Monthly Archives: February 2017

Guardtime to design new NATO Cyber Range platform

Guardtime announced today that they have been awarded a contract by the Estonian Ministry of Defence under the auspices of NATO to design the next generation NATO cyber range. The new range design will considerably enhance NATO’s cyber, electronic warfare and intelligence, test, rehearsal, and mission refinement capabilities and promote effective cooperation and collaboration of state of the art tools, techniques, and procedures (TTP) to provide NATO range users with a credible capability and options for blue and red team planning activities.

Martin Ruubel, President of Guardtime Estonia said: “When designing and building the defence focused exercise ranges, Guardtime always aims at the principle: “We train as we fight”. For NATO we will provide a state of the art flexible, operationally relevant and representative environment design that enables integrated simulation and training and collaboration for a wide variety of blue and red team cyber mission exercise areas, enabling NATO cyber range users the ability to securely collaborate and refine their tools and tactics.”

It is interesting that Guardtime, the company providing blockchain-based log integrity solutions, has ambition to design new NATO Cyber Range platform. Seems that Guardtime’s plans to become general-purpose cyber security service provider.


Estonian Voting Verification Mechanism Revisited (Again)

Two papers on the topic. The first:

Abstract: After the Estonian Parliamentary Elections held in 2011, an additional verification mechanism was integrated into the i-voting system in order to resist corrupted voting devices [..] However, the verification phase ends by displaying the cast vote in plain form on the verification device. [..] In this respect, we propose an alternative verification mechanism for the Estonian i-voting system to overcome this vulnerability.

The second:

Abstract: Recently, Muş, Kiraz, Cenk and Sertkaya proposed an improvement over the present Estonian Internet voting vote verification scheme. This paper points to the weaknesses and questionable design choices of the new scheme. We show that the scheme does not fix the vote privacy issue it claims to. It also introduces a way for a malicious voting application to manipulate the vote without being detected by the verification mechanism, hence breaking the cast-as-intended property. In addition, the proposal would seriously harm usability of the Estonian vote verification scheme.

TL;DR: Turkish researchers see a privacy risk in the verification process which lets voter’s mobile device to learn for whom the vote was given. Estonian researchers in the counter paper argue why the proposed improvements do not solve the issue, instead decreasing the security of the scheme.


International Conference on Cyber Conflict: Junior Scholar Award 2017

The 9th International Conference on Cyber Conflict, focusing on the theme Defending the Core, invites junior scholars to submit Master’s theses for the Junior Scholar Award. The purpose of this CyCon 2017 award is to encourage and reward research on a wide range of topics related to cyber defence.

Candidates who have graduated with a Master degree or equivalent after 01 January 2015, in studies such as law, computer or political science or other relevant academic fields are eligible. The finalists of the CyCon 2017 Junior Scholar Award will be notified no later than 28 April 2017 and granted full free entry to the conference. Accommodation and travel expenses will not be covered.

All finalists will present their Master’s thesis results in a 15-minute presentation in the Junior Scholar conference session. An Award Committee will evaluate the presentations and can grant the following awards:

1st place: 1000 Euro
2nd place: 600 Euro
3rd place: 400 Euro

There are quite a lot MSc thesis tracked by this resource that would definitely qualify for the award. Application deadline 20 March 2017.


Estonian delegation answers to EU encryption questionnaire

Council of the European Union has prepared a questionnaire to map the situation and identify the obstacles faced by law enforcement authorities when gathering or securing encrypted e-evidence for the purposes of criminal proceedings. These are the answers from the Estonian delegation obtained by a public information request:

1. How often do you encounter encryption in your operational activities and while gathering
electronic evidence/evidence in cyber space in the course of criminal procedures?
o often (in many cases)

2. What are the main types of encryption mostly encountered during criminal investigations
in cyberspace?
o HTTPS, TOR, P2P / I2P, e-communications (through applications such as Skype, WhatsApp, Facebook, etc.)
o offline encryption – encrypted digital devices (mobile phone / tablet /computer), encrypting applications (TrueCrypt / VeraCrypt / DiskCryptor, etc)

3. Under your national law, is there an obligation for the suspects or accused, or persons who
are in possession of a device/e-data relevant for the criminal proceedings, or any other person to provide law enforcement authorities with encryption keys/passwords?
o No. Pursuant to Article 215 of the Criminal Procedure Code, investigative authorities and prosecutor’s offices can order the production of data from any person. Suspect and accused person do not have to disclose encyption keys/passwords.

5. Under your national law, is it possible to intercept/monitor encrypted data flow to obtain
decrypted data for the purposes of criminal proceedings? If so, is a judicial order (from a
prosecutor or a judge) required?
o Yes. §126.7. Wire-tapping or covert observation of information.

8. Do you consider that your current national law allows sufficiently effective securing of e-evidence when encrypted?
o Yes. Current legislation to gather evidence can be considered sufficient. The challenges related to encryption as more or less of technical nature.

10. In your view, will measures in this regard need to be adopted at EU level in the future?
o practical (e. g. development of practical tools for police and judicial authorities)
o improve exchange of information and best practices between police and judicial authorities
o create conditions for improving technical expertise at EU level

Basically, Estonian delegation answer can be read as “not interested in EU-level crypto backdoors”. Which is good, but could have been said more explicitly.

There are positive signs on EU-level for opposing legislation for backdoors:

Andrus Ansip, the Commission vice president in charge of the EU’s technology policies, has said he opposes laws that force companies to create backdoors to weaken encryption.

Europol, the EU law enforcement agency, and ENISA, the agency in charge of cybersecurity, signed an agreement in May opposing laws that strongarm firms into providing backdoors.


PhD thesis: “Software Technology for Cyber Security Simulations”

Andres Ojamaa PhD thesis: “Software Technology for Cyber Security Simulations”
Defense date: 15.12.2016

Enn Tõugu, D. Sc., Institute of Cybernetics Tallinn University of Technology, Tallinn, Estonia
Jaan Penjam, PhD, Institute of Cybernetics, Tallinn University of Technology, Tallinn, Estonia

Margus Veanes, PhD, Research in Software Engineering (RiSE) Group Microsoft Research, Redmond, USA
Christian Czosseck, PhD, Head Laboratory at CERT Bw, Germany

The goal of the work is to develop smart cyber security simulation tools. This includes methods, technology and freely available software tools for cyber security simulation that will be applicable to wide set of problems and will be economical and time-efficient, while still providing the required precision.


Case study on Estonian public transportation RFID/NFC card security

This report talks about security of NFC/RFID cards. It first describes the most widely-used type of cards, MIFARE Classic, and then considers a real-life application, namely Estonian public transportation cards. The communication between a real card reader installed in Tartu bus and a Tallinn public transportation card is eavesdropped and analysed on high level.

The report has been published for the UT course “Research Seminar in Cryptography (MTAT.07.022)”.


PhD thesis: “Efficient non-interactive zero-knowledge protocols in the CRS model”

Prastudy Mungkas Fauzi PhD thesis: “Efficient non-interactive zero-knowledge protocols in the CRS model”
Defense date: 17.02.2017 – 14:15 (J. Liivi 2-405, Tartu, Estonia)

Thesis supervisor: Lead Research Fellow Helger Lipmaa (Institute of Computer Science, UT)

Associate Professor Ivan Visconti (University of Salerno, Italy);
Dr Carla Ràfols Salvador (University of Pompeu Fabra, Barcelona, Spain)

In this work we provide three scenarios where NIZK arguments are relevant: verifiable computation, authorization, and electronic voting. In each scenario, we propose NIZK arguments in the CRS model that are more efficient than existing ones, and are comparable in efficiency to the best known NIZK arguments in the RO model.


Report of Estonian Information Board: International Security and Estonia in 2017

Paragraphs from the “Cyber Threats” section on page 36:

Although the crippling of a critical Estonian infrastructure by a state actor in 2017 is not likely, it is certain that Estonia will remain a target of hostile cyber activity. [..] Considering the cyber attacks that sowed confusion in the US in 2016 and Latvia’s experience in holding the presidency of the European Union in 2015, it is also likely that Estonia will come under increased scrutiny from foreign cyber criminals in the second half of 2017.

As in past years, the Estonian government sector was not unscathed by attacks in 2016. The mailboxes of employees of the Riigikogu (parliament), the Ministry of Foreign Affairs and the Ministry of Economic Affairs and Communications were the targets of phishing attempts. An example of such attacks was an incident in 2016 where an attempt was made to steal information in the possession of a Finnish member of the Bellingcat research group. The information concerned the military conflict in Ukraine and the downing of the MH17 airliner.

Haven’t heard of the phishing attempt against Bellingcat member in Estonia. The spearphishing example screenshot above actually comes from the ESET report on Sednit hacking group.


Bitcoin miners found in Pärnu Hospital

Last spring Pärnu Hospital received information that it is involved in a massive virtual money, or so-called bitcoin mining. “Arguably, this was the largest bitcoin miner in the area of ​​Pärnu,” added the source. It turned out that bitcoin mining in the hospital was performed for nearly two years.

It would be interesting to know how the mining was discovered. There is no place in Bitcoin ecosystem where one could list “largest miners in the area of Pärnu”.

The mining was performed by the hospital network administrator and medical technician – they used in total six devices for this purpose. Some of the equipment was placed on the 8th floor in ventilation equipment rooms. The devices had multiple graphics cards, as well as a smaller machine Antminer was running Linux operating system from the SD card. Larger servers using Windows Server 2012 platform also engaged in the extraction of virtual money.

The medical technician was let go but the network administrator was given only a warning.

RIA will now investigate whether bitcoin mining had security implications:

“Based on media coverage, it cannot be excluded that the case could be a security incident,” said Toomas Vaks, Deputy Director General of Information System’s Authority.


Document counterfeiting case “Maarika” comes to court

Harju County Court on Thursday accepted plea bargains reached between the Office of the Prosecutor General and those charged in connection with a criminal organization found to be illegally issuing official documents and will make a decision regarding their confirmation in early February.

This is what happened in 2015:

Estonian police has detained 12 people, including four Police and Border Guard (PPA) employees, in what is believed to be the biggest scam the country has seen for years. The suspects allegedly issued official documents that need state approval, such as language test certificates, living permits, papers needed to receive Estonian citizenship, and medical certificates. The scam involved forgery, entering false information and accomplices who used fake identity.

PPA employees were abusing state databases and ignoring suspicious applications:

Four Police and Border Guard employees, who are now bribery suspects, are believed to have been involved in the process of issuing the forged documents, but were not organizers of the scam. They released confidential information, knowingly accepted application forms with false information and issued official documents in return for bribes. Two are specialists and two are customer servants.

This is how the scam got discovered:

Nobody would have ever noticed, if not for the personnel changes at PPA last year. As a result of this, a new person ended up working with follow-up check of citizenship applications, to whom lots of cases seemed an anomaly. People with positive responses to applications looked like they had nothing to do with Estonia whatsoever. As the cases were dozens, the official told internal audit.

The scam was organized by 65-year-old woman calling herself Maarika. Most “clients” who received counterfeit documents were pardoned as exchange from criminal charges. We can see here that if the base identity is not sufficiently protected, no eID system, however well designed, can help.