Les Bell

Welcome to today's daily briefing on security news relevant to our CISSP (and other) courses. Links within stories may lead to further details in the course notes of some of our courses, and will only be accessible if you are enrolled in the corresponding course - this is a shallow ploy to encourage ongoing study. However, each item ends with a link to the original source.

News Stories

ASX Gives Up On Blockchain

In a final blow to that perennial solution in search of a problem, blockchain technology, the Australian Stock Exchange has announced that it has completely abandoned all attempts to replace its aging CHESS (Clearing House Electronic Subregister System) settlement system with the once-charismatic 'solution'. In November last year, we reported that the ASX had halted the project following an independent review, taking a $A250 million loss in the process.

Now the exchange has stated that it is considering its options to replace CHSS, but that any attempt will not involve blockchain or distributed ledger technology. At a meeting with participants, project director said that, "while we continue to explore all the options, certainly we will need to use a more conventional technology than in the original solution in order to achieve the business outcomes".

New York blockchain tech form Digital Asset had hoped that the project would be resurrected, but those hopes are now dashed.

Kaye, Byron, Australian stock exchange says software overhaul won't involve blockchain, Reuters, 19 May 2023. Available online at https://www.reuters.com/markets/australian-stock-exchange-says-software-overhaul-wont-involve-blockchain-2023-05-19/.

Low Earth Orbit Satellites Vulnerable to Jamming

Few realise the extent to which our lives have been changed by low earth orbit satellites. One obvious example is the disappearance of maps, atlases and street directories for driving; almost everyone has switched to GPS-based navigation systems, which utilise signals from a constellation of satellites continually orbiting the earth.

A more recent innovation is the provision of Internet access via SpaceX's Starlink network of low earth orbit satellites, which have proven popular with RV'ers and users in remote areas, as well as institutions - such as our local council - which are signing up in order to have a backup service in case of outages in terrestrial services.

However, in a world of international tensions, these satellite services are highly vulnerable to attack. Unlike the higher-orbit geostationary satellites, which remain over a fixed position on the earth's surface, low earth orbit communications satellites appear over the horizon, zoom (roughly) overhead and disappear again, meaning that they must frequently hand over their ground station connections to the next satellite of the constellation. This handover introduces delays and opens up more more surface for interference, according to Mark Manulis, professor of privacy and applied cryptography at the Universite of the Federal Armed Forces Cyber Defense Research Institued in Munich.

We have previously seen jamming and spoofing of GPS satellites, affecting shipping in the Black Sea and airliners around the Kaliningrad region, Eastern Finland, the Black Sea and the Eastern Mediterranean area, prior to, but especially since the beginning of, the Russian invasion of Ukraine. While the Starlink satellites transmit at higher power levels, mking them harder to jam than GPS, Elon Musk has already claimed that SpaceX has seen attempts to jam the system. In addition, Russia's defence agencies commissioned a system called Tobol which is intended to counter attempted jamming of their own satellites - indicating that they have already done considerable work in this area.

A report in IEEE Spectrum claims that commercial satellites are nowhere near the level of security found in military satellites, and considerable work is now in progress to remediate this situation.

Laursen, Lucas,  Satellite Signal Jamming Reaches New Lows: Starlink and other LEO constellations face a new set of security risks, IEEE Spectrum, 18 May 2023. Available online at https://spectrum.ieee.org/satellite-jamming.

Understanding Hackers Vital, Says Lawyer

A new book from the founding director of Yale University's Cybersecurity Lab, lawyer Scott Shapiro, makes the case that we can only effectively tackle cybercrime if we understand not only how people hack, but why. In "Fancy Bear Goes Phishing", Shapiro examines several case studies such as the hacking of Paris Hilton's T-Mobile Sidekick and the infamous Morris Worm, to extract some important lessons.

In an interview in New Scientist, he explains why he has made available a free online hacking course, and talks about the futility of purely technical defences.

Adam, David, Knowing how to hack will be vital in a cybercrime-filled future, New Scientist, 16 May 2023. Available online at https://www.newscientist.com/article/mg25834390-100-knowing-how-to-hack-will-be-vital-in-a-cybercrime-filled-future/.

These news brief blog articles are collected at https://www.lesbell.com.au/blog/index.php?courseid=1. If you would prefer an RSS feed for your reader, the feed can be found at https://www.lesbell.com.au/rss/file.php/1/dd977d83ae51998b0b79799c822ac0a1/blog/user/3/rss.xml.

Copyright to linked articles is held by their individual authors or publishers. Our commentary is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License and is labeled TLP:CLEAR.