard, Telstra used open-source project Apache Metron, around which it built managed services applications and capabilities in order to remove the cost of developing commercial software, which it said meant more money spent on analysts.

Telstra’s SOC management platform is run on Microsoft Azure, with the centres also utilising the capabilities of software development company Readify and advanced security analytics technology Cognevo, both of which were acquired by Telstra last year.

“The future of security is machine intelligence coupled with human expertise,” Penn said.

“With the volumes of data we are seeing today driven by technology innovation, it is impossible to see the patterns and trends without machine learning. These new centres and our dynamic security offerings give us exactly this capability.”

Available 24/7, the Sydney and Melbourne centres “have the ability to aggregate data in a central point where it can be analysed for hostile intent”, Penn explained. The two SOCs are identical, with each housing 14 analysts at all times to support thousands of customers.

If one centre has an outage, services can be immediately switched over to the other, Telstra said.

While Penn would not disclose how much the centre is worth, he said it is “a fair bit bigger” than Optus’ AU$7 million centre unveiled last year.

Telstra additionally announced the establishment of a learning and development program to increase knowledge of cybersafety within organisations.

“Cybersecurity is a team sport,” Penn said, adding that Telstra fully supports the federal government’s cybersecurity strategy.

“The security operations centres and the secure internet initiatives reinforce Telstra’s commitment to working with the government and industry to create a cybersecure Australia.”

Minister Assisting the Prime Minister for Cyber Security Dan Tehan welcomed the arrival of Telstra’s new SOC, saying it demonstrates that as a telco provider, Telstra is “incredibly well placed” for dealing with cybersecurity.

“Cyber risk is there and it’s growing — we’re seeing cyber espionage, we’re seeing cybercrime, and we’re seeing hacktivism,” Tehan said during the SOC launch in Sydney, adding that there needs to be a “whole-of-community approach” to dealing with it.

Tehan and Penn

Tehan said the Australian cybersecurity centre’s unclassified-level stage one is “nearly ready” to be online, with the entire centre aiming to be fully operational next year.

The federal government has been moving towards a greater focus on cybersecurity, with Prime Minister Malcolm Turnbull initially pledging AU$30 million through to 2019-20 in December 2015 as part of the government’s AU$1.1 billion National  Science and Innovation Agenda to establish the Cyber Security Growth Centre.

The government announced in November that it would be launching the AU$4.5 million Academic Centres of Cyber Security Excellence with the aim of improving Australia’s cybersecurity through education and research, with Turnbull and Tehan receiving cyber defence education at the Australian Signals Directorate.

The government in February also pledged AU$1.9 million to universities delivering specialised cybersecurity training in a bid to combat the skills shortage in cyber-related fields.

During the 2017 Federal Budget, the government further pledged AU$10.7 million over four years to establish the Cyber Security Advisory Office (CSAO) to work with government agencies to manage cyber and digital risks and vulnerabilities to “provide strengthened central governance and assurance for cybersecurity and broader project vulnerability across government”.

Having launched its own managed security services earlier this year, Penn last week told ZDNet during Telstra’s FY17 financial results call that Telstra has “deep” skills in cyber.

“We’ve got deep, deep, deep skills in cyber because of our own need to protect our networks, but also we provide a very significant dynamic service for our enterprise customers, and this is really a significant investment in really building that service for our enterprise customers,” Penn told ZDNet.

The chief executive also told ZDNet that Telstra will likely upgrade its existing SOC in Canberra.

Henry Sapiecha

FBI charges Chinese national with distributing malware used in OPM hack attack

The malware has been linked to both the data breach of the US Office of Personnel Management as well as the Anthem breach.

The FBI has filed charges against a Chinese malware broker named Yu Pingan, alleging that he provided hackers with malware, including the Sakula trojan, to breach multiple computer networks belonging to companies in the US

The FBI alleges that Yu, also known as “GoldSun,” conspired with two unnamed hackers from around April 2011 through around January 2014 to maliciously target a group of US companies’ computer networks.

The complaint filed does not name which companies were targeted but notes that the different companies were headquartered in San Diego, California; Massachusetts; Los Angeles, California; and Arizona.

The rarely-used Sakula malware has been linked to both the 2014 breach of the US Office of Personnel Management as well as the 2015 breach of the health insurance firm Anthem.

The Anthem breach impacted 78.8 million current and former customers of the company, while the OPM hack affected more than 22 million records of Americans who had applied for security clearance to work for the government.