NEWS BRIEFS: September - October


Six Masters degree courses in cyber security to be certified by GCHQ, the highly controversial Data Retention and Investigatory Powers bill is passed and more security news.

»In what has been claimed to be the biggest data breach ever, US security firm Hold Security reported that a Russian gang dubbed CyberVor had compromised 4.5 billion records, including 1.2 billion unique credentials and 500,000 email addresses, taken from more than 420,000 FTP/websites.

   The news has been met with scepticism however; some experts have questioned the authenticity with so little evidence while others have criticised Hold Security for initially charging US$ 120 (approximately £70) a month for its breach notification service – which would let companies know if they had been affected or not.

»The British government passed its highly-controversial Data Retention and Investigatory Powers (DRIP) bill, a law which will allow police and security services to access people's phone and internet records from ISPs.The bill - which was described by Prime Minister David Cameron as essential in the fight against “criminals and terrorists” - went from announcement to enactment in just eight days and will force telcos to log customer information for government investigation for a period of 12 months.

   During this time, intelligence agents would be able to access any content so long as they had an order signed off by a government official.

   The law sees the creation of a new Privacy and Civil Liberties Oversight Board to examine the impact of the law on privacy and civil liberties. The controversial Regulation of Investigations Power Act (RIPA 2000) will also be reviewed, while the government will be required to submit annual transparency reports on how these powers are used.

   DRIP has a so-called ‘Sunset Clause' so that the powers will end in 2016.

»The continued industry effort against CryptoLocker shows no sign of abating with security companies FireEye and Fox-IT combining to offer a free online portal for victims wishing to recover their encrypted files. The two companies found a copy of CryptoLocker's database of victims after the take-down of the Gameover Zeus botnet – which was used to distribute the ransomware.
   The DecryptCryptoLocker tool is available free online at and lets users identify a CryptoLocker-encrypted file, upload it to the portal, receive the private key and a link to download and install the decryption tool run locally on their PC. On running the tool locally and using the private key, they should then be able to decrypt files on their PC's hard-drive.

»The Tor Project reported that it had seen an attack from February to July where an unknown attacker tried to identify users of the anonymous network via a combination of an “active traffic confirmation attack and a Sybil attack”.

   Describing the active traffic confirmation attack, the group said that attackers would seek to control or observe the relays - used to bounce internet traffic from place to place thus anonymising it - at both ends of a Tor circuit and then compare traffic volume, timing and other characteristics to conclude that two relays were on the same circuit.

   They would interject signals into Tor protocol headers to help them to identify the user – which could be done by finding their IP address in the first relay and the destination in the last.

   The Tor Project says that the attack relays joined on January 30 but were only removed from the network on July 4. It is now urging people who used the service during this time to ‘assume they were affected' and that they should upgrade to a more recent version of Tor to close the vulnerability of that particular protocol.

   The news came just after the Russian government put out a £60,000 bounty for local people or businesses to create technology that tracks Tor users.

»China is claimed to have been behind a cyber-espionage campaign against the Israeli Iron Dome Missile System. The PLA Unit 61398 apparently compromised the computer servers at three contractors working on the missile defence system between 2011 and 2012, according to US-based threat intelligence firm Cyber Engineering Services (CES), and pilfered thousands of confidential documents, including a 900-page report on the schematics and specifications of the missile.

   In related news, China is also said to be behind a prolonged cyber-attack on Canada's National Research Council, an attack so complex, the council expects the remediation to take up to a year.

»A Francis Maude, minister for the Cabinet Office, announced that six Masters degree courses in cyber security are to be certified by GCHQ.

   The UK's signals surveillance body invited universities to submit their Cyber Security Masters degrees certification against GCHQ criteria earlier this year, and six are now judged by GCHQ to provide well-defined and appropriate content for a broad foundation in cyber security.

   Edinburgh University, Lancaster University, the University of Oxford and Royal Holloway, University of London, have been given full-certified status, while Cranfield University and the University of Surrey, which recently opened a cyber-security research centre, have been awarded provisional certified status.

»A New York court told Microsoft that it must hand over customer data to the US government – even if it is held overseas.

   The Microsoft ruling was made by NY District Judge Loretta Preska in a case where the company is opposing a US search warrant to access the emails of one of its European customers as part of an on-going drugs investigation.

   The emails are stored in Microsoft's data centre in Dublin, Ireland, and  the firm argues that US prosecutors don't have the right to seize customer information held overseas. But the judge disagreed: “It's a question of control, not a question of the location of the information”.

   The EU subsequently opposed the US ruling.



Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews