Category Archives: Cyber War

Another $400 Million, Total is now $5.9 Billion to Syrians

Posted on by

WASHINGTON (Reuters) – The U.S. State Department said on Tuesday it was providing an additional $364 million in humanitarian assistance to help Syrians caught up in the country’s civil war, bringing total U.S. humanitarian spending for Syria to about $5.9 billion.

Assistant Secretary of State for Population, Refugees and Migration Anne Richard said the funding would help provide food, shelter, safe drinking water, medical care and other support for millions of Syrian refugees and the communities that host them.

Richard told a State Department briefing about three-quarters of the additional funding would help people still inside Syria and the rest would assist Syrians who have fled the country.

She also said the United States had admitted some 85,000 refugees over the past fiscal year, which ends Sept. 30. That figure included about 12,500 Syrian refugees, exceeding the administration’s goal of 10,000, she said.

State Department spokesman Mark Toner said the push for additional humanitarian aid funds came in part because of deteriorating conditions in Aleppo after the collapse of a ceasefire sponsored by the United States and Russia.

The forces of Syrian President Bashar al-Assad have launched a massive push against rebel-held areas of the city, where some 250,000 civilians are believed to be trapped. Intensive bombing has killed hundreds of people, many of whom died in buildings collapsed by bunker-buster bombs.

“Until the past few weeks we felt like we were on a firm path towards a possible diplomatic resolution to this. We still believe that’s possible,” Toner told a briefing.

“That doesn’t mean we’re not mindful … of the tremendous humanitarian suffering that’s going on right now in Aleppo. And that’s why we’re working so hard to ramp up our assistance,” he added.

While saying the United States continued to seek a diplomatic resolution of the problem, he left the door open to other action.

“We’ll continue to weigh all options. Those discussions are ongoing. I don’t want to rule anything out, but right now we’re focused on the diplomatic one,” Toner said.

He noted the United States has warned that failure to achieve a ceasefire could lead to an escalation of the conflict.

“We cannot dictate what other countries … may or may not decide to do in terms of supporting certain groups within Syria,” Toner said. “You may have a further deterioration on either side … and by deterioration I mean more arming and more conflict between them, and intensification of the conflict.”

****

Jeh Johnson said in a Senate hearing that the government focuses on refugees for resettlement that are good for the country. The vetting in comprehensive and some of the standards to be met by applicants are classified. The concentration is on women and children.

From the DHS website:

U.S. Expands Initiatives To Address Central American Migration Challenges

Over the past year, the United States has taken a series of steps to address the ongoing humanitarian challenges in Central America, particularly for the many vulnerable individuals attempting to leave the region and come to the United States, while also promoting safe and orderly migration and border security. As part of this ongoing effort, the United States is announcing the following initiatives to help vulnerable families and individuals from El Salvador, Guatemala, and Honduras.

World Refugee Day: #RefugeesWelcome

Secretary Johnson smiling at the camera with his arm around 11 year old Turkish refugee JaafarSeveral months ago while I was in Turkey I met a 9-year-old refugee named Jaafar.  I was immediately impressed with this extraordinary little boy who spoke almost perfect English.

Readout of Secretary Johnson’s Trip To Turkey

Secretary Johnson visits a Turkish-government run Syrian refugee camp in Adana, TurkeyToday, Secretary of Homeland Security Jeh Johnson concluded a three-day trip to Turkey, where he visited a refugee camp, reviewed resettlement processing, spoke to a number of Syrian and Iraqi refugee families, met with government officials in Istanbul and Ankara to discuss a range of homeland security-related issues, and signed two bilateral accords to codify mutual commitment to deepen collaboration.

Readout Of Administration Call With Law Enforcement Officials On Refugee Screening

Senior Administration officials spoke by phone today with state and local law enforcement representatives from across the country to provide information on the U.S.’s stringent refugee admissions policies and security screening measures. Officials on the call included Deputy Secretary of Homeland Security Alejandro Mayorkas; Department of State Bureau of Population, Refugees, and Migration Principal Deputy Assistant Secretary Simon Henshaw; U.S. Customs and Border Protection (CBP) Commissioner R. Gil Kerlikowske; and FBI National Security Branch Executive Assistant Director John Giacalone.

Written testimony of USCIS for a Senate Judiciary Subcommittee on Immigration and the National Interest hearing titled “Oversight of the Administration’s FY 2016 Refugee Resettlement Program: Fiscal and Security Implications”

U.S. Citizenship and Immigrations Services (USCIS) Refugee, Asylum and International Operations Refugee Affairs Division Chief Barbara Strack and USCIS Fraud Detection & National Security Associate Director Matt Emrich address USCIS’s role in refugee resettlement, and the screening measures and safeguards developed by the U.S. Refugee Admissions Program.

Democrat Officials’ Cell Phones Hacked

Posted on by

Report: Dem officials cell phones hacked.

TheHill: The FBI is investigating the hacked cell phones of several Democratic Party officials with the belief the attacks are connected to a spate of breaches at party networks and under the assumption that the Russia is behind the hacking, Reuters reports.

The phones, says the report, were hacked within “the past month or so”.

That would put the timing of the breach soon after hackers, widely suspected to be Russian intelligence, were booted from the Democratic Congressional Campaign Committee.  The DCCC breach, in turn, took place shortly after the same hackers were kicked out of the Democratic National Committee.

Many members of Congress have grown frustrated with the administration not formally accusing Russia of the hacking spree, including House Homeland Chair Michael McCaul (R-Texas) and Rep. Nancy Pelosi (D-Cali.), who have both asked Obama to acknowledge Russia is behind the attacks.

In part from Reuters:

The revelation underscores the widening scope of the U.S. criminal inquiry into cyber attacks on Democratic Party organizations, including the presidential campaign of its candidate, former U.S. secretary of state Hillary Clinton.

U.S. officials have said they believe those attacks were orchestrated by hackers backed by the Russian government, possibly to disrupt the Nov. 8 election in which Clinton faces Republican Party candidate Donald Trump. Russia has dismissed allegations it was involved in cyber attacks on the organizations.

The more recent attempted phone hacking also appears to have been conducted by Russian-backed hackers, two people with knowledge of the situation said.

Federal Bureau of Investigation representatives had no immediate comment, and a Clinton campaign spokesman said they were unaware of the suspected phone hacking. The Democratic National Committee (DNC) did not respond to a request for comment, and the Democratic Congressional Campaign Committee (DCCC) had no immediate response.

FBI agents had approached a small number of Democratic Party officials to discuss concerns their mobile phones may have been compromised by hackers, people involved said. It was not clear how many people were targeted by the hack or whether they included members of Congress, a possibility that could raise additional security concerns for U.S. officials.

If they were successful, hackers could have been able to acquire a wide range of data from targeted cell phones, including call data, text messages, emails, photos and contact lists, one person with knowledge of the situation said.

“In a sense, your phone is your office brain,” said Bruce Schneier, a cyber security expert with Resilient, an IBM company, which is not involved in the investigation. “It’s incredibly intimate.”

“Anything that’s on your phone, if your phone is hacked, the hacker can get it.”

The FBI has asked some of those whose phones were believed to have hacked to turn over their phones so that investigators could “image” them, creating a copy of the device and related data.

U.S. investigators are looking into whether hackers used data stolen from servers run by Democratic organizations or the private emails of their employees to get access to cell phones, one person said.

Hackers previously targeted servers used by the DNC, the body that sets strategy for the party, and the DCCC, which raises money for Democrats running for seats in the House of Representatives, officials have said.

Clinton said during Monday’s presidential debate there was “no doubt” Russia has sponsored hacks against “all kinds of organizations in our country” and mentioned Russian President Vladimir Putin by name.

“Putin is playing a really tough, long game here. And one of the things he’s done is to let loose cyber attackers to hack into government files, to hack into personal files, hack into the Democratic National Committee,” Clinton said.

Trump countered that there was no definitive proof that Russia had sponsored the hacks of Democratic organizations.

“I don’t think anybody knows it was Russia that broke into the DNC,” he said. “It could be Russia, but it could also be China. It could also be lots of other people.”

APT 28: Russian Cyber Attacks Britain and Germany as Well as U.S.

Posted on by

APT 28:

TechTimes: FireEye said in a white paper they released in 2014 that APT 28 had launched attacks against military and political organizations beginning in 2007. Other targets that the Kremlin have special interest in include the NATO alliance offices and government officials in Georgia. In these attacks, the group had reportedly gathered “malware samples with Russian language settings during working hours consistent with the time zone of Russia’s major cities, including Moscow and St. Petersburg.”

The APT 28 used the same tools and hit the same targets performed by the Pawn Storm hackers that were described by security firm Trend Micro in a separate report. According to the company, the Pawn Storm hacking group recently increased their activity and targeted bloggers who conducted interviews with President Barack Obama. There is also speculation that the group had stolen online credentials of a military correspondent of an unnamed major publication in the U.S. More here.

 

RUSSIA’S HACKERS HIT BRITAIN

Putin’s cyber warriors the Fancy Bears targeted government websites and the BBC in the run-in to last year’s election

Defensive measures deployed to thwart the attack by Fancy Bears after it was discovered by spy agency GCHQ

TheSun: A RUSSIAN cyber attack on British government departments and TV broadcasters in the run-up to last year’s general election was thwarted by intelligence agencies, it emerged today.

GCHQ boffins halted the “imminent threat” by Kremlin-backed hackers Fancy Bears – the group behind the leak of Olympic athletes’ doping files.

Dimbleby on the BBC election show

Russian hackers targeted government departments and broadcasters including the BBC in the run-up to the 2015 general election.
***
The revelation of the attack on the British election comes amid concerns Russian hackers are attempting to disrupt the US presidential race.Last week another Russian group, DC Leaks, hacked White House servers to obtain what appeared to be Michelle Obama’s passport.

Fancy Bears planned to attack every Whitehall server including the Home Office, Foreign Office and Ministry of Defence, security officials told the Sunday Times.

They were also targeting all the main UK broadcasters including the BBC, ITV, Channel 4 and Sky.

cyber-caliphate

Getty Image: An attack on France’s TV5Monde network claimed on behalf od ISIS by the ‘Cyber-Caliphate’ was traced to the Fancy Bears in Moscow
***

The GCHQ eavesdropping agency uncovered the threat after probing the group’s successful attack against TV5Monde, one of France’s biggest TV networks, in April last year.

It was feared ISIS had reached new levels in its ability to wage cyber war after all 11 of the French broadcasters channels were take off air and its website was flooded with jihadist propaganda.

Related reading: Russia ‘was behind German parliament hack’

But GCHQ traced the hack – claimed by a group calling themselves the “Cyber-Caliphate” – back to Moscow and then uncovered they were planning to hit Britain next.

Analysts feared that the Putin-sponsored group could “embarrass” pillars of the British state and took defensive measures to protect government departments.

Senior security officials are also understood to have warned the TV networks so they could defend themselves.

One security official said: “We had information, and it could have been activated, which is why it was an imminent threat.

“They certainly could have defaced a website for propaganda reasons and they could have possibly taken it down.”

It is the first known threat by the Kremlin-backed hackers to interfere in the British political process.

News of the attack comes after Fancy Bears published details of athletes including Mo Farah and Sir Bradley Wiggins hacked from the global anti-doping watchdog Wada.

Papers revealed they were given medical exemption certificates to use banned drugs.

Fancy Bears website

AP:Associated Press: The Fancy Bears leaked confidential medical filed on dozens of Olympic athletes after hacking the anti-doping body Wada
***

In July the hackers were blamed for the leak of 20,000 damaging emails from the US Democratic National Committee – just as it was about to confirm Hillary Clinton as presidential candidate.

The intervention was seen a Moscow’s attempt to boost Donald Trump’s chances in the election.

The group is thought to be behind a shutdown of the national grid in Ukraine and attacks on the governments of Syria, Uzbekistan, Pakistan and the United Arab Emirates.

Fancy Bears also targeted the BBC, The Guardian, Al Jazeera, Reuters, CNN, Farnborough arms fair, defence contractor Northrop Grumman, one cyber security report says.

Separately a list published by security experts at the PwC consultancy shows 245 apparent Fancy Bears attacks on targets including Nato, the Chilean military, Apple, Google, the German ministry of defence and the Polish and Hungarian governments.

There is no suggestion any of these has been successful although one firm on the list, Yahoo, last week admitted the personal information of 500million users had been stolen by what it called “state-sponsored” hackers in late 2014.

****

BroadbandTVNews: The BBC, ITV, Channel 4 and Sky were involved in what David Anderson QC, the independent reviewer of terrorism legislation, described the incident as a “possible imminent threat” to the UK. The Sunday Times reports that Anderson said the government’s monitoring agency GCHQ “deployed a capability to protect government networks from this cyber-attacker”.

The information was revealed in a previously unnoticed report released in July. Broadcasters were warned of the potential threat and advised to take action.

British security officials have told the paper the group plotting the attack was Fancy Bears, also known as APT28 and Sofacy, the same group that last April brought down the French international broadcaster TV5 Monde.

Within a few seconds of the April 8th attack, all of TV5’s channels stopped broadcasting, and it also lost control of its sites and social profiles. On screen messages declared allegiance to ISIS.

7700 Terrorists at the Southern Border

Posted on by

Oh….another leak and no word from the Department of Homeland Security….

Leaked FBI Data Reveal 7,700 Terrorist Encounters in USA in One Year; Border States Most Targeted

Breitbart: Leaked documents with sensitive FBI data exclusively obtained by Breitbart Texas reveal that 7,712 terrorist encounters occurred within the United States in one year and that many of those encounters occurred near the U.S.-Mexico border. The incidents are characterized as “Known or Suspected Terrorist Encounters.” Some of the encounters occurred near the U.S.-Mexico border at ports-of-entry and some occurred in between, indicating that persons known or reasonably suspected of being terrorists attempted to sneak into the U.S. across the border. In all, the encounters occurred in higher numbers in border states.

Some of the documents pertain to the entire U.S., while others focus specifically on the state of Arizona. The documents are labeled, “UNCLASSIFIED/LAW ENFORCEMENT SENSITIVE” and contain data from the FBI-administered Terrorist Screening Center, the organization maintaining the Terrorist Screening Database, also known as the “Terror Watch List.”

 CNN

The leaked FBI data are contained in a fusion center’s educational materials, specifically the Arizona Counter Terrorism Information Center’s (ACTIC) “Known or Suspected Terrorist (KST) Encounters Briefing” covering from July 20 2015 through July 20 2016. The leaked documents are composed of 10 individual pages, but Breitbart Texas chose to release only nine of them due to page 10 containing contact information for ACTIC.

Page Two of the documents contains a map of the entire U.S. with the numbers of encounters per state. The states with the highest encounters are all border states. Texas, California, and Arizona–all states with a shared border with Mexico–rank high in encounters.

Page Three shows a map of where the encounters occurred in the state of Arizona. The majority from this map occurred in Phoenix, a major destination point for people who illegally cross the U.S.-Mexico border. The map also shows that encounters occurred at ports-of-entry, likely from persons either walking up and asking for asylum or from Sinaloa cartel attempts to smuggle them into the U.S. in vehicles. Most significantly, the map shows that many of the encounters occurred near the border outside of ports-of-entry, indicating that persons were attempting to sneak into the U.S.

Page Six shows a pie chart indicating that the majority of encounters in Arizona were with Islamic known or suspected terrorists, both Sunni and Shi’a. Eighty-nine encounters were Sunni, 56 were Shi’a, 70 were “Other International Terrorist Groups or Affiliates,” and only 52 were with “Domestic Terrorism.”

Page 7 contains definitions to help understand the maps.

Breitbart Texas provides the leaked documents and data below: (Go here to see all pages)

Page 1 of 9 by Brandon Darby on Scribd

Related reading:

2012: Inside a secret U.S. Terrorist Screening Center

(CBS News) The Terrorist Screening Center is one of the U.S. government’s most secure buildings. It is home to the nation’s top secret terrorist databases.

For CBS to gain access, no sound could be recorded and only one agent could be identified, Tim Healy.

He is the FBI veteran who currently runs the center.

“We are the only country in the world that has a terrorist watch list.”

The center was founded in 2003 in response to the 9/11 attacks. Their job is to gather intelligence about possible terrorists both in the United States and abroad.

The watch list contains about 520,000 people world wide suspected of having ties to terrorism. Names on the list are added and subtracted daily, but who in on the list remains a secret.

“We don’t confirm anyone’s existence on the watch list,” said Healy.

In addition to the watch list, Healy oversees a second more critical list, the “No Fly List”.

“If you have information that the guy wants to blow up a plane, I can keep him off a plane,” said Healy. “If I’ve [got] information he wants to conduct a terrorist attack, I can keep him off a plane.”

There are about 20,000 people on the “No Fly List”. Seven-hundred of them are Americans and they are considered too much of a risk to allow onto an airplane.

Names on the various watch lists surface each day in calls to the center. For example, each time a police officer run someone’s ID through a computer, that person is checked against the lists.

“So if you are speeding, you get pulled over, they’ll query that name. And if they are encountering a known or suspected terrorist, it will pop up and say call the Terror Screening Center,” said Healy. “So now the officer on the street knows he may be dealing with a known or suspected terrorist.”

The center averages about 55 encounters a day from people who are known or suspected terrorists.

In most cases, according to Healy, the encounters do not produce arrests, but they do provide additional intelligence.

“[The] location of where the guy’s going. What he’s doing [and] additional associates that the subject is hanging around.”

Throughout the Terrorist Screening Center are placed artifacts from various terrorist attacks including Oklahoma City federal building, the USS Cole bombing, and the World Trade Centers. All sober reminders of how important their work is.

For Tim Healy and the workers of the Terrorist Screening Center, failure is not an option. They measure their success by what doesn’t happen.

*****

On September 16, 2003, the President signed Homeland Security Presidential Directive-6 (HSPD-6), requiring the establishment of an organization to “consolidate the Government’s approach to terrorism screening and provide for the appropriate and lawful use of Terrorist Information in screening processes.” Specifically, the Attorney General was directed to create a new organization to consolidate terrorist watch lists and provide 24-hour, 7-day a week operational support for federal, state, local, territorial, tribal, and foreign government as well as private sector screening across the country and around the world. As a result of this presidential directive, the Terrorist Screening Center (TSC) was created. As of the end of fiscal year (FY) 2004, the TSC was a $27 million organization with approximately 175 staff.

Cold War Part 2: Spy Networks and Cyber Warfare

Posted on by

Adding more spies and operatives…seems to be a global trend and not lost on Russia.

FP: Russian President Vladimir Putin, according to Kommersant, is planning a major overhaul of the country’s security services. The Russian daily reported that the idea of the reforms is to merge the Foreign Intelligence Service, or SVR, with the Federal Security Service, or FSB, which keeps an eye on domestic affairs. This new supersized secret service will be given a new name: the Ministry of State Security. If that sounds familiar, it should — this was the name given to the most powerful and feared of Joseph Stalin’s secret services, from 1943 to 1953. And if its combination of foreign espionage and domestic surveillance looks familiar, well, it should: In all but name, we are seeing a resurrection of the Committee for State Security — otherwise known as the KGB.

The KGB, it should be remembered, was not a traditional security service in the Western sense — that is, an agency charged with protecting the interests of a country and its citizens. Its primary task was protecting the regime. Its activities included hunting down spies and dissidents and supervising media, sports, and even the church. It ran operations both inside and outside the country, but in both spheres the main task was always to protect the interests of whoever currently resided in the Kremlin. With this new agency, we’re seeing a return to form — one that’s been a long time in the making.

There was a time, not so long ago, when Russian leaders sought to create a depoliticized security structure. When the Soviet Union collapsed in 1991, the reform of the KGB became an immediate, pressing issue. The agency was not reliably under control: The chairman of the KGB at the time, Vladimir Kryuchkov, had helped mastermind the military coup attempt aimed at overthrowing Mikhail Gorbachev that August. But new President Boris Yeltsin had no clear ideas about just how he wanted to reform the KGB, so he simply decided to break it into pieces.

The largest department of the KGB — initially called the Ministry of Security; then, later, the Federal Counterintelligence Service (FSK); then, even later, the FSB — was given responsibility solely for counter-espionage and counterterrorism operations. The KGB’s former foreign intelligence directorate was transformed into a new agency called the Foreign Intelligence Service, or SVR. The division of the KGB responsible for electronic eavesdropping and cryptography became the Federal Agency of Government Communications and Information, or FAPSI. A relatively obscure directorate of the KGB that guarded secret underground facilities continued its functions under a new name: the Main Directorate of Special Programs of the President, or GUSP. The KGB branch that had been responsible for protecting Soviet leaders was renamed the Federal Protective Service, or FSO, and the Soviet border guards were transformed into an independent Federal Border Service, or FPS.

The main successor of the KGB amid this alphabet soup of changes was the FSK. But this new counterintelligence agency was stripped of its predecessor’s overseas intelligence functions. The agency no longer protected Russian leaders and was deprived of its secret bunkers, which fell under the president’s direct authority. It maintained only a nominal presence in the army. In its new incarnation, the agency’s mission was pruned back to something resembling Britain’s MI5: to fight terrorism and corruption. More here from FP.

Related reading: ‘Cyber Cold War’ rhetoric raises alarms

What is the United States doing?

IN 2015, as China and Russia boost their military presence in the resource-rich far north, U.S. intelligence agencies are scrambling to study potential threats in the Arctic for the first time since the Cold War, a sign of the region’s growing strategic importance.

Over the last 14 months, most of the 16 U.S. intelligence agencies have assigned analysts to work full time on the Arctic. The Office of the Director of National Intelligence recently convened a “strategy board” to bring the analysts together to share their findings.

In addition to relying on U.S. spy satellites orbiting overhead and Navy sensors deep in the frigid waters, the analysts process raw intelligence from a recently overhauled Canadian listening post near the North Pole and a Norwegian surveillance ship called the Marjata, which is now being upgraded at a U.S. Navy shipyard in southern Virginia.

****  And we are playing catch up in Washington DC and in key locations around the globe when it comes to Russia. Adding more technology is great and it does have value but not like that of having human intelligence in theater.

**** Decades After Cold War’s End, U.S.-Russia Espionage Rivalry Evolves

So what does Britain’s MI6 have to say?

Reuters: The Islamist terrorist threat to the West will endure for years to come because simply taking back territory from Islamic State will not solve the deeper global fractures which have fostered militants, Britain’s foreign intelligence chief has said.

In his first public comments outside Britain, the head of the Secret Intelligence Service said globalization, the information revolution, a deepening sectarian divide in the Middle East and failed states would ensure that terrorism remained a threat.

When asked by the Central Intelligence Agency Director John Brennan at a panel discussion in Washington whether the apex of the Islamist terrorist trajectory had been reached, MI6 chief Alex Younger said: “Regrettably this is an enduring issue which will certainly be with us for our professional lifetime.”

“I would have to forecast that whilst it is wholly desirable to remove territory you will have a persistent threat representing some of the deep fault lines that still exist in our world,” he said.

Islamic State militants have lost territory in Iraq and Syria though they have claimed responsibility for a range of attacks against the West.

His remarks were shown on a recording posted on Wednesday by the Center for Cyber and Homeland Security at the George Washington University.

Younger, as chief of MI6, is one of the West’s most powerful spies and rarely speaks in public. He was appointed in 2014 by then Prime Minister David Cameron.

MI6 operates overseas and is tasked with defending Britain and its interests.

Younger said terrorism was fueled by a host of fractures across the world.

“It is fueled by a deepening sectarian divide in the Middle East and there are some deep social, economic and demographic drivers to the phenomenon we know as terrorism,” he said.

Sadly, I have to include this item when it comes to Donald Trump. We already know that Hillary has her own vast spy network. But when Trump has Carter Page who is deeply connected to Moscow, more questions and investigations need to happen, and frankly they are. This all comes at the same time IT professionals are proving that Russia is indeed using cyber spy tactics effectively.