Category Archives: Cyber War

China, Unfettered Espionage Against U.S.

Posted on by

Did China Just Steal $360 Billion From America?

Gordon G. Chang/Forbes:

“The FBI has obtained information regarding multiple malicious cyber actor groups that have compromised sensitive business information from U.S. commercial and government networks through cyber espionage,” warned the law enforcement agency on the 2nd of this month. At about the same time, the Department of Homeland Security and the Defense Security Service of the Department of Defense issued similar alerts.

The principal group in question is believed to be the one codenamed APT6. The three letters stand for Advanced Persistent Threat, and this group appears to be among the first tagged as an “APT.”

Kurt Baumgartner of Russian firm Kaspersky Lab suggests APT6 is state-sponsored.That sounds correct because as Craig Williams WMB -4.47% at Talos, a part of Cisco, notes, it is “an advanced, well-funded actor.”

Baumgartner declined to identify APT6’s nationality, but others have. Vice Media’s Motherboard reports that experts think the group is Chinese. As the FireEye security firm notes, APT6 is “likely a nation-state sponsored group based in China.”

In any event, APT6 has caught the attention of the FBI. The group also appears to be the subject of the Bureau’s February 12 alert.

Related reading from the FBI

The February 12 alert says the group in question was attacking U.S. networks “since at least 2011,” but Baumgartner thinks it was active as early as 2008.

In September of last year during Xi Jinping’s state visit, President Obama said the U.S. and China had reached “a common understanding on the way forward” on cybertheft. Washington and Beijing, he said, had affirmed the principle that neither government would use cyber means for commercial purposes.

China indeed affirmed that principle, and the agreement was, as Adam Segal and Tang Lan write, “a significant symbolic step forward.” The pair correctly note that “trust will be built and sustained through implementation.”

As might be expected, there was little implementation on the Chinese side at first. CrowdStrike , the cyber security firm, for instance, in October reported no letup in China’s cyber intrusions into the networks of American corporates.

Related: Economic Terrorism

Beijing, according to the Financial Times, has since reduced its cyber spying against American companies. As Justin Harvey of Fidelis Cybersecurity told the paper, “What we are seeing can only be characterized as a material downtick in what can be considered cyber espionage.”

And FireEye noted that all 22 Chinese hacking units identified by the firm as attacking American networks discontinued operations.

Nonetheless, the Obama administration is not declaring victory quite yet, and for good reason. “The days of widespread Chinese smash-and-grab activity, get in, get out, don’t care if you’re caught, seem to be over,”says Rob Knake, who once directed cyber security policy at the National Security Council and is now at the Council on Foreign Relations. “There’s a consensus that activity is still ongoing, but narrower in scope and with better tradecraft.”

Whether espionage is overt or not, the damage to American business is still large. According to the May 2013 report of the Blair-Huntsman Commission on the Theft of American Intellectual Property, “The scale of international theft of American intellectual property is unprecedented—hundreds of billions of dollars per year, on the order of the size of U.S. exports to Asia.”

William Evanina, America’s chief counterintelligence official, told reporters in November that hacking espionage costs U.S. companies $400 billion each year and that China is responsible for about 90% of the attacks. Beijing’s haul, therefore, looks like something on the order of $360 billion.

And how do we know the Chinese are culprits? For one thing, bold Chinese cyber thieves like to show their victims the information they have stolen.

Moreover, the U.S. government has gotten better at attribution, going from being able to attribute one-third of the attacks to more than two-thirds. The improvement is largely due to the government’s partnership with the private sector. Microsoft, Google, and Twitter, for example, will share information if they detect attacks on their customers.

And their customers are still getting attacked. “We continue to see them engage in activity directed against U.S. companies,” said Admiral Mike Rogers, the head of U.S. Cyber Command, in early April in testimony before the Senate Armed Services Committee. “The questions I think that we still need to ask is, is that activity then, in turn, shared with the Chinese private industry?”

It’s right for Rogers to be cautious, but it would be strange for Chinese hackers not to share as they have done in the past. At the moment, there is little reason for Beijing to stop hacking, because Washington is not willing to impose costs on China for its “21st century burglary.”

There was the May 2014 indictment of five officers of the People’s Liberation Army for cyberattacking American businesses, like Alcoa and U.S. Steel, and the United Steelworkers union. That move, while welcome, was overdue and only symbolic. The Blair-Huntsman Commission suggested an across-the-board tariff on Chinese goods, but the imposition of a penalty of that sort is unlikely without a radical change of thinking in Washington.

Therefore, the FBI, even after all these years, is just playing catch up. The February alert is a tacit admission that the U.S. government is not in control of its own networks said Michael Adams, who served in U.S. Special Operations Command. “It’s just flabbergasting,” Adams told Motherboard. “How many times can this keep happening before we finally realize we’re screwed?”

The People’s Republic of China is still committing monumental thefts in large part because successive American governments cannot get beyond half-measures.

Beijing may be an intruder, but Washington somehow finds it unseemly to lock the door and punish the thief.

 

Twitter Cutting off Intel Agencies

Posted on by

Perhaps we must be reminded that Twitter is the platform of choice for Islamic State. Through Twitter, connections and conversation can be cultivated and used to glean activity, locations, photos, videos, names and organizations. Perhaps it would be important to remember that during the bin Ladin raid in Abbottabad, a local used Twitter to describe what was happening real time. Journalists in areas of hostilities also use Twitter to report live action and terror movement.

Twitter with this decision will also likely affect the work of the FBI when it comes to solving other worldwide criminal activity such as child-trafficking, slavery and exploitation. Shameful. There is a volunteer team that searches Twitter daily for terror accounts and removes them since Twitter refuses to cooperate. There are an estimated 40,000 ISIS Twitter accounts daily. What about hostages and beheadings like James Foley?

Knowing the importance and success of Islamic State on Twitter, the U.S. State Department even launched their own Twitter strategy, now this decision by Twitter is aiding the enemy.

Twitter cuts intel agencies off from analysis service: report

Washington (AFP) – Twitter has barred US intelligence agencies from accessing a service that sorts through posts on the social media platform in real time and has proved useful in the fight against terrorism, the Wall Street Journal reported.

The newspaper, in its report Sunday evening, cited a senior US intelligence official as saying that Twitter seemed worried about appearing too cozy with intelligence services.

Twitter owns about a five percent stake in Dataminr, which uses algorithms and location tools to reveal patterns among tweets. It is a powerful tool for gleaning useful information from the unending stream of chatter on Twitter.

Dataminr is the only company that Twitter authorizes to access its entire real-time stream of public tweets and sell it to clients, the Wall Street Journal said.

The move was not publicly announced and the newspaper cited the intelligence official and people familiar with the matter.

Dataminr executives recently told intelligence agencies that Twitter did not want the company to continue providing services to them, the report said.

Dataminr information alerted US authorities to the November attacks in Paris shortly after the assault began, the Wall Street Journal said.

It has also been useful for real-time information about Islamic State group attacks, Brazil’s political crisis and other fast-changing events.

Twitter told the newspaper in a statement that its “data is largely public and the US government may review public accounts on its own, like any user could.”

The development comes as high-profile tech companies in the US face off against the government on how information should be shared in the fight against terrorism.

Earlier this year, the FBI paid more than $1 million (880,000 euros) to a third party to break into an iPhone used by one of the shooters in a killing spree in San Bernardino, California, after Apple refused to help authorities crack the device.

The tech giant cited concerns over digital security and privacy.

Russia is Getting Away with it All

Posted on by

Russia Establishes New Military Base in Palmyra: Activists

Local activists claim Moscow has founded a second base in the desert city after taking over the Hmeimim military base in Lattakia last year

The Palmyra Coordination Committee released a statement on Sunday stating that Russia has established a second military base in Syria located in the area of Palmyra, Idleb province.

The statement added that the Islamic State group and Syrian regime forces facilitated handing the ancient city over to the Russians.

“Locals were forcibly displaced by regime and Russians bombings as well as [ISIS] while Assad today with international sponsorship gives Russians the right to violate the property of the people of Palmyra in reward [for] their efforts [by] occupying the city and violating locals’ property.”

The Committee also released footage with the statement showing a Russian military base surrounded by barbed wire.

****

UN accuses Syrian government of blocking aid to Aleppo

The UN has accused the Syrian government of refusing UN appeals to deliver aid to 905,000 people, including in war-torn Aleppo, as the city suffered another day of attacks despite efforts to secure a ceasefire. “We seem to be having new possible besieged areas on our watch, we are having hundreds of relief workers unable to move in Aleppo,” UN humanitarian adviser Jan Egeland said after a weekly humanitarian meeting of nations backing the Syria peace process.”It is a disgrace to see while the population of Aleppo is bleeding their options to flee have never been more difficult than now.”

Russia has said a new ceasefire to halt fighting in Aleppo could be imminent, with Syria’s divided northern city hit by a wave of violence that has killed more than 270 people since 22 April.

Reports on Wednesday said at least three people had died in new attacks in the city, as rebel forces pressed an offensive against government troops on the city’s western outskirts.

With the UN Security Council to hold urgent talks on the crisis later on Wednesday, diplomatic efforts to stem the violence shifted to Germany where Foreign Minister Frank-Walter Steinmeier was to meet UN Syria envoy Staffan de Mistura, Syria’s main opposition leader Riad Hijab and France’s top diplomat Jean-Marc Ayrault.

Russian Foreign Minister Sergei Lavrov said late on Tuesday he hoped to agree on a freeze of fighting in Aleppo “in the near future, maybe even in the next few hours”, after meeting de Mistura in Moscow. Full story here.

****

Close Encounters With Jets Show Russia’s Anger at NATO Buildup, U.S.

NYT’s/ WASHINGTON — When the Pentagon complained about a Russian fighter plane performing a barrel roll near an Air Force reconnaissance plane in international airspace over the Baltic Sea on April 29, a quick response came from Moscow, which claimed that the American plane did not have its transponder turned on.

“The U.S. Air Force has two solutions,” the Russian Defense Ministry said in a sharp statement. “Either not to fly near our borders or to turn the transponder on for identification.” (American officials said the transponder had, indeed, been turned on.)

With that, American officials and foreign policy experts said, Russia delivered its response to President Obama’s decision this year to substantially increase the deployment of heavy weapons, armored vehicles and other equipment to NATO countries in Central and Eastern Europe. The move is meant to deter Russia from further aggression in the region.

By sharply ramping up so-called intercepts of American ships and planes in Central and Eastern Europe, Russia is demonstrating its anger over the increased American military presence in a region it considers part of its backyard, White House officials said. They called the Russian actions harassment.

Obama administration officials said they interpreted Russia’s statement as a demand that the United States stay out of the Baltics — and that is not going to happen, these officials said.

“We’re going to continue to fly, and we’re going to continue to operate in the Baltic Sea,” Mr. Carpenter said. “This is not going to change our activities one iota.”

But the game of chance underway in the skies and on the seas of Central and Eastern Europe could lead to miscalculations, American officials warn. More from the NYT’s here.

Today: National Change Your Password Day, Why?

Posted on by

Russian Hackers Have 270 Million Email Logins, Including Gmail and Yahoo Accounts

Gizmodo: A report from Reuters suggests that over 270 million hacked email credentials—including those from Gmail, Hotmail and Yahoo—are circulating among Russian digital crime rings.

Reuters reports that an investigation by Hold Security revealed the huge stash of login details, that are said to be being traded among criminals. Many of the credentials relate to the Russian email service Mail.ru, but the team has also identified details from Google, Yahoo and Microsoft.

Update: There may, however, not be too much cause for concern, as Motherboard points out that the data may in fact be taken from a series of older hacks, which means the credentials are likely useless.

The team from Hold Security was offered a tranche of 1.17 billion email user records in an online forum, and asked to pay just $1 for a copy of the data. The team refused to pay for stolen data, but was given the information anyway when it offered to post positive comments about the hacker online.

The team has since sifted through the data set to remove duplicates, revealing that it contains 270 million unique records. Alex Holden, the founder of Hold Security, told Reuters that the data was “potent,” adding that the “credentials can be abused multiple times.”

Hold Security has apparently alerted all of the affected email providers. Mail.ru, Google, Yahoo and Microsoft are all now investigating the situation.

A Microsoft spokesperson told Gizmodo that “unfortunately, there are places on the internet where leaked and stolen credentials are posted,” adding that it “has security measures in place to detect account compromise and requires additional information to verify the account owner and help them regain sole access to their account.”

It may be that the stash is out of date and doesn’t present too much of a security threat—though, of course, it could be a new pool of data, in which case the accounts included in the tranche could be at risk. Initial reports to the BBC from Mail.ru suggest that, from a sample of the records, there may not be many live email-passwords combinations in the data.

But it may be a good time to refresh your password anyway.

****

In a Wednesday statement, Mail.ru said its early analysis suggests many username/password combinations contain the same username paired with different passwords.

“We are now checking whether any username/password combinations match valid login information for our email service, and as soon as we have enough information we will warn the users that might have been affected,” the Russian service said.

The cache reportedly included tens of millions of certificates for Google Gmail, Microsoft Hotmail, and Yahoo Mail, as well as German and Chinese email providers.

“Unfortunately, there are places on the Internet where leaked and stolen credentials are posted, and when we come across these or someone sends them to us, we act to protect customers,” a Microsoft spokeswoman told PCMag. “Microsoft has security measures in place to detect account compromise and requires additional information to verify the account owner and help them regain sole access to their account.”

Google declined to comment, while Yahoo did not immediately respond to PCMag’s request.

The junior hacker—either inexperienced in the art of haggling, or just too rich to care—asked for only 50 rubles in exchange for the “incredibly large set of data.” Equivalent to about 75 cents, the payment request did little to boost Hold Security’s confidence in the data’s credibility and value. The move was “similar to an expensive sports car being sold for pennies at auction,” the firm said.

Hold refused to pay and convinced the hacker to trade the data for likes/votes on his social media page.

“At the end, this kid from a small town in Russia collected an incredible 1.17 billion stolen credentials from numerous breaches that we are still working on identifying,” Hold Security said. More from PC Magazine.

*****

In a shocking report from FireEye Inc., a California security firm with top government connections, as well as three other reports, the existence of a Russian-based hacker group, which appears to be a joint effort by the Russian government and the Russian Mafia, has been revealed, The Wall Street Journal reports.

Terming the hacker attack “Safacy” or “APT28,” the computer anti-hacking firm’s report, called “A Window Into Russia’s Cyber Espionage Operations,” notes, “We assess that APT28’s work is sponsored by the Russian government” and is more technically sophisticated than Chinese-hacking efforts earlier detected and exposed by FireEye, the report states.
“I worry a lot more about the Russians” than about China, James Clapper, director of national intelligence, said at a University of Texas forum, the Journal reports. More from NewsMax.

Porn Scandal in Federal Govt Continues

Posted on by

SMH = Shaking my Head

Feds Have Found ‘Unbelievable’ Amounts of Child Porn on National Security Computers. Is This the Solution?

A top National Security Agency official wants to keep tabs on national security personnel off-the-clock, in part by tracking their online habits at home. The aim is to spot behavior that might not be in America’s best interests.

Historically, some illicit activity, like downloading child pornography, which is different to perfectly legal and enjoyable content from sites similar to tubev, has occurred on government computers and been prosecuted.

But today, the digital lives of employees cleared to access classified information extend beyond the office.

About 80 percent of the National Security Agency workforce has retired since Sept. 11, 2001, says Kemp Ensor, NSA director of security. When the millennial and Gen Y staff that now populate the spy agency get home, they go online.

“That is where were we need to be, that’s where we need to mine,” Ensor said.

Currently, managers only look for aberrant computer behavior on internal, agency-owned IT systems – it’s a practice known as “continuous monitoring.”

But the military and intelligence communities are beginning to broaden checks on cleared personnel in the physical and digital worlds. It used to be that national security workers were re-investigated only every five or 10 years.

Under the evolving “continuous evaluation” model, the government will periodically search for signs of problems through, for example, court records, financial transactions, and — if authorized — social media posts.

Ensor and other federal officials spoke April 28 about new trends in personnel security at an Intelligence and National Security Alliance symposium in Chantilly, Virginia.

On government devices, “the amount of child porn I see is just unbelievable,” said Daniel Payne, director of the Pentagon’s Defense Security Service. The point being, there’s a need to routinely scan agency network activity and criminal records to gauge an individual’s suitability to handle classified information.

Payne, whose 34 years of counterintelligence experience have spanned the military, CIA and National Counterintelligence and Security Center, was not referring to any specific agency or any specific timeframe, his current employer told Nextgov.

Payne just returned to the Defense Security Service in February, after starting his career there.

“Director Payne provided this example to demonstrate the range of issues identified during the personnel security process, and the range and value of different data sources that have a bearing on an individual’s ability to access sensitive information,” the Defense Security Service said in an emailed statement.

Ensor echoed his colleague’s concerns, noting he sees child pornography on NSA IT systems. In the national security space, “what people do is amazing,” he said. Ensor’s guess about the presence of explicit material is that there are many “introverts staring at computer screens” day in and day out. This is why it is so important to look at individuals holistically when determining who might be a so-called insider threat, Ensor said.

In the past, military and intelligence personnel have exploited minors online, without notice, for years or even an entire career.

The Boston Globe broke a story in 2010 that a significant number of federal employees and contractors with high-level security clearances downloaded child pornography — sometimes on government computers — at NSA and the National Reconnaissance Office, among other defense agencies.

At least one NSA contractor holding a top secret clearance told investigators in 2007 he had been spending $50 to $60 monthly fees on various sexually explicit websites similar to hdpornvideo.xxx for the past three years, according to a Defense inspector general report on the matter. After each session on the porn sites, he would wipe the browsing history of that system. The Pentagon investigation did not state who owned the computer.

More recently, a military official pleaded guilty to pedophile crimes and accessing child pornography through the Internet — but at home.

On April 15, a U.S. district judge sentenced former Army Corps of Engineers official Michael Beeman, of Virginia, to 30 years in prison for molesting minors, beginning in the 1980s while working in public affairs at Patrick Air Force Base. He later downloaded child pornography to personal devices, court records show.

Case files state the illegal online activity occurred between 2010 and 2014, which according to LinkedIn, was when Beeman served as an Army Corps of Engineers public affairs regional chief.