Release of NSA hacking tools exposes risk of keeping software vulnerabilities secret

The Washington Post reports: To penetrate the computers of foreign targets, the National Security Agency relies on software flaws that have gone undetected in the pipes of the Internet. For years, security experts have pressed the agency to disclose these bugs so they can be fixed, but the agency hackers have often been reluctant.

Now with the mysterious release of a cache of NSA hacking tools over the weekend, the agency has lost an offensive advantage, experts say, and potentially placed at risk the security of countless large companies and government agencies worldwide.

Several of the tools exploited flaws in commercial firewalls that remain unpatched, and they are out on the Internet for all to see. Anyone from a basement hacker to a sophisticated foreign spy agency has access to them now, and until the flaws are fixed, many computer systems may be in jeopardy.

The revelation of the NSA cache, which dates to 2013 and has not been confirmed by the agency, also highlights the administration’s little-known process for figuring out which software errors to disclose and which to keep secret.

The hacker tools’ release “demonstrates the key risk of the U.S. government stockpiling computer vulnerabilities for its own use: Someone else might get a hold of them and use them against us,” said Kevin Bankston, director of New America’s Open Technology Institute.

“This is exactly why it should be U.S. government policy to disclose to software vendors the vulnerabilities it buys or discovers as soon as possible, so we can all better protect our own cybersecurity.” [Continue reading…]

Facebooktwittermail

Possible NSA hacking could signal warning shot from Russia

The New York Times reports: The release on websites this week of what appears to be top-secret computer code that the National Security Agency has used to break into the networks of foreign governments and other espionage targets has caused deep concern inside American intelligence agencies, raising the question of whether America’s own elite operatives have been hacked and their methods revealed.

Most outside experts who examined the posts, by a group calling itself the Shadow Brokers, said they contained what appeared to be genuine samples of the code — though somewhat outdated — used in the production of the N.S.A.’s custom-built malware.

Most of the code was designed to break through network firewalls and get inside the computer systems of competitors like Russia, China and Iran. That, in turn, allows the N.S.A. to place “implants” in the system, which can lurk unseen for years and be used to monitor network traffic or enable a debilitating computer attack.

According to these experts, the coding resembled a series of “products” developed inside the N.S.A.’s highly classified Tailored Access Operations unit, some of which were described in general terms in documents stolen three years ago by Edward J. Snowden, the former N.S.A. contractor now living in Russia.

But the code does not appear to have come from Mr. Snowden’s archive, which was mostly composed of PowerPoint files and other documents that described N.S.A. programs. The documents released by Mr. Snowden and his associates contained no actual source code used to break into the networks of foreign powers.

Whoever obtained the source code apparently broke into either the top-secret, highly compartmentalized computer servers of the N.S.A. or other servers around the world that the agency would have used to store the files. The code that was published on Monday dates to mid-2013, when, after Mr. Snowden’s disclosures, the agency shuttered many of its existing servers and moved code to new ones as a security measure.

By midday Tuesday Mr. Snowden himself, in a Twitter message from his exile in Moscow, declared that “circumstantial evidence and conventional wisdom indicates Russian responsibility” for publication, which he interpreted as a warning shot to the American government in case it was thinking of imposing sanctions against Russia in the cybertheft of documents from the Democratic National Committee. [Continue reading…]

Facebooktwittermail

U.S. considers sanctions against Russia in response to hacks of Democratic groups

The Wall Street Journal reports: U.S. officials are discussing whether to respond to computer breaches of Democratic Party organizations with economic sanctions against Russia, but they haven’t reached a decision about how to proceed, according to several people familiar with the matter.

Levying sanctions would require the White House to publicly accuse Russia, or Russian-backed hackers, of committing the breach and then leaking embarrassing information. The U.S. has frequently opted not to publicly release attribution for cyber-assaults, though Washington did openly accuse North Korea of carrying out an embarrassing breach of Sony Pictures Entertainment Inc. in 2014.

The Federal Bureau of Investigation and U.S. intelligence agencies have been studying the Democratic hacks, and several officials have signaled it was almost certainly carried out by Russian-affiliated hackers. Russia has denied any involvement, but several cybersecurity companies have also released reports tying the breach to Russian hackers.

On Thursday, House Minority Leader Nancy Pelosi (D., Calif.) told reporters, regarding a breach of the Democratic Congressional Campaign Committee, which spearheads the Democratic House campaigns: “I know for sure it is the Russians” and “we are assessing the damage.”

She added, “This is an electronic Watergate…The Russians broke in. Who did they give the information to? I don’t know. Who dumped it? I don’t know.” [Continue reading…]

Facebooktwittermail

Hack of Democrats’ accounts was wider than believed, officials say

The New York Times reports: A Russian cyberattack that targeted Democratic politicians was bigger than it first appeared and breached the private email accounts of more than 100 party officials and groups, officials with knowledge of the case said Wednesday.

The widening scope of the attack has prompted the F.B.I. to broaden its investigation, and agents have begun notifying a long list of Democratic officials that the Russians may have breached their personal accounts.

The main targets appear to have been the personal email accounts of Hillary Clinton’s campaign officials and party operatives, along with a number of party organizations.

Officials have acknowledged that the Russian hackers gained access to the Democratic Congressional Campaign Committee, which is the fund-raising arm for House Democrats, and to the Democratic National Committee, including a D.N.C. voter analytics program used by Mrs. Clinton’s presidential campaign.

But the hack now appears to have extended well beyond those groups, and organizations like the Democratic Governors’ Association may also have been affected, according to Democrats involved in the investigation. [Continue reading…]

Facebooktwittermail

Obama prepares to boost U.S. cyberwarfare capabilities

Reuters reports: The Obama administration is preparing to elevate the stature of the Pentagon’s Cyber Command, signaling more emphasis on developing cyber weapons to deter attacks, punish intruders into U.S. networks and tackle adversaries such as Islamic State, current and former officials told Reuters.

Under the plan being considered at the White House, the officials said, U.S. Cyber Command would become what the military calls a “unified command” equal to combat branches of the military such as the Central and Pacific Commands.

Cyber Command would be separated from the National Security Agency, a spy agency responsible for electronic eavesdropping, the officials said. That would give Cyber Command leaders a larger voice in arguing for the use of both offensive and defensive cyber tools in future conflicts. [Continue reading…]

Facebooktwittermail

Clinton campaign said to be hacked, apparently by Russians

The New York Times reports: Computer systems used by Hillary Clinton’s presidential campaign were hacked in an attack that appears to have come from Russia’s intelligence services, a federal law enforcement official said on Friday.

The apparent breach, coming after the disclosure last month that the Democratic National Committee’s computer system had been compromised, escalates an international episode in which Clinton campaign officials have suggested that Russia might be trying to sway the outcome of the election.

Mrs. Clinton’s campaign said in a statement that intruders had gained access to an analytics program used by the campaign and maintained by the national committee, but it said that it did not believe that the campaign’s own internal computer systems had been compromised.

The Democratic Congressional Campaign Committee, the fund-raising arm for House Democrats, also said on Friday that its systems had been hacked. Together, the databases of the national committee and the House organization contain some of the party’s most sensitive communications and voter and financial data.

Meredith Kelly, a spokeswoman for the congressional committee, said that after it discovered the breach, “we immediately took action and engaged with CrowdStrike, a leading forensic investigator, to assist us in addressing this incident.”

The attack on the congressional committee’s system appears to have come from an entity known as “Fancy Bear,” which is connected to the G.R.U., the Russian military intelligence service, according to an official involved in the forensic investigation. [Continue reading…]

Reuters reports: Several U.S. officials said the Obama administration has avoided publicly attributing the attacks to Russia as that might undermine Secretary of State John Kerry’s effort to win Russian cooperation in the war on Islamic State in Syria.

The officials said the administration fears Russian President Vladimir Putin might respond to a public move by escalating cyber attacks on U.S. targets, increasing military harassment of U.S. and allied aircraft and warships in the Baltic and Black Seas, and making more aggressive moves in Eastern Europe.

Some officials question the approach, arguing that responding more forcefully to Russia would be more effective than remaining silent.

The Obama administration announced in an April 2015 executive order that it could apply economic sanctions in response to cyber attacks. [Continue reading…]

Facebooktwittermail

How vulnerable to hacking is the U.S. election cyber infrastructure?

By Richard Forno, University of Maryland, Baltimore County

Following the hack of Democratic National Committee emails and reports of a new cyberattack against the Democratic Congressional Campaign Committee, worries abound that foreign nations may be clandestinely involved in the 2016 American presidential campaign. Allegations swirl that Russia, under the direction of President Vladimir Putin, is secretly working to undermine the U.S. Democratic Party. The apparent logic is that a Donald Trump presidency would result in more pro-Russian policies. At the moment, the FBI is investigating, but no U.S. government agency has yet made a formal accusation.

The Republican nominee added unprecedented fuel to the fire by encouraging Russia to “find” and release Hillary Clinton’s missing emails from her time as secretary of state. Trump’s comments drew sharp rebuke from the media and politicians on all sides. Some suggested that by soliciting a foreign power to intervene in domestic politics, his musings bordered on criminality or treason. Trump backtracked, saying his comments were “sarcastic,” implying they’re not to be taken seriously.

Of course, the desire to interfere with another country’s internal political processes is nothing new. Global powers routinely monitor their adversaries and, when deemed necessary, will try to clandestinely undermine or influence foreign domestic politics to their own benefit. For example, the Soviet Union’s foreign intelligence service engaged in so-called “active measures” designed to influence Western opinion. Among other efforts, it spread conspiracy theories about government officials and fabricated documents intended to exploit the social tensions of the 1960s. Similarly, U.S. intelligence services have conducted their own secret activities against foreign political systems – perhaps most notably its repeated attempts to help overthrow pro-communist Fidel Castro in Cuba.

Although the Cold War is over, intelligence services around the world continue to monitor other countries’ domestic political situations. Today’s “influence operations” are generally subtle and strategic. Intelligence services clandestinely try to sway the “hearts and minds” of the target country’s population toward a certain political outcome.

What has changed, however, is the ability of individuals, governments, militaries and criminal or terrorist organizations to use internet-based tools – commonly called cyberweapons – not only to gather information but also to generate influence within a target group.

So what are some of the technical vulnerabilities faced by nations during political elections, and what’s really at stake when foreign powers meddle in domestic political processes?

[Read more…]

Facebooktwittermail

How the U.S. can retaliate if Kremlin hackers tried to influence the presidential election

Vice News reports: The US intelligence community and private cybersecurity firms say Russia almost certainly hacked the Democratic National Committee and leaked documents that enraged Bernie Sanders supporters, embarrassed Democratic donors and senior party officials, and led to the resignation of DNC chairwoman Debbie Wasserman Schultz.

The US government hasn’t publicly accused Russia of responsibility for the leak, but President Barack Obama noted on Tuesday that Russia has a history of interfering in other countries’ elections.

Now the question is whether the US government is going to do something about it.

If confirmed, Kremlin responsibility for the DNC hack and leak would mark the first time a foreign government has interfered in a US election on this grand a scale.

“If Russian involvement is true, it shows how far they will go to get involved in our internal affairs,” said former US Ambassador to Russia Michael McFaul. “That’s something new. I don’t think anything remotely close to that happened during the Cold War.”

“We all do espionage,” he said, “but it’s one thing to practice intelligence gathering, and another to use those means to affect an electoral outcome.”

McFaul says all the evidence points to Russia deliberately seeking to interfere in a US election on behalf of Donald Trump, a candidate it believes would be more friendly to its interests. [Continue reading…]

Facebooktwittermail

By November, Russian hackers could target voting machines

Bruce Schneier writes: Russia was behind the hacks into the Democratic National Committee’s computer network that led to the release of thousands of internal emails just before the party’s convention began, U.S. intelligence agencies have reportedly concluded.

The FBI is investigating. WikiLeaks promises there is more data to come. The political nature of this cyberattack means that Democrats and Republicans are trying to spin this as much as possible. Even so, we have to accept that someone is attacking our nation’s computer systems in an apparent attempt to influence a presidential election. This kind of cyberattack targets the very core of our democratic process. And it points to the possibility of an even worse problem in November — that our election systems and our voting machines could be vulnerable to a similar attack.

If the intelligence community has indeed ascertained that Russia is to blame, our government needs to decide what to do in response. This is difficult because the attacks are politically partisan, but it is essential. If foreign governments learn that they can influence our elections with impunity, this opens the door for future manipulations, both document thefts and dumps like this one that we see and more subtle manipulations that we don’t see.

Retaliation is politically fraught and could have serious consequences, but this is an attack against our democracy. We need to confront Russian President Vladimir Putin in some way — politically, economically or in cyberspace — and make it clear that we will not tolerate this kind of interference by any government. Regardless of your political leanings this time, there’s no guarantee the next country that tries to manipulate our elections will share your preferred candidates. [Continue reading…]

Facebooktwittermail

Russian cyberattacks likely to increase if they continue to provoke little U.S. response

Defense One reports: In 2015, there were over one million cyber attacks on individuals and companies every day — and that is why even the strongest U.S. response to the theft of the Democratic National Committee emails will do little to deter future state-sponsored attacks, cybersecurity experts say.

The sheer volume and increasing sophistication of network attacks provide plausible deniability to state-sponsored groups, like the APT 28 and APT 29 thought to be behind the DNC hack, says Christopher Porter, of cybersecurity company FireEye.

“One of the key factors that makes these Russian operations doable is that sophisticated criminal groups have APT-like capabilities and go after similar targets,” said Porter, whose company first documented APT 29’s ties to the Kremlin in 2014.“The best criminals use some of the same tools that lower-end states might use.”

Recognizing the valuable cover this provides, the “Russian government has been intentionally blurring the lines between cyber activists, criminals and state-paid hackers,” said Jarno Limnell, vice president for cybersecurity at Insta Group Oy.

This makes it hard to conclusively attribute an attack to a particular government, and all but impossible to respond firmly. So Western countries have thus far remained “fairly quiet” in the face of various Russian provocations, and that has only emboldened Moscow, Limnell said. [Continue reading…]

Facebooktwittermail

The U.S. could have destroyed Iran’s entire infrastructure without dropping a single bomb

Tech Insider reports: The United States had a top-secret operation that gave it the ability to shut down much of Iran’s infrastructure ahead of a full-scale war, without a single bomb being dropped.

The incredible insight into a highly-classified cyber operation called Nitro Zeus was first exposed in the film “Zero Days” and later corroborated by The New York Times, which interviewed intelligence and military officials who were involved.

The film, directed by Alex Gibney, premieres on Friday.

“We spent hundreds of millions, maybe billions on it,” an anonymous National Security Agency source says in the film. “We were inside, waiting, watching. Ready to disrupt, degrade, and destroy those systems with cyber attacks. In comparison, Stuxnet was a back alley operation. [Nitro Zeus] was the plan for a full scale cyber war with no attribution.”

The source, whose face and voice are concealed throughout the film, is later revealed to be an actor reciting lines from testimony offered to Director Alex Gibney by CIA and NSA employees.

The focus of the “Zero Days” film is on Stuxnet — the world’s first cyber weapon — that was used against Iran’s nuclear facilities. But in researching for the film, Gibney found that malicious software was just one small piece of a much larger puzzle. [Continue reading…]

 

Facebooktwittermail

What cyberwar against ISIS should look like

Fred Kaplan writes: Pentagon officials have publicly said, in recent weeks, that they’re hitting ISIS not only with bullets and bombs but also with cyberoffensive operations. “We are dropping cyberbombs,” Robert Work, deputy secretary of defense, is quoted as proclaiming in Monday’s New York Times. Similar, if less colorful, statements have been made by Secretary of Defense Ash Carter and,a week ago, President Obama.

What does it mean? And what effects are these new weapons having on the overall war? After dropping his “cyberbombs” bombshell, Work said, “We have never done that before.” But in fact, the United States has done it before, against Iraqi insurgents, including al-Qaida fighters, back in 2007. And, as I discovered while researching my book Dark Territory: The Secret History of Cyber War, the effects were devastating.

Standard accounts have credited President George W. Bush’s troop surge and Gen. David Petraeus’ counterinsurgency strategy for turning the Iraq conflict in the coalition’s favor in 2007. These accounts aren’t wrong, as far as they go, but they leave out another crucial factor — cyberoffensive warfare, as conducted by the Joint Special Operations Command and the National Security Agency. [Continue reading…]

Facebooktwittermail