Category Archives: Cyber Issues

Hacked emails reveal Russian plans to obtain sensitive Western tech

The Intercept reports: In April 2014, Viktor Tarasov wrote to the head of Ruselectronics, a Russian state-owned holding company, about a critical shortage of military equipment. The Russian military lacked thermal imaging systems — devices commonly used to detect people and vehicles — and Tarasov believed that technology might be needed soon because of the “increasingly complex situation in the southeast of Ukraine and the possible participation of Russian forces” to stabilize the region.

Tarasov, in charge of Ruselectronics’ optical tech subsidiary, was hoping that the head of Ruselectronics would write to the minister of defense for armaments to advance his company 150 million rubles, then about $4 million, to buy 500 microbolometer arrays, a critical component of thermal imaging devices. The money, Tarasov wrote, would allow the company to buy the equipment under a current contract from a French company without the need for signing a new “end-use certificate,” which requires the buyer to disclose the final recipient.

Time was of the essence, he warned, because the West was preparing another round of sanctions against Russia that would slow the purchases and increase costs. Tarasov also claimed that the United States was already providing similar equipment to Ukrainian forces. (Pentagon spokesperson Eileen Lainez confirmed that the Department of Defense had provided thermal imaging devices and night-vision goggles to Ukraine in 2014, along with a variety of other military equipment). [Continue reading…]

Facebooktwittermail

The ‘ISIS cyberwar’ hype machine is doing more harm than good

Lorenzo Franceschi-Bicchierai writes: Last week, hackers claiming to be affiliated with the extremist group known as the Islamic State released an Anonymous-style video making vague threats of “electronic war” against Europe and the US.

There is no proof or evidence that the video actually comes from the group, nor there is any evidence the group, also known as ISIS, has any ability to do anything damaging online other than taking over Twitter feeds or random media sites with their “cyberattacks.”

Yet, that didn’t stop a new round of breathless hype. On Sunday, The Hill wrote that ISIS was preparing for “cyberwar” and an “all-out cyber crusade.”

Looks like ISIS wannabes successfully hacked the media once again. [Continue reading…]

Facebooktwittermail

GCHQ openly recruiting hackers as British government seeks more surveillance powers

Forbes: Now that the Conservative Party has secured a majority government in the UK, it’s pushing ahead with plans to expand the surveillance state with the Communications Data Bill, also known as Snooper’s Charter, which would require communications providers from BT to Facebook to maintain records of customers’ internet activity, text messages and voice calls for a year. This may have emboldened GCHQ, the British spy agency and chief NSA partner, which has, for the first time, openly called for applicants to fill the role of Computer Network Operations Specialists, also known as nation-state funded hackers.

According to a job ad for a Computer Network Operations Specialist, a student or graduate will have to have, or soon have, “a Bachelor’s or Master’s degree incorporating ethical hacking, digital forensics or information security”.

Facebooktwittermail

Here’s what a cyber warfare arsenal might look like

Scientific American: The Pentagon has made clear in recent weeks that cyber warfare is no longer just a futuristic threat—it is now a real one. U.S. government agency and industry computer systems are already embroiled in a number of nasty cyber warfare campaigns against attackers based in China, North Korea, Russia and elsewhere. As a counterpoint, hackers with ties to Russia have been accused of stealing a number of Pres. Barack Obama’s e-mails, although the White House has not formally blamed placed any blame at the Kremlin’s doorstep. The Obama administration did, however, call out North Korea for ordering last year’s cyber attack on Sony Pictures Entertainment.

The battle has begun. “External actors probe and scan [U.S. Department of Defense (DoD)] networks for vulnerabilities millions of times each day, and over 100 foreign intelligence agencies continually attempt to infiltrate DoD networks,” Eric Rosenbach, assistant secretary for homeland defense and global security, testified in April before the U.S. Senate Committee on Armed Services, Subcommittee on Emerging Threats and Capabilities. “Unfortunately, some incursions — by both state and nonstate entities — have succeeded.”

After years of debate as to how the fog of war will extend to the Internet, Obama last month signed an executive order declaring cyber attacks launched from abroad against U.S. targets a “national emergency” and levying sanctions against those responsible. Penalties include freezing the U.S. assets of cyber attackers and those aiding them as well as preventing U.S. residents from conducting financial transactions with those targeted by the executive order. [Continue reading…]

Facebooktwittermail

Russian hackers read Obama’s unclassified emails, officials say

The New York Times reports: Some of President Obama’s email correspondence was swept up by Russian hackers last year in a breach of the White House’s unclassified computer system that was far more intrusive and worrisome than has been publicly acknowledged, according to senior American officials briefed on the investigation.

The hackers, who also got deeply into the State Department’s unclassified system, do not appear to have penetrated closely guarded servers that control the message traffic from Mr. Obama’s BlackBerry, which he or an aide carries constantly.

But they obtained access to the email archives of people inside the White House, and perhaps some outside, with whom Mr. Obama regularly communicated. From those accounts, they reached emails that the president had sent and received, according to officials briefed on the investigation. [Continue reading…]

Facebooktwittermail

TV5 Monde take-down reveals key weakness of broadcasters in digital age

By Laurence Murphy, University of Salford

In what was one of the most severe outages of its kind, French national television broadcaster TV5 Monde was recently the target of a well-planned and staged cyberattack that took down its 11 television channels, website, and social media streams.

The hacker group responsible claimed to support the Islamic State, and proceeded to broadcast pro-IS material on the hijacked channels, while also exposing sensitive internal company information, and active military soldiers details.

It took TV5 three hours to regain control of its channels. The scale and completeness of the attack, and that it involved hijacking live television broadcast channels, has shocked the industry and prompted heated discussion on what steps might prevent or at least limit the likelihood of this reoccurring.

Continue reading

Facebooktwittermail

Hackers trick Israeli military with ‘girls in the IDF’ emails

Reuters reports: Hackers have managed to penetrate computer networks associated with the Israeli military in an espionage campaign that skillfully packages existing attack software with trick emails, according to security researchers at Blue Coat Systems Inc.

The four-month-old effort, most likely by Arabic-speaking programmers, shows how the Middle East continues to be a hotbed for cyber espionage and how widely the ability to carry off such attacks has spread, the researchers said.

Waylon Grange, a researcher with Blue Coat who discovered the campaign, said the vast majority of the hackers’ software was cobbled together from widely available tools, such as the remote-access Trojan called Poison Ivy.

The hackers were likely working on a budget and had no need to spend much on tailored code, Grange said, adding that most of their work appeared to have gone into so-called social engineering, or human trickery.

The hackers sent emails to various military addresses that purported to show breaking military news, or, in some cases, a clip featuring “Girls of the Israel Defense Forces.” Some of the emails included attachments that established “back doors” for future access by the hackers and modules that could download and run additional programs, according to Blue Coat. [Continue reading…]

Facebooktwittermail

Cyberattacks alleged to be coming from Iran may be increasing — or diminishing

The New York Times reports: In the report, to be released Friday, Norse — which, like other cybersecurity firms, has an interest in portraying a world of cyberthreats but presumably little incentive in linking them to any particular country — traced thousands of attacks against American targets to hackers inside Iran.

The report, and a similar one from Cylance, another cybersecurity firm, make clear that Iranian hackers are moving from ostentatious cyberattacks in which they deface websites or simply knock them offline to much quieter reconnaissance. In some cases, they appear to be probing for critical infrastructure systems that could provide opportunities for more dangerous and destructive attacks.

But Norse and Cylance differ on the question of whether the Iranian attacks have accelerated in recent months, or whether Tehran may be pulling back during a critical point in the nuclear negotiations.

Norse, which says it maintains thousands of sensors across the Internet to collect intelligence on attackers’ methods, insists that Iranian hackers have shown no signs of letting up. Between January 2014 and last month, the Norse report said, its sensors picked up a 115 percent increase in attacks launched from Iranian Internet protocol, or I.P., addresses. Norse said that its sensors had detected more than 900 attacks, on average, every day in the first half of March.

Cylance came to a different conclusion, at least for Iran’s activities in the past few months, as negotiations have come to a head. Stuart McClure, the chief executive and founder of Cylance, which has been tracking Iranian hacking groups, said that there had been a notable drop in activity over the past few months, and that the groups were now largely quiet. [Continue reading…]

Facebooktwittermail

As encryption spreads, U.S. grapples with clash between privacy, security

The Washington Post reports: For months, federal law enforcement agencies and industry have been deadlocked on a highly contentious issue: Should tech companies be obliged to guarantee government access to encrypted data on smartphones and other digital devices, and is that even possible without compromising the security of law-abiding customers?

Recently, the head of the National Security Agency provided a rare hint of what some U.S. officials think might be a technical solution. Why not, suggested Adm. Michael S. Rogers, require technology companies to create a digital key that could open any smartphone or other locked device to obtain text messages or photos, but divide the key into pieces so that no one person or agency alone could decide to use it?

“I don’t want a back door,” Rogers, the director of the nation’s top electronic spy agency, said during a speech at Princeton University, using a tech industry term for covert measures to bypass device security. “I want a front door. And I want the front door to have multiple locks. Big locks.”

Law enforcement and intelligence officials have been warning that the growing use of encryption could seriously hinder criminal and national security investigations. But the White House, which is preparing a report for President Obama on the issue, is still weighing a range of options, including whether authorities have other ways to get the data they need rather than compelling companies through regulatory or legislative action.

The task is not easy. Those taking part in the debate have polarized views, with advocates of default commercial encryption finding little common ground with government officials who see increasing peril as the technology becomes widespread on mobile phones and on text messaging apps. [Continue reading…]

Facebooktwittermail

China is said to use powerful new weapon to censor internet

The New York Times reports: Late last month, China began flooding American websites with a barrage of Internet traffic in an apparent effort to take out services that allow China’s Internet users to view websites otherwise blocked in the country.

Initial security reports suggested that China had crippled the services by exploiting its own Internet filter — known as the Great Firewall — to redirect overwhelming amounts of traffic to its targets. Now, researchers at the University of California, Berkeley, and the University of Toronto say China did not use the Great Firewall after all, but rather a powerful new weapon that they are calling the Great Cannon.

The Great Cannon, the researchers said in a report published Friday, allows China to intercept foreign web traffic as it flows to Chinese websites, inject malicious code and repurpose the traffic as Beijing sees fit.

The system was used, they said, to intercept web and advertising traffic intended for Baidu — China’s biggest search engine company — and fire it at GitHub, a popular site for programmers, and GreatFire.org, a nonprofit that runs mirror images of sites that are blocked inside China. The attacks against the services continued on Thursday, the researchers said, even though both sites appeared to be operating normally.

But the researchers suggested that the system could have more powerful capabilities. With a few tweaks, the Great Cannon could be used to spy on anyone who happens to fetch content hosted on a Chinese computer, even by visiting a non-Chinese website that contains Chinese advertising content.

“The operational deployment of the Great Cannon represents a significant escalation in state-level information control,” the researchers said in their report. It is, they said, “the normalization of widespread and public use of an attack tool to enforce censorship.” [Continue reading…]

Facebooktwittermail

How the U.S. thinks Russians hacked the White House

CNN reports: Russian hackers behind the damaging cyber intrusion of the State Department in recent months used that perch to penetrate sensitive parts of the White House computer system, according to U.S. officials briefed on the investigation.

While the White House has said the breach only affected an unclassified system, that description belies the seriousness of the intrusion. The hackers had access to sensitive information such as real-time non-public details of the president’s schedule. While such information is not classified, it is still highly sensitive and prized by foreign intelligence agencies, U.S. officials say.

The White House in October said it noticed suspicious activity in the unclassified network that serves the executive office of the president. The system has been shut down periodically to allow for security upgrades.

The FBI, Secret Service and U.S. intelligence agencies are all involved in investigating the breach, which they consider among the most sophisticated attacks ever launched against U.S. government systems. ​The intrusion was routed through computers around the world, as hackers often do to hide their tracks, but investigators found tell-tale codes and other markers that they believe point to hackers working for the Russian government. [Continue reading…]

Facebooktwittermail

Meet Anonymous International, the hackers taking on the Kremlin

Daniil Turovsky writes: Around 10am on 14 August 2014, an unremarkable man walked into a café near Tishinskaya Square in Moscow. He ordered a coffee, sat down, opened up a cheap laptop and launched a few applications: a text editor, an app for encrypted chat, and a browser.

Then, he opened Twitter and wrote: “I’m resigning. I am ashamed of this government’s actions. Forgive me.”

The tweet immediately appeared on prime minister Dmitri Medvedev’s official Twitter account, visible to his 2.5m followers.

Taking a sip of his coffee, he wrote a few more tweets: “I will become a photographer. I’ve dreamed about it for some time”; “Vova [Putin]! You are wrong!”

The tweeter is a member of Anonymous International, better known as Shaltai Boltai (Humpty Dumpty in Russian), arguably the most famous hacker group in the country after claiming responsibility for a series of high-profile leaks.

In the past two years, they’ve gained access to documents detailing the Russian state’s game plan for a supposedly “grassroots” demonstration in Moscow in support of its actions in Crimea; details about how the Kremlin prepared Crimea’s secessionist referendum; and private emails allegedly belonging to Igor Strelkov, who claims he played a key role in organising the pro-Russian insurgency in Donetsk, Ukraine. [Continue reading…]

Facebooktwittermail

U.S. efforts to sabotage Iran’s nuclear program continue in parallel with diplomacy

The New York Times reports: In late 2012, just as President Obama and his aides began secretly sketching out a diplomatic opening to Iran, American intelligence agencies were busy with a parallel initiative: The latest spy-vs.-spy move in the decade-long effort to sabotage Tehran’s nuclear infrastructure.

Investigators uncovered an Iranian businessman’s scheme to buy specialty aluminum tubing, a type the United States bans for export to Iran because it can be used in centrifuges that enrich uranium, the exact machines at the center of negotiations entering a crucial phase in Switzerland this week.

Rather than halt the shipment, court documents reveal, American agents switched the aluminum tubes for ones of an inferior grade. If installed in Iran’s giant underground production centers, they would have shredded apart, destroying the centrifuges as they revved up to supersonic speed.

But if negotiators succeed in reaching a deal with Iran, does the huge, covert sabotage effort by the United States, Israel and some European allies come to an end?

“Probably not,” said one senior official with knowledge of the program. In fact, a number of officials make the case that surveillance of Iran will intensify and covert action may become more important than ever to ensure that Iran does not import the critical materials that would enable it to accelerate the development of advanced centrifuges or pursue a covert path to a bomb. [Continue reading…]

Facebooktwittermail

CISA security bill: An F for security but an A+ for spying

Andy Greenberg writes: When the Senate Intelligence Committee passed the Cybersecurity Information Sharing Act by a vote of 14 to 1, committee chairman Senator Richard Burr argued that it successfully balanced security and privacy. Fifteen new amendments to the bill, he said, were designed to protect internet users’ personal information while enabling new ways for companies and federal agencies to coordinate responses to cyberattacks. But critics within the security and privacy communities still have two fundamental problems with the legislation: First, they say, the proposed cybersecurity act won’t actually boost security. And second, the “information sharing” it describes sounds more than ever like a backchannel for surveillance. On Tuesday the bill’s authors released the full, updated text of the CISA legislation passed last week, and critics say the changes have done little to assuage their fears about wanton sharing of Americans’ private data. In fact, legal analysts say the changes actually widen the backdoor leading from private firms to intelligence agencies. “It’s a complete failure to strengthen the privacy protections of the bill,” says Robyn Greene, a policy lawyer for the Open Technology Institute, which joined a coalition of dozens of non-profits and cybersecurity experts criticizing the bill in an open letter earlier this month. “None of the [privacy-related] points we raised in our coalition letter to the committee was effectively addressed.” The central concern of that letter was how the same data sharing meant to bolster cybersecurity for companies and the government opens massive surveillance loopholes. The bill, as worded, lets a private company share with the Department of Homeland Security any information construed as a cybersecurity threat “notwithstanding any other provision of law.” That means CISA trumps privacy laws like the Electronic Communication Privacy Act of 1986 and the Privacy Act of 1974, which restrict eavesdropping and sharing of users’ communications. And once the DHS obtains the information, it would automatically be shared with the NSA, the Department of Defense (including Cyber Command), and the Office of the Director of National Intelligence. [Continue reading…]

Facebooktwittermail

The mysterious internet mishap that sent data for the UK’s nuclear program to Ukraine

Quartz reports: The information superhighway got diverted last week when a Ukrainian internet service provider hijacked routes used by data heading for websites in the United Kingdom, according to a company that monitors and optimizes internet performance. The action could be a mere glitch — or something more sinister in an era of geopolitical cyber conflicts.

The issue at hand is the way disparate computer networks merge into the internet. The networks announce to one another which internet users — more technically, which IP addresses — they serve so that data can be routed accordingly; a US internet service provider might tell the world it can give you access to the Library of Congress, while one in Germany would say that it can reach BMW’s main website.

Dyn, the company that noted the incident, keeps an eye on network traffic patterns. Doug Madory, the company’s director of internet analysis, spotted something strange: Vega, a Ukranian internet service provider, had announced it was serving numerous IP addresses in the United Kingdom. Advertising the wrong addresses is called “route hijacking,” and it is often a quickly-corrected mistake — for instance, an employee of an internet service provider makes a typo while typing into a router. In this case, the affected addresses included those operated by defense contractors Lockheed Martin and Thales, the UK Atomic Weapons Establishment, and the Royal Mail. [Continue reading…]

Facebooktwittermail

Politics intrude as cybersecurity firms hunt foreign spies

Reuters reports: The $71 billion cybersecurity industry is fragmenting along geopolitical lines as firms chase after government contracts, share information with spy agencies, and market themselves as protectors against attacks by other nations.

Moscow-based cybersecurity firm Kaspersky Lab has become a leading authority on American computer espionage campaigns, but sources within the company say it has hesitated at least twice before exposing hacking activities attributed to mother Russia.

Meanwhile, U.S. cybersecurity firms CrowdStrike Inc and FireEye Inc (FEYE.O) have won fame by uncovering sophisticated spying by Russia and China – but have yet to point a finger at any American espionage.

The balkanization of the security industry reflects broader rifts in the technology markets that have been exacerbated by disclosures about government-sponsored cyberattacks and surveillance programs, especially those leaked by former U.S. intelligence agency contractor Edward Snowden.

“Some companies think we should be stopping all hackers. Others think we should stop only the other guy’s hackers – they think we can win the war,” said Dan Kaminsky, chief scientist at security firm White Ops Inc, putting himself in the former camp.

Kaspersky Lab has faced questions about its connections to Russian intelligence before: Chief Executive Eugene Kaspersky had attended a KGB school, Chief Operating Officer Andrey Tikhonov was a lieutenant colonel in the military, and Chief Legal Officer Igor Chekunov had served in the KGB’s border service.

Eugene Kaspersky said the firm has never been asked by a government agency to back away from investigating a cyberattack, and said that its international team of researchers would not be swayed by any one country’s national interests.

Still, several current and former Kaspersky Lab employees said the firm has dithered over whether to publish research on at least two Russian hacking strikes.

Last year, Kaspersky Lab officials privately gave some paying customers a report about a sophisticated computer spying campaign that it had uncovered. But the company did not publish the report more widely until five months after British defense contractor BAE Systems Plc (BAES.L) exposed the campaign, linking it to another suspected Russian government operation and noting that most infected computers were found were in Ukraine. [Continue reading…]

Facebooktwittermail

Hillary Clinton’s secret email was a hacker’s dream weapon

Shane Harris writes: The private email address for Hillary Clinton, which became the talk of Washington this week and created her first major speed bump on her road to the White House, has actually been freely available on the Internet for a year, thanks to a colorful Romanian hacker known as Guccifer.

On March 14, 2013, Guccifer — his real name is Marcel-Lehel Lazar — broke into the AOL account of Sidney Blumenthal, a journalist, former White House aide to Bill Clinton, and personal confidante of Hillary Clinton. Lazar crowed about his exploits to journalists, disclosing a set of memos Blumenthal had written to Clinton in 2012, as well as the personal email address and domain she’s now known to have used exclusively for her personal and official correspondence.

Few journalists noticed that at the time, and it caused no ruckus in Washington. But the fact that Clinton’s private email was now public means she was not just putting her own information at risk, but potentially those in the circle of people who knew her private address.

Her email account was the ultimate hacker’s lure. It’s a common technique to impersonate a trusted source via email, in order to persuade a recipient to download spyware hidden inside seemingly innocuous attachments. Indeed, Clinton’s own staff had been targeted with such highly targeted “spear phishing” emails as early as 2009, the year she took office. And according to U.S. authorities, Lazar, who’s now serving a seven-year prison sentence in Romania and is accused of hacking the accounts of other Washington notables like Colin Powell, did commandeer other people’s email accounts. Then he used them to send messages exposing the private correspondence of his other victims.

When her address was exposed, Clinton was running her private email account on equipment in her home in New York, which security experts say is an inherently weak setup that made her more vulnerable to hacking. [Continue reading…]

Facebooktwittermail

‘Ex-Israeli agents’ threatened cyber attack on S Africa

Al Jazeera reports: A group claiming to be former agents of Israel’s Mossad threatened to unleash a devastating cyber attack on South Africa unless its government cracked down on the growing campaign to boycott Israel, according to intelligence documents leaked to Al Jazeera’s Investigative Unit.

According to the reports, then-Finance Minister Pravin Gordhan received a note from “unknown sources” on June 28, 2012, threatening a cyber attack “against South Africa’s banking and financial sectors.” The hand-delivered letter gave the government just 30 days to achieve the “discontinuation of the Boycott Divestment and Sanctions (BDS) campaign and the removal and prosecution of some unidentified individuals linked to BDS”.

South Africa’s ruling African National Congress has historically aligned itself with the Palestinian national struggle, and the BDS campaign there involves some high profile anti-apartheid struggle figures such as Nelson Mandela’s close friend and fellow Robben Island prisoner Ahmed Kathrada. [Continue reading…]

Facebooktwittermail