Category Archives: NSA Spying

Google Sent Users 40,000 Warnings

Posted on by

Primer questions: Did other tech companies do the same and if so, how many? What does Congress know and where are they with a real cyber policy?

Google’s threat analysis group, which counters targeted and government-backed hacking against the company and its users, sent account holders almost 40,000 warnings in 2019, with government officials, journalists, dissidents, and geopolitical rivals being the most targeted, team members said on Thursday.

The number of warnings declined almost 25 percent from 2018, in part because of new protections designed to curb cyberattacks on Google properties. Attackers have responded by reducing the frequency of their hack attempts and being more deliberate. The group saw an increase in phishing attacks that impersonated news outlets and journalists. In many of these cases, attackers sought to spread disinformation by attempting to seed false stories with other reporters. Other times, attackers sent several benign messages in hopes of building a rapport with a journalist or foreign policy expert. The attackers, who most frequently came from Iran and North Korea, would later follow up with an email that included a malicious attachment.

Color-coded Mercator projection of the world.

“Government-backed attackers regularly target foreign policy experts for their research, access to the organizations they work with, and connection to fellow researchers or policymakers for subsequent attacks,” Toni Gidwani, a security engineering manager in the threat analysis group, wrote in a post.

Top targets

Countries with residents that collectively received more than 1,000 warnings included the United States, India, Pakistan, Japan, and South Korea. Thursday’s post came eight months after Microsoft said it had warned 10,000 customers of nation-sponsored attacks over the 12 previous months. The software maker said it saw “extensive” activity from five specific groups sponsored by Iran, North Korea, and Russia.

Thursday’s post also tracked targeted attacks carried out by Sandworm, believed to be an attack group working on behalf of the Russian Federation. Sandworm has been responsible for some of the world’s most severe attacks, including hacks on Ukrainian power facilities that left the country without electricity in 2015 and 2016, NATO and the governments of Ukraine and Poland in 2014, and according to Wired journalist Andy Greenberg, the NotPetya malware that created worldwide outages, some that lasted weeks.

The following graph shows Sandworm’s targeting of various industries and countries from 2017 to 2019. While the targeting of most of the industries or countries was sporadic, Ukraine was on the receiving end of attacks throughout the entire three-year period:

Sandworm’s targeting efforts (mostly by sector) over the last three years.
Enlarge / Sandworm’s targeting efforts (mostly by sector) over the last three years.
Google

Tracking zero-days

In 2019, the Google group discovered zero-day vulnerabilities affecting Android, iOS, Windows, Chrome, and Internet Explorer. A single attack group was responsible for exploiting five of the unpatched security flaws. The attacks were used against Google, Google account holders, and users of other platforms.

“Finding this many zeroday exploits from the same actor in a relatively short time frame is rare,” Gidwani wrote.

The exploits came from legitimate websites that had been hacked, links to malicious websites, and attachments embedded in spear-phishing emails. Most of the targets were in North Korea or were against individuals working on North Korea-related issues.

The group’s policy is to privately inform developers of the affected software and give them seven days to release a fix or publish an advisory. If the companies don’t meet that deadline, Google releases its own advisory.

One observation that Google users should note: of all the phishing attacks the company has seen in the past few years, none has resulted in a takeover of accounts protected by the account protection program, which among other things makes multifactor authentication mandatory. Once people have two physical security keys from Yubi or another manufacturer, enrolling in the program takes less than five minutes.

Govt Report on Prevention of Nationwide Cyber Catastrophe

Posted on by

A good first step for sure, however there needs to be a government-wide decision on cyber attacks being an act of war and how to respond.

***

The Cyberspace Solarium Commission’s proposes a strategy of layered cyber deterrence. Our report consists of over 80 recommendations to implement the strategy. These recommendations are organized into 6 pillars:
  1. Reform the U.S. Government’s Structure and Organization for Cyberspace.
  2. Strengthen Norms and Non-Military Tools.
  3. Promote National Resilience.
  4. Reshape the Cyber Ecosystem.
  5. Operationalize Cybersecurity Collaboration with the Private Sector.
  6. Preserve and Employ the Military Instrument of National Power.

Click here to download the full report.

A much-anticipated government report aimed at defending the nation against cyber threats in the years to come opens with a bleak preview of what could happen if critical systems were brought down.

“The water in the Potomac still has that red tint from where the treatment plants upstream were hacked, their automated systems tricked into flushing out the wrong mix of chemicals,” the Cyberspace Solarium Commission wrote in the opening lines of its report.

“By comparison, the water in the Lincoln Memorial Reflecting Pool has a purple glint to it. They’ve pumped out the floodwaters that covered Washington’s low-lying areas after the region’s reservoirs were hit in a cascade of sensor hacks,” it continues.

So begins the report two years in the making from a congressionally mandated commission made up of lawmakers and top Trump administration officials, pointing to the vulnerabilities involved with critical systems being hooked up to the internet.

The report, which includes more than 75 recommendations for how to prevent the cyber doomsday it spells out, and the commission that made it were both mandated by the 2019 National Defense Authorization Act (NDAA).

The commissioners, who include co-chairmen Sen. Angus King (I-Maine) and Rep. Mike Gallagher (R-Wis.), highlight a range of issues to address, but zero in on election security as “priority.”

“The American people still do not have the assurance that our election systems are secure from foreign manipulation,” King and Gallagher wrote in the report. “If we don’t get election security right, deterrence will fail and future generations will look back with longing and regret on the once powerful American Republic and wonder how we screwed the whole thing up.”

The focus on shoring up election security, and the agreed-upon recommendations for how to do this, sets the report apart from the approach to the subject on Capitol Hill, where it has been a major issue of contention between Republicans and Democrats since Russian interference in the 2016 presidential election.

Beyond election security, the commissioners call for overarching government reform to address cyber vulnerabilities. Chief among these is calling on the White House to issue an updated national strategy to address cyber threats and to establish a national cybersecurity director position to coordinate efforts.

In terms of congressional action, commissioners recommend that Congress create cybersecurity committees in both the House and Senate, establish a Bureau of Cybersecurity Statistics, and establish an assistant secretary position at the State Department to lead international efforts around cybersecurity.

“While cyberspace has transformed the American economy and society, the government has not kept up,” commissioners wrote in calling for reforms.

The commission also zeroed in on “imposing costs” to adversaries who attempt to attack the U.S. online. In order to do so, it recommended that the Department of Defense conduct vulnerability assessments of its weapons systems, including nuclear control systems, and that it make cybersecurity preparedness a necessity.

The Cybersecurity and Infrastructure Security Agency, the Department of Homeland Security’s cyber agency, would be empowered as the “lead agency” at the federal level.

The report’s recommendations were debated on and pinpointed by a group of high-ranking commissioners who also included FBI Director Christopher Wray, Deputy Secretary of Defense David Norquist, Transportation Security Administration Administrator David Pekoske, Sen. Ben Sasse (R-Neb.), and Rep. James Langevin (D-R.I.).

Langevin said in a statement on Wednesday that the report is intended to shore up the nation’s cyber “resiliency for years to come.”

“Our charge in drafting this report was to prevent a cyber event of significant national consequence, and we know that the short- and long-term recommendations we crafted will better position us to realize the promise of the Internet, while avoiding its perils,” Langevin said. “The sooner our recommendations are implemented, the better positioned the country will be to prevent and respond to incidents that can disrupt the American way of life.”

The report’s recommendations may soon have real-world consequences on Capitol Hill.

Rep. John Katko (R-N.Y.), the ranking member on the House Homeland Security Committee’s cyber panel, told The Hill this week that there “definitely will be some legislation” stemming from the report’s recommendations, and that hearings would likely be held.

Katko noted that he had talked with Senate Homeland Security Committee Chairman Ron Johnson (R-Wis.) about the Senate also taking action around the report.

“This report screams of the need for bipartisan action on this, and I hope that we can leave the politics out of it, and I hope we can attack these problems quickly and effectively,” Katko said.

Rep. Cedric Richmond (D-La.), the cyber subcommittee’s chairman, opened a hearing on Wednesday by praising the report’s recommendations and saying he looked forward to working to “codifying” the ideas alongside House Homeland Security Committee Chairman Bennie Thompson (D-Miss.).

Industry groups also reacted positively to the report’s recommendations. Tom Gann, the chief public policy officer of cybersecurity firm McAfee, told The Hill in a statement that he agreed with most of the report’s findings and hoped that they are “acted upon with speed.”

Protect Our Power, a nonprofit with the goal of protecting the electric grid, also praised the report.

“These are compelling recommendations, echoing issues we have highlighted for several years now, and action is long overdue,” Jim Cunningham, executive director of the group, said in a statement. “Without a reliable supply of electricity before, during and following a disabling cyberattack, none of our critical infrastructure can function.”

While there may be legislative action soon – and praise from industry groups – both Gallagher and King emphasized in the report that their main aim was for it to open the eyes of Americans to the dangers posed by cyberattacks on critical systems.

“The status quo is inviting attacks on America every second of every day,” the co-chairmen wrote. “We all want that to stop. So please do us, and your fellow Americans, a favor. Read this report and then demand that your government and the private sector act with speed and agility to secure our cyber future.”

U.S. Using Wide Range of Spy Tools to Monitor Coronavirus

Posted on by

A major fall of nitrogen dioxide in China since the outbreak of Covid-19.

Nitrogen dioxide is a nasty-smelling gas. Some nitrogen dioxide is formed naturally in the atmosphere by lightning and some is produced by plants, soil and water. However, only about 1% of the total amount of nitrogen dioxide found in our cities’ air is formed this way.

Nitrogen dioxide is an important air pollutant because it contributes to the formation of photochemical smog, which can have significant impacts on human health. The main effect of breathing in raised levels of nitrogen dioxide is the increased likelihood of respiratory problems. Nitrogen dioxide inflames the lining of the lungs, and it can reduce immunity to lung infections. This can cause problems such as wheezing, coughing, colds, flu and bronchitis.

***

United States intelligence agencies are using “a wide range” of tools, ranging from open-source collection to communications interception and human intelligence, to collect desperately needed data about the spread of the coronavirus, according to sources. As of late last week, some of the most dependable data on the spread of the virus, known as COVID-19, came from military channels of information, according to Yahoo News’ National Security and Investigations Reporter Jenna McLaughlin.

Writing last Friday, McLaughlin cited “two sources familiar with the matter”, who said that the Office of the Director of National Intelligence and the Central Intelligence Agency’s Global Issues Mission Center were collecting and analyzing real-time data on the coronavirus. The spread of the disease was also being monitored by the National Center for Medical Intelligence, which assesses the impact of disease outbreaks on American and foreign military personnel, said McLaughlin. She added that the intelligence generated by these agencies was being channeled to the Centers for Disease Control and Prevention and the Department of Health and Human Services, which lead the White House’s Task Force on COVID-19.

A major concern of the US Intelligence Community is that the Chinese, Iranian and other governments around the world may not be sharing comprehensive data on the spread of the virus and its impact. “No data means spying”, one unnamed source told McLaughlin. According to Reuters’ Mark Hosenball, US intelligence agencies have been using “a wide range of intelligence tools”, including human intelligence and electronic communications interception to track the spread of COVID-19. A major question that US intelligence agencies are trying to answer is whether governments like China’s or Iran’s have effective “continuity operations” plans in place, which relate to preserving the main functions of government during a major national disaster.

According to Hosenball, there is pessimism among US intelligence experts about the ability of developing countries around the world to respond to a massive COVID-19 outbreak. One example is India, whose dense population and rudimentary public-health infrastructure raises serious concerns about the government’s ability to protect the country’s population from a major pandemic. The report adds that there “deep concern” in US government circles about the possibility that Iran may be covering up the details about the spread of COVID-19.

***

The coronavirus is coinciding with “significant decreases” in nitrogen dioxide over China, according to NASA, as authorities there continue to place more people under quarantines and some businesses remain closed amid the outbreak.

Pollution monitoring satellites operated by NASA and the European Space Agency (ESA) detected the decreases over a two-month span, according to a news release. The drops coincided with the outbreak and the Lunar New Year, which was unusually tame because many decided to stay indoors rather than risk becoming infected.

Nitrogen dioxide levels over China decreased dramatically as China continues to grapple with the coronavirus outbreak. 

In January, Chinese authorities locked down several cities and shut down all transportation going into and out of the city of Wuhan, the epicenter of the outbreak.

The pollution reduction is shown in two maps released by the space agencies. The first shows large concentrations of nitrogen dioxide levels over Beijing and near Wuhan from Jan. 1 through 20, before mandated quarantines were issued. More here.

Justice Dept Brands Huawei as a Criminal Enterprise

Posted on by

Gotta hope that Europe takes note, especially Britain. Europe so far has approved Huawei as the vendor platform for 5G. Check your use of apps at the Google store and take a second look at your smart devices.

Image result for huawei source

FDD: The U.S. Department of Justice (DOJ) indicted Chinese telecommunications firm Huawei Technologies and its subsidiaries last week for alleged racketeering, theft of intellectual property, and conspiracy to commit bank fraud, among other charges. The indictment portrays Huawei not merely as a company that has broken the law, but as a fundamentally criminal enterprise.

The new charges target Huawei, four of Huawei’s subsidiaries (Huawei Device Co. Ltd., Huawei Device USA Inc., Futurewei Technologies Inc., and Skycom Tech Co. Ltd.), and Huawei’s chief financial officer, Meng Wanzhou, for violating the Racketeer Influenced and Corrupt Organizations (RICO) Act, which Congress passed in 1970 to combat organized crime.

According to the DOJ, the Huawei business model entailed “the deliberate and repeated misappropriation of intellectual property of companies headquartered or with offices in the United States.” DOJ also highlighted other violations, including Huawei’s role in sanctions evasion and fraudulent activities.

Last week’s indictment marks the first time DOJ charged a company with suspect connections to a foreign government as a criminal enterprise. Although Huawei asserts it is not state-owned, the company has indirect ties to the Chinese government and has yet to publically disclose who exactly owns and controls the company. Huawei’s majority shareholder is the company’s labor union, which keeps the details of its membership and governance structure out of the public eye. Last year, Jiang Xisheng, a top executive, explained during a press conference that the labor union’s ownership is simply a matter of legal convenience; this only further obfuscated who is really in charge. Additionally, Huawei’s founder, Ren Zhangfei, served in the Chinese military and is a member of the Chinese Communist Party.

While the indictment does not say that Beijing directed Huawei to operate as a criminal enterprise, China’s National Intelligence Law of 2017 requires Huawei and other private companies to provide the government with their data to “support, assist, and cooperate with state intelligence according to the law.” In short, the law empowers Beijing to exploit Huawei as an intelligence asset whenever it sees fit.

In other high-profile cases, the Chinese government has stolen sensitive U.S. data to achieve a strategic advantage. U.S. officials have even deemed China’s espionage and intelligence activities as a “long-term existential threat to the security of our nation.” In 2012, the head of the U.S. National Security Agency estimated that China’s economic espionage cost U.S. companies $250 billion in annual losses. Additionally, the targeting of strategic industries has allowed Beijing to enhance its own military capabilities at America’s expense.

The exploitation of Huawei could clearly enhance Beijing’s intelligence collecting capabilities. Just last week, the U.S. government reported that for over ten years Huawei secretly maintained “back doors” on its mobile networks that allowed the company – and potentially the Chinese government – to have direct access to their users’ most sensitive data.

The indictment of Huawei as a criminal enterprise shows that the Trump administration was mistaken when it placated Beijing by softening previous penalties for Huawei’s misconduct. If the court finds Huawei guilty under RICO, the administration should ensure the full application of all penalties necessary to end its criminal pursuits.

 

Huawei Snooping via Backdoor on US Telecom Network

Posted on by

For ten years…..

U.S. officials say Huawei Technologies Co. can covertly access mobile-phone networks around the world through “back doors” designed for use by law enforcement, as Washington tries to persuade allies to exclude the Chinese company from their networks.

Chinese tech giant Huawei can reportedly access the networks it helped build that are being used by mobile phones around the world. It’s been using backdoors intended for law enforcement for over a decade, The Wall Street Journal reported Tuesday, citing US officials. The details were disclosed to the UK and Germany at the end of 2019 after the US had noticed access since 2009 across 4G equipment, according to the report.

The backdoors were inserted for law enforcement use into carrier equipment like base stations, antennas and switching gear, the Journal said, with US officials reportedly alleging they were designed to be accessible by Huawei.

“We have evidence that Huawei has the capability secretly to access sensitive and personal information in systems it maintains and sells around the world,” Robert O’Brien, national security adviser, reportedly said.

The White House and Huawei didn’t immediately respond to a request for comment, but the tech giant rejected the claims according to the Journal.

UK Prime Minister Boris Johnson approved Huawei for 5G last month with some conditions: The British restrictions are to exclude Huawei from building core parts of the UK’s 5G networks, have Huawei’s market share capped at 35% and exclude Huawei from sensitive geographic locations. The European Union allowed higher-risk vendors for 5G with similar restrictions at the end of January.

Huawei’s 5G approval there came despite the US urging the UK to ban the Chinese telecommunications giant.

Huawei was blacklisted in May when it was added to the United States’ “entity list” (PDF). In addition, US President Donald Trump at the same time signed an executive order essentially banning the company in light of national security concerns that Huawei had close ties with the Chinese government. Huawei has repeatedly denied that charge.

*** Huawei faces further investigation into Chinese 'spying ... source

Huawei disputed the latest allegations, as it has done in the past, saying it “has never and will never do anything that would compromise or endanger the security of networks and data of its clients.” Huawei also said that the United States made its latest accusations “without providing any kind of concrete evidence.”

“No Huawei employee is allowed to access the network without an explicit approval from the network operator,” a Huawei official said, according to the Journal.

The US government has been moving to reduce the amount of Huawei and ZTE equipment in telecom networks. The Federal Communications Commission voted unanimously in November to ban Huawei and ZTE gear in projects paid for by the FCC’s Universal Service Fund (USF). FCC Chairman Ajit Pai said at the time that Huawei and ZTE “have close ties to China’s Communist government and military apparatus” and “are subject to Chinese laws broadly obligating them to cooperate with any request from the country’s intelligence services and to keep those requests secret.”

The ban is expected to hit small carriers the hardest, as Huawei has appealed to small network operators by selling low-cost gear. By contrast, big telcos like AT&T “have long steered clear of Huawei,” a March 2018 Wall Street Journal report said.