Incident & Breach Response , Security Operations
Breach Roundup: Chinese Hackers Breach Japanese Cyber Agency
Also: Data Scraping Warning Sent to Social Media PlatformsEvery week, Information Security Media Group rounds up cybersecurity incidents and breaches around the world. This week, Japan's cybersecurity agency reportedly was breached, social media companies were urged to ward off data scraping, the NSA said it respects foreign intelligence targets, Polish authorities arrested two for hacking a rail network, and a ransomware gang used GDPR fines as scare tactics.
See Also: Effective Communication Is Key to Successful Cybersecurity
Japan's Cybersecurity Agency Suffers 9-Month Breach
Chinese state-backed hackers infiltrated Japan's cyber defense agency for approximately nine months without detection, the Financial Times reported in an article citing "three government and private sector sources familiar with the situation."
The attack on the National Center of Incident Readiness and Strategy for Cybersecurity, known as NISC, raises further questions about Japan's ability to fend off nation-state hacks, the FT says, citing recent revelations about Chinese hackers inside Japanese military networks and the July closure of Japan's largest cargo hub following a ransomware attack. Japan, South Korea and the United States earlier this month pledged to deepen security ties amid worries over Chinese aggression in the South China Sea.
A NISC official told the FT that the agency's investigation had concluded that hackers breached its email system but didn't proceed deeper. A spokesperson for China's foreign ministry suggested the attack was really the work of the United States.
Call for Social Media Companies to Protect Publicly Available Data
The U.K. Information Commissioner's Office and 11 other national data protection and privacy authorities across the globe issued a joint call for social media platforms to bolster defenses against data scraping of publicly accessible information.
The statement says data posted on public social media networks can still be subject to data protection and privacy laws that prohibit data scraping and that "mass data scraping incidents that harvest personal information can constitute reportable data breaches in many jurisdictions."
The data protection agencies recommend a slew of technical and procedural controls to limit scraping, including rate limiting the number of clicks from one account to another, using bot pattern identification, deploying CAPTCHA and taking legal action against scrapers.
NSA: Snoop Respectfully
U.S. signals intelligence collector the National Security Agency issued a policy directive instructing its employees to treat foreign intelligence targets "with dignity and respect," according to recent internal guidance reported by The Intercept.
The directive's release coincides with the Biden administration considering limits on the FBI's ability to access information obtained by the NSA through a surveillance program aimed at foreigners. Known as Section 702, the program can sweep up communications from U.S. persons if they're in contact with a foreign target. U.S. law prohibits reverse targeting.
The directive comes after President Joe Biden's October 2022 executive order aimed at enhancing privacy safeguards for U.S. intelligence activities. Civil society advocates contacted by The Intercept were predictably aghast. They "pointed to the absurdity that the NSA, an intelligence agency that specializes in electronic eavesdropping including the interception of text messages and emails, could do so respectfully," the website wrote.
Michigan University Cuts Off Internet for 2 Days
The University of Michigan shut down internet access for two days due to a "significant cybersecurity issue," disrupting the start of the new academic year. In a Tuesday open letter, President Santa Ono said that despite the setback, "our campuses were alive Monday with a wide array of activities."
The university's decision to disconnect from the internet on Sunday affected roughly 120,000 individuals across the Ann Arbor, Flint and Dearborn campuses. On Wednesday, the university said that internet service had been restored although it warned students to "expect some issues with select U-M systems and services in the short term, and not all of our remediation efforts are complete."
Polish Authorities Arrest 2 for Hacking Rail Network
Polish authorities apprehended two Polish individuals in Bialystok accused of disrupting train operations within the country.
The duo allegedly hacked the radio communication network of the Polish PKP railway on Friday, causing stop signals to be activated near the northwestern city of Szczecin, which led to the delay of nearly 20 trains. The trains were back on schedule within a couple of hours, and the issue was resolved.
Hackread reported the signals were interspersed with bits of the Russian national anthem and a recording of a speech by Russian President Vladimir Putin, but there is no official notice linking the attack to Russia.
Ransomware Gang Uses GDPR Fines as Scare Tactics
Flashpoint researchers on Monday released a blog post about a new ransomware gang they call Ransomed that uses laws designed to safeguard consumers as pressure to pay extortion.
Ransomed threatens victims with disclosure of private data unless it receives a payment, arguing that paying off the extortionists is a better deal than facing a fine from data protection authorities who enforce laws such as Europe's General Data Protection Regulation. Ransomed launched on Aug. 15. The group's ransom demands range from 50,000 to 200,000 euros, much lower than potential GDPR fines, which can reach millions of euros.