Estonian Internal Security Service (KaPo) Yearbook 2015

kapo_yearbook_cybersecurity

In providing cyber security, the objective of the Internal Security Service is to identify cyber-attacks that could have been initiated by a foreign state or may threaten national security. The Information System Authority, the Estonian Information Board and the Police and Border Guard Board play an important role in the national cyber security community.

ISS doesn’t have much to inform us about. The section “Cyber Security” on page 22 and 23 contains mainly compilation of cyber security best practices.

Defacement and denial-of-service attacks can also become parts of sending a message to the enemy, i.e. influence operations. Some Estonian websites were defaced with Daesh symbols and messages in 2015. Although this was part of a global marketing campaign, it could also be regarded as a message to Estonian society.

Links:
https://kapo.ee/sites/default/files/public/content_page/Annual%20Review%202015.pdf

Plan to regulate private detective market

Leave a reply

private_detective

In February 29th interior ministry sent interest groups a letter inquiring about how many private detectives there might be in Estonia and how the domain ought to be regulated.

Mr Rüütel says almost everything is currently possible with help of public registers, but it is complicated to the absurd. For instance, anyone may have recourse to population register, pay €5 and ask is some definite individual has a mother and a father. «If they should answer that yes but they are dead, then I have a new question: do they have sisters or brothers. But for that I will again need to pay five euros. This is ridiculous,» said Mr Rüütel.

Pursuant to the Security Service Act in force, security companies are forbidden to provide private detective services i.e. security and private detective business cannot be combined. «For us, this is questionable. I think these services definitely should not be mutually exclusive,» said Mr Kuusik.

But if a law is created, he says it should grant expanded rights to private detectives. «The law makes no sense if covert photographs are not allowed in public space, which is a much needed service to collect evidence. The same with recording etc,» listed Mr Kala.

Links:
http://news.postimees.ee/3611981/private-detectives-behold-business-boom-on-horizon

Cyber Security Summer School 2016: “Digital Forensics — technology and law”

Leave a reply

cybersecurity_summerschool_estonia

July 3-8, 2016, Estonian Information Technology College, Tallinn

Cyber Security Summer School 2016 is organised by Information Technology Foundation for Education in collaboration with Tallinn University of Technology, University of Tartu and The University of Adelaide.

Speakers:
• Hein Dries-Ziekenheiner
• Jeffrey Moulton (LSU)
• Merike Kaeo (Double Shot Security)
• Pavel Gladyshev (University College Dublin)
• Stephen Mason (www.stephenmason.eu)

Timeline:
Applications open until May 9, 2016
Confirmation of admission by May 23, 2016

Monday, July 4
09:00 – 10:00 Opening of the Summer School
Welcoming words by Erki Urva, Chairman of the Board of HITSA
Introduction of the speakers and mentors by organizers Olaf Maennel and Helen Eenmaa-Dimitrieva
11:15 – 13:00 “Introduction to Electronic Evidence”, “Evidential Foundations and Authenticity” Stephen Mason and Hein Dries-Ziekenheiner
14:00 – 16:00 “Forensic Tools” Pavel Laptev

Tuesday, July 5
09:30 – 11:00 “Case assessment and Interpretation in digital forensic casework” Didier Meuwly
11:15 – 13:00 “Social media, big data, internet forensics” Hein Dries-Ziekenheiner
14:00 – 16:00 Exercise “State of Connecticut v Julie Amero” Stephen Mason and Hein Dries-Ziekenheiner

Wednesday, July 6
09:00 – 09:30 “Application to court” Stephen Mason
09:30 – 11:00 “Network Forensics As Evidence: What Can You Trust and What Is Admissible in a Court of Law” Merike Kaeo
16:15 – 17:30 “IT Forensics: Why post-mortem is dead. Whay over preserving evidence is bad.” Tobias Eggendorfer

Thursday, July 7
14:15 – 16:00 “This is Personal”, “Risk Management Framework” Jeffrey Moulton
16:15 – 18:00 “Frameworks for International Cyber Security” Eneken Tikk-Ringas

Friday, July 8
09:15 – 11:00 First Round of Moot Court
14:00 – 16:00 Best groups in a Public Moot
16:00 – 16:30 Summary and closing of the Summer School

Links:
http://studyitin.ee/c3s

Report of Estonian Information Board: International Security and Estonia in 2016

Leave a reply

In cyberspace, Russia is the source of the greatest threat to Estonia, the European Union and NATO. Estonia is a target of hostile cyber acts both as an individual country, and as a member of the EU and NATO.

Cyber operations and cyber warfare have become a part of modern warfare.

Page 45 has section “Cyber threats”. Two pages of text contain no new information.

Links:
http://www.teabeamet.ee/pdf/2016-en.pdf

PhD thesis: “Applying Secure Multi-party Computation in Practice”

Leave a reply

Riivo Talviste PhD thesis: “Applying Secure Multi-party Computation in Practice”
Defense date: 14.03.2016 – 16:15 (J. Liivi 2-405, Tartu, Estonia)

Thesis supervisor: Senior Research Fellow Sven Laur, Project manager Dan Bogdanov

Opponents:
Professor Stefan Katzenbeisser, Technische Universität Darmstadt (Germany)
Associate Professor Kurt Rohloff, New Jersey Institute of Technology (Newark, USA)

Summary:
In this work, we present solutions for technical difficulties in deploying secure multi-party computation in real-world applications. We will first give a brief overview of the current state of the art, bring out several shortcomings and address them.
The main contribution of this work is an end-to-end process description of deploying secure multi-party computation for the first large-scale registry-based statistical study on linked databases. Involving large stakeholders like government institutions introduces also some non-technical requirements like signing contracts and negotiating with the Data Protection Agency.

Links:
http://www.ut.ee/en/events/riivo-talviste-applying-secure-multi-party-computation-practice

Postimees leaks IP addresses of comment authors

Leave a reply

postimees_commenter_IP_address

Postimees is holding IP addresses of comment authors in the parrot.php JSON file. The field “tsa” seems to hold integer which is IP and the other part is MD5 hash. This IP can be used to find out from which company’s network the comment originates from.

$ ping 3240627210
PING 3240627210 (193.40.12.10) 56(84) bytes of data.
64 bytes from 193.40.12.10: icmp_seq=1 ttl=60 time=9.68 ms

Few years ago the Postimees had the same mistake which they fixed, but now the same mistake is introduced again.

Links:
https://tingmarprog.wordpress.com/2016/02/25/postimehe-kommentaariumis-ip-jalle-avalikult-nahtav/

60 percent of Swedbank’s customers use password card for online banking

Leave a reply

Swedbank_password_card

Nearly 60 percent of Swedbank’s private customers use password cards for online banking. This is in 2016, when already for several years there are much more comfortable and safer identification tools available, which do not involve the EUR 200 transaction limit.

By studying the reasons, it appears that people are not willing to change their habits. Password cards are familiar to them, they are used to them for a long time, they know exactly where the password card is located and know how to use it. They do not need to use it to learn something new.

One of the barrier also highlights the lack of trust in relation to the new authentication. People do not trust the things that they actually do not get to keep. They are not willing to go along with the changes quickly. Many assert that the EUR 200 payment limit does not hinder them.

Links:
http://kasulik.delfi.ee/news/uudised/e-riigi-hammastavad-numbrid-eesti-pangakliendid-kasutavad-ammu-iganenud-lahendust?id=73795383

Hacking systems protected by a simple password might not be an offense

Leave a reply

Oskar_Gross

Oskar Gross, the manager of recently opened Cyber Crime Unit of Central Criminal Police writes in an opinion piece that Estonian legislation is at times more primitive than the actual cybercrime. Therefore, there may be a weird situation where hacking an account that is protected with a simple password such as “1234” is not an offense.

In the last commented edition of the Penal Code, the lawmaker rather boldly attempted to define the legal handling of computer systems’ passwords and security issues related to recovering password, and the end result is problematic in several aspects.

Penal Code has an important section §217 “Illegal obtaining of access to computer systems” which aims to penalize unauthorized access to computer systems. The commented edition of Penal Code clarifies that unauthorized access is not in case of amazingly simple passwords, such as “admin”, “123456” and “qwerty”, because such passwords can be guessed by an attacker or found from “the top worst passwords” on the Internet.

In short, this section comment says: “If you have a weak password, the access to your data is allowed.”

Links:
http://geenius.ee/uudis/arvamuslugu-kas-konto-parooliga-1234-avalik

Rain Ottis Decorated with the Order of the White Star

Leave a reply

president_decorations

Estonian President Toomas Hendrik Ilves Wednesday signed the decision to decorate 99 persons for services to Estonia on the eve of the country’s 98th Independence Day celebration.

«The decorations are a testimony to Estonian people and our supporters outside Estonia for their determination in their actions and loyalty to the principles on which modern Estonia stands — openness, democracy, knowledge, innovation,» Ilves wrote in the decision to award the decorations.

Rain_Ottis

Our country is grateful to scientists whose research has helped to make Estonia greater. Decorations of the White Star are given to […] the founder of NATO CCDCOE and later the TUT Centre of Digital Forensics and Cyber Security, information technology scientist Rain Ottis.

Congratulations!

The White Star decoration was awarded also to the information security expert Toomas Nurmoja, but the Internet does not have much information about his merits.

Rain_Ottis

Toomas_Nurmoja

Links:
https://ccdcoe.org/centre-ambassador-rain-ottis-decorated-order-white-star.html
https://president.ee/et/meediakajastus/pressiteated/11983-2016-02-04-08-22-36/index.html

ID card or Mobile-ID required to post comments on ERR

Leave a reply

err_comment_auth

In the Estonian and Russian language versions of Estonian public broadcasting portal Err.ee comments will be allowed only after identification with ID card or Mobile-ID.

Err.ee reported that for a wider audience commentators still remain anonymous and can use nicknames. However, their identification data – name and personal identity number – if necessary, will be available only to the chief editor, but not other media staff or readers. As explained ERR, user identification will allow if necessary to contact the commentators, for example, to find out further information.

Changes do not affect the English version of ERR.ee, because its users are mainly foreigners.

Links:
http://uudised.err.ee/v/eesti/d631cdc9-8393-4fc1-8fd7-96f5260c7d41/