{"id":18627,"date":"2015-02-25T15:59:41","date_gmt":"2015-02-25T04:59:41","guid":{"rendered":"http:\/\/www.aspistrategist.ru\/?p=18627"},"modified":"2015-02-26T08:00:42","modified_gmt":"2015-02-25T21:00:42","slug":"cyber-wrap-62","status":"publish","type":"post","link":"https:\/\/www.aspistrategist.ru\/cyber-wrap-62\/","title":{"rendered":"Cyber wrap"},"content":{"rendered":"<p><a href=\"http:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2015\/02\/2737452969_68edc48e45_o.jpg\"><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-full wp-image-18628\" src=\"http:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2015\/02\/2737452969_68edc48e45_o.jpg\" alt=\"\" width=\"500\" height=\"332\" srcset=\"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2015\/02\/2737452969_68edc48e45_o.jpg 500w, https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2015\/02\/2737452969_68edc48e45_o-205x136.jpg 205w, https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2015\/02\/2737452969_68edc48e45_o-332x221.jpg 332w\" sizes=\"(max-width: 500px) 100vw, 500px\" \/><\/a>Last week Lenovo grabbed <a href=\"https:\/\/www.yahoo.com\/tech\/s\/lenovo-releases-superfish-removal-tool-141544381.html\" target=\"_blank\">headlines<\/a> for all the wrong reasons following the discovery that the company had pre-loaded adware onto PC\u2019s sold between September 2014 and January 2015. The \u2018Superfish\u2019 software monitors users\u2019 online activity and analyses the images that appear on their screens, tailoring subsequent advertising to match their browsing history. That information is gathered without the permission of the user, and until now, the software had been difficult to remove. The program effectively carries out a \u2018man-in the middle\u2019 style attack as it decrypts secure traffic, inserts its own ads, and then re-encrypts the traffic. The program is able to function in this fashion as Lenovo added Superfish\u2019s digital signature to Window\u2019s list of trusted root certificates.<\/p>\n<p>In addition to the alarming privacy concerns, the Superfish software has raised several security issues. The US Department of Homeland Security is <a href=\"http:\/\/www.reuters.com\/article\/2015\/02\/20\/us-lenovo-cybersecurity-dhs-idUSKBN0LO21U20150220\" target=\"_blank\">urging<\/a> Lenovo customers to <a href=\"http:\/\/support.lenovo.com\/us\/en\/product_security\/superfish_uninstall\" target=\"_blank\">uninstall<\/a> the software as it creates a significant vulnerability that could be exploited by malicious actors. Robert Graham at Errata security has already <a href=\"http:\/\/blog.erratasec.com\/2015\/02\/exploiting-superfish-certificate.html#.VO00OeHQOhx\" target=\"_blank\">shown<\/a> how quickly PCs with Superfish can be compromised.<!--more--><\/p>\n<p>The Turkish government has <a href=\"http:\/\/www.defensenews.com\/story\/defense\/policy-budget\/cyber\/2015\/02\/21\/turkey-cyber-tubitak-cybersecurity-ssm-software\/23636627\/\" target=\"_blank\">announced<\/a> this week that it\u2019ll launch a Cyber Security Operation Centre constructed entirely on nationally-built software. The CSOC will gather various existing cyber programs and functions carried out by the government and organise them under a \u2018single operating system\u2019. To assist in that effort Turkey\u2019s defence procurement office is establishing a unit purely dedicated to cyber security and has already offered to lend \u2018every support\u2026to all potential Turkish companies keen to develop solutions\u2019.<\/p>\n<p>Whilst nation-states and private companies are ramping up their defensive efforts against outside attacks, it\u2019s always wise to keep an eye on those inside the tent. A <a href=\"http:\/\/www.pwc.com\/crimesurvey\" target=\"_blank\">report<\/a> from PwC looking at global crime found that over half of those wanting to commit fraud against a company actually worked at the company in question. <a href=\"http:\/\/www.bbc.com\/news\/technology-31164843\" target=\"_blank\">Criminals<\/a> acting from within organisations are often much harder to spot as they have an advanced knowledge of systems and processes that are in place and where loopholes exist. These types of crimes are therefore often more subtle, longer-term and harder to combat than large, forceful, external attacks.<\/p>\n<p>Lieutenant General Edward C. Cardon, commander of U.S. Army Cyber Command and Second Army recently gave an interesting and wide ranging <a href=\"http:\/\/www.army.mil\/article\/143057\/\" target=\"_blank\">talk<\/a> at Georgetown University on the evolution of the cyber landscape. He called not only for a cross-service and cross-government approach, but one that draws in the private sector and international partners. He also spoke about the difficulties surrounding terminology in the cyber world. \u2018There&#8217;s a real challenge here\u2019. Cardon said. \u2018When you say \u201cattack in cyberspace\u201d, what does that really mean? [From a policy standpoint], when you say \u201cattack\u201d, there are a lot of treaties in place that say, \u201cWe&#8217;ll come in defense of an attack\u201d, so you can instantly start to see how complex this could become rapidly.\u2019<\/p>\n<p>Wrapping up this week, we received the following comment from the Department of the Prime Minister and Cabinet after our ASPI\u00a0<a href=\"http:\/\/www.aspistrategist.ru\/cyber-wrap-61\/\" target=\"_blank\">Cyber wrap<\/a> posted on 18 Feb referenced <a href=\"http:\/\/www.smh.com.au\/it-pro\/security-it\/tony-abbotts-cyber-security-review-delayed-20150216-13g0gn.html\">this article<\/a>. \u201cThe media incorrectly reported this week that the Government\u2019s Cyber Security Review won\u2019t deliver its full findings until the end of the year. The Review is still on track and will report in the six month timeframe announced by the Prime Minister last November. This will be followed by the release of a public strategy outlining practical initiatives to improve our national security, and practical ways government can work with business to make online commerce more secure.&#8221; You can also check out the Cyber Security Review\u2019s new web page <a href=\"http:\/\/www.dpmc.gov.au\/pmc\/about-pmc\/core-priorities\/national-security-and-international-policy\/australian-governments-cyber-security-review\" target=\"_blank\">here<\/a>.<\/p>\n<p><a href=\"https:\/\/www.aspistrategist.ru\/about-aspi\/aspi-staff\/analysts\/jessica-woodall\" target=\"_blank\"><em>Jessica Woodall<\/em><\/a><em> is an analyst in ASPI\u2019s\u00a0<\/em><a href=\"http:\/\/cyberpolicy.aspistrategist.ru\/\" target=\"_blank\"><em>International Cyber Policy Centre<\/em><\/a><em>. Image courtesy of Flickr user <a href=\"https:\/\/www.flickr.com\/photos\/25356196@N08\/2737452969\" target=\"_blank\">Cat<\/a>.<\/em><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Last week Lenovo grabbed headlines for all the wrong reasons following the discovery that the company had pre-loaded adware onto PC\u2019s sold between September 2014 and January 2015. The \u2018Superfish\u2019 software monitors users\u2019 online activity &#8230;<\/p>\n","protected":false},"author":133,"featured_media":18628,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_mi_skip_tracking":false,"footnotes":""},"categories":[1],"tags":[391,713,1015,747],"class_list":["post-18627","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-general","tag-cyber","tag-cyberattack","tag-malware","tag-turkey"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v19.3 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Cyber wrap | The Strategist<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.aspistrategist.ru\/cyber-wrap-62\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Cyber wrap | The Strategist\" \/>\n<meta property=\"og:description\" content=\"Last week Lenovo grabbed headlines for all the wrong reasons following the discovery that the company had pre-loaded adware onto PC\u2019s sold between September 2014 and January 2015. The \u2018Superfish\u2019 software monitors users\u2019 online activity ...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.aspistrategist.ru\/cyber-wrap-62\/\" \/>\n<meta property=\"og:site_name\" content=\"The Strategist\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/ASPI.org\" \/>\n<meta property=\"article:published_time\" content=\"2015-02-25T04:59:41+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2015-02-25T21:00:42+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2015\/02\/2737452969_68edc48e45_o.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"500\" \/>\n\t<meta property=\"og:image:height\" content=\"332\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Jessica Woodall\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@ASPI_org\" \/>\n<meta name=\"twitter:site\" content=\"@ASPI_org\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Jessica Woodall\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.aspistrategist.ru\/#website\",\"url\":\"https:\/\/www.aspistrategist.ru\/\",\"name\":\"The Strategist\",\"description\":\"ASPI&#039;s analysis and commentary site\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.aspistrategist.ru\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-AU\"},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-AU\",\"@id\":\"https:\/\/www.aspistrategist.ru\/cyber-wrap-62\/#primaryimage\",\"url\":\"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2015\/02\/2737452969_68edc48e45_o.jpg\",\"contentUrl\":\"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2015\/02\/2737452969_68edc48e45_o.jpg\",\"width\":500,\"height\":332},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.aspistrategist.ru\/cyber-wrap-62\/\",\"url\":\"https:\/\/www.aspistrategist.ru\/cyber-wrap-62\/\",\"name\":\"Cyber wrap | The Strategist\",\"isPartOf\":{\"@id\":\"https:\/\/www.aspistrategist.ru\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.aspistrategist.ru\/cyber-wrap-62\/#primaryimage\"},\"datePublished\":\"2015-02-25T04:59:41+00:00\",\"dateModified\":\"2015-02-25T21:00:42+00:00\",\"author\":{\"@id\":\"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/9bd8dbe30fb509c3b05d23eebc948556\"},\"breadcrumb\":{\"@id\":\"https:\/\/www.aspistrategist.ru\/cyber-wrap-62\/#breadcrumb\"},\"inLanguage\":\"en-AU\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.aspistrategist.ru\/cyber-wrap-62\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.aspistrategist.ru\/cyber-wrap-62\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.aspistrategist.ru\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Cyber wrap\"}]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/9bd8dbe30fb509c3b05d23eebc948556\",\"name\":\"Jessica Woodall\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-AU\",\"@id\":\"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/68050b949391d6c3e7143b759a15ebaa?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/68050b949391d6c3e7143b759a15ebaa?s=96&d=mm&r=g\",\"caption\":\"Jessica Woodall\"},\"url\":\"https:\/\/www.aspistrategist.ru\/author\/jessica-woodall\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Cyber wrap | The Strategist","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.aspistrategist.ru\/cyber-wrap-62\/","og_locale":"en_US","og_type":"article","og_title":"Cyber wrap | The Strategist","og_description":"Last week Lenovo grabbed headlines for all the wrong reasons following the discovery that the company had pre-loaded adware onto PC\u2019s sold between September 2014 and January 2015. The \u2018Superfish\u2019 software monitors users\u2019 online activity ...","og_url":"https:\/\/www.aspistrategist.ru\/cyber-wrap-62\/","og_site_name":"The Strategist","article_publisher":"https:\/\/www.facebook.com\/ASPI.org","article_published_time":"2015-02-25T04:59:41+00:00","article_modified_time":"2015-02-25T21:00:42+00:00","og_image":[{"width":500,"height":332,"url":"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2015\/02\/2737452969_68edc48e45_o.jpg","type":"image\/jpeg"}],"author":"Jessica Woodall","twitter_card":"summary_large_image","twitter_creator":"@ASPI_org","twitter_site":"@ASPI_org","twitter_misc":{"Written by":"Jessica Woodall","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebSite","@id":"https:\/\/www.aspistrategist.ru\/#website","url":"https:\/\/www.aspistrategist.ru\/","name":"The Strategist","description":"ASPI&#039;s analysis and commentary site","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.aspistrategist.ru\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-AU"},{"@type":"ImageObject","inLanguage":"en-AU","@id":"https:\/\/www.aspistrategist.ru\/cyber-wrap-62\/#primaryimage","url":"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2015\/02\/2737452969_68edc48e45_o.jpg","contentUrl":"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2015\/02\/2737452969_68edc48e45_o.jpg","width":500,"height":332},{"@type":"WebPage","@id":"https:\/\/www.aspistrategist.ru\/cyber-wrap-62\/","url":"https:\/\/www.aspistrategist.ru\/cyber-wrap-62\/","name":"Cyber wrap | The Strategist","isPartOf":{"@id":"https:\/\/www.aspistrategist.ru\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.aspistrategist.ru\/cyber-wrap-62\/#primaryimage"},"datePublished":"2015-02-25T04:59:41+00:00","dateModified":"2015-02-25T21:00:42+00:00","author":{"@id":"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/9bd8dbe30fb509c3b05d23eebc948556"},"breadcrumb":{"@id":"https:\/\/www.aspistrategist.ru\/cyber-wrap-62\/#breadcrumb"},"inLanguage":"en-AU","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.aspistrategist.ru\/cyber-wrap-62\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.aspistrategist.ru\/cyber-wrap-62\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.aspistrategist.ru\/"},{"@type":"ListItem","position":2,"name":"Cyber wrap"}]},{"@type":"Person","@id":"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/9bd8dbe30fb509c3b05d23eebc948556","name":"Jessica Woodall","image":{"@type":"ImageObject","inLanguage":"en-AU","@id":"https:\/\/www.aspistrategist.ru\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/68050b949391d6c3e7143b759a15ebaa?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/68050b949391d6c3e7143b759a15ebaa?s=96&d=mm&r=g","caption":"Jessica Woodall"},"url":"https:\/\/www.aspistrategist.ru\/author\/jessica-woodall\/"}]}},"_links":{"self":[{"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/posts\/18627"}],"collection":[{"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/users\/133"}],"replies":[{"embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/comments?post=18627"}],"version-history":[{"count":5,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/posts\/18627\/revisions"}],"predecessor-version":[{"id":18647,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/posts\/18627\/revisions\/18647"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/media\/18628"}],"wp:attachment":[{"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/media?parent=18627"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/categories?post=18627"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.aspistrategist.ru\/wp-json\/wp\/v2\/tags?post=18627"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}