Category Archives: Cyber War

Turkey Hacks Library of Congress During Coup

Posted on by

Primer:

In part from Time: Kerry raised the question of Turkey’s NATO membership, suggesting that anti-democratic behavior by Erdogan could imperil the country’s place in the alliance. “NATO also has a requirement with respect to democracy,” Kerry said, and added said NATO would “measure” Turkey’s actions in days to come. “Obviously, a lot of people have been arrested and arrested very quickly,” Kerry said. “The level of vigilance and scrutiny is obviously going to be significant in the days ahead. Hopefully we can work in a constructive way that prevents a backsliding.”

Turkey’s membership in the NATO alliance is a matter of major strategic importance to the U.S., and talk of the country being ousted caught some experts by surprise in the U.S. Amb. Bryza of the Atlantic Council said Kerry’s comments were being taken as threats in Turkey, and that it was an “extreme misinterpretation that we would kick them out of NATO.” Much more detail here.

Turkish hackers claim credit for Library of Congress attack

FCW: A hacking group called the Turk Hack Team is taking credit for a shutdown of the Library of Congress website and hosted systems including Congress.gov, the Copyright Office, Congressional Research Service and other sites.

The group claimed credit on an online message board where users go for updates on the availability of websites.

The attack was launched July 17, in the midst of Turkey’s response to the military coup targeting the elected government of President Recep Tayyip Erdogan. Prominent Turkish officials have accused the U.S. of fomenting the coup; Secretary of State John Kerry issued a stern denial of such accusations.

The Turk Hack Team is not considered at the level of a nation-state sponsored group or an advanced persistent threat, former U.S. CERT director Ann Barron-DiCamillo told FCW. They’re more of a “middle-tier, hacktivist” type group, she said. They’ve gone after targets for perceived slights to Turkey’s honor in the past, including an April 2015 hack on the Vatican website made in response to comments from Pope Francis characterizing the 1915 massacres of Turkish Armenians as a genocide.

The group has not gone after U.S. targets in the past, but Baron-DiCamillo, currently partner and CTO at Strategic Cyber Ventures, said U.S. officials would likely be on the lookout for more hacktivist activity emanating from Turkey. “This is the first kind of visible activity generated post-coup, but it doesn’t mean it’s going to be the last,” she said.

Library of Congress CIO Bernard Barton said on July 20 that the attack had been successfully thwarted.

“This was a massive and sophisticated DNS assault, employing multiple forms of attack, adapting and changing on the fly,” he wrote in a blog post. “We’ve turned over key evidence to the appropriate authorities who will investigate and hopefully bring the instigators of this assault to justice.”

 

 

Congress is not covered by the Federal Information Security Management Act and is not required to report cyber incidents to the Department of Homeland Security.

Spokesperson Gayle Osterberg told FCW that the Library of Congress reports all cyber-related criminal activity to the FBI.

DHS is aware of the incident but is not involved in the investigation or mitigation of the attacks, according to an agency source.

DDOS attacks can be expensive to deal with, requiring network operators to obtain specialized routing services from their internet service providers. They can also potentially front for other attacks, or test systems to see what kind of defenses are in place.

Related reading: Turkey blocks access to WikiLeaks after ruling party email dump

Mostly, Barron-DiCamillo said, they are “distracting, causing pain to both users and customers, but not impacting back-end systems and more critical data.”

It is possible the hackers imagined that the Congress.gov and LOC.gov domains represented a more critical target than they actually are. Congress.gov is mostly a public-facing information warehouse that is not integral to the legislative function of the House and Senate. Most of the complaints about the site being down came from librarians and researchers looking to execute catalog searches.

The outage also affected the Congressional Research Service, the in-house think tank for Congress. CRS reports, available only to members and staff, are not published elsewhere except on an ad hoc basis legislators and public interest groups that obtain the odd document. A bill introduced by Rep. Mike Quigley (D-Ill.) just days before the hack would open up CRS reports to the public, and have the effect of creating a backup site for the material on the Government Publishing Office website.

Obama/DoJ Allowing Foreigners to Serve Warrants

Posted on by

This sounds like selective investigations, prosecutions and collaborated witch hunts which all add up to an offshore shadow NSA and new type of Interpol. Is this something else that also will be under the purview of the United Nations? Hello Google?

 Photo: Leaksource

 Photo: Security Affairs

WSJ: The Obama administration is working on a series of agreements with foreign governments that would allow them for the first time to serve U.S. technology companies with warrants for email searches and wiretaps—a move that is already stirring debates over privacy, security, crime and terrorism.

Brad Wiegmann, a senior official at the Justice Department, discussed the administration’s efforts during a public forum on Friday at a congressional office building in Washington, D.C. The first such agreement is being assembled with the U.K., he said.

Word of the plans came one day after a federal appeals court ruled that federal warrants couldn’t be used to search data held overseas by Microsoft Corp. MSFT -0.07 % , dealing the agency a major legal defeat.

The court’s decision in favor of Microsoft could prove to be a major barrier to the Obama administration’s proposed new rules to share data with other nations in criminal and terrorism probes, which would be sharply at odds with the ruling. It might lead some companies to reconfigure their networks to route customer data away from the U.S., putting it out of the reach of federal investigators if the administration’s plan fails.

The Justice Department has indicated it is considering appealing the Microsoft ruling to the Supreme Court.

Meanwhile, Justice Department officials are pressing ahead with their own plan for cross-border data searches.

Under the proposed agreements described by Mr. Wiegmann, foreign investigators would be able to serve a warrant directly on a U.S. firm to see a suspect’s stored emails or intercept their messages in real time, as long as the surveillance didn’t involve U.S. citizens or residents.

Such deals would also give U.S. investigators reciprocal authority to search data in other countries.

“They wouldn’t be going to the U.S. government, they’d be going directly to the providers,’’ said Mr. Wiegmann. Any such arrangement would require that Congress pass new legislation, and lawmakers have been slow to update electronic privacy laws.

That U.K. agreement, which must be approved by the legislatures of both countries, could become a template for similar deals with other countries, U.S. officials said.

Mr. Wiegmann said the U.S. would strike such deals only with nations that have clear civil liberties protections to ensure that the search orders aren’t abused.

“These agreements will not be for everyone. There will be countries that don’t meet the standards,’’ he said.

Greg Nojeim, a privacy advocate at the Center for Democracy and Technology, criticized the plan. He said it would be “swapping out the U.S. law for foreign law’’ and argued that U.K. search warrants have less stringent judicial protections than U.S. law.

British diplomat Kevin Adams disputed that, saying the proposal calls for careful judicial scrutiny of such warrants. Privacy concerns over creating new legal authorities are overblown, he added.

“What is really unprecedented is that law enforcement is not able to access the data they need,’’ Mr. Adams said. The ability to monitor a suspect’s communications in real time “is really an absolutely vital tool to protect the public.’’

While Thursday’s court decision represented a victory for Microsoft, which strives to keep data physically near its customers, it may not be viewed as a positive development for all internet companies, said University of Kentucky law professor Andrew Woods. Yahoo Inc., YHOO -0.63 % Facebook Inc. FB -0.37 % and Alphabet Inc. GOOGL -0.02 % ’s Google operate more centralized systems. They didn’t file briefs in support of Microsoft’s position in the case, he noted.

Mr. Woods warned that increased localization of data could have the unintended consequence of encouraging governments to become more intrusive.

“If you erect barriers needlessly to states getting data in which they have a legitimate interest, you make this problem worse,’’ he said. “You increase the pressure that states feel to introduce backdoors into encryption.”

Microsoft President and Chief Legal Officer Brad Smith said the company shares concerns about the “unintended consequences” of excessive data localization requirements.

“But rather than worry about the problem, we should simply solve it” through legislation, Mr. Smith said. Microsoft supports the proposed International Communications Privacy Act. That legislation would, among other provisions, create a framework for law enforcement to obtain data from U.S. citizens, regardless of where the person or data was located.

Companies and governments generally agree that the current legal framework for cross-border data searches is far too slow and cumbersome. Though major tech firms don’t always agree on the particular changes they would like to see, the industry has long sought to get clearer rules from the U.S. and other governments about what their legal obligations are.

A coalition of the country’s largest tech companies, including Microsoft, Facebook and Google, created a group called Reform Government Surveillance that is pushing for updating data-protection laws. The group has said it was “encouraged by discussions between the U.S. and the U.K.”

Thursday’s ruling could lead some Microsoft rivals that offer email, document storage, and other data storage services, but which haven’t designed systems to store data locally, to alter their networks, said Michael Overly, a technology lawyer at Foley & Lardner in Los Angeles.

Google, for example, stores user data across data centers around the world, with attention on efficiency and security rather than where the data is physically stored. A given email message, for instance, may be stored in several data centers far from the user’s location, and an attachment to the message could be stored in several other data centers. The locations of the message, the attachment and copies of the files may change from day to day.

“[Internet companies] themselves can’t tell where the data is minute from minute because it’s moving dynamically,” Mr. Overly said.

The ruling could encourage tech companies to redesign their systems so that the data, as it courses through networks, never hits America servers.

A person familiar with Google’s networks said that such a move wouldn’t be easy for the company.

Why is Trump Against Ukraine and Siding with Russia?

Posted on by

Are we to expect the Trump agenda as president is to normalize all relations with the Kremlin? Is this the first official foreign policy disaster? Below are a handful of factual conditions that Trump is already wrong where the RNC Convention policy was right, but Trump objects. Something else smells here.

We have not even addressed how Russia is not cooperating with the West on Islamic State and the Defense Department refuses to collaborate with Russia on war missions or intelligence.

 

Even The Treasury Department has reasons to apply sanctions to Russia.

Directives 1 and 2 Pursuant to EO 13662 (Issued July 16, 2014)

Important Advisories

OFAC issues advisories to the public on important issues related to the sanctions programs it administers.  While these documents may focus on specific industries and activities, they should be reviewed by any party interested in OFAC compliance.

Due to the invasion of Crimea and Ukraine, Russia was eliminated from the G8 making it the G7 and sanctions remain.

****

The Kremlin has a full blown internet troll operation against the United States

So, That Cyber Caliphate is Not ISIS, it is Russian!

General Dunford Tells Congress Russia Poses Greatest Threat to US Security

G7 summit: Obama and Merkel firm on Russia sanctions

BBC: Moscow is the target of European Union and US sanctions over its role in support of Ukrainian rebels.

Russia has been excluded from what was previously known as the G8, since the annexation of Crimea last year.

The West accuses Russia of sending military forces into eastern Ukraine to help the rebels – a charge echoed by analysts. Moscow denies this, saying any Russian soldiers there are volunteers. More from BBC

Trump campaign guts GOP’s anti-Russia stance on Ukraine

Rogin/WashingtonPost: The Trump campaign worked behind the scenes last week to make sure the new Republican platform won’t call for giving weapons to Ukraine to fight Russian and rebel forces, contradicting the view of almost all Republican foreign policy leaders in Washington.

Throughout the campaign, Trump has been dismissive of calls for supporting the Ukraine government as it fights an ongoing Russian-led intervention. Trump’s campaign chairman, Paul Manafort, worked as a lobbyist for the Russian-backed former Ukrainian president Viktor Yanukovych for more than a decade.

Still, Republican delegates at last week’s national security committee platform meeting in Cleveland were surprised when the Trump campaign orchestrated a set of events to make sure that the GOP would not pledge to give Ukraine the weapons it has been asking for from the United States.

Inside the meeting, Diana Denman, a platform committee member from Texas who was a Ted Cruz supporter, proposed a platform amendment that would call for maintaining or increasing sanctions against Russia, increasing aid for Ukraine and “providing lethal defensive weapons” to the Ukrainian military.

“Today, the post-Cold War ideal of a ‘Europe whole and free’ is being severely tested by Russia’s ongoing military aggression in Ukraine,” the amendment read. “The Ukrainian people deserve our admiration and support in their struggle.”

Trump staffers in the room, who are not delegates but are there to oversee the process, intervened. By working with pro-Trump delegates, they were able to get the issue tabled while they devised a method to roll back the language.

On the sideline, Denman tried to persuade the Trump staffers not to change the language, but failed. “I was troubled when they put aside my amendment and then watered it down,” Denman told me. “I said, ‘What is your problem with a country that wants to remain free?’ It seems like a simple thing.”

Finally, Trump staffers wrote an amendment to Denman’s amendment that stripped out the platform’s call for “providing lethal defensive weapons” and replaced it with softer language calling for “appropriate assistance.”

That amendment was voted on and passed. When the Republican Party releases its platform Monday, the official Republican party position on arms for Ukraine will be at odds with almost all the party’s national security leaders.

“This is another example of Trump being out of step with GOP leadership and the mainstream in a way that shows he would be dangerous for America and the world,” said Rachel Hoff, another platform committee member who was in the room.

Of course, Trump is not the only politician to oppose sending lethal weapons to Ukraine. President Obama decided not to authorize it, despite recommendations to do so from his top Europe officials in the State Department and the military. The United States has provided Ukraine with non-lethal equipment and aid.

Trump’s view of Russia has always been friendlier than most Republicans. He’s said he would “get along very well” with Vladimir Putin and called it a “great honor” when Putin praised him. Trump has done a lot of business in Russia and has been traveling there since 1987. Last August, he said of Ukraine joining NATO, “I wouldn’t care.” He traveled there in September, and he told Ukrainians their war is “really a problem that affects Europe a lot more than it affects us.”

For Trump, the biggest threat to Europe is not Russia, according to people familiar with his thinking. He believes the United States should focus on helping Europe fight Islamist terrorism and open borders, not confronting Putin. He has called for a reduction of the U.S. commitment to NATO. He simply doesn’t see Russia as a dangerous threat.

For Denman, the Trump campaign’s actions betrayed the U.S. commitment to supporting struggling democracies around the world, which she considers a core Republican value.

“The Ukrainian people are trying to come out of the past and stay free. We owe to those who are fighting for freedom still to give them a helping hand,” she said.

“I’m very passionate and supportive of the Reagan foreign policy of peace through strength.”

Trump too often invokes Ronald Reagan when talking about America’s role in the world. But although Reagan negotiated with the Soviet Union, he also stood up to Russian aggression in Europe and defended democratic principles abroad.

When the platform comes out, Republicans will see how far from the Reagan doctrine their party has drifted, thanks to Trump.

Grid Hacking Tool Found, Have a Generator Yet?

Posted on by

Researchers Found a Hacking Tool that Targets Energy Grids on the Dark Web

Motherboard: A sophisticated piece of government-made malware, designed to do reconnaissance on energy grid’s system ahead of an eventual cyberattack on critical infrastructure, was found on a dark web hacking forum.

Cybersecurity researchers usually catch samples of malicious software like spyware or viruses when a victim who’s using their software such as an antivirus, gets infected. But at times, they find those samples somewhere else. Such was the case for Furtim, a newly discovered malware, caught recently by researchers from the security firm SentinelOne.

SentinelOne’s researchers believe the malware was created by a team of hackers working for a government, likely from eastern Europe, according to a report published on Tuesday.

Hacking forums, of course, are home to a lot of malicious data and software. But they are usually not places where sophisticated government-made hacking tools get exchanged.

Udi Shamir, chief security officer at SentinelOne, said that it’s normal to find reused code and malware on forums because “nobody tries to reinvent the wheel again and again and again.” But in this case, “it was very surprising to see such a sophisticated sample” appear in hacking forums, he told Motherboard in a phone interview.

“This was not the work of a kid. […] It was cyberespionage at its best.”

Shamir said that the malware, dubbed Furtim, was “clearly not” made by cybercriminals to make some money but for a government spying operations.

Furtim is a “dropper tool,” a platform that infects a machine and then serves as a first step to launch further attacks. It was designed to target specifically European energy companies using Windows, was released in May, and is still active, according to SentinelOne.

Another interesting characteristic is that Furtim actively tries to avoid dozens of common antivirus products, as well as sandboxes and virtual machines, in an attempt to evade detection and stay hidden as long as possible. The goal is “to remove any antivirus software that is installed on the system and drop its final payload,” SentintelOne’s report reads.

Security experts believe that critical infrastructure, such as the energy grid, is highly vulnerable to cyberattacks, and believe a future conflict might start with taking down the power using malware. While it might sound far-fetched, at the end of last year, hackers believed to be working for the Russian government caused a blackout in parts of Ukraine after gaining access to the power grid using malware.

It’s unclear who’s behind this cyberespionage operation, but Shamir said it’s likely a government from Eastern Europe, with a lot of resources and skills. The malware’s developers were very familiar with Windows; they knew it “to the bone,” according to him.

“This was not the work of a kid,” he said. “It was cyberespionage at its best.”

****

The dropper’s principle mission is to avoid detection; it will not execute if it senses it’s being run in a virtualized environment such as a sandbox, and it also can bypass antivirus protection running on compromised machines.

The sample also includes a pair of privilege escalation exploits for patched Windows vulnerabilities (CVE-2014-4113 and CVE-2015-1701), as well as a bypass for Windows User Account Control (UAC), which limits user privileges.

“It escalates privileges after all these checks and registers a hidden binary that it drops onto the hard drive that runs early in the boot process,” SentinelOne senior security researcher Joseph Landry said. “It will go through and systematically remove any AV on the machine that it targets. Then it drops another payload to the Windows directory and runs it during login time.” More from ThreatPost

NATO Website Goes Dark During Summit

Posted on by

Those Russians are good, good at hacking…

A suspicious outage was reported and interesting that Obama was there too. The Warsaw Summit hosted by Poland where several distinct events happened. 1. There was an agreement to strengthen the alliance with military presence in the East that includes Estonia, Latvia and Lithuania. 2. The alliances also agreed to operational strength of ballistic missile defense as well as cyber defenses and applying cyberspace as an operational domain. 3. For Afghanistan, a resolution was approved to continue the mission and funding forces through 2020. 4. A comprehensive assistance package for Ukraine passed. 5. The NATO website/domain was likely hacked.

 

So….the chatter at more casual breakout sessions and in formal session did include escalating protections in the cyber realm. Obama got the message. Certainly on the heels of the Hillary emailgate scandal, Barack Obama finally admits there things still to be done to tighten up security.

Obama says U.S. government must improve cyber security

Reuters: U.S. President Barack Obama said on Sunday that the U.S. government has to improve its cyber security practices for the modern age of smart phones and other technology, saying that hackers had targeted the White House.

“I am concerned about it, I don’t think we have it perfect. We have to do better, we have to learn from mistakes,” Obama told a news conference in Madrid. “We know that we have had hackers in the White House,” he added.

Concerns have been raised about the security of government information after the head of the FBI said presidential nominee Hillary Clinton’s email servers may have been accessed by foreign actors when she was Secretary of State.

****

In 2015, Obama held a cyber security summit. Also there was an Executive Order. He wants better coordination between government and the private sector to fight online threats. Companies on board include Apple and Intel. It was a busy year in 2015 as Obama Announces New Cybersecurity Legislative Proposal and Other Cybersecurity Efforts.

Earmarking $19 billion for cyber programs by Obama also included a czar, Howard A. Schmidt. So how smart is Schmidt, or rather how UN-smart is he?

So far, there is no official proof that any country has ever engaged in a cyber attack, although certain malware attacks have been linked to different nations. The Stuxnet worm, which disrupted Iran’s nuclear facilities, has been attributed to the United States and Israel and the recently uncovered cyber espionage operation Red October is rumored to be either a Russian or a Chinese operation.

To avoid a cyber arms-race and an escalation in cyber attacks, Kaspersky has openly advocated for more online regulation, including international treaties limiting the use of malware — just like there are treaties against biological and nuclear weapons.

For Schmidt, that’s not a viable solution because it would be hard to enforce such a treaty. “At some point in the future maybe that will work but right now, number one, we have enough difficulty enforcing treaties of physical things that you can actually count, whether it’s weapon systems or whether it’s export import of these things, it’s extremely difficult,” he said.

Instead of a treaty that will take decades to become reality, Schmidt thinks countries should just respect the rules of engagement that already apply in real warfare. In war “we don’t just arbitrarily start shooting at people, we don’t send planes, we have respect for airspace, we have respect for a lot of the international laws,” he said. “Cyberspace should not be any different.” More here from Mashable.

One more thing to Obama and Mr. Schmidt….don’t forget the Office of Personnel Management, that experienced one of the largest intrusions of data belonging to and managed by the Federal government. Furthermore, that lady, Mrs. Katharine Archuleta who ran OPM never had any security experience with cyber and directly after the hearings on the cyber hack of the agency, well….she quit.

Cyber doom is here and no one talks about it….most of all the media…it is the best kept secret and classified condition inside the beltway.