Category Archives: Cyber War

Stalking Iran and bin Ladin with a Drone

Posted on by

We don’t have an intelligence problem, we don’t have a signit problem, not even a humint problem, we have a lack of will which translates to a lack of strategy and a mission objective. We did get Usama bin Ladin but what was the real gain?

At least for we weary Americans, we can take some confidence that we do have technology.

The Drone that Stalked Bin Laden

AirandSpace: In 2009, after two weeks of being embedded as an independent journalist with a small team of U.S. Marines in Afghanistan, I ended up at Combat Outpost Monti, a 14-acre camp of tents, plywood huts, a few concrete bunkers and makeshift guard towers, and a helicopter landing area, all ringed by collapsible barriers. At the outpost, one of hundreds built in Afghanistan during the 13 years of NATO combat operations, the Marines were training and fighting alongside Afghan National Army soldiers. COP Monti was less than 10 miles from the Pakistan border, near the Federally Administered Tribal Areas.

RQ-170

My time with the team was just about up when they were ordered to move up the Kunar River valley on a large combat operation. I stayed behind with the Afghan soldiers and, before I managed to find a ride out, weathered a mortar and rocket attack from combatants who had undoubtedly planned the attack and stockpiled the weapons for it at a site across the border, in Pakistan. Even if the Marines had still been there, they could not have pursued the attackers. Al-Qaeda, Taliban, and other belligerents have hidden from the U.S. military in Pakistan’s tribal areas, with varying success, since Americans entered Afghanistan in 2001.

“Everybody knows that the Taliban and other groups train, raise money, plan operations, and even recruit in the tribal areas of Pakistan,” says a retired U.S. infantry officer who served two tours in Afghanistan as well as a rotation in Iraq. (All of the sources quoted in this article spoke to me on the condition that I would not name them because they do not have permission to speak on the record.) “The insurgent leadership move men and materials into Afghanistan and attack American and coalition forces and assets.” Then, he says, they scurry back to Pakistan, where U.S. forces can’t follow.

At least, not on the ground.

Since 2004, the United States has followed insurgents into Pakistan, and has spied on and sometimes killed them there. The CIA flies Predator and Reaper unpiloted aerial vehicles over the tribal districts, often with the approval of Pakistani leaders, who have enemies of their own among the militants inhabiting the country’s northwest. Some missions though are conducted without approval from Pakistan’s authorities. For those missions, the CIA needed a different aircraft.

In late 2007, reporters and observers at Afghanistan’s Kandahar Airfield discovered that a new spy had joined the team. Grainy photographs emerged of what appeared to be an unmanned flying wing. Aviation reporter Bill Sweetman (who writes a column for this magazine) nicknamed the aircraft “the Beast of Kandahar,” and the name has stuck, though the airplane doesn’t have the ferocity or power of a beast. It is an unarmed, stealthy observer designed to glide silently over its targets and transmit photos, video, and other intelligence to a worldwide network of users. The Air Force acknowledged it in 2009 and revealed its official name: the Lockheed Martin RQ-170 Sentinel.

The RQ-170 is operated by the U.S. Air Force 432nd Wing, which also operates Predators and Reapers. The 432nd, stationed at Creech Air Force Base, northwest of Las Vegas, declined to speak about the Sentinel, and a spokesperson for Lockheed Martin would state only that it is a “low-observable Unmanned Aerial System” and that its “primary mission is Intelligence, Surveillance and Reconnaissance.”

Trying to put together a picture of how the RQ-170 might have been used in the mysterious Afghanistan-Pakistan border region, I spoke to a U.S. military pilot who had flown in the 2003 Iraq war and who had later served in a senior position in an unmanned aerial vehicle unit. “At the start of [Operation Iraqi Freedom], one of our missions was to fly right up against the Iranian border, with our targeting pods slewed to the side to scan for border activity,” the pilot said. “We were right on the border, but we couldn’t cross it. Their radar had us. We were doing ISR work, trying to figure out just what, if any, activity was taking place on and as far inside their border as possible.” One type of activity the U.S. military was trying to follow and disrupt was the Iranian manufacture of devices called EFPs—explosively formed penetrators—and their distribution to enemies in Iraq and Afghanistan.

Historically, insurgencies have required bases of support outside the contested country. “When discussing the RQ-170,” the pilot continued, “you have to understand that both Pakistan and Iran are outside of the ISR grasp of a targeting pod on an aircraft flying on the border, or of satellites. Sheer distance degrades certain aspects of a satellite’s ability to observe.”

The United States needed an intelligence-gathering platform that could avoid detection by Iranian and Pakistani radars. A retired military aviator who held a senior position at Kandahar Airfield during Sentinel operations pointed out that the UAV’s size and shape give it a low radar cross-section—the measure of the amount of energy a target reflects toward the radar that illuminated it. “It’s a large airfoil, roughly 65 to 70 feet in length,” he said. “Being a main wing only, with no fuselage and tail surfaces, drastically reduces both its radar signature and aerodynamic drag.” The Sentinel has the stealthy form of the 172-foot-span B-2 bomber, but is less than half its size.

Because the Sentinel is manufactured by the company that brought us the F-22 stealth fighter and F-35 Joint Strike Fighter (and, before that, the F-117, SR-71, and U-2), we can assume that its skin uses radar-absorbent materials to further diminish radar return. Although its shape and materials keep it invisible to some radars, the aviator explained, others would be able to detect the aircraft but might not be able to track or target it.

At medium altitudes, the Sentinel’s light gray color enables it to blend in with the sky. It must also be quiet enough that it won’t be heard on the ground. An aviator who held a senior position at Kandahar Airfield during the Sentinel’s operation said its sound during takeoff wasn’t loud but distinctive—different from the propeller-driven UAVs and military jets that operated from the airfield.

Kandahar Airfield

An early image of the drone, at Kandahar Airfield before 2010. (Anonymous)

Engine noise or heat can never be eliminated but can be reduced. “[A stealth UAV] would use a high-efficiency turbofan engine, and its exhaust would be spread out as much as possible, masking both heat and noise,” the aviator said. A nozzle that spreads the exhaust eliminates concentrations of heat and helps mix hot exhaust with cooler ambient air.

An earlier, short-lived Lockheed Martin stealth UAV, the RQ-3 DarkStar, used a Williams-Rolls-Royce FJ44-1A turbofan, an engine favored for 1990s-era business jets, whose manufacturers claimed noise reductions. But those reductions were due partly to a change in the jets’ takeoff and landing profiles. Flight profile, according to an expert in unmanned aerial systems, is key to maintaining low observability. He explained that to fly low over a location of interest, an aircraft would most likely be put into a shallow descent, with its engine throttled back, so that it would essentially glide over the target. After one pass, “it will turn and gently increase power, but in a geometry such that nobody at or near the target could hear.” Once back at a higher altitude, the Sentinel would, if necessary, set up for another pass. This description suggests that maintaining continuous observation of a location would require two, possibly three, Sentinels flying overlapping patterns, not a sole craft orbiting.

**********

In December 2011, one or several of the Sentinel’s stealthy protections could have failed: An RQ-170 was taken prisoner in Iran. It had been on a reconnaissance mission and landed within the country, mainly intact, a few hundred miles from its home runway at Kandahar Airfield. The Iranians seized it, put it on display, and broadcast claims that they had spoofed its guidance system. Another possibility is that the UAV lost power or that its guidance system simply malfunctioned, an explanation that several Pentagon officials offered the press in the days after the incident.

“These systems have trip wires,” an aviator explained. “They’re meant to automatically return home, or at least to friendly airspace. But you have to consider: Was there a possibility of an oversight that the Iranians figured out they could exploit?” The guidance system, he noted, likely uses a combination of GPS and inertial navigation. With inertial navigation, highly sensitive accelerometers and gyros determine a craft’s route in three axes. Inertial systems cannot be fooled, though they can drift. GPS signals and guidance systems can be jammed or fooled; receivers can be sent signals making the onboard navigation system believe that the aircraft’s home airport is hundreds of miles from where the airport really is.

In 2008, at a Marine Aviation Weapons and Tactics training exercise outside Yuma, Arizona, a GPS guidance unit was accidentally spoofed, with a near-disastrous result. The unit was attached to a Containerized Delivery System, a pallet with stuff to resupply ground troops—food, ammunition, water—that had been released from a C-130 transport, and was tracking a GPS signal so it would arrive at a certain point on the ground. In the exercise with the C-130 were a number of airplanes and helicopters, many of them using electronic jamming equipment or testing electronic warfare systems. In the signal-rich environment, the CDS, instead of landing at its programmed landing point, was heading straight for the Chevy Suburban that was waiting to return the pallet to base. Seeing the CDS headed for him, the Suburban driver stepped on it, but he wasn’t fast enough; the cargo crashed into the back of the van. The driver was uninjured.

Reporters have surmised that the Sentinel was in Iran to gather information about Iranian progress in developing nuclear weapons. Satellites can detect nuclear detonations, but to passively sniff for isotopic and other signs of uranium enrichment, analysts would need a platform much closer to the ground. Although reporters have also speculated that the Sentinel, to keep from being heard, flies upwards of 50,000 feet, it probably flies much lower—to be closer to its targets of observation. “Most aircraft are inaudible above 8,000 feet,” says a Department of Defense UAV expert. He explains that if a sensor is operated at a high altitude, it needs to be much larger and heavier to obtain the same degree of accuracy as smaller, lighter ones operating at low altitudes.

He also used intelligence from the MC-12 Liberty, another King Air, this one stuffed with a more exotic sensor suite than the Predator or Guardrail has, including a “complete collection, processing, analysis and dissemination system,” according to its U.S. Air Force fact sheet. The Liberty is brought to bear when commanders want to know what’s going on inside a building, whether people are “manufacturing explosives, packaging opium, or something else,” the officer said. The MC-12 “can sniff things out based on their chemical or metallurgical signatures. They’re incredibly accurate.”

But they aren’t stealthy and can fly only in airspace where the enemy has no radar. So is the purpose of the RQ-170 to carry any combination of the instruments deployed on the Predator, Guardrail, and Liberty into places where those three aircraft can’t go? A former unmanned aircraft systems commander answered: “Yes, definitely.”

The expert pointed out the two bumps on the top of the craft: “Not one antenna but two, so it can be serving multiple, distinct tasks, simultaneously, for users all over the world.”

**********

When I left Combat Outpost Monti—on a blue and white Bell B412 helicopter flown not by the U.S. military but by a Canadian contracting company working for the military (with the call sign “Molson Air,” for the Canadian beer)—we flew for roughly 15 minutes, then landed in a field next to a compound outside a small village. I checked my GPS; we were idling about a half-mile from Pakistan. Two U.S. military personnel, wearing camouflage and helmets unfamiliar to me, climbed aboard the helicopter. We then continued the journey to Asadabad.

A model of the RQ-170, which Iran claimed to have reverse-engineered, on display in Tehran (The Office of the Supreme Leader, Iran)

After returning home, I got an inkling of what those guys in unfamiliar camouflage might have been doing there near the Pakistan border and how they may have used the RQ-170. I learned about counter-terrorism units in a program called Omega, which combined special forces with CIA teams for missions into Pakistan to conduct raids on Taliban and other insurgent and terrorist targets. Putting this information together with what my sources had described, I had little doubt that intelligence about those targets was gathered in part by Sentinels.

The joint CIA–special operations forces mission that would best show off the RQ-170’s surveillance capabilities was conducted years later, in support of the SEAL team who, on the night of May 1, 2011, flew into Pakistan on two modified Black Hawk helicopters, entered a compound in Abbottabad, and killed Osama bin Laden. U.S. government officials told Washington Post reporter Greg Miller that stealth drones had flown dozens of missions to monitor the Abbottabad compound.

My own experience in Afghanistan suggests other missions the RQ-170 might have flown. I often heard intelligence officers or patrol commanders request “a pattern of movement” or a “pattern of life” for targets and enemy forces. To provide that information, analysts would draw data from a number of types of surveillance and reconnaissance aircraft. Learning about the capabilities of these aircraft helped me understand the kind of surveillance the Sentinel might perform.

One of the most important reconnaissance aircraft collecting data for the coalitions in Iraq and Afghanistan is also one of the least known: the Northrop Grumman RC-12 Guardrail. “The Guardrail is probably the most boring-looking airplane in the Department of Defense, but in my opinion, it brings some of the most important capabilities to ground forces,” said the retired infantry officer. The RC-12 is a Hawker Beechcraft Super King Air sprouting antennas to collect signals intelligence. “Looks like a flying porcupine, with all the antennas dangling off it,” the officer said. He regularly requested the Guardrail’s listening capabilities to identify, locate, and track insurgents and to help develop ground operations. The Guardrail does not process the data it collects; instead, it transmits it via a secure satellite link to locations in the United States or, according to a U.S. Army fact sheet, in Germany or Korea, where the data is processed and the results beamed back to the aircraft, which transmits it to the commanders who requested it. It happens fast. Within a second, the system can identify an individual’s or a group’s precise location. It takes a little longer to record and analyze their transmissions.

“I’ve tasked all sorts of assets, manned and unmanned, to look at ground targets and areas of interest,” said the infantry officer. For imagery intelligence, he said, “we used Predator a lot.”

“The beauty of how intelligence gets disseminated with the systems we have in place is that you just request an intelligence product, and you get it based on classification level and need-to-know,” says the aviator who served in a senior position at Kandahar Airfield. “You don’t ask for a platform, just a product. Much of the time intelligence users won’t know they are seeing something that was sourced from a Sentinel.”

The Sentinel is one platform in a complex intelligence system that collects information from every U.S. military command around the world. Analysts at various centers process 20 terabytes of data, of all intelligence types, every day. “Once each type is processed into a product, then it gets fused together with other intelligence products to give a multidimensional picture,” the aviator says.

“Think of a compound, say in Abbottabad, Pakistan, one with some walls that imagery shows to be 16 feet high. Combine that knowledge with signals collections of those in and around the structure, learn the pattern of life, maybe pick up a tall guy walking around, and maybe do some sniffing for weapons in the compound, soak up computer noise that can be analyzed, and then put that together with some human intelligence gathered on the ground about who that tall guy is.” He laughs. “There you go.”

 

Operation Hemorrhage

Posted on by

It has been said often, either fight the enemy in a true war theater on the battlefield with real war tactics or fight them at home. Brussels and Paris and in the United States in Boston and San Bernardino to mention a few, the hybrid war gets real expensive. These costs are rarely measured or questioned. We are also not measuring the cost of freedoms are giving up. Add in the cost of the cyber war…..well….going back much earlier than 9-11-01 the costs cannot be calculated.

Operation Hemorrhage: The Terror Plans to Wreck the West’s Economy

The Western economy is a key underlying target in attacks like the one that the Islamic State perpetrated in Brussels.

DailyBeast: Every European who flies frequently knows the airport in Zaventem, has spent time in the ticketing area that was strewn with blood, limbs, broken glass, battered luggage and other wreckage.

It was another attack on aviation that pulled the United States into the conflict sometimes known as the “global war on terror” in the first place. Since then, airports and airplanes have remained a constant target for Islamic militants, with travelers being encumbered by new batches of security measures after each new attack or attempt.

After the ex-con Richard Reid managed to sneak a bomb aboard a transatlantic flight in December 2001, but failed to detonate the explosives, American passengers were forced to start removing their shoes on their way through security. After British authorities foiled a 2006 plot in which terrorists planned to bring liquid explosives hidden in sport drink bottles aboard multiple transatlantic flights, authorities strictly limited the quantity of liquids passengers were allowed to carry. When Umar Farouk Abdulmutallab snuck explosives hidden in his underwear onto a flight on Christmas Day 2009, he ushered in full-body scans and intrusive pat-downs.

Those are the misses. There have been hits, too. In August 2004, two female Chechen suicide bombers, so-called “black widows,” destroyed two domestic Russian flights. In January 2011, a suicide bomber struck Moscow’s Domodedovo airport in an attack that looked almost identical to the one that rocked the airport in Brussels: the bomber struck just outside the security cordon, where the airport is transformed from a “soft” target to a “hard” one. Just months ago, the self-proclaimed Islamic State (ISIS)—the perpetrator of the Brussels attacks—destroyed a Russian passenger jet flying out of Egypt’s Sinai, killing 224 people.

The targeting of airports and airplanes has been so frequent that in lighter times—back when the terrorists seemed so much worse at what they do—some pundits openly mocked their continuing return to airplanes and airports. In one representative discussion from early 2010, a well-known commentator described jihadists as having a “sort of schoolboy fixation” with aviation.

But the reason for this targeting, of course, is neither mysterious nor quixotic, and it’s one the jihadists have explained for themselves. Following the November Paris attacks, ISIS released an infographic boasting that its slaughter on the streets of Paris would force Belgium “to strengthen its security measures … which will cost them tens of millions of dollars.” Moreover, the group claimed, “the intensified security measures and the general state of unease will cost Europe in general and France in specific tends of billions of dollars due to the resulting decrease in tourism, delayed flights, and restrictions on freedom of movement and travel between European countries.”

And that was before the group successfully attacked the Brussels airport, despite those costly new security measures.

Even before 9/11, jihadists saw bleeding the American economy as the surest path to defeating their “far enemy.” When Osama bin Laden declared war against the “Jews and crusaders” in 1996, he emphasized that jihadist strikes should be coupled with an economic boycott by Saudi women. Otherwise, the Muslims would be sending their enemy money, “which is the foundation of wars and armies.”

Indeed, when bin Laden first had the opportunity to publicly explain what the 9/11 attacks had accomplished, in an October 2001 interview with Al Jazeera journalist Taysir Allouni, he emphasized the costs that the attacks imposed on the United States. “According to their own admissions, the share of the losses on the Wall Street market reached 16 percent,” he said. “The gross amount that is traded in that market reaches $4 trillion. So if we multiply 16 percent with $4 trillion to find out the loss that affected the stocks, it reaches $640 billion of losses.” He told Allouni that the economic effect was even greater due to building and construction losses and missed work, so that the damage inflicted was “no less than $1 trillion by the lowest estimate.”

In his October 2004 address to the American people, dramatically delivered just before that year’s elections, bin Laden noted that the 9/11 attacks cost Al Qaeda only a fraction of the damage inflicted upon the United States. “Al Qaeda spent $500,000 on the event,” he said, “while America in the incident and its aftermath lost—according to the lowest estimates—more than $500 billion, meaning that every dollar of Al Qaeda defeated a million dollars.”

Al Qaeda fit the wars the United States had become embroiled in after 9/11 into its economic schema. In that same video, bin Laden explained how his movement sought to suck the United States and its allies into draining wars in the Muslim world. The mujahedin “bled Russia for ten years, until it went bankrupt,” bin Laden said, and they would now do the same to the United States.

Just prior to 2011, there was a brief period when jihadism appeared to be in decline. Al Qaeda in Iraq, the group that later became ISIS, had all but met with defeat at the hands of the United States and local Sunni uprisings. Successful attacks were few and far between.

People gather at a memorial for victims of attacks in Brussels on Wednesday, March 23, 2016. Belgian authorities were searching Wednesday for a top suspect in the country's deadliest attacks in decades, as the European Union's capital awoke under guard and with limited public transport after scores were killed and injured in bombings on the Brussels airport and a subway station. (AP Photo/Valentin Bianchi)

Valentin Bianchi/AP

Representative of those dark times for jihadists, Al Qaeda in the Arabian Peninsula released a special issue of its online magazine Inspire celebrating a terrorist attack that claimed no victims. In October 2010, jihadists were able to sneak bombs hidden in printer cartridges onto two cargo planes. Due to strong intelligence efforts, authorities disabled both bombs before they were set to explode, but the group drew satisfaction from merely getting them aboard the planes.

“Two Nokia phones, $150 each, two HP printers, $300 each, plus shipping, transportation and other miscellaneous expenses add up to a total bill of $4,200. That is all what Operation Hemorrhage cost us,” the lead article in that special issue of Inspire boasted. “On the other hand this supposedly ‘foiled plot’, as some of our enemies would like to call [it], will without a doubt cost America and other Western countries billions of dollars in new security measures.” The magazine warned that future attacks will be “smaller, but more frequent”—an approach that “some may refer to as the strategy of a thousand cuts.”

The radical cleric Anwar Al Awlaki, writing in Inspire, explained the dilemma that he saw gripping Al Qaeda’s foes. “You either spend billions of dollars to inspect each and every package in the world,” he wrote, “or you do nothing and we keep trying again.”

Even in those days when the terrorist threat loomed so much smaller, the point was not a bad one. Security is expensive, and driving up costs is one way jihadists aim to wear down Western economies.

Unfortunately, Al Qaeda’s envisioned world of smaller but more frequent attacks proved unnecessary for the jihadists. Less than two months after the special issue of Inspire appeared that celebrated an at best half-successful attack, the revolutionary events that we then knew as the “Arab Spring” sent shockwaves through the Middle East and North Africa.

This instability would help jihadism reach the current heights to which it has ascended, where the attacks are not only more frequent but larger. Unfortunately, the United States—blinded at the time by the misguided belief that revolutions in the Arab world would devastate the jihadist movement—pursued policies that hastened the region’s instability. The damages wrought by these policies are still not fully appreciated.

The silver lining to the jihadist economic strategy is that they, too, are economically vulnerable. The damage inflicted on ISIS’s “state” by coalition bombings and other pressures forced the group to slice its fighters’ salaries at the beginning of this year. But as Al Qaeda watches its flashier jihadist rival carry out gruesome attacks on Western targets and get bombarded in return, it discerns further proof of the wisdom of its strategy of attrition.

As it watches these two sets of foes exhaust each other, Al Qaeda believes that its comparative patience will pay off. It believes that its own time will come.

 

U.S. Govt Cyber Attacks in 2015 Spike

Posted on by

In his annual budget request, President Barack Obama asked for $19bn for cyber security funding, $5bn more than last year.

Last year, a study from Juniper Research, ‘The Future of Cybercrime & Security: Financial and Corporate Threats and Mitigation’, estimated that by 2019 the cost of data breaches will reach $2.1 trillion – four times the total expected for 2015. The average cost of a data breach is expected to exceed $150 million by 2020 as more business infrastructure is connected.

Number of U.S. government ‘cyber incidents’ jumps in 2015

Reuters: The U.S. government was hit by more than 77,000 “cyber incidents” like data thefts or other security breaches in fiscal year 2015, a 10 percent increase over the previous year, according to a White House audit.

Part of the uptick stems from federal agencies improving their ability to identify and detect incidents, the annual performance review from the Office and Management and Budget said.

The report, released on Friday, defines cyber incidents broadly as “a violation or imminent threat of violation of computer security policies, acceptable use policies, or standard computer security practices.” Only a small number of the incidents would be considered as significant data breaches.

National security and intelligence officials have long warned that cyber attacks are among the most serious threats facing the United States. President Barack Obama asked Congress last month for $19 billion for cyber security funding across the government in his annual budget request, an increase of $5 billion over the previous year.

The government’s Office of Personnel Management was victim of a massive hack that began in 2014 and was detected last year. Some 22 million current and former federal employees and contractors in addition to family members had their Social Security numbers, birthdays, addresses and other personal data pilfered in the breach.

That event prompted the government to launch a 30-day “cyber security sprint” to boost cyber security within each federal agency by encouraging adoption of multiple-factor authentication and addressing other vulnerabilities.

“Despite unprecedented improvements in securing federal information resources … malicious actors continue to gain unauthorized access to, and compromise, federal networks, information systems, and data,” the report said.

***** Depth of hacking illustration:

U.S. Charges 3 As It Chases Syrian Electronic Army — $100,000 Bounties On Hackers’ Heads

Firas Dardar Syrian Electronic Army FBI Most Wanted

Firas Dardar, now on the FBI’s Cyber Most Wanted list for his part in the Syrian Electronic Army. He is also accused of extorting targets.

Forbes: Syrian Electronic Army has caused all sorts of trouble since its emergence at the turn of this decade (including an attack on FORBES, amongst many other major publications). Having largely operated under the radar, the U.S. today filed official charges against three individuals it believes were key in perpetrating SEA’s attacks. Two of the three men – Ahmad Umar Agha (commonly known as Th3 Pr0) and Firas Dardar (also known as The Shadow) – have also been placed on the FBI’s Cyber Most Wanted list with $100,000 rewards on offer for anyone who helps catch them. The third suspect is German-based Peter Romar.

The three have been charged with a range of offences, from hacking, to engaging in a hoax regarding a terrorist attack, to attempting to cause a mutiny within the U.S. armed forces. Throughout the last five years, the SEA were proficient in tricking organization – often media bodies such as the BBC, the Guardian, CNN and FORBES – into handing over login details to Facebook FB +0.38% and Twitter TWTR -0.18% accounts. They would then use that access to send out messages in support of Bashar al-Assad, who remains the Syrian president, despite the chaos of civil war that has engulfed the country.

Its most effective attack came after a compromise of the Associated Press Twitter account. After a tweet that claimed a bomb had exploded at the White House and injured President Obama, $90 billion was wiped off the U.S. stock market. In other successful campaign, the hackers defaced a recruiting website for the U.S. Marine Corps, using the site to urge marines to “refuse [their] orders.”

Ahmed Al charged Syrian Electronic Army hacker

Accused Syrian Electronic Army hacker Ahmad Umar Agha.

According to one of two complaints released today, other victims included Harvard University, the Washington Post, the White House, Reuters, Human Rights Watch, NPR, CNN, The Onion, NBC Universal, USA Today, the New York Post, NASA (which assisted on the investigation), and Microsoft. FORBES was not named as one of the victims of the trio’s attacks.

All three alleged SEA operatives were using Google Gmail and Facebook to coordinate and pass around stolen data. U.S. law enforcement were able to track their activity after acquiring court orders to search their online accounts.

Nation state hackers demanding ransom

According to the Department of Justice, Dardar and Romar (also known as Pierre Romar) have also been accused of typical cybercrime, hacking into target’s machines and demanding a ransom be paid, threatening to delete data or sell personal information. Dardar was thought to be operating out of Homs, Syria, Romar from Waltershausen, Germany. The ransoms would then be handed to SEA members in Syria, a complaint read. Dardar demanded in total more than $500,000 from 14 victims, though the filings did not specify how much they actually received.

“While some of the activity sought to harm the economic and national security of the United States in the name of Syria, these detailed allegations reveal that the members also used extortion to try to line their own pockets at the expense of law-abiding people all over the world,” said Assistant Attorney General John Carlin. “The allegations in the complaint demonstrate that the line between ordinary criminal hackers and potential national security threats is increasingly blurry.”

If the complaints released by the U.S. are accurate, Dardar and Romar are two of a handful of hackers known to be working for their government and carrying out extortion. Suspicions of governments using ransomware – malware that locks users’ files by encrypting them, only decrypting when the victim hands the hackers money – have proven unfounded. But researchers from security firm FireEye told FORBES they have seen a handful of examples where nation states have perpetrated extortion campaigns like the SEA suspects. But, the researchers said, it’s unlikely they ever want funds.

“We don’t believe that their intention was to get a ransom,” said Charles Carmakal, managing director of Mandiant, a FireEye-owned firm, speaking with FORBES last week. “I can say we’ve seen it but our case load isn’t that high.”

The hack of Sony Pictures, which the U.S. accused the North Korean government of sponsoring, included such a ransom demand once hackers had broken in. Sony didn’t pay and the hackers wiped the film studio’s machines before publishing vast tranches of company emails and files for all and sundry to pick through.

 

 

Pentagon: Social Media Charting Maps on Syrian Exodus

Posted on by

Harvesting posts on social media platforms has become necessary to track all kinds of human conditions. There was once a time it was a scandal when Edward Snowden revealed NSA platforms but now it is widely accepted apparently.

When it comes to tracking people movement, medical and humanitarian issues and patterns, the Pentagon is working social media. If there are protests, intermittent battles or hostilities or airstrikes, social media is the go to immediate source.

It is so valuable, the United Nations is now passing out phones and or sim cards to migrants and refugees. Question is who is paying the full connectivity access and to what wireless company?

Pentagon Mapmakers Are Using Social Media to Chart Syrians’ Exodus

Officials admit the National Geospatial-Intelligence Agency’s approach has its limitations

DefenseOne: Streams of Facebook, Instagram, and other social media posts shared by smartphone-toting children and families at border crossings are providing U.S. intelligence analysts with a real-time map of the Syrian exodus. It’s not picture perfect, but it fills in gaps for the nation’s spy cartographers, a top Defense Department official says.

By searching public posts, the National Geospatial-Intelligence Agency fulfills its duty to provide decision-makers with past, present and future insights into locations during a global emergency.

Viewing Defense Department satellite imagery from “space isn’t a great way to sense human activity of that magnitude, but people talking on the ground and people tweeting about lack of food, or pictures about lines at gates at borders is really incredibly useful,” Sue Gordon, the spy map agency’s deputy director, tells Nextgov. “You will have the ability to see what’s going on from an intelligence perspective, but social media will give you that on-the-ground look to help you correlate disparate activities or to get a different view of what is real.”

Photos and vignettes that refugees and relief workers publish depict the kindnesses and bloodshed arising from a civil war that has torn an estimated 14 million people from their homes.

The images are made possible, in part, by governmental organizations. As of August, the Office of the United Nations High Commissioner for Refugees had distributed 33,000 mobile SIM cards to displaced Syrians in Jordan alone.

Geotags on posts — metadata indicating where and when messages were sent — can be searched or plotted on a map.

For example, one government vendor that specializes in the marriage of geographic data and social media pins refugee-related items from Facebook, Twitter, Instagram and other social networks on a map of the Middle East and Europe. (Here is a map of posts filtered by the keywords, “Hamah, Syria.”)

By clicking on a marker, federal analysts can see when and where the messages were sent, as well as their images and words. (Here are a few tweets, containing Instagram links, that depict a blocked Hungary-Serbia border.)

The firm, Canada-based Echosec, uses maps from geospatial software provider Esri. National Geospatial-Intelligence Agency spokeswoman Don Kerr told Nextgov the agency does not currently contract with Echosec but it does use Esri’s technology.

While declining to identify specific federal clients, Echosec marketing executive Kira Kirk said that as the Syrian conflict has escalated, the company’s tools have followed the growing numbers of displaced civilians moving into countries like Turkey, Lebanon, Greece and Hungary.

At the Za’atari Syrian Refugee Camp in Jordan, 86 percent of the young refugees owned mobile handsets and 83 percent owned SIM cards, according to a March 2015 paper presented by Pennsylvania State University scholars Carleen Maitland and Ying Xu for the 43rd Research Conference on Communication, Information and Internet.

Last month, Defense One contributor Gayle Tzemach Lemmon, reporting from the Turkish Border, said: ”Russian air strikes are among the first things you hear when spending any time among Syrians constantly monitoring what is happening to family and friends via What’sApp and Facebook. YouTube videos are played and the carnage people are witnessing is discussed.”

Unlike law enforcement authorities or covert operatives, NGA personnel do not engage social media users they follow online.

We’re not out there interacting with it and trying to influence it,” said Gordon, during an interview at Esri’s FedGIS conference in Washington. Rather, analysts subscribe to various feeds, open accounts and watch YouTube videos,

This passive approach to social media monitoring has its limitations, including spin.

Intelligence analysts can get the wrong impression from trolls, propagandists or other users with selective memories, just as Facebook stalkers sometimes feel down when bombarded with pictures of parties and achievements on their friends’ timelines.

They get depressed because they see all these people having this great life, but I think it makes the point that all this stuff that is produced by humans comes with a perspective and you may perceive it to be true but you still have to think about what it is” indicating, Gordon said. “And then you have other truths that can help out.”

To her point, Jill Walker Rettberg, a University of Bergen digital culture professor, said of a Vocativ Instagram narrative showing one Syrian man’s journey to Germany, ”The absence of women and children is striking.”

Still, localized data points can make life a little easier for an agency dealing with information overload.

It has a real lovely temporal quality to it because it’s always being captured by somebody who cares about that event and that event in time,” Gordon said. ”The Syrian migration is just a really great example, or any humanitarian crisis or migratory crisis, because we have overhead assets but the real intelligence is on the ground.”

Goggle, State Dept and Overthrowing Assad

Posted on by

For reference on how Hillary’s communications were vulnerable and shared.

Clinton email reveals: Google sought overthrow of Syria’s Assad

WashingtonExaminer: Google in 2012 sought to help insurgents overthrow Syrian President Bashar Assad, according to State Department emails receiving fresh scrutiny this week.

Messages between former secretary of state Hillary Clinton’s team and one of the company’s executives detailed the plan for Google to get involved in the region.

“Please keep close hold, but my team is planning to launch a tool … that will publicly track and map the defections in Syria and which parts of the government they are coming from,” Jared Cohen, the head of what was then the company’s “Google Ideas” division, wrote in a July 2012 email to several top Clinton officials.

“Our logic behind this is that while many people are tracking the atrocities, nobody is visually representing and mapping the defections, which we believe are important in encouraging more to defect and giving confidence to the opposition,” Cohen said, adding that the plan was for Google to surreptitiously give the tool to Middle Eastern media.

“Given how hard it is to get information into Syria right now, we are partnering with Al-Jazeera who will take primary ownership over the tool we have built, track the data, verify it, and broadcast it back into Syria,” he said.

“Please keep this very close hold and let me know if there is anything [else] you think we need to account for or think about before we launch. We believe this can have an important impact,” Cohen concluded.

Hillary Emails: Google tried to boost Assad defections More:

The message was addressed to deputy secretary of state Bill Burns; Alec Ross, a senior Clinton advisor; and Clinton’s deputy chief of staff, Jake Sullivan. Sullivan subsequently forwarded Cohen’s proposal to Clinton, describing it as “a pretty cool idea.”

Cohen worked as a low-level staffer at the State Department until 2010, when he was hired to lead Google Ideas, but was tied to the use of social media to incite social uprisings even before he left the department. He once reportedly asked Twitter CEO Jack Dorsey to hold off of conducting system maintenance that officials believed could have impeded a brief 2009 uprising in Iran.

https://wikileaks.org/clinton-emails/emailid/12166#efmAMoAbj

Google Is Not What It Seems, by Julian Assange (must read)

Eric Schmidt, Chairman of Google, at the “Pulse of Today’s Global Economy” panel talk at the Clinton Global Initiative annual meeting, 26 Sept. 2013 in New York. Eric Schmidt first attended the CGI annual meeting at its opening plenary in 2010. (Photo: Mark Lennihan)

The unusual involvement by Google in foreign affairs highlights the difficulty of involvement in the internal politics of foriegn states. While Cohen seemed to consider his company’s effort as helpful to American interests, the effort to overthrow Assad helped spur the rise of the Islamic State, which eventually filled a vaccuum resulting from Assad’s loss of control over of Syria.

The exchange on Syria was highlighted by Wikileaks on Saturday. Earlier in the week, the secret-leaking website posted more than 30,000 emails that Clinton sent or received during her tenure leading the State Department.