Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label New Zealand. Show all posts

Unmasking Cyber Shadows: New Zealand’s Battle Against State-Backed Hackers


Recently, New Zealand accused China of engaging in “malicious cyber activity” targeting its parliament. This accusation sheds light on the growing tensions between nations and the need to safeguard democratic institutions from cyber espionage. 

In this blog, we delve into the details of the cyberattacks, their implications, and the broader context of foreign interference in democratic processes. Accusations flew, fingers pointed, and the delicate fabric of diplomatic relations strained. But what exactly transpired, and why does it matter?

The Cyberattacks

In 2021, New Zealand’s parliament faced cyberattacks orchestrated by Chinese state actors. These attacks aimed to infiltrate sensitive government systems, potentially compromising national security. The New Zealand government swiftly responded, attributing the attacks to groups sponsored by the Chinese Government. The breach raised alarms, as it targeted the heart of New Zealand’s democratic processes.

The Implications

National Security: The cyberattacks on parliament underscore the vulnerability of critical infrastructure and government institutions. A breach in parliamentary systems could lead to unauthorized access to classified information, jeopardizing national security.

Foreign Interference: The accusation against China highlights the issue of foreign interference. Cyber espionage campaigns, sponsored by state actors, pose a threat to democratic processes globally. New Zealand’s response sends a clear message that such actions are unacceptable.

Diplomatic Tensions: The accusation strained New Zealand-China relations. Diplomatic discussions ensued, urging China to refrain from further cyber activities targeting democratic institutions. Balancing diplomatic ties with the need to protect national interests becomes a delicate task.

Broader Context

Global Cyber Landscape: New Zealand’s case is not isolated. The U.S. and U.K. have also accused China-linked hackers of cyber espionage. The targeting of British voter data and millions of individuals, including lawmakers, journalists, and academics, raises concerns about the integrity of democratic processes.

Australia’s Stance: Australia joined in condemning China’s cyber activities. While its electoral systems remained unharmed, the persistent targeting of democratic institutions worldwide has implications for open societies. Australia emphasizes the need for collective action against cyber threats.

Protecting Democracy: Cyberattacks on democratic institutions threaten the very essence of democracy. Governments must collaborate to strengthen cybersecurity measures, share threat intelligence, and hold perpetrators accountable.

Private Operators to Manage Mobile Speed Cameras in New Zealand

 

In a significant shift, New Zealand Transport Agency Waka Kotahi (NZTA) has opened a tender to hand over the management of the country's 45 mobile speed cameras to private operators from next year. This move, the first of its kind, is part of a broader initiative to revamp the nation's traffic enforcement strategy. 

Unlike the traditional setup where police issue speeding tickets, the winning private operator will not be responsible for penalizing drivers or receiving bonuses based on the number of violations. Instead, NZTA will retain control over processing images, issuing fines, and determining the placement of cameras. 

The tender emphasizes that the chosen provider must demonstrate the ability to meet evolving requirements, potentially including point-to-point mobile operations. This initiative aligns with NZTA's broader plan to take over all mobile and fixed speed cameras from the police by July 2025, with an additional 50 fixed cameras slated to be added soon. While the overall goal remains focused on enhancing road safety, the private operators will not receive any funds from mobile cameras. 

All fees collected will contribute to the Government consolidated fund. The tender specifically addresses spot speed tickets, emphasizing the use of unbranded vehicles and staff from the private company. Internationally, the involvement of third-party operators in delivering roadside mobile camera operations is a well-established practice, according to NZTA. 

The move aims to leverage private expertise for more efficient operations. The footage captured by these mobile cameras will be transmitted to data centres in Sydney, run by Amazon Web Services and Microsoft, and retained for 30 days while NZTA assesses it. However, the agency has been cautioned to manage risks concerning public trust and confidence in the system, highlighting the importance of safeguarding personal data. 

A noteworthy aspect of the tender is its potential expansion beyond speed-limit breaches. Bidders are expected to showcase capabilities in detecting individuals without seatbelts and drivers using mobile phones. The winning bidder must also have a proven track record in a comparable market, such as Australia, Europe, or the US, and be ready to set up operations in New Zealand by January. 

While the tender places a small weight on broader benefits, such as job creation in New Zealand, it underscores the need for a high degree of evidential accuracy, assurance, and effective cybersecurity. The selected provider will undergo monitoring and auditing, with a focus on ensuring the safety of mobile camera operators. 

This signifies a strategic shift in New Zealand's approach to traffic enforcement, emphasizing efficiency, technological advancements, and a collaborative effort between public and private entities. As the country looks to modernize its traffic management systems, this development could set a precedent for similar initiatives globally.

New Zealand Government Launches Open Banking for Consumers

 

The New Zealand Government declared last month that open banking is coming to the island nation. This much-needed reform is the first step in making New Zealand's financial ecosystem livelier and more competitive. 

As the nation gets ready for this new banking model, it must learn a lot from what Europe and the United Kingdom have gone through, especially with regard to worries about governance and data protection. 

Advantages of open banking 

A consumer data rights (CDR) framework, a system for safely and securely transferring personal data across multiple service providers, facilitates open banking. It means that Kiwis will be able to compare mortgage rates and other financial products more readily. 

Open banking is gaining popularity around the world because it assists in the integration of new financial service providers into the financial ecosystem, making it more sustainable, efficient, nimble, and inventive. 

It allows people who have many accounts at different banks to view all of their transactions in a single interface using account aggregator software. The customer will subsequently be able to swiftly transfer funds between accounts. The same application, with the use of artificial intelligence, can assist customers in organizing their finances by recommending financial products with better rates and terms. 

Additionally, it enables small and medium-sized businesses to better monitor their cash flow, reconcile payments, and manage inventories. Business owners can also combine their financial information with their accounting service provider through open banking. 

Learnings from Europe 

But what can New Zealand learn from the experiences of those nations that have already implemented open banking as it enters this brave new world? There are two recent reports from the UK and Europe that demonstrate some of the process's benefits and drawbacks. 

The European Commission's amended Payment Services Directive 2 (PSD2) proposal included open banking in July 2013. Open banking is now a global endeavor, with the United Kingdom and continental Europe viewed as global leaders. There are at least 410 third-party providers in Europe alone. 

The UK's Competition and Markets Authority announced the findings of an investigation of their open banking experience in May 2022. The authority's examination revealed issues about corporate governance problems, late account delivery, conflict management, procurement, and value for money, as well as the need for human resource changes. 

The problems were mostly caused by governance failings at the Open Banking Implementation Entity (OBIE). The nine biggest banks in the UK were required to implement open banking, and the OBIE was tasked with monitoring their success. Because there were not enough checks and balances on the trustees' decision-making, too much authority was given to one of them. Internal controls and the risk management system were also deficient. 

The UK government has recognized the issue and is working to strengthen OBIE's governance structure. 

The European Commission recently held a public consultation on its 2013 directive as well as the commission's work on open banking. Because of worries about privacy, data protection, and digital security, the majority of respondents were hesitant to share financial information. There was a pervasive impression that they had little control over how their data was used. 

Giving service providers access to their data, according to 84% of those who responded to the public survey, poses security and privacy hazards. Furthermore, 57% of respondents stated that financial service providers who store their data only occasionally seek approval before sharing it with other financial or third-party service providers. 

Requirement of unambiguous regulations 

The European and British experiences demonstrate the challenges associated with open banking adoption and public perception. The two papers' concerns about governance and data security should be carefully considered by the New Zealand government. 

The development of an effective board oversight and risk management plan is critical. To foster trust and transparency, a consent management mechanism should be implemented. There should also be a high-level structure in place to monitor and supervise all data holders and users. 

The implementation of open banking in New Zealand should result in a power shift away from traditional banks and toward a thriving financial technology sector. It should also provide traditional banks the opportunity to innovate and become far more responsive to customer wants.

New Zealand Banks and Post Offices Hit by a Cyber Attack

 

On Wednesday, the websites of a number of financial institutions in New Zealand, as well as the country's national postal service, were momentarily unavailable due to a cyber-attack, according to officials. A DDoS (distributed denial of service) attack targeting a number of organizations in the nation has been reported, according to the country's Computer Emergency Response Team (CERT). 

Minister David Clark, who is in charge of the digital economy and communications, said CERT has informed him that "a number" of organizations have been compromised. “At this time, efforts to ascertain the impact of this incident are ongoing. I won’t get ahead of this process,” Clark said, in a statement. “CERT assures me it is actively engaging with affected parties to understand and monitor the situation.” 

CERT's objective is to assist businesses and government agencies on how to respond to and prevent cyber-attacks. It also collaborates with other government institutions and law enforcement, such as the National Cyber Security Centre (NCSC). 

According to local media sources, Australia and New Zealand Banking Group's (ANZ.AX) New Zealand site and NZ Post were among the websites hit by the attack. ANZ informed clients through Facebook that it was aware that some of them were unable to use online banking services. "Our tech team are working hard to get this fixed, we apologize for any inconvenience this may cause," the post said. 

The "intermittent interruptions" on NZ Post's website were caused by a problem with one of its third-party suppliers, according to the company. Several Kiwibank clients took to social media to complain outages at the little institution, which is partially controlled by the New Zealand Post. In a Twitter post, Kiwibank apologized to clients and said it was trying to resolve "intermittent access" to its app, online banking, phone banking, and website. 

A DDoS assault overloads a website with more traffic than it can manage, causing it to fail. While the identity of the attacker and their motivation are unknown in this case, the goal might be to extract a ransom from the victim in order for the assault to be stopped. During the NZX assault, Minister for Intelligence Agencies Andrew Little expressed the government's advice: Don't pay the ransom.

NZ Stock Exchange Halted Temporarily Twice After Being Hit by Cyber Attacks


The New Zealand stock exchange was hit by a cyber-attack due to which it had to remain offline two days in a row. The exchange said the attack had "impacted NZX network connectivity" and it had chosen to temporarily halt trading in cash markets not long before 16:00 local time.

The trading had to be stopped briefly for a second time, yet was back ready for action before the day's end. 

A DDoS attack is generally a quite straightforward kind of cyber-attack, wherein a huge 'array' of computers all attempt to connect with an online service at the same time usually resulting in 'overwhelming its capacity'. 

They frequently use devices undermined by malware, which the owners don't know are a part of the attack. 

While genuine traders may have had issues with carrying out their business, but it doesn't mean any financial or personal data was accessed. NZX said the attack had come “from offshore via its network service provider". 

The subsequent attack had halted the trading for a long time in the working day - from 11:24 to 15:00 local time, the exchange said. In any case, in spite of the interference, the exchange was up at the end of the business, close to its 'all-time' high. 

Nonetheless, NZX said it had first been hit by a distributed denial of service (DDoS) attack from abroad and so the New Zealand cybersecurity organization CertNZ had also given a caution in November that mails were being sent to financial firms threatening DDoS attacks except if a ransom was paid. 

The mails professed to be from a notable Russian hacking group Fancy Bear. 

Be that as it may, CertNZ said at the time 'the threat had never had never been carried out, past a 30-minute attack as a scare tactic'.

New Zealand legalize salary payments in Cryptocurrencies





New Zealand is the first country to legalize payment of salaries in the form of  Bitcoin and other cryptocurrencies, Financial Times report.

The tax agency has deemed it legal for companies to pay wages in digital currencies is secured to at least one standard, or fiat, currency.

The country’s Inland Revenue Department (IRD) published a bulletin on August 7, 2019, stating that the ruling was made under the Tax Administration Act 1994.

According to the bulletin released, "the companies can only pay cryptocurrency to employees working under official employment agreements. Payments also have to be for a fixed amount – “the value of the crypto-asset is pegged to one or more fiat currencies.”

The ruling also states that cryptocurrency-based salary payments must also be able to be “converted directly into fiat currency (on an exchange).”

The report states that the salaries must be paid in a crypto-asset that functions as a currency.

The move has started a round of discussion on the controversial digital money coming into the realm of everyday payment modes. The major problem with the cryptocurrencies is that they are relatively free of regulation, and they are untrackable.

New Laws in NZ Give Rise To Invasion Of Privacy



As indicated by new custom rules that became effective on Monday, travellers who decline to surrender their passwords, codes, encryption keys and other data empowering access to electronic devices could be fined up to $5,000 in New Zealand.

The new rules are the consequences of the updated Customs and Excise Act 2018 law, which was brought into effect on Monday, set out new rules for officers who direct the  'Digital strip-searches' and determines that access to personal technology must be given over also.


The Civil rights advocates are particularly outraged at the sudden change, saying that it was a grave breach of security and did little to protect the boarders.

Customs Spokesperson Terry Brown when approached with respect to the matter said that while it might appear to be obtrusive, the new law gives a 'delicate balance' between somebody's rights and the law. As it is a document by-record search on the travellers’ phone, they aren't going into 'the cloud' and just analysing the phone while it's on flight mode.

Mr Brown added further that officers would just request that somebody give their own passwords in the event that they trust they have a reason to presume a wrongdoing.

Then again, Thomas Beagle the Council for Civil Liberties spokesperson, says -

 “The law is an unjustified invasion of privacy because customs don't have to provide a reason for the search. They don't have to tell you what the cause of that suspicion is, there's no way to challenge it. Any 'serious criminal' wouldn't store incriminating information on their digital devices - they would rather store it online, where customs can't access.”

All things considered, in a news release, the New Zealand Customs Service said the law would help outskirt consistence and bolster the national economy. It guaranteed the public that it would "rarely notice much difference at the border, with existing provisions reconfirmed or clarified."