At a glance.
- Fancy Bear suspected of nosing around Oslo.
- TikTok payback?
- Developments in Australian cyber policy.
Fancy Bear suspected of nosing around Oslo.
Norway says Fancy Bear is probably to blame for the August attack on the Storting that compromised member emails, SecurityWeek reports. The GRU-linked APT (probably) deployed a brute force attack, successfully grabbing private data. Norwegian intelligence did not uncover sufficient evidence to seek charges. Moscow’s Oslo embassy denied the accusations, urging journalists to be professional and not publish “in haste ‘most hot’ news if you do not dispose of evidence.”
ABP Live says Beijing has banned over one-hundred apps, mostly Chinese, since early November, in a “clean up of illegal” services. Tripadvisor was swept up in the cleanse, in possible retaliation for Washington’s TikTok ban. The Cyberspace Administration of China said, without further elaboration, that all banned apps broke cyber laws. The country has been working to mop up violent, “adult,” and gambling forums. Tripadvisor’s website remains live; notably, Twitter, Facebook, Google, and Gmail were long ago purged.
Canberra considers enhanced police powers, infrastructure protections.
Australia’s Parliamentary Joint Committee on Intelligence and Security is reviewing a bill that would permit state authorities to gain control of private online accounts by covert force and alter their contents, according to iTnews. The Surveillance Legislation Amendment (Identity and Disrupt) Bill 2020, introduced last week, would augment the fact-finding faculties of the Australian Federal Police (AFP) and Australian Criminal Intelligence Commission (ACIC) in response to the growing investigative challenges posed by anonymizing tech. As the law stands, authorities must obtain consent for account access.
The “rushed passage” in 2018 of the Telecommunications Legislation Amendment (Assistance and Access) Act is fresh on Aussie minds, according to another iTnews article, and officials are worried about inadequate judicial oversight of the new powers. Home Affairs Secretary Mike Pezzullo commented that warrants take too long and dark web “technology has gotten ahead of the law,” ZDNet reports.
Canberra is also considering an amendment to the Security of Critical Infrastructure Act 2018 called the Security Legislation Amendment (Critical Infrastructure) Bill 2020. In addition to expanding protections for sectors ranging from space to sewage, as another ZDNet article reports, the bill would establish a special category called “systems of national significance.” Enhanced regulation, reporting, and oversight, including by the Australian Cyber Security Center and Signals Directorate, would follow. The proposed law would also enforce positive security obligations (PSOs), leveling the cybersecurity expenditure field for businesses involved in critical systems.