Author Archives: user469294

RIA Cyber Security Report 2015

Leave a reply

RIA_cybersec_report_2015

Some insights:

2015 proved that the continuity of vital services can be affected, or even crippled, by simple ransomware campaigns that weren’t even intended to disrupt those services.

Around-the-clock manned monitoring of Estonian cyberspace has taken place since the summer of 2015. We also adopted new and improved monitoring technologies.As a result of the around-the-clock monitoring, we have prevented, discovered, and reacted to signifcantly more security incidents than in past years.

In 2015, the lessons learned from the CyberHEDGEHOG 2015 exercise, the amendment of the Emergency Act, and the adoption of the European Union Network and Information Security Directive (NIS) confrmed the need for a clear cyber security law that takes into account modern conditions.

In 2015 we became convinced about the necessity of thoroughly analysing both the legal questions associated with using cloud technologies and the risks connected to the integrity and confidentiality of data being processed in the cloud as well as the need to develop sufficient security measures to minimise those risks.

While European Union structural funds have been a welcome source of support for Estonian cyber security development, and indeed for the whole country’s IT development, it is clear that this situation is not sustainable for the country in the long term.

Links:
https://www.ria.ee/public/Kuberturvalisus/2015-RIA-Annual-cyber-report.pdf

Russian special forces operated fake GSM base station in Pärnu

Leave a reply

imsi-catcher_Parnu

In April 2015 NATO brought their special forces to Estonia for a secret NATO exercise. In the days that followed Russia unleashed a series of aggressive counter measures to monitor their exercises.

Estonian signals intelligence quickly discovered an IMSI-catcher – a false cell phone tower in the local cellular network. NATO believes that the Russians attempted to identify the key NATO personnel.

Classified NATO report: “The ghost tower came online briefly twice during the day. It overtook all local towers and hijacked all the local recipients before it dropped offline.”

Links:
https://www.aldrimer.no/claims-russian-special-forces-are-operating-inside-estonia/
http://news.postimees.ee/3680481/experts-say-lion-s-share-of-nato-leak-is-hot-air
http://tehnika.postimees.ee/3682041/drooniluureskandaal-eestlaste-koned-on-rangelt-kapo-kontrolli-all

District Court acquits alleged Ministry of the Interior user account blocker

Leave a reply

ministry_of_the_interior_estonia

The District Court of Tallinn acquitted Mart Pirita (45), who was accused of locking down the e-mail accounts of the Minister of the Interior Hanno Pevkur and the Director General of Police and Border Guard Board (PPA) Elmar Vaher, because his guilt was not proved.

The District Court overruled the previous verdict by Harju County Court. The Harju County Court convicted Pirita and imposed a financial penalty of 270 daily rates, which is EUR 13’159.80.

The Prosecutor’s Office accused the ex-employee of IT and Development Centre at the Estonian Ministry of the Interior (SMIT) of illegal disrupting of computer systems by entering data. According to accusation, in August 2014 Pirita entered without permission different incorrect passwords for 14 user accounts in SM jurisdiction, which resulted in these user accounts being blocked. The attack was performed through TOR network which allows using the Internet anonymously and hide one’s tracks. The accusation noted that Pirita may have been motivated by the termination of his employment contract.

Presenting as a witness in the court, Tiit Hallas, the head of information security of SMIT described to the court that TOR network is used by child pornography and malware distributors. During the attack an IP address belonging to the company E-Positive.ee owned by Mart Pirita was logged into the TOR network.

The District Court found that the County Court made mistakes in evaluating the evidence and accidentally attested that the act was performed by Mart Pirita. Only the fact that Mart Pirita used the TOR network is not sufficient, as anyone using the network at that time could have performed the illegal act. The evidence collected by the prosecutor do not show direct relation to the act. The District Court admitted that several circumstances hinted that the blocker was related to SMIT but this is not enough for convicting someone. There are no direct evidence and indirect evidences are weak, found the District Court.

Links:
http://www.postimees.ee/3657891/ringkonnakohus-moistis-oigeks-hanno-pevkuri-ja-elmar-vaheri-vaidetava-meilikontode-lukustaja

Supreme Court declares mediation of Bitcoins subject to anti-money-laundering supervision

Leave a reply

bitcoin_logo

Yesterday’s verdict put an end to longstanding doubts whether trades with the cyber money should be treated as economic activity requiring special permit or not – in a landmark stand, Supreme Court declared mediation of Bitcoins an economic activity subject to anti-money-laundering supervision.

Uku Tampere, Police and Border Guard Board press representative:

For ordinary people buying or selling cryptocurrency in occasional transactions for own use, the Supreme Court judgement essentially alters nothing. However, when an individual begins to publicly offer cryptocurrency mediation service, he needs to apply for activity licence and meet the requirements prescribed by Money Laundering and Terrorist Financing Prevention Act.

Links:
http://news.postimees.ee/3652435/supreme-court-subjects-bitcoins-trade-to-money-laundering-rules
http://news.err.ee/v/business/5659f790-778f-4710-807e-782281aff8a0/supreme-court-bitcoin-has-financial-value-hence-trading-it-to-be-considered-economic-activity

Estonian Internal Security Service (KaPo) Yearbook 2015

Leave a reply

kapo_yearbook_cybersecurity

In providing cyber security, the objective of the Internal Security Service is to identify cyber-attacks that could have been initiated by a foreign state or may threaten national security. The Information System Authority, the Estonian Information Board and the Police and Border Guard Board play an important role in the national cyber security community.

ISS doesn’t have much to inform us about. The section “Cyber Security” on page 22 and 23 contains mainly compilation of cyber security best practices.

Defacement and denial-of-service attacks can also become parts of sending a message to the enemy, i.e. influence operations. Some Estonian websites were defaced with Daesh symbols and messages in 2015. Although this was part of a global marketing campaign, it could also be regarded as a message to Estonian society.

Links:
https://kapo.ee/sites/default/files/public/content_page/Annual%20Review%202015.pdf

Plan to regulate private detective market

Leave a reply

private_detective

In February 29th interior ministry sent interest groups a letter inquiring about how many private detectives there might be in Estonia and how the domain ought to be regulated.

Mr Rüütel says almost everything is currently possible with help of public registers, but it is complicated to the absurd. For instance, anyone may have recourse to population register, pay €5 and ask is some definite individual has a mother and a father. «If they should answer that yes but they are dead, then I have a new question: do they have sisters or brothers. But for that I will again need to pay five euros. This is ridiculous,» said Mr Rüütel.

Pursuant to the Security Service Act in force, security companies are forbidden to provide private detective services i.e. security and private detective business cannot be combined. «For us, this is questionable. I think these services definitely should not be mutually exclusive,» said Mr Kuusik.

But if a law is created, he says it should grant expanded rights to private detectives. «The law makes no sense if covert photographs are not allowed in public space, which is a much needed service to collect evidence. The same with recording etc,» listed Mr Kala.

Links:
http://news.postimees.ee/3611981/private-detectives-behold-business-boom-on-horizon

Cyber Security Summer School 2016: “Digital Forensics — technology and law”

Leave a reply

cybersecurity_summerschool_estonia

July 3-8, 2016, Estonian Information Technology College, Tallinn

Cyber Security Summer School 2016 is organised by Information Technology Foundation for Education in collaboration with Tallinn University of Technology, University of Tartu and The University of Adelaide.

Speakers:
• Hein Dries-Ziekenheiner
• Jeffrey Moulton (LSU)
• Merike Kaeo (Double Shot Security)
• Pavel Gladyshev (University College Dublin)
• Stephen Mason (www.stephenmason.eu)

Timeline:
Applications open until May 9, 2016
Confirmation of admission by May 23, 2016

Monday, July 4
09:00 – 10:00 Opening of the Summer School
Welcoming words by Erki Urva, Chairman of the Board of HITSA
Introduction of the speakers and mentors by organizers Olaf Maennel and Helen Eenmaa-Dimitrieva
11:15 – 13:00 “Introduction to Electronic Evidence”, “Evidential Foundations and Authenticity” Stephen Mason and Hein Dries-Ziekenheiner
14:00 – 16:00 “Forensic Tools” Pavel Laptev

Tuesday, July 5
09:30 – 11:00 “Case assessment and Interpretation in digital forensic casework” Didier Meuwly
11:15 – 13:00 “Social media, big data, internet forensics” Hein Dries-Ziekenheiner
14:00 – 16:00 Exercise “State of Connecticut v Julie Amero” Stephen Mason and Hein Dries-Ziekenheiner

Wednesday, July 6
09:00 – 09:30 “Application to court” Stephen Mason
09:30 – 11:00 “Network Forensics As Evidence: What Can You Trust and What Is Admissible in a Court of Law” Merike Kaeo
16:15 – 17:30 “IT Forensics: Why post-mortem is dead. Whay over preserving evidence is bad.” Tobias Eggendorfer

Thursday, July 7
14:15 – 16:00 “This is Personal”, “Risk Management Framework” Jeffrey Moulton
16:15 – 18:00 “Frameworks for International Cyber Security” Eneken Tikk-Ringas

Friday, July 8
09:15 – 11:00 First Round of Moot Court
14:00 – 16:00 Best groups in a Public Moot
16:00 – 16:30 Summary and closing of the Summer School

Links:
http://studyitin.ee/c3s

Report of Estonian Information Board: International Security and Estonia in 2016

Leave a reply

teabeamet_logo

In cyberspace, Russia is the source of the greatest threat to Estonia, the European Union and NATO. Estonia is a target of hostile cyber acts both as an individual country, and as a member of the EU and NATO.

Cyber operations and cyber warfare have become a part of modern warfare.

Page 45 has section “Cyber threats”. Two pages of text contain no new information.

Links:
http://www.teabeamet.ee/pdf/2016-en.pdf

PhD thesis: “Applying Secure Multi-party Computation in Practice”

Leave a reply

talviste_riivo_PhD_thesis
Riivo Talviste PhD thesis: “Applying Secure Multi-party Computation in Practice”
Defense date: 14.03.2016 – 16:15 (J. Liivi 2-405, Tartu, Estonia)

Thesis supervisor: Senior Research Fellow Sven Laur, Project manager Dan Bogdanov

Opponents:
Professor Stefan Katzenbeisser, Technische Universität Darmstadt (Germany)
Associate Professor Kurt Rohloff, New Jersey Institute of Technology (Newark, USA)

Summary:
In this work, we present solutions for technical difficulties in deploying secure multi-party computation in real-world applications. We will first give a brief overview of the current state of the art, bring out several shortcomings and address them.
The main contribution of this work is an end-to-end process description of deploying secure multi-party computation for the first large-scale registry-based statistical study on linked databases. Involving large stakeholders like government institutions introduces also some non-technical requirements like signing contracts and negotiating with the Data Protection Agency.

Links:
http://www.ut.ee/en/events/riivo-talviste-applying-secure-multi-party-computation-practice

Postimees leaks IP addresses of comment authors

Leave a reply

postimees_commenter_IP_address

Postimees is holding IP addresses of comment authors in the parrot.php JSON file. The field “tsa” seems to hold integer which is IP and the other part is MD5 hash. This IP can be used to find out from which company’s network the comment originates from.

$ ping 3240627210
PING 3240627210 (193.40.12.10) 56(84) bytes of data.
64 bytes from 193.40.12.10: icmp_seq=1 ttl=60 time=9.68 ms

Few years ago the Postimees had the same mistake which they fixed, but now the same mistake is introduced again.

Links:
https://tingmarprog.wordpress.com/2016/02/25/postimehe-kommentaariumis-ip-jalle-avalikult-nahtav/