Monday, April 15, 2024

How Israel's cyber defenses fared during Iran strikes

Delivered every Monday by 10 a.m., Weekly Cybersecurity examines the latest news in cybersecurity policy and politics.
Apr 15, 2024 View in browser
 
POLITICO's Weekly Cybersecurity newsletter logo

By Joseph Gedeon

— With help from Maggie Miller and John Sakellariadis 

Driving the day

— Israel says there were no Iranian cyberattacks coinciding with the missile barrage, but reporting shows Iranian hackers potentially infiltrated key systems — including disrupting civilian radar systems.

HAPPY MONDAY and welcome to MORNING CYBERSECURITY! It’s playoff time in the NBA, which naturally means it's playoff time here at MC, too. Just like Lebron’s finesse moves in the post, I’ll also be finger rolling through the newsletter with extra panache. That is if or when Lebron gets eliminated, then it’s back to the basics till next season. I don’t make the rules.

Have any tips or secrets to share with MC? Or thoughts on what we should be covering? Find me on X at @JGedeon1 or email me at jgedeon@politico.com. You can also follow @POLITICOPro and @MorningCybersec on X. Full team contact info is below.

 

Get critical policy news and analysis inside New York State. Use our Legislative Tracker to see what’s on the Albany agenda. POLITICO Pro. Inside New York. Learn more.

 
 

Want to receive this newsletter every weekday? Subscribe to POLITICO Pro. You’ll also receive daily policy news and other intelligence you need to act on the day’s biggest stories.

Cyber Warfare

ALL CLEAR? — Israel's national cyber agency says Iranian hackers weren’t able to break through during this weekend's missile barrage. But a major cybersecurity firm offered a conflicting view, reporting that Iranian government-linked hackers claimed to have pulled off some attacks timed around the drone strikes.

— Dueling claims: The Israel National Cyber Directorate told Morning Cyber on Sunday that "no abnormal online activity was detected during the recent missile threat, underscoring our resilience against cyber threats."

But Israel-based Check Point chief of staff Gil Messing says there are claims an Iranian-backed group meddled with civilian radar systems in the lead-up to the strikes, though unverified.

Those attacks have been claimed by the Handala group on Telegram, who Messing described as being Tehran-backed and having been accused of several other cyberattacks over the weekend — including the alleged hacking of an Israeli cyber college tied to Israeli military and cyber intelligence Unit 8200, releasing gigabytes of stolen data.

— Outside agitators too: Check Point also tracked a group called Mysterious Team Bangladesh taking down Jordan's website over its role intercepting Iranian drones. An Yemen-linked group allegedly was also active, per Messing.

— Cyber surge: In the week ahead of the mostly-thwarted drone barrage, Israel did acknowledge Iran's cyber ops had "almost tripled" recently. Check Point said last week that domestic attacks rose from around 1,000 weekly to some 2,100 — particularly after deadly strikes on Iran's Damascus consulate were blamed on Israel.

— U.S. monitoring closely: Despite there being no widespread takedowns, America’s cyber agency tells MC it’s keeping its eye on the unfolding cyber threats Israel could be facing.

“We have offered any cybersecurity assistance or support necessary” to Israel, CISA executive assistant director Eric Goldstein said. “We are additionally working with industry and international partners to proactively identify potential cyber threats to Israel.”

On the Hill

I SPY WITH MY LITTLE EYE — The Senate is set to take up FISA’s Section 702 in the next few days, and while it’s widely expected to pass, there’s still some indicators it could be rocky.

“The bill represents one of the most dramatic and terrifying expansions of government surveillance authority in history,” Sen. Ron Wyden (D-Ore.) said in a Friday post on X. “I will do everything in my power to stop it from passing in the Senate.”

— The problem: Fingers have been pointed at the House’s rejection to strengthen warrant requirements when spying involves Americans within the massive federal surveillance tool.

But privacy advocates like Elizabeth Goitein, senior director of the Liberty and National Security Program at the Brennan Center for Justice, say the warrant issue is a red herring for the real problem: how a provision that was kept in would allow the government to compel assistance from a vast range of businesses beyond traditional telecommunications providers in conducting surveillance under Section 702.

"What this does is it allows the government to conscript into service for surveillance purposes any provider of any service whatsoever, as long as that provider has access to equipment on which communications are being transmitted," Goitein told MC.

Any company offering Wi-Fi access to customers, Goitein explains, from big-box stores to local laundromats and barbershops, could potentially be forced to provide the NSA with access to customer communications streams.

— What they’re saying: Matthew Olsen, assistant attorney general for national security, pushed back on privacy concerns, arguing to MC that the changes are "a technical and narrowly tailored fix to ensure appropriate providers are covered equally."

Olsen added the changes merely "ensure appropriate providers are covered equally" and don't actually expand who can be targeted under 702's foreign intelligence gathering authorities.

“It does not expand the scope of who can be targeted for collection under this authority, which is strictly limited to non-Americans overseas," he said.

— What happens next: Opponents are pressuring senators to strip out what they are labeling as "Patriot Act 2.0" language and secure a brief extension to negotiate reforms. But administration officials strongly support the bill as it stands, and insist there is no time before an April 19 sunset deadline to work out meaningful changes.

“It’s on Congress right now to ensure that the government doesn’t lose insights into all sorts of things the American people expect their government to be able to understand and counter,” a senior administration official tells MC.

 

POLITICO IS BACK AT THE 2024 MILKEN INSTITUTE GLOBAL CONFERENCE: POLITICO will again be your eyes and ears at the 27th Annual Milken Institute Global Conference in Los Angeles from May 5-8 with exclusive, daily, reporting in our Global Playbook newsletter. Suzanne Lynch will be on the ground covering the biggest moments, behind-the-scenes buzz and on-stage insights from global leaders in health, finance, tech, philanthropy and beyond. Get a front-row seat to where the most interesting minds and top global leaders confront the world’s most pressing and complex challenges — subscribe today.

 
 
The International Scene

A NEW CYBER SCHEME — The EU's cloud cybersecurity certification scheme may be nearing the finish line as soon as today after years of tensions over sovereignty requirements aimed at curbing U.S. cloud access looks to be on its way out.

The sovereignty criteria, which sought immunity from foreign laws like the U.S. CLOUD Act, had raised concerns from American tech giants like Amazon, Microsoft and Google — who feared being locked out of Europe’s most critical cloud services.

— Why things are moving along: Those controversial criteria look set to be scrapped in the latest Belgian compromise text ahead of today’s European Cybersecurity Certification Group meeting. That prompted optimism from critics like the Dutch State Secretary Alexandra van Huffelen, who told our colleagues at Cyber Insights that "some kind of compromise" looks like it can be reached.

— Tit for tat: Now, both sides are launching last-ditch advocacy blitzes as the certification group prepares to discuss the new text today.

European industry groups like Airbus, Deutsche Telekom and OVHcloud are urging negotiators to reinsert the sovereignty rules, warning of "the risk of unlawful access" by China or the U.S. without them.

But a coalition of industry groups with U.S. cloud members, including The Software Alliance, is praising the new draft's "focus on technical and functional requirements which should rightfully remain at the core of cybersecurity certification in Europe." They're calling for a swift drafting of the implementing act sans sovereignty language.

PURA VIDA — Two of the nation’s top cybersecurity officials stirred up a beef with Beijing during a recent trip to Costa Rica to rally opposition to Chinese telecom giants.

Nate Fick, the State Department's top cyber diplomat, and Anne Neuberger, the White House's deputy national security adviser for cyber and emerging tech, were in San José last week for a Regional 5G Workshop. The event pushed countries across Latin America and the Caribbean to embrace "trusted suppliers" from democratic nations for their wireless networks, satellites, undersea cables and cloud services — aka keep Huawei out.

— Big turnout: More than a dozen countries sent reps, including Argentina, Paraguay, Guyana and Trinidad and Tobago, per a State Department readout of the event provided to Maggie.

— China wasn’t having it: The Chinese Embassy in Costa Rica put out a statement Friday strongly condemning the meeting, naming Fick and Neuberger in noting that “we regret U.S. officials have spread ‘pure lie’ in a country known for its ‘pura vida.’” The embassy accused the U.S. of carrying out mass cyberattacks and surveillance activities of its own.

“The Chinese government has never asked any company or used telecommunications services to obtain user data or key intellectual property from other countries,” the statement reads. “The relevant claims by U.S. officials ignore the facts and are unsubstantiated.”

U.S. officials have tended to point to a 2017 Chinese intelligence law in citing concerns about Huawei and other Chinese-based tech companies, as the law requires all Chinese companies to support and assist Chinese national security work if asked, potentially compromising data.

— Friendly relations: Costa Rican President Rodrigo Chaves vowed last year to only buy telecommunications gear from democratic nations, effectively boxing out Huawei. And the State Department last year gave $25 million in cyber aid to help the country bounce back from major 2022 ransomware attacks.

Tweet of the Day

No, Dad, you don’t owe the IRS $14,000.

Source: https://twitter.com/HackingLZ/status/1779477885536886866

Quick Bytes

ADS ARE THE ENEMY — Spyware makers are hiding malicious code in online ads to infect specific targets, making ad blockers a valuable defense against this invisible surveillance, reports Zack Whittaker for TechCrunch.

WATCH WHAT YOU READ — Human rights activists in Western Sahara are targeted with malware disguised as a legitimate news app. This app steals sensitive information from their phones, writes The Record’s Alexander Martin.

‘Change Healthcare Faces Another Ransomware Threat—and It Looks Credible’ (WIRED)

The Cyber Calendar

Tuesday

Chainalysis head of cyber threat intelligence Jacqueline Burns Koven, senior consulting director for Palo Alto’s Unit 42 Daniel Sergile and chief strategy officer at the Institute for Security and Technology Megan Stifel are facing the House Financial Services national security subcommittee for a hearing on ransomware threats. 10 a.m.

The House Energy and Commerce Health Subcommittee is holding a hearing on the health sector’s cybersecurity in the wake of the Change Healthcare attack. 10 a.m.

The Senate Judiciary’s subcommittee on privacy, technology and the law is holding a hearing on election deepfakes, particularly on oversight of AI. 2 p.m.

Wednesday

The Senate Judiciary’s subcommittee on privacy, technology and the law is holding another hearing on election deepfakes, particularly on oversight of AI. 2:30 p.m.

Thursday

The House Intelligence committee is facing some of the old guard including Reps. Jim Cooper, Ilena Ros-Lehtinen, Jane Harman and Peter King for a full hearing. 10 a.m.

The House Energy and Commerce’s innovation, data and commerce subcommittee is holding a hearing on data privacy rights, particularly on legislative solutions to protect kids online. 10 a.m.

Chat soon. 

Stay in touch with the whole team: Joseph Gedeon (jgedeon@politico.com); John Sakellariadis (jsakellariadis@politico.com); Maggie Miller (mmiller@politico.com); and Heidi Vogt (hvogt@politico.com).

 

Follow us on Twitter

Heidi Vogt @HeidiVogt

Maggie Miller @magmill95

John Sakellariadis @johnnysaks130

Joseph Gedeon @JGedeon1

 

Follow us

Follow us on Facebook Follow us on Twitter Follow us on Instagram Listen on Apple Podcast
 

To change your alert settings, please log in at https://login.politico.com/?redirect=https%3A%2F%2Fwww.politico.com/settings

This email was sent to edwardlorilla1986.paxforex@blogger.com by: POLITICO, LLC 1000 Wilson Blvd. Arlington, VA, 22209, USA

Unsubscribe | Privacy Policy | Terms of Service

No comments:

Post a Comment

Your Weekly Recommended Reads

Powered by AI, personalised for you Catch up on key news and analysis from the week gone by with The Business of Fashion's My...