![\"Image](\"https:\/\/www.aspistrategist.ru\/wp-content\/uploads\/2017\/06\/email-1903444_640.jpg\" "\\"Image")
<\/p>\n<\/p>\n
The UK Parliament\u2019s e-mail system was targeted by a sustained brute-force password-guessing attack last Friday<\/a>, forcing parliamentary staff to temporarily block remote email access and mandate password changes. The \u2018rudimentary<\/a>\u2019 but effective attack resulted in the compromise of at least 90 email accounts<\/a>. A few members of parliament, including Cabinet ministers, saw their details posted for sale<\/a> online, and it\u2019s possible that embarrassing personal information has been taken, posing a risk of blackmail<\/a>. More importantly, the details gathered could be used to penetrate other vital systems<\/a>. It\u2019s not yet clear who conducted the attack or why they did it, but Conservative Party MP Henry Smith<\/a> trundled out the usual suspects, from Russia, to North Korea, to an anonymous stranger in a basement. Subsequent commentary has criticised the Parliament\u2019s information security practice<\/a>s, from accepting the use of weak passwords<\/a> that could be \u2018guessed\u2019, to lacking basic and decades-old mitigation<\/a> strategies like IP filtering and 2-factor-authentication, and finally the 10-hour delay before<\/a> the Parliamentary Digital Service alerted affected personnel.<\/p>\n Attorney-General George Brandis and Minister for Immigration and Border Protection Peter Dutton have issued a joint media release<\/a> setting out Australia\u2019s agenda ahead of a Five-Eyes meeting in Ottawa<\/a>\u2014though 10 points from Gryffindor for \u2018Ottowah\u2019. The meeting is set to focus on encrypted communications, data sharing and immigration arrangements. Encrypted messaging has dominated the national security debate recently, due to its massive growth to 40% of CT-related commutation intercepts<\/a> today, compared to 3% just four years ago. Russia is also facing the encryption debate, with the Russian Federal Security Service threatening to block encrypted messaging app Telegram<\/a> for refusing to decrypt messages after it was used by terrorists in the St. Petersburg metro attack back in April.<\/p>\n Tech firms aren\u2019t happy with the direction of the encryption debate either, with Google\u2019s Legal Counsel Kent Walker stating that companies are in an \u2018untenable\u2019 position<\/a>\u2014caught between needing to fulfil unwieldy treaty-based international evidence requests (which currently take up to 10 months on average) despite systemic legal ambiguity. In a supporting blog post<\/a>, he\u2019s called for new regulations that clarify data sovereignty<\/a>, improve current international evidence sharing processes, and introduce agreed norms when it comes to baseline principles of privacy, human rights and due process. Google has also announced that Gmail<\/a> will no longer be scanned for advertising profiling data to increase consumer confidence.<\/p>\n In news for any legal scholars following the infosec world, the National Law Review, an American journal, has put out a three-part series<\/a> providing a rundown on China\u2019s recently implemented Cybersecurity Law. Germany has recently introduced new laws<\/a> that expand the scope of situations<\/a> in which German police are allowed to access devices and see messages at the source<\/a>. The law has run into legal challenges<\/a>, which argues that the new legislation is in contravention of EU laws. Finally, pending legislation<\/a>, Canada might see it\u2019s Communications Security Establishment legally empowered<\/a> (with upgraded oversight<\/a>) to carry out<\/a> offensive cyber operations, a move that would significantly expand its mandate<\/a>.<\/p>\n Cyber cooperation has seen big wins this week, with Canada<\/a> and China<\/a> signing an agreement to stop using cyber-attacks<\/a> for industrial espionage. Multilaterally, Thailand\u2019s Ministry of Foreign Affairs will host a seminar next week<\/a> to discuss ASEAN\u2019s cybersecurity cooperation and practice in the future. And the World Bank is funding a project to stand up<\/a> Zambia\u2019s National Cybersecurity Agency, with Israeli cybersecurity company CyGov providing advice and expertise<\/a>.<\/p>\n WannaCry has continued to infect pockets of unpatched systems this week, striking a Honda factory<\/a> and forcing the factory to temporarily shut down while fixes were applied. WannaCry has also affected traffic cameras in Victoria<\/a>. Initial statements from the Victorian government<\/a> indicated that the overall system wasn\u2019t compromised and that all infringements would remain, but that was later<\/a> reversed<\/a>, with the government stating they would \u2018quarantine<\/a>\u2019 and review infringements generated by the affected cameras. The contradiction seems to indicate that the Victorian government is struggling with its communications and decision-making processes in the event of cyber incidents.<\/p>\n The US national security community seems to be embracing open source development communities, with the National Security Agency (NSA) joining GitHub to launch a page<\/a> that shares the details of 32 different projects<\/a>. Similarly, the Department of Homeland Security has announced a Kaggle competition<\/a> for passenger screening, sharing valuable training data and offering a US$1.5 million reward to the team that develops an algorithm for body scanners<\/a> to automatically identify concealed objects. There\u2019s been some involuntary technology sharing between the national security and open source communities, too, with WikiLeaks releasing more technical documentation<\/a> on CIA hacking tools from \u2018Vault7<\/a>\u2019 The latest leak has provided details on a toolset called \u2018Brutal Kangaroo\u2019<\/a>, designed to spread through infected USBs and, potentially, infiltrate air-gapped computers.<\/p>\n","protected":false},"excerpt":{"rendered":" The UK Parliament\u2019s e-mail system was targeted by a sustained brute-force password-guessing attack last Friday, forcing parliamentary staff to temporarily block remote email access and mandate password changes. The \u2018rudimentary\u2019 but effective attack resulted in …<\/p>\n","protected":false},"author":608,"featured_media":32603,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_mi_skip_tracking":false,"footnotes":""},"categories":[1],"tags":[416,391,928],"class_list":["post-32602","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-general","tag-australian-government","tag-cyber","tag-five-eyes"],"acf":[],"yoast_head":"\n