The U.S. could have destroyed Iran’s entire infrastructure without dropping a single bomb

Tech Insider reports: The United States had a top-secret operation that gave it the ability to shut down much of Iran’s infrastructure ahead of a full-scale war, without a single bomb being dropped.

The incredible insight into a highly-classified cyber operation called Nitro Zeus was first exposed in the film “Zero Days” and later corroborated by The New York Times, which interviewed intelligence and military officials who were involved.

The film, directed by Alex Gibney, premieres on Friday.

“We spent hundreds of millions, maybe billions on it,” an anonymous National Security Agency source says in the film. “We were inside, waiting, watching. Ready to disrupt, degrade, and destroy those systems with cyber attacks. In comparison, Stuxnet was a back alley operation. [Nitro Zeus] was the plan for a full scale cyber war with no attribution.”

The source, whose face and voice are concealed throughout the film, is later revealed to be an actor reciting lines from testimony offered to Director Alex Gibney by CIA and NSA employees.

The focus of the “Zero Days” film is on Stuxnet — the world’s first cyber weapon — that was used against Iran’s nuclear facilities. But in researching for the film, Gibney found that malicious software was just one small piece of a much larger puzzle. [Continue reading…]

 

Facebooktwittermail

What cyberwar against ISIS should look like

Fred Kaplan writes: Pentagon officials have publicly said, in recent weeks, that they’re hitting ISIS not only with bullets and bombs but also with cyberoffensive operations. “We are dropping cyberbombs,” Robert Work, deputy secretary of defense, is quoted as proclaiming in Monday’s New York Times. Similar, if less colorful, statements have been made by Secretary of Defense Ash Carter and,a week ago, President Obama.

What does it mean? And what effects are these new weapons having on the overall war? After dropping his “cyberbombs” bombshell, Work said, “We have never done that before.” But in fact, the United States has done it before, against Iraqi insurgents, including al-Qaida fighters, back in 2007. And, as I discovered while researching my book Dark Territory: The Secret History of Cyber War, the effects were devastating.

Standard accounts have credited President George W. Bush’s troop surge and Gen. David Petraeus’ counterinsurgency strategy for turning the Iraq conflict in the coalition’s favor in 2007. These accounts aren’t wrong, as far as they go, but they leave out another crucial factor — cyberoffensive warfare, as conducted by the Joint Special Operations Command and the National Security Agency. [Continue reading…]

Facebooktwittermail

FBI adds two Syrian hackers to its most-wanted list for cybercriminals

The Atlantic reports: In late April 2013, a tweet from the Associated Press claimed that a pair of explosions at the White House had injured President Barack Obama. Markets reacted nearly instantly, sending stocks plunging. But when, a short time later, Press Secretary Jay Carney told reporters there was no explosion, the market quickly righted itself.

The news organization’s Twitter account was hacked, it turned out. A group calling itself the Syrian Electronic Army claimed credit. In only a few minutes, their rogue tweet demonstrated the market-moving power of 140 characters sent from a credible source.

The Syrian Electronic Army has also defaced websites belonging to the U.S. Marines, Harvard University, and Human Rights Watch, as well as websites and Twitter feeds of other major news organizations like the BBC, CNN, and The Washington Post. The group’s members remained anonymous, going by pseudonyms like “The Shadow” and “The Pro.”

But on Tuesday, the Justice Department revealed the identity of three members of the group, charging them with computer hacking and placing two of them on the FBI’s “Cyber’s Most Wanted” list. The FBI is offering a $100,000 bounty for information leading to their arrest. [Continue reading…]

Facebooktwittermail

Russia steps up Syria cyber assault

Financial Times reports: Russia is mounting a far-reaching cyber espionage campaign against Syrian opposition groups and NGOs, as Moscow seeks to influence the flow of information on the country’s humanitarian crisis and obscure the full extent of its military operations there.

Targets include some of the most important human rights organisations and aid groups operating in the country, such as the Syrian Observatory of Human Rights, which reports on military incidents and is frequently cited in western media outlets, the Financial Times has learnt. The operation shares many of the hallmarks of Moscow’s sustained hacking campaign against the Ukrainian government in 2013 and 2014. [Continue reading…]

Facebooktwittermail

The cyberattack on Ukraine’s power grid is a warning of what’s to come

By Nilufer Tuptuk, UCL and Stephen Hailes, UCL

When more than 100,000 people in and around the Ukrainian city of Ivano-Frankivsk were left without power for six hours, the Ukrainian energy ministry accused Russia of launching a cyberattack on the country’s national energy grid.

Now reports released by security researchers from the SANS Industrial Control Systems team and the Industrial Control Systems Cyber Emergency Response Team confirm their belief that a cyberattack was responsible for the power cut, making the incident one of the first significant, publicly reported cyberattacks on civil infrastructure.

This is a rare event, of which the most famous example is the Stuxnet malware used to destroy equipment in the Iranian nuclear programme. Many consider Stuxnet so sophisticated that national governments must have been involved. But as is frequently the case, attributing responsibility for Stuxnet has proved difficult, and it’s likely that, despite circumstantial evidence, it will be the same in this case. While the Ukrainian Security Service (SBU) and the international press were quick to blame Russian state-backed hackers, Moscow has remained silent.

[Read more…]

Facebooktwittermail

Constructing a cyber superpower

DefenseNews reports: The site of an Army golf course named for US President Dwight Eisenhower, one long drive from the National Security Agency, is an active construction site, the future of US military cyber.

Where there were once bunkers, greens and tees is a large gray building due to become an NSA-run 600,000-square-foot, state-of-the-art server farm, a skeletal structure that will one day house US Cyber Command’s joint operations center, with plots reserved for individual Marine Corps and Navy cyber facilities.

The plans reflect the growth in ambition, manpower and resources for the five-year-old US Cyber Command. One measure of this rapid expansion is the command’s budget — $120 million at its inception in 2010 rising to $509 million for 2015.

Another measure is the $1.8 billion in construction at Fort Meade, much of it related to Cyber Command. Though Cyber Command’s service components and tactical teams are spread across the country, the headquarters for Cyber Command, the NSA and Defense Information Systems Agency make Fort Meade a growing hub for military cyber.

Earlier this year, Defense Secretary Ash Carter announced a new cyber strategy that acknowledges in the strongest terms that the Pentagon may wage offensive cyber warfare. The strategy emphasizes deterrence and sets up a reliance on the commercial technology sector, hinging on a push to strengthen ties between Silicon Valley and the Pentagon. [Continue reading…]

Facebooktwittermail

Theft of Saudi documents suggests an Iranian hack

The Washington Post reports: The purported theft of confidential Saudi documents that have been released by WikiLeaks bears the hallmarks of Iranian hackers linked to cyberattacks in more than a dozen countries, including the United States, according to cybersecurity experts and Middle East analysts.

Last week, WikiLeaks published about 70,000 of what it said were half a million documents obtained from Saudi Arabia’s Foreign Ministry. The transparency advocacy group promises more releases of the diplomatic cables, whose authenticity has not been independently verified.

Experts said that the cables, apparently stolen over the past year, paint an unflattering portrait of Saudi diplomacy as reliant on oil-wealth patronage and obsessed with Iran, the kingdom’s chief rival, but appeared to contain no shocking revelations. [Continue reading…]

Facebooktwittermail

Why cyber war is dangerous for democracies

Moisés Naím writes: This month, two years after his massive leak of NSA documents detailing U.S. surveillance programs, Edward Snowden published an op-ed in The New York Times celebrating his accomplishments. The “power of an informed public,” he wrote, had forced the U.S. government to scrap its bulk collection of phone records. Moreover, he noted, “Since 2013, institutions across Europe have ruled similar laws and operations illegal and imposed new restrictions on future activities.” He concluded by asserting that “We are witnessing the emergence of a post-terror generation, one that rejects a worldview defined by a singular tragedy. For the first time since the attacks of Sept. 11, 2001, we see the outline of a politics that turns away from reaction and fear in favor of resilience and reason.”

Maybe so. I am glad that my privacy is now more protected from meddling by U.S. and European democracies. But frankly, I am far more concerned about the cyber threats to my privacy posed by Russia, China, and other authoritarian regimes than the surveillance threats from Washington. You should be too. [Continue reading…]

Facebooktwittermail

Russia’s Internet Research Agency has industrialized the art of trolling

Adrian Chen writes: Around 8:30 a.m. on Sept. 11 last year, Duval Arthur, director of the Office of Homeland Security and Emergency Preparedness for St. Mary Parish, Louisiana, got a call from a resident who had just received a disturbing text message. “Toxic fume hazard warning in this area until 1:30 PM,” the message read. “Take Shelter. Check Local Media and columbiachemical.com.”

St. Mary Parish is home to many processing plants for chemicals and natural gas, and keeping track of dangerous accidents at those plants is Arthur’s job. But he hadn’t heard of any chemical release that morning. In fact, he hadn’t even heard of Columbia Chemical. St. Mary Parish had a Columbian Chemicals plant, which made carbon black, a petroleum product used in rubber and plastics. But he’d heard nothing from them that morning, either. Soon, two other residents called and reported the same text message. Arthur was worried: Had one of his employees sent out an alert without telling him?

If Arthur had checked Twitter, he might have become much more worried. Hundreds of Twitter accounts were documenting a disaster right down the road. “A powerful explosion heard from miles away happened at a chemical plant in Centerville, Louisiana #ColumbianChemicals,” a man named Jon Merritt tweeted. The #ColumbianChemicals hashtag was full of eyewitness accounts of the horror in Centerville. @AnnRussela shared an image of flames engulfing the plant. @Ksarah12 posted a video of surveillance footage from a local gas station, capturing the flash of the explosion. Others shared a video in which thick black smoke rose in the distance.

Dozens of journalists, media outlets and politicians, from Louisiana to New York City, found their Twitter accounts inundated with messages about the disaster. “Heather, I’m sure that the explosion at the #ColumbianChemicals is really dangerous. Louisiana is really screwed now,” a user named @EricTraPPP tweeted at the New Orleans Times-Picayune reporter Heather Nolan. Another posted a screenshot of CNN’s home page, showing that the story had already made national news. ISIS had claimed credit for the attack, according to one YouTube video; in it, a man showed his TV screen, tuned to an Arabic news channel, on which masked ISIS fighters delivered a speech next to looping footage of an explosion. A woman named Anna McClaren (@zpokodon9) tweeted at Karl Rove: “Karl, Is this really ISIS who is responsible for #ColumbianChemicals? Tell @Obama that we should bomb Iraq!” But anyone who took the trouble to check CNN.com would have found no news of a spectacular Sept. 11 attack by ISIS. It was all fake: the screenshot, the videos, the photographs.

In St. Mary Parish, Duval Arthur quickly made a few calls and found that none of his employees had sent the alert. He called Columbian Chemicals, which reported no problems at the plant. Roughly two hours after the first text message was sent, the company put out a news release, explaining that reports of an explosion were false. When I called Arthur a few months later, he dismissed the incident as a tasteless prank, timed to the anniversary of the attacks of Sept. 11, 2001. “Personally I think it’s just a real sad, sick sense of humor,” he told me. “It was just someone who just liked scaring the daylights out of people.” Authorities, he said, had tried to trace the numbers that the text messages had come from, but with no luck. (The F.B.I. told me the investigation was still open.)

The Columbian Chemicals hoax was not some simple prank by a bored sadist. It was a highly coordinated disinformation campaign, involving dozens of fake accounts that posted hundreds of tweets for hours, targeting a list of figures precisely chosen to generate maximum attention. The perpetrators didn’t just doctor screenshots from CNN; they also created fully functional clones of the websites of Louisiana TV stations and newspapers. The YouTube video of the man watching TV had been tailor-made for the project. A Wikipedia page was even created for the Columbian Chemicals disaster, which cited the fake YouTube video. As the virtual assault unfolded, it was complemented by text messages to actual residents in St. Mary Parish. It must have taken a team of programmers and content producers to pull off.

And the hoax was just one in a wave of similar attacks during the second half of last year. On Dec. 13, two months after a handful of Ebola cases in the United States touched off a minor media panic, many of the same Twitter accounts used to spread the Columbian Chemicals hoax began to post about an outbreak of Ebola in Atlanta. The campaign followed the same pattern of fake news reports and videos, this time under the hashtag #EbolaInAtlanta, which briefly trended in Atlanta. Again, the attention to detail was remarkable, suggesting a tremendous amount of effort. A YouTube video showed a team of hazmat-suited medical workers transporting a victim from the airport. Beyoncé’s recent single “7/11” played in the background, an apparent attempt to establish the video’s contemporaneity. A truck in the parking lot sported the logo of the Hartsfield-Jackson Atlanta International Airport.

On the same day as the Ebola hoax, a totally different group of accounts began spreading a rumor that an unarmed black woman had been shot to death by police. They all used the hashtag #shockingmurderinatlanta. Here again, the hoax seemed designed to piggyback on real public anxiety; that summer and fall were marked by protests over the shooting of Michael Brown in Ferguson, Mo. In this case, a blurry video purports to show the shooting, as an onlooker narrates. Watching it, I thought I recognized the voice — it sounded the same as the man watching TV in the Columbian Chemicals video, the one in which ISIS supposedly claims responsibility. The accent was unmistakable, if unplaceable, and in both videos he was making a very strained attempt to sound American. Somehow the result was vaguely Australian.

Who was behind all of this? When I stumbled on it last fall, I had an idea. I was already investigating a shadowy organization in St. Petersburg, Russia, that spreads false information on the Internet. It has gone by a few names, but I will refer to it by its best known: the Internet Research Agency. [Continue reading…]

Facebooktwittermail

U.S. tried Stuxnet-style campaign against North Korea but failed

Reuters reports: The United States tried to deploy a version of the Stuxnet computer virus to attack North Korea’s nuclear weapons program five years ago but ultimately failed, according to people familiar with the covert campaign.

The operation began in tandem with the now-famous Stuxnet attack that sabotaged Iran’s nuclear program in 2009 and 2010 by destroying a thousand or more centrifuges that were enriching uranium. Reuters and others have reported that the Iran attack was a joint effort by U.S. and Israeli forces.

According to one U.S. intelligence source, Stuxnet’s developers produced a related virus that would be activated when it encountered Korean-language settings on an infected machine.

But U.S. agents could not access the core machines that ran Pyongyang’s nuclear weapons program, said another source, a former high-ranking intelligence official who was briefed on the program. [Continue reading…]

Facebooktwittermail

Here’s what a cyber warfare arsenal might look like

Scientific American: The Pentagon has made clear in recent weeks that cyber warfare is no longer just a futuristic threat—it is now a real one. U.S. government agency and industry computer systems are already embroiled in a number of nasty cyber warfare campaigns against attackers based in China, North Korea, Russia and elsewhere. As a counterpoint, hackers with ties to Russia have been accused of stealing a number of Pres. Barack Obama’s e-mails, although the White House has not formally blamed placed any blame at the Kremlin’s doorstep. The Obama administration did, however, call out North Korea for ordering last year’s cyber attack on Sony Pictures Entertainment.

The battle has begun. “External actors probe and scan [U.S. Department of Defense (DoD)] networks for vulnerabilities millions of times each day, and over 100 foreign intelligence agencies continually attempt to infiltrate DoD networks,” Eric Rosenbach, assistant secretary for homeland defense and global security, testified in April before the U.S. Senate Committee on Armed Services, Subcommittee on Emerging Threats and Capabilities. “Unfortunately, some incursions — by both state and nonstate entities — have succeeded.”

After years of debate as to how the fog of war will extend to the Internet, Obama last month signed an executive order declaring cyber attacks launched from abroad against U.S. targets a “national emergency” and levying sanctions against those responsible. Penalties include freezing the U.S. assets of cyber attackers and those aiding them as well as preventing U.S. residents from conducting financial transactions with those targeted by the executive order. [Continue reading…]

Facebooktwittermail

Cyberattacks alleged to be coming from Iran may be increasing — or diminishing

The New York Times reports: In the report, to be released Friday, Norse — which, like other cybersecurity firms, has an interest in portraying a world of cyberthreats but presumably little incentive in linking them to any particular country — traced thousands of attacks against American targets to hackers inside Iran.

The report, and a similar one from Cylance, another cybersecurity firm, make clear that Iranian hackers are moving from ostentatious cyberattacks in which they deface websites or simply knock them offline to much quieter reconnaissance. In some cases, they appear to be probing for critical infrastructure systems that could provide opportunities for more dangerous and destructive attacks.

But Norse and Cylance differ on the question of whether the Iranian attacks have accelerated in recent months, or whether Tehran may be pulling back during a critical point in the nuclear negotiations.

Norse, which says it maintains thousands of sensors across the Internet to collect intelligence on attackers’ methods, insists that Iranian hackers have shown no signs of letting up. Between January 2014 and last month, the Norse report said, its sensors picked up a 115 percent increase in attacks launched from Iranian Internet protocol, or I.P., addresses. Norse said that its sensors had detected more than 900 attacks, on average, every day in the first half of March.

Cylance came to a different conclusion, at least for Iran’s activities in the past few months, as negotiations have come to a head. Stuart McClure, the chief executive and founder of Cylance, which has been tracking Iranian hacking groups, said that there had been a notable drop in activity over the past few months, and that the groups were now largely quiet. [Continue reading…]

Facebooktwittermail