Category Archives: Cyber War

Twitter Cutting off Intel Agencies

Posted on by

Perhaps we must be reminded that Twitter is the platform of choice for Islamic State. Through Twitter, connections and conversation can be cultivated and used to glean activity, locations, photos, videos, names and organizations. Perhaps it would be important to remember that during the bin Ladin raid in Abbottabad, a local used Twitter to describe what was happening real time. Journalists in areas of hostilities also use Twitter to report live action and terror movement.

Twitter with this decision will also likely affect the work of the FBI when it comes to solving other worldwide criminal activity such as child-trafficking, slavery and exploitation. Shameful. There is a volunteer team that searches Twitter daily for terror accounts and removes them since Twitter refuses to cooperate. There are an estimated 40,000 ISIS Twitter accounts daily. What about hostages and beheadings like James Foley?

Knowing the importance and success of Islamic State on Twitter, the U.S. State Department even launched their own Twitter strategy, now this decision by Twitter is aiding the enemy.

Twitter cuts intel agencies off from analysis service: report

Washington (AFP) – Twitter has barred US intelligence agencies from accessing a service that sorts through posts on the social media platform in real time and has proved useful in the fight against terrorism, the Wall Street Journal reported.

The newspaper, in its report Sunday evening, cited a senior US intelligence official as saying that Twitter seemed worried about appearing too cozy with intelligence services.

Twitter owns about a five percent stake in Dataminr, which uses algorithms and location tools to reveal patterns among tweets. It is a powerful tool for gleaning useful information from the unending stream of chatter on Twitter.

Dataminr is the only company that Twitter authorizes to access its entire real-time stream of public tweets and sell it to clients, the Wall Street Journal said.

The move was not publicly announced and the newspaper cited the intelligence official and people familiar with the matter.

Dataminr executives recently told intelligence agencies that Twitter did not want the company to continue providing services to them, the report said.

Dataminr information alerted US authorities to the November attacks in Paris shortly after the assault began, the Wall Street Journal said.

It has also been useful for real-time information about Islamic State group attacks, Brazil’s political crisis and other fast-changing events.

Twitter told the newspaper in a statement that its “data is largely public and the US government may review public accounts on its own, like any user could.”

The development comes as high-profile tech companies in the US face off against the government on how information should be shared in the fight against terrorism.

Earlier this year, the FBI paid more than $1 million (880,000 euros) to a third party to break into an iPhone used by one of the shooters in a killing spree in San Bernardino, California, after Apple refused to help authorities crack the device.

The tech giant cited concerns over digital security and privacy.

Russia is Getting Away with it All

Posted on by

Russia Establishes New Military Base in Palmyra: Activists

Local activists claim Moscow has founded a second base in the desert city after taking over the Hmeimim military base in Lattakia last year

The Palmyra Coordination Committee released a statement on Sunday stating that Russia has established a second military base in Syria located in the area of Palmyra, Idleb province.

The statement added that the Islamic State group and Syrian regime forces facilitated handing the ancient city over to the Russians.

“Locals were forcibly displaced by regime and Russians bombings as well as [ISIS] while Assad today with international sponsorship gives Russians the right to violate the property of the people of Palmyra in reward [for] their efforts [by] occupying the city and violating locals’ property.”

The Committee also released footage with the statement showing a Russian military base surrounded by barbed wire.

****

UN accuses Syrian government of blocking aid to Aleppo

The UN has accused the Syrian government of refusing UN appeals to deliver aid to 905,000 people, including in war-torn Aleppo, as the city suffered another day of attacks despite efforts to secure a ceasefire. “We seem to be having new possible besieged areas on our watch, we are having hundreds of relief workers unable to move in Aleppo,” UN humanitarian adviser Jan Egeland said after a weekly humanitarian meeting of nations backing the Syria peace process.”It is a disgrace to see while the population of Aleppo is bleeding their options to flee have never been more difficult than now.”

Russia has said a new ceasefire to halt fighting in Aleppo could be imminent, with Syria’s divided northern city hit by a wave of violence that has killed more than 270 people since 22 April.

Reports on Wednesday said at least three people had died in new attacks in the city, as rebel forces pressed an offensive against government troops on the city’s western outskirts.

With the UN Security Council to hold urgent talks on the crisis later on Wednesday, diplomatic efforts to stem the violence shifted to Germany where Foreign Minister Frank-Walter Steinmeier was to meet UN Syria envoy Staffan de Mistura, Syria’s main opposition leader Riad Hijab and France’s top diplomat Jean-Marc Ayrault.

Russian Foreign Minister Sergei Lavrov said late on Tuesday he hoped to agree on a freeze of fighting in Aleppo “in the near future, maybe even in the next few hours”, after meeting de Mistura in Moscow. Full story here.

****

Close Encounters With Jets Show Russia’s Anger at NATO Buildup, U.S.

NYT’s/ WASHINGTON — When the Pentagon complained about a Russian fighter plane performing a barrel roll near an Air Force reconnaissance plane in international airspace over the Baltic Sea on April 29, a quick response came from Moscow, which claimed that the American plane did not have its transponder turned on.

“The U.S. Air Force has two solutions,” the Russian Defense Ministry said in a sharp statement. “Either not to fly near our borders or to turn the transponder on for identification.” (American officials said the transponder had, indeed, been turned on.)

With that, American officials and foreign policy experts said, Russia delivered its response to President Obama’s decision this year to substantially increase the deployment of heavy weapons, armored vehicles and other equipment to NATO countries in Central and Eastern Europe. The move is meant to deter Russia from further aggression in the region.

By sharply ramping up so-called intercepts of American ships and planes in Central and Eastern Europe, Russia is demonstrating its anger over the increased American military presence in a region it considers part of its backyard, White House officials said. They called the Russian actions harassment.

Obama administration officials said they interpreted Russia’s statement as a demand that the United States stay out of the Baltics — and that is not going to happen, these officials said.

“We’re going to continue to fly, and we’re going to continue to operate in the Baltic Sea,” Mr. Carpenter said. “This is not going to change our activities one iota.”

But the game of chance underway in the skies and on the seas of Central and Eastern Europe could lead to miscalculations, American officials warn. More from the NYT’s here.

Today: National Change Your Password Day, Why?

Posted on by

Russian Hackers Have 270 Million Email Logins, Including Gmail and Yahoo Accounts

Gizmodo: A report from Reuters suggests that over 270 million hacked email credentials—including those from Gmail, Hotmail and Yahoo—are circulating among Russian digital crime rings.

Reuters reports that an investigation by Hold Security revealed the huge stash of login details, that are said to be being traded among criminals. Many of the credentials relate to the Russian email service Mail.ru, but the team has also identified details from Google, Yahoo and Microsoft.

Update: There may, however, not be too much cause for concern, as Motherboard points out that the data may in fact be taken from a series of older hacks, which means the credentials are likely useless.

The team from Hold Security was offered a tranche of 1.17 billion email user records in an online forum, and asked to pay just $1 for a copy of the data. The team refused to pay for stolen data, but was given the information anyway when it offered to post positive comments about the hacker online.

The team has since sifted through the data set to remove duplicates, revealing that it contains 270 million unique records. Alex Holden, the founder of Hold Security, told Reuters that the data was “potent,” adding that the “credentials can be abused multiple times.”

Hold Security has apparently alerted all of the affected email providers. Mail.ru, Google, Yahoo and Microsoft are all now investigating the situation.

A Microsoft spokesperson told Gizmodo that “unfortunately, there are places on the internet where leaked and stolen credentials are posted,” adding that it “has security measures in place to detect account compromise and requires additional information to verify the account owner and help them regain sole access to their account.”

It may be that the stash is out of date and doesn’t present too much of a security threat—though, of course, it could be a new pool of data, in which case the accounts included in the tranche could be at risk. Initial reports to the BBC from Mail.ru suggest that, from a sample of the records, there may not be many live email-passwords combinations in the data.

But it may be a good time to refresh your password anyway.

****

In a Wednesday statement, Mail.ru said its early analysis suggests many username/password combinations contain the same username paired with different passwords.

“We are now checking whether any username/password combinations match valid login information for our email service, and as soon as we have enough information we will warn the users that might have been affected,” the Russian service said.

The cache reportedly included tens of millions of certificates for Google Gmail, Microsoft Hotmail, and Yahoo Mail, as well as German and Chinese email providers.

“Unfortunately, there are places on the Internet where leaked and stolen credentials are posted, and when we come across these or someone sends them to us, we act to protect customers,” a Microsoft spokeswoman told PCMag. “Microsoft has security measures in place to detect account compromise and requires additional information to verify the account owner and help them regain sole access to their account.”

Google declined to comment, while Yahoo did not immediately respond to PCMag’s request.

The junior hacker—either inexperienced in the art of haggling, or just too rich to care—asked for only 50 rubles in exchange for the “incredibly large set of data.” Equivalent to about 75 cents, the payment request did little to boost Hold Security’s confidence in the data’s credibility and value. The move was “similar to an expensive sports car being sold for pennies at auction,” the firm said.

Hold refused to pay and convinced the hacker to trade the data for likes/votes on his social media page.

“At the end, this kid from a small town in Russia collected an incredible 1.17 billion stolen credentials from numerous breaches that we are still working on identifying,” Hold Security said. More from PC Magazine.

*****

In a shocking report from FireEye Inc., a California security firm with top government connections, as well as three other reports, the existence of a Russian-based hacker group, which appears to be a joint effort by the Russian government and the Russian Mafia, has been revealed, The Wall Street Journal reports.

Terming the hacker attack “Safacy” or “APT28,” the computer anti-hacking firm’s report, called “A Window Into Russia’s Cyber Espionage Operations,” notes, “We assess that APT28’s work is sponsored by the Russian government” and is more technically sophisticated than Chinese-hacking efforts earlier detected and exposed by FireEye, the report states.
“I worry a lot more about the Russians” than about China, James Clapper, director of national intelligence, said at a University of Texas forum, the Journal reports. More from NewsMax.

Porn Scandal in Federal Govt Continues

Posted on by

SMH = Shaking my Head

Feds Have Found ‘Unbelievable’ Amounts of Child Porn on National Security Computers. Is This the Solution?

A top National Security Agency official wants to keep tabs on national security personnel off-the-clock, in part by tracking their online habits at home. The aim is to spot behavior that might not be in America’s best interests.

Historically, some illicit activity, like downloading child pornography, which is different to perfectly legal and enjoyable content from sites similar to tubev, has occurred on government computers and been prosecuted.

But today, the digital lives of employees cleared to access classified information extend beyond the office.

About 80 percent of the National Security Agency workforce has retired since Sept. 11, 2001, says Kemp Ensor, NSA director of security. When the millennial and Gen Y staff that now populate the spy agency get home, they go online.

“That is where were we need to be, that’s where we need to mine,” Ensor said.

Currently, managers only look for aberrant computer behavior on internal, agency-owned IT systems – it’s a practice known as “continuous monitoring.”

But the military and intelligence communities are beginning to broaden checks on cleared personnel in the physical and digital worlds. It used to be that national security workers were re-investigated only every five or 10 years.

Under the evolving “continuous evaluation” model, the government will periodically search for signs of problems through, for example, court records, financial transactions, and — if authorized — social media posts.

Ensor and other federal officials spoke April 28 about new trends in personnel security at an Intelligence and National Security Alliance symposium in Chantilly, Virginia.

On government devices, “the amount of child porn I see is just unbelievable,” said Daniel Payne, director of the Pentagon’s Defense Security Service. The point being, there’s a need to routinely scan agency network activity and criminal records to gauge an individual’s suitability to handle classified information.

Payne, whose 34 years of counterintelligence experience have spanned the military, CIA and National Counterintelligence and Security Center, was not referring to any specific agency or any specific timeframe, his current employer told Nextgov.

Payne just returned to the Defense Security Service in February, after starting his career there.

“Director Payne provided this example to demonstrate the range of issues identified during the personnel security process, and the range and value of different data sources that have a bearing on an individual’s ability to access sensitive information,” the Defense Security Service said in an emailed statement.

Ensor echoed his colleague’s concerns, noting he sees child pornography on NSA IT systems. In the national security space, “what people do is amazing,” he said. Ensor’s guess about the presence of explicit material is that there are many “introverts staring at computer screens” day in and day out. This is why it is so important to look at individuals holistically when determining who might be a so-called insider threat, Ensor said.

In the past, military and intelligence personnel have exploited minors online, without notice, for years or even an entire career.

The Boston Globe broke a story in 2010 that a significant number of federal employees and contractors with high-level security clearances downloaded child pornography — sometimes on government computers — at NSA and the National Reconnaissance Office, among other defense agencies.

At least one NSA contractor holding a top secret clearance told investigators in 2007 he had been spending $50 to $60 monthly fees on various sexually explicit websites similar to hdpornvideo.xxx for the past three years, according to a Defense inspector general report on the matter. After each session on the porn sites, he would wipe the browsing history of that system. The Pentagon investigation did not state who owned the computer.

More recently, a military official pleaded guilty to pedophile crimes and accessing child pornography through the Internet — but at home.

On April 15, a U.S. district judge sentenced former Army Corps of Engineers official Michael Beeman, of Virginia, to 30 years in prison for molesting minors, beginning in the 1980s while working in public affairs at Patrick Air Force Base. He later downloaded child pornography to personal devices, court records show.

Case files state the illegal online activity occurred between 2010 and 2014, which according to LinkedIn, was when Beeman served as an Army Corps of Engineers public affairs regional chief.

Obama/Kerry Cant Modify Iran, Cyber Army

Posted on by

Iran’s cyber army – the latest in a series of maleficence

TheHill: In July, when the P5+1 struck a nuclear deal with Iran dubbed as “historic,” administration officials spun it as a first step on a path toward improving Tehran’s behavior. That path hit yet another bump in recent weeks, when Iran launched nuclear-capable missiles in defiance of a United Nations Security Council resolution that endorsed the nuclear deal.

In a letter to the U.N., the U.S., France, Great Britain and Germany decried the missile tests. Secretary of State John Kerry speaking on a visit to Bahrain on April 7, 2016, condemned “the destabilising actions of Iran.”

Iran’s Minister of Defense Brig. Gen. Hossein Dehghan shot back: “If John Kerry actually thought about these subjects, he would no longer utter nonsense and foolish words.” The U.S., he said, should “leave the region and stop supporting terrorists.”

The Iranian regime, in contrast, clearly has no plans to curtail its regional meddling. According to reports from inside the Iranian regime, Supreme Leader Ali Khamenei has dispatched hordes of Islamic Revolutionary Guard Corps (IRGC), mercenary militias, as well as groups of regular army forces to Syria in anticipation of new attacks against the opposition and Free Syrian Army (FSA).

In a move unparalleled since the Iran-Iraq war, Khamenei has deployed his military on a large scale abroad.

The missile launches, coupled with the Iranian regime’s expanding role in wreaking havoc in Syria, naturally grabbed the headlines, overshadowing a no less disturbing report by the U.S. Justice Department that Iran was behind a series of cyber attacks against the U.S., targeting at least 46 companies and a dam by 2013. Now, new and stunning intelligence about the scope and depth of the Iranian regime’s investment in a cyber war against the U.S. are widening the anti-terror focus.

According to the U.S. indictment, between 2011 and 2013, hackers linked to the IRGC attacked U.S. financial institutions as well as a flood-control dam 25 miles north of New York City. Other targets included the New York Stock Exchange, Bank of America, and AT&T.

The hackers broke into the command and control system of the dam in 2013, according to Washington, and may have been able to release water from behind the dam if not for the fact that the sluice gate had been manually disconnected at the time of intrusion.

This is an unequivocal warning that the Iranian regime is preparing to mount a larger cyber attack against American infrastructure.

According to new reports from inside the Iranian regime, IRGC commander Mohammad-Ali Jafari has thrown his weight behind designating a “Cyber Force” to act as the IRGC’s “sixth force” – alongside its ground forces, navy, aerospace, extraterritorial Qods (Jerusalem) Force, and domestic Bassij militia.

The IRGC has been deeply involved in cyber warfare aimed at domestic suppression and supporting terrorists abroad since 2007. IRGC Brigadier General Hossein Hamedani (killed in late 2015 leading the charge in Syria) announced in 2010, “The Bassij cyber council has trained over 1,500 active ‘cyber jihadis,’” promising that their activities would increase in the near future.

When the IRGC’s Intelligence Organization was formed following the 2009 nationwide uprisings against the theocracy, the Cyber Army was placed under it. In November 2010, the Cyber Army claimed that it had hacked 500 sites simultaneously, while disrupting the intelligence networks and private websites of other counties.

Tehran has no intention of getting “right with the world,” as President Obama once suggested. The Iranian regime is committed to pursuing a strategic war against the U.S. and its allies. Any hopes of change in behavior are illusory at best.

Washington needs to develop a more comprehensive strategy to confront this threat before it’s too late. Since the regime’s cyber force, now targeting U.S. sites was formed to counter social protests and political activism inside Iran, America’s natural allies in this war are the Iranian people and the organized opposition.

Related: 2013: The Iranian Cyber Threat, Revisited

Statement before the U.S. House of Representatives Committee on Homeland Security/Subcommittee on Cybersecurity, Infrastructure Protection, and Security Technologies

******

In 2014: As international scrutiny remains focused on the Islamic Republic of Iran’s nuclear program, a capability is developing in the shadows inside Iran that could pose an even greater threat to the United States. The 2010 National Security Strategy discusses Iran in the context of its nuclear program, support of terrorism, its influence in regional activities, and its internal problems. There was no mention of Iran’s cyber capability or of that ability to pose a threat to U.S. interests. This is understandable, considering Iran has not been a major concern in the cyber realm. Furthermore, Russia and China’s cyber activities have justifiably garnered a majority of attention and been widely reported in the media over the past decade. Iran’s cyber capabilities have been considered third-tier at best. That is rapidly changing. This report discusses the growing cyber capability of Iran and why it poses a new threat to U.S. national interests.

Iran in a Cyber Context.
      Just as computing power grows exponentially each year, so can an adversary’s cyber capabilities. When one considers the origins of world-class cyber threats to the United States, two countries immediately come to mind—Russia and China. Yet with its growing cyber capabilities and intent to use them, Iran is rapidly striving to earn a position among the ranks of this nefariously elite group. For decades, the U.S. Government has publicly acknowledged concern over Iran’s efforts to develop a nuclear program to counter U.S. military capabilities. Recently, the 2014 Quadrennial Defense Review stated that, “Over the past 5 years, a top Administration priority in the Middle East has been preventing Iran from acquiring a nuclear weapon.”2 This focus on Iran’s nuclear ambitions has distracted many from Iran’s other developing capability. In the last few years, Iran’s cyber proficiency has garnered the attention of a select few government officials and private industry leaders. In late-2011, the executive chairman of Google stated, “The Iranians are unusually talented in cyber war for some reason we don’t fully understand.”3 Stopping a cyber adversary from disrupting activity or stealing intellectual property has been the primary concern of government and private sector organizations, but in the military and intelligence communities, there are other concerns about Iran. More here.