Author Archives: user469294

Personnel changes in RIA cyber security division

Anto Veldre, a legendary Estonian security specialist leaves RIA:

From the beginning of the year, the State Information System Authority (RIA) discharged an experienced IT security expert and promoter Anto Veldre. Veldre has worked as an analyst at the incident handling department at CERT-EE and in the Communications Department.

Helen Uldrich, head of RIA Communications Department, explained the discharge of Anto Veldre by the change in the structure of their unit from 2018. The analyst’s place where Veldre previously worked was changed into a spokesperson’s position and, as a result, his duties changed.

“Unfortunately, RIA did not have another position to offer Anto that would correspond to his professional profile. The whole staff of the State Information System Agency highly appreciates Anto and his contribution, for example, to explaining the functioning of the e-state,” added Uldrich.

Klaid Mägi, the head of CERT-EE leaves RIA:

Klaid Mägi, head of CERT-EE will leave the state office and continue to work at CybExer Technologies, a private Estonian company promoting cyber hygiene. Mägi has led the unit since autumn 2014. Previously, he has worked at the Ministry of Finance, Elisa and Elion.

Uku Särekanno, the new Deputy Director General of RIA Cyber Security Branch:

The authority organised a public competition last October to find a director for the Cyber Security Branch. About ten people applied for the position. The Director General of the Information System Authority chose the suitable candidate in early December.

Previously, Uku Särekanno has worked at different positions in the European Commission, the Government Office, and the Ministry of Foreign Affairs, led the Public Order and Criminal Policy Department of the Ministry of the Interior, and represented Estonia in Brussels regarding issues of migration and police cooperation.

Before, since September 2011, this responsibility has been borne by Toomas Vaks, who previously worked as a risk manager for bank cards in Swedbank, before he was employed at Hansapank.

Links:
https://tehnika.postimees.ee/4367831/ria-koondas-legendaarse-eesti-turvaspetsialisti-anto-veldre
https://geenius.ee/uudis/ria-koondas-eesti-turvaspetsialisti-anto-veldre/
https://www.err.ee/654409/ria-uks-juhivtootaja-klaid-magi-lahkub-toole-erasektorisse
https://geenius.ee/uudis/riast-lahkus-toolt-jargmine-tippekspert-certi-juht-klaid-magi/
https://geenius.ee/uudis/peterkop-me-ei-suuda-erasektoriga-voistelda-aga-pakume-erilist-tood/
https://www.ria.ee/en/uku-sarekanno-is-the-deputy-director-general-of-the-information-system-authority.html
https://geenius.ee/uudis/uus-eesti-kuberkaitse-juht-meie-maine-hoidmiseks-ei-piisa-enam-ainult-raakimisest-ja-konverentsidel-kaimisest/
http://arileht.delfi.ee/news/uudised/ria-endine-kuberturbejuht-macgyveri-teibiga-e-riiki-ei-ehitata?id=79908056

President to decorate persons who helped to solve ID card crisis

Leave a reply

The President decided to recognize with decorations three people who helped to solve the crisis of the ID-card that struck Estonia last year. The Order of the White Star, 5th Class will be handed to Margus Arm, the head of the State Information System Agency eID field, Kaija Kirch, who led the crisis management team at the Police and Border Guard Board, and Kaarel Raspel, a Nortal employee, who helped RIA to develop a solution to solve the ID-card crisis:

Margus Arm, promoter of information society. Margus Arm, as head of the eID field of the State Information System Authority, played a key role in removing the security risk of ID-card. He worked out key proposals for resolving the crisis and led the work of the team who developed the technical solutions.

Kaija Kirch, promoter of internal security. Kaija Kirch was in charge of a crisis team formed to eliminate the security card ID card at the Police and Border Guard Board. Under her leadership, both the completion of the new ID-card production line and PPA’s customer service, as well as cooperation with other public authorities, the private sector and citizens took place.

Kaarel Raspel, promoter of field of e-services. Kaarel Raspen, as a staff member of AS Nortal, made a great personal contribution preventing the security risk of the ID-card from realizing. He had a leading role in developing a fundamental solution that allowed the ID-card ecosystem to be replaced with elliptical curve encryption algorithms, which prevented the ID-card chip from encountering security risk.

The Order of the White Star, 4th Class will be also handled to:

Raimo Peterson, promoter of cybersecurity cooperation. Raimo Peterson has helped the NATO Cyber Defense Center to become an internationally recognized center of expertise. Under his leadership, the Locked Shields cyber defense exercise has become one of the world’s largest among its kind. He has also developed a critical information infrastructure capability in the form of a laboratory that is used by both Estonian state authorities and large private companies.

Congratulations!

Links:
https://news.err.ee/679885/president-of-estonia-to-bestow-state-decorations-on-166-individuals
https://tehnika.postimees.ee/4398027/id-kaardi-kriisi-lahendaja-eesti-e-riiki-ei-saa-kinni-panna
https://president.ee/et/eesti-tanab/teenetemarkide-kavalerid-2018/14008-margus-arm/layout-decoration.html
https://president.ee/et/eesti-tanab/teenetemarkide-kavalerid-2018/14039-kaarel-raspel/layout-decoration.html
https://president.ee/et/eesti-tanab/teenetemarkide-kavalerid-2018/14015-kaija-kirch/layout-decoration.html
https://president.ee/et/eesti-tanab/teenetemarkide-kavalerid-2018/13972-raimo-peterson/layout-decoration.html

Let’s speak about cyber security @Elektrilevi

Leave a reply

The first meetup will be brought to you in cooperation with Elektrilevi and will focus on cyber security issues in energetics sector. The goal of the first seminar is to map out the interest in cybersecurity topics in the field of energy and finding opportunities for collaborative projects in SmartGrid area. Elektrilevi supplies electricity to almost all households and companies in Estonia. Their role as the largest network operator is to ensure the constant supply of electricity to our customers. Elektrilevi manages a unique SmartGrid network that covers almost the whole country. The technology has brought many new solutions but also some new issues to be resolved in cyber security domain. In the meetup, we will discuss the different cyber security questions and challenges in energetics sector.

SCHEDULE
15:00 – 15:05 Moderator’s welcome to the Let’s speak about cyber security @ meetup series – Marily Hendrikson, Cyber Security project manager at Startup Estonia team
15:05 – 15:15 Introduction to Elektrilevi – Taavi Liivandi, Head of Smart Grid Development Center @Elektrilevi
15:15 – 16:15 Cyber security @Elektrilevi – Indrek Künnapuu, Information security manager @Elektrilevi
PAUSE
16:20 – 17:05 Klaid Mägi, Head of CERT EE @Information System Authority.
Networking until 17.30

Links:
https://www.meetup.com/Lets-speak-about-cyber-security/events/246449690/

MSc thesis: Security of Loyalty Cards Used in Estonia

Leave a reply

Abstract
This thesis identifies the card technologies used in loyalty programs across Estonia. These technologies include magnetic-stripe cards, contactless cards (in the form of MIFARE Classic, MIFARE Ultralight, MIFARE DESFire EV1 and low frequency RFID cards) and a smart card known as the Estonian electronic identification card (ID card). Each card type implements its own security features to prevent cloning and/or unauthorized access to the content stored on the card. The contents of each card was read and the method in which it was used in the system analysed. In the cases where possible a clone of the card was created and tested against the real system to verify that it passed the authentication procedures.

This is MSc thesis from TUT Cyber Security curriculum. The thesis was defended in June 2017.

The thesis analyzed cloneability aspects of the loyalty cards used in Estonia. While the magnetic-stripe cards are known to be trivially cloneable, the study also analyzed bunch of contact-less cards: MyFitness, Elron, Tallinn Bus Card, ISIC, SEB ISIC, Tartu Bus Card, Rimi Card. Only the Rimi and Elron card was found to withstand known cloning attacks.

Links:
http://kodu.ut.ee/~arnis/loyalty_thesis.pdf
http://kodu.ut.ee/~arnis/loyalty_slides.pdf

Estonian Defence Forces to set up Cyber Command of 300 hackers

Leave a reply

The Estonian Defence Forces next year will create Cyber Command, which, if necessary, will also take cyber attacks against both virtual and physical targets.

“It will begin to carry out cyber-attacks in the entire spectrum, which means both defense and, if necessary, attack,” explained the undersecretary of the Ministry of Defense Erki Kodar meeting today in Tallinn with the international press. Kodar pointed out that Estonia does not plan to use the cybersecurity’s capability to act only in cyberspace, but also, if necessary, in other areas of warfare, in other words to attack physical targets.

“All of this activity must, of course, be based on Estonian law and in accordance with international law,” Kodar confirmed.

The unit should begin work on August 1, 2018 and achieve full capacity for work by 2020. By that time, 300 people should serve the cyber command. The cyber command is not very common in the world or in NATO allied countries. A similar entity already works in the United States, the United Kingdom, Germany, France and the Netherlands. Next year Estonia will be added to the list.

The number 300 is a big number for the small Estonia. This will be very expensive for the Defence Forces, because these specialists are paid a lot in the private sector.

Links:
https://geenius.ee/uudis/eesti-kaitsevagi-loob-300-pealise-hakkerite-uksuse-mis-hakkab-vajadusel-ka-fuusilisi-sihtmarke-rundama/
https://www.youtube.com/watch?v=PKC-nWRfez4

Smart-ID paper: Server-Supported RSA Signatures for Mobile Devices

Leave a reply

Abstract
We propose a new method for shared RSA signing between the user and the server so that: (a) the server alone is unable to create valid signatures; (b) having the client’s share, it is not possible to create a signature without the server; (c) the server detects cloned client’s shares and blocks the service; (d) having the password-encrypted client’s share, the dictionary attacks cannot be performed without alerting the server; (e) the composite RSA signature “looks like” an ordinary RSA signature and verifies with standard crypto-libraries. We use a modification of the four-prime RSA scheme of Damgård, Mikkelsen and Skeltved from 2015, where the client and the server have independent RSA private keys. As their scheme is vulnerable to dictionary attacks, in our scheme, the client’s RSA private exponent is additively shared between server and client. Our scheme has been deployed and has over 200,000 users.

The paper was published in proceedings of the conference ESORICS 2017, Oslo, Norway, September 11-15, 2017.

The paper contains several pages of cryptographic proofs. The RSA key generation involves “l-safe” primes, which is not a standard practice in generating RSA primes. This is worrisome, especially after it became known that the flaw in ID card was caused by other instance of nonstandard RSA prime generation.

Links:
https://link.springer.com/chapter/10.1007/978-3-319-66402-6_19

TallinnSec meetup: DevSec, 4G broadband modem pwning, Database Hoarding and Certbot

Leave a reply

Tuesday, December 12, 2017, 17:00 to 20:00.
Technopolis Ülemiste, Lõõtsa 6, 2nd floor
Room name: Helsinki

Agenda:
17:10 – Sponsor greetings from Märt Ridala (Solita OÜ)
17:20 – Antti Virtanen: DevSec
17:50 – Iiro Uusitalo: WAN-to-LAN exploitation of 4G broadband modem
18:10 – Shamil Alifov: Database Hoarding. For fun and profit.
18:40 – Joona Hoikkala: Road ahead for encrypted web with Certbot and Let’s Encrypt
19:10 – Stefano Alberico: Communication solution based on end-to-end hardware encryption

Links:
https://www.meetup.com/TallinnSec/events/244711668/

CERT-EE is looking for monitoring specialists and security experts

Leave a reply

INFORMATION SECURITY EXPERT

The main tasks:
• Information security incident investigation, solving and technical analysis;
• Network monitoring;
• Threat and vulnerability monitoring, reaction and solving;
• Development of technical solutions;
• Log analysis;
• Performing tasks of international contact point in incident investigation and solving.

MONITORING SPECIALIST

The main tasks:
• Information security incident monitoring and management 24/7.
• Incident monitoring and management of RIA services and state networks;
• Tracking of information security news and compilation of summary;
• Performing tasks of international contact point in incident investigation and solving.

If you think that you are the person we are looking for, send your CV together with suggested amount of salary to klaid@cert.ee until 05.12.2017.

Links:
https://twitter.com/CERT_EE/status/933023046927077376
https://cybersec.ee/wp-content/uploads/2017/11/CERT_seirespetsialist.jpg
https://cybersec.ee/wp-content/uploads/2017/11/CERT_infoturbeekspert.jpg

Security Software OÜ is looking for security operators

Leave a reply

We are looking for a competent security operator to undertake the surveillance of our customers IT systems, networks, servers, and operate the security measures of our customers. You will be responsible for detecting any suspicious network behavior and reacting accordingly. The ideal candidate will inspire respect and authority as well as possess a high level of observation.

Responsibilities:
• Patrol system logs for threats
• Respond to alarms by investigating and assessing the situation
• Remove hackers, trespassers, and policy violators from network
• Work with customer IT staff to secure all endpoints, network devices, servers, services, and IoT
• Provide assistance to customer IT staff
• Apprehend and detain perpetrators
• Submit periodic reports of surveillance activity and important occurrences

Soft skills & personality:
• Sharp mind, act fast
• Investigative mindset
• Tech-savvy
• Dealing with uncertainty

Technical knowledge (work experience or learning):
• Networks – good understanding of how computer networks work
• Windows – yes – people use Windows
• Linux – yes – people use Linux
• Scripting – comfortable working with PERL

Links:
https://secsoft.ee/wp-content/uploads/2017/11/SECURITY-OPERATOR.pdf

Seminar on secure SSL load balancer configuration

Leave a reply

Santa Monica Networks and F5 invites you to attend the morning seminar on November 17 at 08:30 – 12:30 at the LIFT99 event center. At the seminar, we will look at how the F5 SSL Orchestrator works, and discuss the typical errors that are being encountered in setting up the load balancer.

Day plan:
08:30 – 09:00 Morning coffee and check-in
09:00 – 10:30 F5 Networks SSL Orchestrator – how does it work, what does it do?
Continuing this year’s Security Day seminars on HTTPS visibility and F5 SSL Orchestrator themes, you can now learn about SSLO setup options and its functionality from a technical demo.
– Tarmo Mamers | Network Security Specialist @ Santa Monica Networks
10:30 – 10:45 Coffee break
10:45 – 11:30 Load balancer to identify a person – what could go wrong there?
Typical errors that occur when setting up the load divider. By living examples, it turns out how criminals can exploit such weaknesses and can be done by each network gatekeeper to prevent such errors.
– Mait Peekma | Pentester, trainer @ Clarified Security
11:30 – 12:30 Lunch @ F-Building
Seminar presentations are in Estonian

Because we remember how misconfiguration of F5 SSL load balancer used by SEB and Swedbank allowed to bypass ID card authentication.

Links:
https://www.eventbrite.com/e/f5-avab-https-liikluse-mis-edasi-saab-hommikuseminar-tickets-39077653313