4 Days of Food Left…Panic? National Grid Hacked

Posted on March 19, 2018March 19, 2018 by Denise Simon

If there is no transportation, there is no food, medicine or basic supplies….what country is ready to deal with this?

British cities would be uninhabitable within days and the country is only a few meals from anarchy if the National Grid was taken down in a cyber attack or solar storm, disaster and security experts have warned.

Modern life is so reliant on electricity that a prolonged blackout would quickly lead to a loss of water, fuel, banking, transport and communications that would leave the country “in the Stone Age”.

Russia plot to cut off UK with hackers taking down ... photo

The warning comes weeks after the Defence Secretary, Gavin Williamson, said Russia had been spying on the UK’s energy infrastructure and could cause “thousands and thousands and thousands” of deaths if it crippled the power supply.

***

The U.S. government has just released an important cybersecurity alert that confirms Russian government cyberattacks targeting energy and other critical infrastructure sectors in the United States.

While there has recently been a significant rise in cyberattacks in these industries, up to now we’ve only been able to speculate on who the actors are, or what their motives may be. In this case the threat actor and their strategic intent has been clearly confirmed, something the U.S. government rarely does publicly.

In addition, the US-CERT alert provides descriptions of each stage of the attack, detailed indicators of compromise (IOCs), and a long list of detection and prevention measures. Many of the attack tactics are like Dragonfly 2.0, so much so that one might call this an expanded playbook for Dragonfly. The Nozomi Networks solution ships today with an analysis toolkit that identifies the presence of Dragonfly 2.0 IOCs.

This article is intended to help you gain perspective on this recent alert, provide additional guidance on what security measures to take, and describe how the Nozomi Networks solution can help.

U.S. energy facilities, like this one, are one of the critical infrastructure targets of the Russian cyberattacks.

Multi-Stage Campaigns Provide Opportunities for Early Detection

The US-CERT alert characterizes this attack as a multi-stage cyber intrusion campaign where Russian cyber actors conducted spear phishing and gained remote access into targeted industrial networks. After obtaining access, the threat vectors conducted network reconnaissance, moved laterally, and collected information pertaining to Industrial Control Systems (ICS).

This pattern of behavior is typical of APTs (Advanced Persistent Threats). APTs occur over an extended period, meaning there is an opportunity to detect and stop them before damage is done. With the right technology monitoring the industrial network, it is much harder for them to go unobserved before their final attack.

In this case the Russian cyberattacks started by infecting staging targets, which are peripheral organizations, such as trusted third-party suppliers, as pivot points for attacking the final intended targets.

The attackers used a multitude of tactics involving information relevant to industrial control professionals for initial infection of the staging targets. Examples include:

Altering trade publication websites
Sending emails containing resumes for ICS personnel as infected Microsoft Word attachments
Analyzing publicly available photos that inadvertently contained information about industrial systems

The credentials of staging targets’ staff were in turn used to send spear phishing emails to the staff of the intended targets. They received malicious .docx files, which communicated with a command and control (C2) server to steal their credentials.

The SMB (Server Message Block) network protocol was used throughout the spear phishing phases to communicate with external servers, as was described for the Dragonfly 2.0 attacks.This is a distinctive tactic. SMB is usually only used to communicate within LANs, not for outbound communications. Now that this is known, asset owners should ensure their firewalls are locked down for outbound service restrictions.

The credentials of the intended targets were used to access victim’s networks. From there, the malware established multiple local administrator accounts, each with a specific purpose. The goals ranged from creation of additional accounts to cleanup activity. For the report, click here.

***

What Is Known

Forensic analysis shows that the threat actors sought information on network and organizational design and control system capabilities within the organization. In one instance, the report says, the threat actors downloaded a small photo from a publicly accessible human resource page, which, when expanded, was a high-resolution photo that displayed control systems equipment models and status information in the background. The threat actors also compromised third-party suppliers to download source code for several intended targets’ websites. They also attempted to remotely access corporate web-based email and virtual private network (VPN) connections.

Once inside the intended target’s network, the threat actors used privileged credentials to access domain controllers via remote desktop protocols (RDP) and then used the batch scripts to enumerate hosts and users, as well as to capture screenshots of systems across the network.

The threat is inside. US-CERT on March 15 warned that threat actors associated with the Russian government had infiltrated ICS and SCADA systems at power plants using a variety of tactics. This image is a DHS reconstruction of a screenshot fragment of a human machine interface (HMI) that the threat actors accessed. Source: US-CERT

Along with publishing an extensive list of indicators of compromise, the DHS and FBI recommended that network administrators review IP addresses, domain names, file hashes, network signatures, and a consolidated set of YARA rules for malware associated with the intrusion authored by the National Cybersecurity and Communications Integration Center. YARA is an open-source and multiplatform tool that provides a mechanism to exploit code similarities between malware samples within a family.

Facebook, Artificial Intelligence Op, Manipulating You

Posted on March 19, 2018March 19, 2018 by Denise Simon

Is any of this illegal? Well, yet to be determined because no one asks the questions, much less do we know what questions to ask….

It boils down to this: ‘facts don’t matter, it is what readers believe’ or as is in A Few Good Men, a dream world is it does not matter what I believe, it matters what I can prove. Artificial intelligence is proven, believed and kinda sorta factual?

photo

Facebook says it has saved more than $2 billion from its investments in Open Compute. But five years is an eternity on the Internet, and now every big tech company is out to conquer a different problem. Serving up content cheaply can be done, but figuring out what kind of content to serve among billions of posts is still a challenge. So, just as Facebook set out to rebuild the hardware industry half a decade ago with the Open Compute project, it has more recently created an internal platform to harness artificial intelligence so it can deliver exactly the content you want to see. And it wants to build this “machine learning” platform to scale. (“Machine learning” is a form of artificial intelligence that allows computers to learn how to operate without being pre-programmed.) “We’re trying to build more than 1.5 billion AI agents—one for every person who uses Facebook or any of its products,” says Joaquin Candela, the head of the newly created Applied Machine Learning group. “So how the hell do you do that?”

FBLearner Flow combines several machine-learning models to process several billion data points, drawn from the activity of the site’s 1.5 billion users, and forms predictions about thousands of things: which user is in a photograph, which message is likely to be spam. The algorithms created from FBLearner Flow’s models help define what content appears in your News Feed and what advertisements you see.

It would be easy to jump to the conclusion that Facebook’s use of artificial intelligence will help eliminate some of the company’s 13,000 employees. The reality couldn’t be more different, says chief technology officer Mike Schroepfer. AI is helping Facebook augment the capabilities of its human engineers. “We’re able to do things that we have not able to do before,” he says. More here.

***

Stop clicking the bait on Facebook, you are participating in psychometic testing for Facebook.

Predicting individual traits and attributes based on various cues, such as samples of written text (8), answers to a psychometric test (9), or the appearance of spaces people inhabit (10), has a long history. Human migration to digital environment renders it possible to base such predictions on digital records of human behavior. It has been shown that age, gender, occupation, education level, and even personality can be predicted from people’s Web site browsing logs (11 ⇓⇓⇓–15). Similarly, it has been shown that personality can be predicted based on the contents of personal Web sites (16), music collections (17), properties of Facebook or Twitter profiles such as the number of friends or the density of friendship networks (18 ⇓⇓–21), or language used by their users (22). Furthermore, location within a friendship network at Facebook was shown to be predictive of sexual orientation (23).

This study demonstrates the degree to which relatively basic digital records of human behavior can be used to automatically and accurately estimate a wide range of personal attributes that people would typically assume to be private. The study is based on Facebook Likes, a mechanism used by Facebook users to express their positive association with (or “Like”) online content, such as photos, friends’ status updates, Facebook pages of products, sports, musicians, books, restaurants, or popular Web sites. Likes represent a very generic class of digital records, similar to Web search queries, Web browsing histories, and credit card purchases. For example, observing users’ Likes related to music provides similar information to observing records of songs listened to online, songs and artists searched for using a Web search engine, or subscriptions to related Twitter channels. In contrast to these other sources of information, Facebook Likes are unusual in that they are currently publicly available by default. However, those other digital records are still available to numerous parties (e.g., governments, developers of Web browsers, search engines, or Facebook applications), and, hence, similar predictions are unlikely to be limited to the Facebook environment. More here.

***

photo

So why does Facebook feel like it is a victim of Cambridge Analytica? Well it seems Cambridge Analytica was a customer of Facebook and bought customer data for their own use. Facebook feels betrayed but how about that relationship? Facebook censors and mines data for their own political missions and frankly Cambridge Analytica does the same thing. These two companies along with several others and hired outside data and espionage types are changing the whole balance and equilibrium of the globe, question is to what end?

***

The data company that helped push Donald Trump to victory is now hoping it will win two lucrative contracts to boost White House policy messaging and to expand sales for the Trump Organization.

Cambridge Analytica, a data mining firm that uses personality profiling, claims Steve Bannon as a board member, who will soon officially be Mr Trump’s chief strategist.

The firm is backed by billionaire investor Robert Mercer, whose daughter Rebekah sits on the 16-person Trump transition team.

The London-based firm said it has marketing and psychological data on around 230 million Americans, which could help Mr Trump to increase his real estate business, or scope out the policy landscape for his government. More here.

In case you are wondering about global opposition research and affecting power to power with global leaders, check out this video:

Now this cat may appear to be quite an odd whistleblower but….

Christopher Wylie, who worked for data firm Cambridge Analytica, reveals how personal information was taken without authorisation in early 2014 to build a system that could profile individual US voters in order to target them with personalised political advertisements. At the time the company was owned by the hedge fund billionaire Robert Mercer, and headed at the time by Donald Trump’s key adviser, Steve Bannon. Its CEO is Alexander Nix.

When Biden and Kerry Concocted a Shady Equity Firm

Posted on March 19, 2018March 19, 2018 by Denise Simon

Keep this post in your bookmarks as we enter into the 2020 general election….

Primer:

1. China plants industrial espionage operatives in the U.S. that steal government contract secrets and sell them back to China. FBI caught at least one.

2. Through cyber espionage, China has stolen much of the F-35 technology, more than 50 terabytes.

3. John Kerry and Joe Biden did exactly the same thing as Hillary…sold access for money while exploiting it all as diplomatic missions with the title(s) of bi-lateral agreements.

4. Subpoena former Treasury Secretary Jack Lew and ask him about the CFIUS approvals of Chinese back enterprises. We may surely need to go back to former Treasury Secretary, Tim Geithner, did he set the table for all this with Obama’s approval creating that ‘Asia Pivot‘?

5. What does Congress know about foreign investments and when do they know it? They get reports, but who is asking questions, anyone?

photo

NYP: Joe Biden and John Kerry have been pillars of the Washington establishment for more than 30 years. Biden is one of the most popular politicians in our nation’s capital.

His demeanor, sense of humor, and even his friendly gaffes have allowed him to form close relationships with both Democrats and Republicans. His public image is built around his “Lunch Bucket Joe” persona. As he reminds the American people on regular occasions, he has little wealth to show for his career, despite having reached the vice presidency.

One of his closest political allies in Washington is former senator and former Secretary of State John Kerry. “Lunch Bucket Joe” he ain’t; Kerry is more patrician than earthy. But the two men became close while serving for several decades together in the US Senate. The two “often talked on matters of foreign policy,” says Jules Witcover in his Biden biography.

So their sons going into business together in June 2009 was not exactly a bolt out of the blue.

But with whom their sons cut lucrative deals while the elder two were steering the ship of state is more of a surprise.

What Hunter Biden, the son of America’s vice president, and Christopher Heinz, the stepson of the chairman of the Senate Committee on Foreign Relations (later to be secretary of state), were creating was an international private equity firm. It was anchored by the Heinz family alternative investment fund, Rosemont Capital. The new firm would be populated by political loyalists and positioned to strike profitable deals overseas with foreign governments and officials with whom the US government was negotiating.

Hunter Biden, Vice President Joe Biden’s youngest son, had gone through a series of jobs since graduating from Yale Law School in 1996, including the hedge-fund business.

By the summer of 2009, the 39-year-old Hunter joined forces with the son of another powerful figure in American politics, Chris Heinz. Senator John Heinz of Pennsylvania had tragically died in a 1991 airplane crash when Chris was 18. Chris, his brothers, and his mother inherited a large chunk of the family’s vast ketchup fortune, including a network of investment funds and a Pennsylvania estate, among other properties. In May 1995, his mother, Teresa, married Senator John Kerry of Massachusetts. That same year, Chris graduated from Yale, and then went on to get his MBA from Harvard Business School.

Joining them in the Rosemont venture was Devon Archer, a longtime Heinz and Kerry friend.

The three friends established a series of related LLCs. The trunk of the tree was Rosemont Capital, the alternative investment fund of the Heinz Family Office. Rosemont Farm is the name of the Heinz family’s 90-acre estate outside Fox Chapel, Pennsylvania.

The small fund grew quickly. According to an email revealed as part of a Securities and Exchange Commission investigation, Rosemont described themselves as “a $2.4 billion private equity firm co-owned by Hunter Biden and Chris Heinz,” with Devon Archer as “Managing Partner.”

The partners attached several branches to the Rosemont Capital trunk, including Rosemont Seneca Partners, LLC, Rosemont Seneca Technology Partners, and Rosemont Realty.

Of the various deals in which these Rosemont entities were involved, one of the largest and most troubling concerns was Rosemont Seneca Partners.

Rather than set up shop in New York City, the financial capital of the world, Rosemont Seneca leased space in Washington, DC. They occupied an all-brick building on Wisconsin Avenue, the main thoroughfare of exclusive Georgetown. Their offices would be less than a mile from John and Teresa Kerry’s 23-room Georgetown mansion, and just two miles from both Joe Biden’s office in the White House and his residence at the Naval Observatory.

Over the next seven years, as both Joe Biden and John Kerry negotiated sensitive and high-stakes deals with foreign governments, Rosemont entities secured a series of exclusive deals often with those same foreign governments.

Some of the deals they secured may remain hidden. These Rosemont entities are, after all, within a private equity firm and as such are not required to report or disclose their financial dealings publicly.

Some of their transactions are nevertheless traceable by investigating world capital markets. A troubling pattern emerges from this research, showing how profitable deals were struck with foreign governments on the heels of crucial diplomatic missions carried out by their powerful fathers. Often those foreign entities gained favorable policy actions from the United States government just as the sons were securing favorable financial deals from those same entities.

Nowhere is that more true than in their commercial dealings with Chinese government-backed enterprises.

Rosemont Seneca joined forces in doing business in China with another politically connected consultancy called the Thornton Group. The Massachusetts-based firm is headed by James Bulger, the nephew of the notorious mob hitman James “Whitey” Bulger. Whitey was the leader of the Winter Hill Gang, part of the South Boston mafia. Under indictment for 19 murders, he disappeared. He was later arrested, tried, and convicted.

James Bulger’s father, Whitey’s younger brother, Billy Bulger, serves on the board of directors of the Thornton Group. He was the longtime leader of the Massachusetts state Senate and, with their long overlap by state and by party, a political ally of Massachusetts Senator John Kerry.

Less than a year after opening Rosemont Seneca’s doors, Hunter Biden and Devon Archer were in China, having secured access at the highest levels. Thornton Group’s account of the meeting on their Chinese-language website was telling: Chinese executives “extended their warm welcome” to the “Thornton Group, with its US partner Rosemont Seneca chairman Hunter Biden (second son of the now Vice President Joe Biden).”

The purpose of the meetings was to “explore the possibility of commercial cooperation and opportunity.” Curiously, details about the meeting do not appear on their English-language website.

Also, according to the Thornton Group, the three Americans met with the largest and most powerful government fund leaders in China — even though Rosemont was both new and small.

The timing of this meeting was also curious. It occurred just hours before Hunter Biden’s father, the vice president, met with Chinese President Hu in Washington as part of the Nuclear Security Summit.

There was a second known meeting with many of the same Chinese financial titans in Taiwan in May 2011. For a small firm like Rosemont Seneca with no track record, it was an impressive level of access to China’s largest financial players. And it was just two weeks after Joe Biden had opened up the US-China strategic dialogue with Chinese officials in Washington.

On one of the first days of December 2013, Hunter Biden was jetting across the Pacific Ocean aboard Air Force Two with his father and daughter Finnegan. The vice president was heading to Asia on an extended official trip. Tensions in the region were on the rise.

The American delegation was visiting Japan, China, and South Korea. But it was the visit to China that had the most potential to generate conflict and controversy. The Obama administration had instituted the “Asia Pivot” in its international strategy, shifting attention away from Europe and toward Asia, where China was flexing its muscles.

For Hunter Biden, the trip coincided with a major deal that Rosemont Seneca was striking with the state-owned Bank of China. From his perspective, the timing couldn’t have been better.

Vice President Biden, Hunter Biden and Finnegan arrived to a red carpet and a delegation of Chinese officials. Greeted by Chinese children carrying flowers, the delegation was then whisked to a meeting with Vice President Li Yuanchao and talks with President Xi Jinping.

Hunter and Finnegan Biden joined the vice president for tea with US Ambassador Gary Locke at the Liu Xian Guan Teahouse in the Dongcheng District in Beijing. Where Hunter Biden spent the rest of his time on the trip remains largely a mystery. There are actually more reports of his daughter Finnegan’s activities than his.

What was not reported was the deal that Hunter was securing. Rosemont Seneca Partners had been negotiating an exclusive deal with Chinese officials, which they signed approximately 10 days after Hunter visited China with his father. The most powerful financial institution in China, the government’s Bank of China, was setting up a joint venture with Rosemont Seneca.

The Bank of China is an enormously powerful financial institution. But the Bank of China is very different from the Bank of America. The Bank of China is government-owned, which means that its role as a bank blurs into its role as a tool of the government. The Bank of China provides capital for “China’s economic statecraft,” as scholar James Reilly puts it. Bank loans and deals often occur within the context of a government goal.

Rosemont Seneca and the Bank of China created a $1 billion investment fund called Bohai Harvest RST (BHR), a name that reflected who was involved. Bohai (or Bo Hai), the innermost gulf of the Yellow Sea, was a reference to the Chinese stake in the company. The “RS” referred to Rosemont Seneca. The “T” was Thornton.

The fund enjoyed an unusual and special status in China. BHR touted its “unique Sino-US shareholding structure” and “the global resources and network” that allowed it to secure investment “opportunities.” Funds were backed by the Chinese government.

In short, the Chinese government was literally funding a business that it co-owned along with the sons of two of America’s most powerful decision makers.

The partnership between American princelings and the Chinese government was just a beginning. The actual investment deals that this partnership made were even more problematic. Many of them would have serious national security implications for the United States.

In 2015, BHR joined forces with the automotive subsidiary of the Chinese state-owned military aviation contractor Aviation Industry Corporation of China (AVIC) to buy American “dual-use” parts manufacturer Henniges.

AVIC is a major military contractor in China. It operates “under the direct control of the State Council” and produces a wide array of fighter and bomber aircraft, transports, and drones — primarily designed to compete with the United States.

The company also has a long history of stealing Western technology and applying it to military systems. The year before BHR joined with AVIC, the Wall Street Journal reported that the aviation company had stolen technologies related to the US F-35 stealth fighter and incorporated them in their own stealth fighter, the J-31. AVIC has also been accused of stealing US drone systems and using them to produce their own.

In September 2015, when AVIC bought 51 percent of American precision-parts manufacturer Henniges, the other 49 percent was purchased by the Biden-and-Kerry-linked BHR.

Henniges is recognized as a world leader in anti-vibration technologies in the automotive industry and for its precise, state-of-the-art manufacturing capabilities. Anti-vibration technologies are considered “dual-use” because they can have a military application, according to both the State Department and Department of Commerce.

The technology is also on the restricted Commerce Control List used by the federal government to limit the exports of certain technologies. For that reason, the Henniges deal would require the approval of the Committee on Foreign Investment in the United States (CFIUS), which reviews sensitive business transactions that may have a national security implication.

According to BHR internal documents, the Henniges deal included “arduous and often-times challenging negotiations.” The CFIUS review in 2015 included representatives from numerous government agencies including John Kerry’s State Department.

The deal was approved in 2015.

Excerpted with permission from “Secret Empires: How the American Political Class Hides Corruption and Enriches Family and Friends,” by Peter Schweizer, published by Harper Collins. The book goes on sale March 20.