Category Archives: China

The Wilful Reckless Handling of Classified Docs in DHS too?

Posted on by

Okay, so we have had the issue at the U.S. State Department and now the Department of Homeland Security, so it begs the question, what other agencies? Further, Iran, Russia, China and North Korea are likely loving this.

Security? Heh….

Homeland Security Is Spilling a Lot of Secrets

By

Bloomberg: The Department of Homeland Security suffered over 100 “spills” of classified information last year, 40 percent of which came from one office, according to a leaked internal document I obtained. Officials and lawmakers told me that until the Department imposes stricter policies and sounder practices to better protect sensitive intelligence, the vulnerabilities there could be exploited. Not only does this raise the threat that hostile actors could get their hands on classified information, but may lead to other U.S. agencies keeping DHS out of the loop on major security issues.

A spill is not the same as an unauthorized disclosure of classified information. A Homeland Security official explained that spills often include “the accidental, inadvertent, or intentional introduction of classified information into an unclassified information technology system, or higher-level classified information into a lower-level classified information technology system, to include non-government systems.”

Examples include: using a copier not approved for the level of classified information copied; failing to properly mark a classified product; transmitting classified information on an unclassified system like Gmail; or sending classified information to someone who, while having the proper level of clearance, is not authorized to read a section of information sent to them, the official said.

There were 119 of these classified spills reported throughout the Homeland Security Department in fiscal year 2015, according to the internal document, which itself is unclassified. The section with the most spills by far was the Office of Intelligence and Analysis, headquartered at building 19 of the Nebraska Avenue Complex in Washington, led by retired General Francis Taylor. This office is composed mostly of intelligence analysts assigned to produce and review classified reports that are often the work of other intelligence agencies, including the Central Intelligence Agency and the Office of the Director of National Intelligence.

One senior Homeland Security official told me that the intelligence and analysis office at DHS suffers from lax enforcement of the established policies and practices to protect classified information. This official said the numbers of classified spills in the internal report only represents those incidents that were officially reported, and the actual number is much higher.

S.Y. Lee, a department spokesman, told me that DHS does not comment on reports of leaked information, but that the department is currently having mandatory employee training sessions on the handling of classified and sensitive information.

“We take any report of mishandling of information very seriously, and when violations are discovered, the Department takes immediate, appropriate actions to address the situation,” he said. “DHS takes the protection of all our assets very seriously, and will continue to evolve our training and remediation efforts to address security needs and accountability to the American public.”

Experts on government secrecy and classified information handling told me that the number of spills alone does not directly prove that there is a larger cultural or policy problem at DHS. But there is a history of carelessness with e-mail at the department, and this new finding combined with anecdotal reports of bad practices indicate that there should be more investigation the intelligence and analysis division in particular.

“At a minimum, this raises a question about what’s going on at this corner of the agency,” said Steven Aftergood, director of the program on government secretary at the Federation of American Scientists. “If it is happening disproportionally in one part of the agency, that may mean that remedial measures are needed there, including security training, better oversight and similar steps.”

Spillages are a normal part of the classification system at the DHS and elsewhere, and there are formal procedures for addressing them because it’s understood that you cannot eliminate human error, he said. But if one intelligence shop is mishandling information from another part of the government, that could cause real problems in the interagency cooperation and intelligence-sharing.

“If they have a reputation as a shop with unreliable security, other agencies are going to think twice about sharing their most valuable information with Homeland Security,” Aftergood said. “It can hurt other agencies and it can rebound on them. It’s bad all around and should be corrected.”

Johannes B. Ullrich, dean of research for the SANS Technology Institute, said that it’s probable most of the classified spills were unintentional and the result of sloppiness more than anything else. But lax enforcement of policies meant to protect sensitive information also presents an opportunity for exploitation by malicious actors.

“If it’s accepted practice that you print documents and scan them in, for example, then it’s much easier for an insider to take advantage of that,” he said. “By reducing the unintentional spillage you make it easier to find the intentional ones.”

The House Homeland Security Committee is currently pushing DHS to implement new systems for monitoring employees who handle classified information. Last November, the House passed the DHS Insider Threat and Mitigation Act, which was sponsored by Representative Peter King, chairman of the Homeland Security Committee’s subcommittee on counterterrorism and intelligence. The bill would require Taylor, among other things, to develop a timeline for deploying workplace monitoring technologies, employee awareness campaigns, and education and training programs related to potential insider threats to the department’s critical assets. The Senate Homeland Security Committee marked up a companion bill earlier this month.

“In recent years, the department has made progress installing limited monitoring technology, but much more needs to be done,” King said in a statement. “Results from the existing systems demonstrate the need for more auditing and education for DHS employees.”

Classified spills are a government-wide problem and there’s no way to know if the incidents at the DHS intelligence shop have been exploited. But unless that office and the government as a whole does a better job of protecting classified information, it’s just a matter of time before real damage is done to U.S. national security

Chilling Details of the Sony Hack, Reported

Posted on by

These Are the Cyberweapons Used to Hack Sony

MotherBoard: In late November 2014, a mysterious group of hackers calling itself “God’sApstls” sent an ominous and jumbled email to a few high-level Sony Pictures executives.

“The compensation for it, monetary compensation we want,” the hackers wrote. “Pay the damage, or Sony Pictures will be bombarded as a whole.”

The executives at the Hollywood studio, which was about to release the controversial James Franco and Seth Rogen’s comedy The Interview, ignored the email. Just three days later, the hackers’ followed through with their threat and breached the studio’s systems, displaying a message on the computer screen of every employee: “Hacked by #GOP [Guardians of Peace].”

The hackers not only defaced employee’s computers, they then wiped their hard disks, crippling Sony Pictures for weeks, and costing the company $35 million in IT damages, according to its own estimate.

Now, more than a year later, several security researchers are still hunting down the hackers behind the attack, which the FBI officially identified as North Korean government-employed hackers. And despite the fact that the group is apparently still alive and well, a coalition of security researchers believes they can now disrupt them by exposing their extensive malware arsenal.

On Wednesday, a group of companies led by Novetta released a report detailing the Sony hackers’ long history of operations, as well as its large stock of malware. It’s perhaps the most detailed and extensive look at the group behind what might be the most infamous cyberattack ever.

Andre Ludwig, the senior technical director at Novetta Research and Interdiction Group, said that the investigation started from four hashes (values that uniquely identify a file) that the Department of Homeland security published after the attack. With those few identifying strings, and after months of sleuthing, the researchers found 2,000 malware samples, both from online malware portal VirusTotal, as well as from antivirus companies. Of those, they manually reviewed and catalogued 1,000, and were able to identify 45 unique malware strains, revealing that the Sony hackers had an arsenal more sophisticated and varied than previously thought.

The researchers hope that by shedding light on the hackers’ toolkit, the group, which the researchers called “Lazarus Group,” will be forced to adapt, spending resources and time, and perhaps even lose capabilities after antivirus companies and potential targets put up new defenses.

“There is no more shadows to hide in for these tools.”

“If all of a sudden you have antivirus signatures that detect and delete all the group’s arsenal, boom!” Jaime Blasco, the chief scientist at AlienVault Labs and one of the researchers who investigated the Sony hackers, told Motherboard. “They lose access to all the victims’ they got before.”

As Ludwig put it, “there is no more shadows to hide in for these tools.”

As it turns out, the hackers’ arsenal contains not only malware capable of wiping and destroying files on a hard disk like the Sony hack, but also Distributed Denial of Service (DDoS) tools, tools that allow for remotely eavesdropping on a victim’s computer, and more, according to the report. The researchers tracked some of this tools in cyberattacks and espionage operations that go as far as back as 2009, perhaps even 2007, showing the hackers that hit Sony have a long history.

While others suspected this before, Blasco said that nobody demonstrated it as conclusively until now.

Novetta researchers and their partners, which include AlienVault and Kaspersky Lab, don’t get into saying who the hackers really are, but they also don’t question the FBI’s controversial claim that North Korea was behind the attack.

The main reason, LaMontagne explained, is that the new data they found discredits the alternative theories that the hackers were actually a disgruntled former employee or just an independent hacktivist group.

A former Sony system administrator is unlikely to have built more than 45 malware tools in the span of more than seven years, LaMontagne told me. And the same time, he added, it’s also unlikely that a previously unheard of hacktivist group would pop up, claim responsibility for such a high-profile attack, and then disappear.

“They’re extremely motivated, regimented, organized, and they can definitely execute.”

“We have no reason to dispute what the US government and other governments have asserted as the threat being North Korean,” Peter LaMontagne, the CEO of Novetta, told me.

And as it turns out, those hackers have been around for longer than anyone thought—wielding sophisticated weapons. This, according to the researchers, shows the group was much more seasoned than anyone believed.

“Their motivation and operational execution, it’s impressive,” Ludwig said. “They’re extremely motivated, regimented, organized, and they can definitely execute.”

Now that their methods and tools are exposed, however, the researchers hope that they won’t be as effective.

The head-scratcher is sanctions are only for the missile test?

US to present UN sanctions resolution on North Korea

United Nations (United States) (AFP) – The United States will on Thursday present a draft UN resolution toughening sanctions on North Korea after reaching agreement with China on a joint response to Pyongyang’s fourth nuclear test and a rocket launch.

The UN Security Council will meet at 2:00 pm (1900 GMT) to discuss the draft text detailing a new package of measures to punish North Korea, but there will be no immediate vote.

US Ambassador Samantha Power “intends to submit for consideration by the Security Council a draft sanctions resolution in response to the DPRK’s recent nuclear test and subsequent proscribed ballistic missile launch,” US spokesman Kurtis Cooper said, using the abbreviation for North Korea’s formal name.

“We look forward to working with the Council on a strong and comprehensive response to the DPRK’s latest series of tests aimed at advancing their nuclear weapons program.”

UN diplomats said a vote was expected as early as Friday.

U.S. Poised to Take on China Aggressions

Posted on by

The Pentagon Readies Backup Island in Case of Chinese Missile Onslaught

Threat prompts the U.S. military to prepare a fallback option

WiB: The United States can no longer count on its Pacific air bases to be safe from missile attack during a war with China. On the contrary, a 2015 paper from the influential RAND Corporation noted that in the worst case scenario, “larger and accurate attacks sustained over time against a less hardened posture could be devastating, causing large losses of aircraft and prolonged airfield closures.”

Kadena Air Base in Okinawa, due to its relative proximity, would be hardest hit. To up the stakes, China in September 2015 publicly revealed its DF-26 ballistic missile, which can strike Andersen Air Force Base in Guam — nearly 3,000 miles away — from the Chinese mainland. Andersen and Kadena are among the U.S. military’s largest and most important overseas bases.

Enter Tinian. The lush, small island near Guam is emerging as one of the Air Force’s backup landing bases. On Feb. 10, the flying branch announced that it selected Tinian as a divert airfield “in the event access to Andersen Air Force Base, Guam, or other western Pacific locations is limited or denied.”

In the Pentagon’s 2017 budget request, it asked for $9 million to buy 17.5 acres of land “in support of divert activities and exercise intiatives,” the Saipan Tribune reported. In peacetime, the expanded Tinian airfield will host “up to 12 tanker aircraft and associated support personnel for divert operations,” according to the Air Force.

7637127318_661f4e4d60_kAbove — Tinian’s West Field in 1945. At top — Tinian seen from the cockpit of a C-130H. U.S. Air Force photo

Tinian is now a sleepy place.

During World War II, the 4th and 2nd Marine Divisions captured the island, which later based the B-29 Superfortresses Enola Gay and Bockscar which took off from Tinian’s North Field and dropped the atomic bombs on Hiroshima and Nagasaki. An arsenal during the war, most of its airstrips are now abandoned and unused. The island’s other former air base, West Field, is a small, neglected international airport.

The Air Force first wanted Saipan for its airfield. Very close to Tinian, Saipan has 15 times the population, a larger airport and a harbor. But this proposal met opposition from local activists due to the effect on “coral, potable water, local transportation and socioeconomic factors on surrounding communities,” Stars and Stripes reported.

The opposition even included the pro-business Saipan Chamber of Commerce, which worried that Tinian’s rusty airport would miss out on the flood of Pentagon spending. Saipan’s airport is also overcrowded — with locals not happy about the prospect of hundreds of airmen flying in for military exercises lasting up to eight weeks ever year.

In a way, its a return to the past. The United States dispersed air bases to varying degrees — and in different parts of the world — during the Cold War, but as the threat of a Soviet missile attack evaporated and post-Persian Gulf War budget cuts hit hard in the 1990s, the trend shifted toward larger mega-bases that operate on economies of scale.

But dispersed bases are more survivable, RAND’s Alan Vick noted in his 2015 paper:

Dispersing aircraft across many bases creates redundancy in operating surfaces and facilities. This enhances basic safety of flight by providing bases for weather or inflight-emergency diverts. It also increases the number of airfields that adversary forces must monitor and can greatly complicate their targeting problem (in part by raising the prospect that friendly forces might move among several bases).

 

At the least, dispersal (because it increases the ratio of runways to aircraft) forces an attacker to devote considerably more resources to runway attacks than would be the case for a concentrated force. It also greatly increases construction and operating costs to spread aircraft across many major bases. To mitigate these costs, dispersal bases tend to have more-modest facilities and, at times, might be nothing more than airstrips.

Now China Deployed Fighter Jets to Disputed Islands

Posted on by

EXCLUSIVE: China sends fighter jets to contested island in South China Sea

FNC: EXCLUSIVE: In a move likely to further increase already volatile tensions in the South China Sea, China has deployed fighter jets to a contested island in the South China Sea, the same island where China deployed surface-to-air missiles last week, two U.S. officials tell Fox News.

The dramatic escalation comes minutes before Secretary of State John Kerry was to host his Chinese counterpart, Foreign Minister Wang Yi, at the State Department.

Chinese Shenyang J-11s (“Flanker”) and  Xian JH-7s (“Flounder”) have been seen by U.S. intelligence on Woody Island in the past few days, the same island where Fox News reported exclusively last week that China had sent two batteries of HQ-9 surface-to-air missiles while President Obama was hosting 10 Southeast Asian leaders in Palm Springs.

Wang was supposed to visit the Pentagon Tuesday, but the visit was canceled. It was not immediately clear which side canceled the visit. Pentagon press secretary Peter Cook said a “scheduling conflict” prevented the meeting, when asked by Fox News at Tuesday’s press briefing.

When asked about the earlier Fox News story in Beijing, Wang said the deployment of the missiles was for “defensive purposes.”

Woody Island is the largest island in the Paracel chain of islands in the South China Sea.  It lies 250 miles southeast of a major Chinese submarine base on Hainan Island. China has claimed Woody Island since the 1950s, but it is contested by Taiwan and Vietnam.

Ahead of Wang’s visit to Washington, a spokeswoman likened China’s military buildup on Woody Island to the U.S. Navy’s in Hawaii.

“There is no difference between China’s deployment of necessary national defense facilities on its own territory and the defense installation by the U.S. in Hawaii,” Foreign Ministry spokeswoman Hua Chunying said Monday.

More than $5 trillion of worth of natural resources and goods transit the South China Sea each year.

Earlier Tuesday, the head of the U.S. military’s Pacific Command said China is “clearly militarizing” the South China Sea, in testimony before the Senate Armed Services Committee.

“You’d have to believe in a flat Earth to believe otherwise,” Admiral Harry Harris said.

China has sent fighter jets to Woody Island before. In November, Chinese state media published images showing J-11 fighter jets on the island, but this was the first deployment of fighter jets since the Chinese sent commercial airliners to test the runway at one of its artificial islands in the South China Sea.

The Pentagon sailed a guided-missile destroyer past a contested island in the South China Sea as a result.  Late last year, the U.S. military conducted a flight of B-52 bombers and another warship to conduct a “freedom of navigation” exercise.

The Chinese have protested the moves and vowed “consequences.”

On Monday, new civilian satellite imagery from CSIS showed a possible high frequency radar installation being constructed in late January.

The imagery shows radar installations on China’s artificial islands in the Spratley Island chain of reefs-Gaven, Hughes, Johnson South, and primarily on Cuarteron reefs—the outermost island in the South China Sea.

*** 

FNC: China apparently has been building radar facilities on some of the artificial islands it constructed in the South China Sea in a move to bolster its military power in the region, according to a report released Tuesday by a U.S.-based think tank.

The Center for Strategic and International Studies (CSIS) says the radars on the outposts of Gaven, Hughes, Johnson South and Cuarteron reefs in the disputed Spratly Islands “speak to a long-term anti-access strategy by China—one that would see it establish effective control over the sea and airspace throughout the South China Sea.”

The report was released one week after Fox News reported that China had deployed an advanced surface-to-air missile system as well as a radar system on Woody Island, part of the Paracel Island chain located north of the Spratlys.

The release of the report also coincides with the first day of a three-day visit to the U.S. by Chinese Foreign Minister Wang Yi, during which the issue of competing South China Sea claims is expected to be discussed, as well as North Korea’s latest nuclear test.

Obama Secret Talks, World is Normalized with DPRK

Posted on by

Upon Obama’s departure from  the Oval Office in January 2017, there will be no more rogue nations or enemies of America and the West.

Next up after Iran and Cuba is North Korea. (shhhh, but I predicted this)

TheHill: The White House had signaled to the Kim Jung Un regime that it is willing to cut a deal similar to that brokered with Iran to curtail its nuclear program in exchange for sanctions relief.

But North Korea has expedited its plans to develop a nuclear bomb, which it sees as a valuable bargaining chip in eventual peace negotiations.

A long-range rocket launched by North Korea earlier this month triggered additional international sanctions, including a law signed Thursday by President Obama imposing steeper penalties.

Un, who took power at the end of 2011, has demanded additional conditions for a treaty with South Korea, 63 years after the Korean War ended with an armistice.

Obama Administration Secretly Approached North Korea About Diplomatic Talks Days Before Its Latest Nuclear Test: WSJ

Days before North Korea’s Jan. 6 nuclear test, the Obama administration clandestinely agreed to talks that would have formally ended the Korean War, the Wall Street Journal reported Sunday.

As part of the offer, reported to have been made at a U.N. meeting, the U.S. dropped its longstanding prerequisite that North Korea first make efforts to reduce its nuclear arsenal, instead calling for the military dictatorship to make its nuclear weapons program part of the talks. But the test ended those discussions.

North Korea began 2016 on a belligerent footing, even considering the unpredictable pariah state’s history. In addition to the January nuclear test, North Korea launched a rocket earlier this month, resulting in swift pushback from Japan and South Korea, which closed a joint industrial park that provided North Korea with valuable hard currency.

The most recent offer to North Korea was one of several overtures extended by the Obama administration, insiders told the Journal, which happened at the same time the administration was working on an ultimately successful diplomatic outreach to Iran. North Korea first tested a nuclear weapon in 2006, and its nuclear capabilities were confirmed in 2009. North and South Korea have technically been at war ever since the “hot” phase of the Korean War ended in 1953, but the North’s recent nuclear developments have increased the urgency to ultimately resolve the dispute diplomatically.

In addition to its unsanctioned nuclear activity, the North Korean regime is also alleged to operate a system of concentration camps where political prisoners are worked and starved to death. The U.N. released a 2014 report that suggested the regime’s security chiefs and leader Kim Jong Un should be prosecuted for crimes against humanity.

*** Note there is nothing about Unit 121, North Korea’s hacking division. Known since at least 2007.

CNet: North Korea’s Reconnaissance General Bureau (RGB) is in charge of both traditional and cyber operations, and is known for sending agents abroad for training in cyberwarfare. The RGB reportedly oversees six bureaus that specialize in operations, reconnaissance, technology, and cyber matters — and two of which have been identified as the No. 91 Office and Unit 121. The two bureaus in question comprise of intelligence operations and are based in China.

The RGB also reportedly oversees state-run espionage businesses located in 30 to 40 countries, often hosted in unsuspecting places such as cafes. Members of this espionage network reportedly “send more than $100 million in cash per year to the regime and provide cover for spies,” the report says.

In addition, the country’s Worker’s Party oversees a faction of ethnic North Koreans living in Japan. Established in 1955, the group — dubbed the Chosen Soren — refuse to assimilate in to Japanese culture and live in the country in order to covertly raise funds via weapons trafficking, drug trafficking, and other black market activities. The group also gathers intelligence for the country and attempts to procure advanced technologies.

Despite aging infrastructure and power supply problems, North Korea reportedly was able to gain access to 33 of 80 South Korean military wireless communication networks in 2004, and an attack on the US State Department believed to be approved by North Korean officials coincided with US-North Korea talks over nuclear missile testing in the same time period. In addition, a month later, South Korea claimed that Unit 121 was responsible for hacking into South Korean and US defense department networks.