Author Archives: user469294

District Court acquits alleged Ministry of the Interior user account blocker

ministry_of_the_interior_estonia

The District Court of Tallinn acquitted Mart Pirita (45), who was accused of locking down the e-mail accounts of the Minister of the Interior Hanno Pevkur and the Director General of Police and Border Guard Board (PPA) Elmar Vaher, because his guilt was not proved.

The District Court overruled the previous verdict by Harju County Court. The Harju County Court convicted Pirita and imposed a financial penalty of 270 daily rates, which is EUR 13’159.80.

The Prosecutor’s Office accused the ex-employee of IT and Development Centre at the Estonian Ministry of the Interior (SMIT) of illegal disrupting of computer systems by entering data. According to accusation, in August 2014 Pirita entered without permission different incorrect passwords for 14 user accounts in SM jurisdiction, which resulted in these user accounts being blocked. The attack was performed through TOR network which allows using the Internet anonymously and hide one’s tracks. The accusation noted that Pirita may have been motivated by the termination of his employment contract.

Presenting as a witness in the court, Tiit Hallas, the head of information security of SMIT described to the court that TOR network is used by child pornography and malware distributors. During the attack an IP address belonging to the company E-Positive.ee owned by Mart Pirita was logged into the TOR network.

The District Court found that the County Court made mistakes in evaluating the evidence and accidentally attested that the act was performed by Mart Pirita. Only the fact that Mart Pirita used the TOR network is not sufficient, as anyone using the network at that time could have performed the illegal act. The evidence collected by the prosecutor do not show direct relation to the act. The District Court admitted that several circumstances hinted that the blocker was related to SMIT but this is not enough for convicting someone. There are no direct evidence and indirect evidences are weak, found the District Court.

Links:
http://www.postimees.ee/3657891/ringkonnakohus-moistis-oigeks-hanno-pevkuri-ja-elmar-vaheri-vaidetava-meilikontode-lukustaja

Supreme Court declares mediation of Bitcoins subject to anti-money-laundering supervision

Leave a reply

bitcoin_logo

Yesterday’s verdict put an end to longstanding doubts whether trades with the cyber money should be treated as economic activity requiring special permit or not – in a landmark stand, Supreme Court declared mediation of Bitcoins an economic activity subject to anti-money-laundering supervision.

Uku Tampere, Police and Border Guard Board press representative:

For ordinary people buying or selling cryptocurrency in occasional transactions for own use, the Supreme Court judgement essentially alters nothing. However, when an individual begins to publicly offer cryptocurrency mediation service, he needs to apply for activity licence and meet the requirements prescribed by Money Laundering and Terrorist Financing Prevention Act.

Links:
http://news.postimees.ee/3652435/supreme-court-subjects-bitcoins-trade-to-money-laundering-rules
http://news.err.ee/v/business/5659f790-778f-4710-807e-782281aff8a0/supreme-court-bitcoin-has-financial-value-hence-trading-it-to-be-considered-economic-activity

Estonian Internal Security Service (KaPo) Yearbook 2015

Leave a reply

kapo_yearbook_cybersecurity

In providing cyber security, the objective of the Internal Security Service is to identify cyber-attacks that could have been initiated by a foreign state or may threaten national security. The Information System Authority, the Estonian Information Board and the Police and Border Guard Board play an important role in the national cyber security community.

ISS doesn’t have much to inform us about. The section “Cyber Security” on page 22 and 23 contains mainly compilation of cyber security best practices.

Defacement and denial-of-service attacks can also become parts of sending a message to the enemy, i.e. influence operations. Some Estonian websites were defaced with Daesh symbols and messages in 2015. Although this was part of a global marketing campaign, it could also be regarded as a message to Estonian society.

Links:
https://kapo.ee/sites/default/files/public/content_page/Annual%20Review%202015.pdf

Plan to regulate private detective market

Leave a reply

private_detective

In February 29th interior ministry sent interest groups a letter inquiring about how many private detectives there might be in Estonia and how the domain ought to be regulated.

Mr Rüütel says almost everything is currently possible with help of public registers, but it is complicated to the absurd. For instance, anyone may have recourse to population register, pay €5 and ask is some definite individual has a mother and a father. «If they should answer that yes but they are dead, then I have a new question: do they have sisters or brothers. But for that I will again need to pay five euros. This is ridiculous,» said Mr Rüütel.

Pursuant to the Security Service Act in force, security companies are forbidden to provide private detective services i.e. security and private detective business cannot be combined. «For us, this is questionable. I think these services definitely should not be mutually exclusive,» said Mr Kuusik.

But if a law is created, he says it should grant expanded rights to private detectives. «The law makes no sense if covert photographs are not allowed in public space, which is a much needed service to collect evidence. The same with recording etc,» listed Mr Kala.

Links:
http://news.postimees.ee/3611981/private-detectives-behold-business-boom-on-horizon

Cyber Security Summer School 2016: “Digital Forensics — technology and law”

Leave a reply

cybersecurity_summerschool_estonia

July 3-8, 2016, Estonian Information Technology College, Tallinn

Cyber Security Summer School 2016 is organised by Information Technology Foundation for Education in collaboration with Tallinn University of Technology, University of Tartu and The University of Adelaide.

Speakers:
• Hein Dries-Ziekenheiner
• Jeffrey Moulton (LSU)
• Merike Kaeo (Double Shot Security)
• Pavel Gladyshev (University College Dublin)
• Stephen Mason (www.stephenmason.eu)

Timeline:
Applications open until May 9, 2016
Confirmation of admission by May 23, 2016

Monday, July 4
09:00 – 10:00 Opening of the Summer School
Welcoming words by Erki Urva, Chairman of the Board of HITSA
Introduction of the speakers and mentors by organizers Olaf Maennel and Helen Eenmaa-Dimitrieva
11:15 – 13:00 “Introduction to Electronic Evidence”, “Evidential Foundations and Authenticity” Stephen Mason and Hein Dries-Ziekenheiner
14:00 – 16:00 “Forensic Tools” Pavel Laptev

Tuesday, July 5
09:30 – 11:00 “Case assessment and Interpretation in digital forensic casework” Didier Meuwly
11:15 – 13:00 “Social media, big data, internet forensics” Hein Dries-Ziekenheiner
14:00 – 16:00 Exercise “State of Connecticut v Julie Amero” Stephen Mason and Hein Dries-Ziekenheiner

Wednesday, July 6
09:00 – 09:30 “Application to court” Stephen Mason
09:30 – 11:00 “Network Forensics As Evidence: What Can You Trust and What Is Admissible in a Court of Law” Merike Kaeo
16:15 – 17:30 “IT Forensics: Why post-mortem is dead. Whay over preserving evidence is bad.” Tobias Eggendorfer

Thursday, July 7
14:15 – 16:00 “This is Personal”, “Risk Management Framework” Jeffrey Moulton
16:15 – 18:00 “Frameworks for International Cyber Security” Eneken Tikk-Ringas

Friday, July 8
09:15 – 11:00 First Round of Moot Court
14:00 – 16:00 Best groups in a Public Moot
16:00 – 16:30 Summary and closing of the Summer School

Links:
http://studyitin.ee/c3s

Report of Estonian Information Board: International Security and Estonia in 2016

Leave a reply

In cyberspace, Russia is the source of the greatest threat to Estonia, the European Union and NATO. Estonia is a target of hostile cyber acts both as an individual country, and as a member of the EU and NATO.

Cyber operations and cyber warfare have become a part of modern warfare.

Page 45 has section “Cyber threats”. Two pages of text contain no new information.

Links:
http://www.teabeamet.ee/pdf/2016-en.pdf

PhD thesis: “Applying Secure Multi-party Computation in Practice”

Leave a reply

Riivo Talviste PhD thesis: “Applying Secure Multi-party Computation in Practice”
Defense date: 14.03.2016 – 16:15 (J. Liivi 2-405, Tartu, Estonia)

Thesis supervisor: Senior Research Fellow Sven Laur, Project manager Dan Bogdanov

Opponents:
Professor Stefan Katzenbeisser, Technische Universität Darmstadt (Germany)
Associate Professor Kurt Rohloff, New Jersey Institute of Technology (Newark, USA)

Summary:
In this work, we present solutions for technical difficulties in deploying secure multi-party computation in real-world applications. We will first give a brief overview of the current state of the art, bring out several shortcomings and address them.
The main contribution of this work is an end-to-end process description of deploying secure multi-party computation for the first large-scale registry-based statistical study on linked databases. Involving large stakeholders like government institutions introduces also some non-technical requirements like signing contracts and negotiating with the Data Protection Agency.

Links:
http://www.ut.ee/en/events/riivo-talviste-applying-secure-multi-party-computation-practice

Postimees leaks IP addresses of comment authors

Leave a reply

postimees_commenter_IP_address

Postimees is holding IP addresses of comment authors in the parrot.php JSON file. The field “tsa” seems to hold integer which is IP and the other part is MD5 hash. This IP can be used to find out from which company’s network the comment originates from.

$ ping 3240627210
PING 3240627210 (193.40.12.10) 56(84) bytes of data.
64 bytes from 193.40.12.10: icmp_seq=1 ttl=60 time=9.68 ms

Few years ago the Postimees had the same mistake which they fixed, but now the same mistake is introduced again.

Links:
https://tingmarprog.wordpress.com/2016/02/25/postimehe-kommentaariumis-ip-jalle-avalikult-nahtav/

60 percent of Swedbank’s customers use password card for online banking

Leave a reply

Swedbank_password_card

Nearly 60 percent of Swedbank’s private customers use password cards for online banking. This is in 2016, when already for several years there are much more comfortable and safer identification tools available, which do not involve the EUR 200 transaction limit.

By studying the reasons, it appears that people are not willing to change their habits. Password cards are familiar to them, they are used to them for a long time, they know exactly where the password card is located and know how to use it. They do not need to use it to learn something new.

One of the barrier also highlights the lack of trust in relation to the new authentication. People do not trust the things that they actually do not get to keep. They are not willing to go along with the changes quickly. Many assert that the EUR 200 payment limit does not hinder them.

Links:
http://kasulik.delfi.ee/news/uudised/e-riigi-hammastavad-numbrid-eesti-pangakliendid-kasutavad-ammu-iganenud-lahendust?id=73795383

Hacking systems protected by a simple password might not be an offense

Leave a reply

Oskar_Gross

Oskar Gross, the manager of recently opened Cyber Crime Unit of Central Criminal Police writes in an opinion piece that Estonian legislation is at times more primitive than the actual cybercrime. Therefore, there may be a weird situation where hacking an account that is protected with a simple password such as “1234” is not an offense.

In the last commented edition of the Penal Code, the lawmaker rather boldly attempted to define the legal handling of computer systems’ passwords and security issues related to recovering password, and the end result is problematic in several aspects.

Penal Code has an important section §217 “Illegal obtaining of access to computer systems” which aims to penalize unauthorized access to computer systems. The commented edition of Penal Code clarifies that unauthorized access is not in case of amazingly simple passwords, such as “admin”, “123456” and “qwerty”, because such passwords can be guessed by an attacker or found from “the top worst passwords” on the Internet.

In short, this section comment says: “If you have a weak password, the access to your data is allowed.”

Links:
http://geenius.ee/uudis/arvamuslugu-kas-konto-parooliga-1234-avalik