Category Archives: Cyber War

Nightmare for Taxpayers According to an IRS Bulletin

Posted on by

IRS is warning taxpayers of a new surge in tax-related incidents

It is a nightmare for taxpayers according to an IRS bulletin there is a 400 percent surge in tax-related phishing and malware incidents.

This year the IRS already reported 1,026 malware and phishing incidents, compared to 254 this time last year.

SecurityAffairs: The IRS is warning taxpayers of newer forms of attacks aiming victims into disclosing credentials to third-party tax preparation service accounts.

“The Internal Revenue Service renewed a consumer alert for e-mail schemes after seeing an approximate 400 percent surge in phishing and malware incidents so far this tax season.” states the bulletin. “The emails are designed to trick taxpayers into thinking these are official communications from the IRS or others in the tax industry, including tax software companies. The phishing schemes can ask taxpayers about a wide range of topics. E-mails can seek information related to refunds, filing status, confirming personal information, ordering transcripts and verifying PIN information.”

The IRS Commissioner John Koskinen used the adjective “dramatic” to describe this surge in tax-related incidents inviting taxpayers to watch out for scammers.

“This dramatic jump in these scams comes at the busiest time of tax season,” said Koskinen. “Watch out for fraudsters slipping these official-looking emails into inboxes, trying to confuse people at the very time they work on their taxes. We urge people not to click on these emails.”

Threat actors are very interested in using the tax season as a lure, in a common attack scenario victims receive an email containing links to the domain used to serve malware. In other cases, the attackers used emails with attachments that include documents embedding malicious macros. Once the victims open the document, the macro drops a malware on the victim’s machine, including dreaded ransomware like CryptoLockerTeslaCrypt and Locky.

These are the alarming statistics provided by the IRS:

  • There were 1,026 incidents reported in January, up from 254 from a year earlier.
  • The trend continued in February, nearly doubling the reported number of incidents compared to a year ago. In all, 363 incidents were reported from Feb. 1-16, compared to the 201 incidents reported for the entire month of February 2015.
  • This year’s 1,389 incidents have already topped the 2014 yearly total of 1,361, and they are halfway to matching the 2015 total of 2,748.

Recently IRS services were abused by crooks to target taxpayers, in May 2015 the Internal Revenue Service was breached by hackers that “used an online service provided by the agency” to access data for more than 100,000 taxpayers. The IRS issued an official statement on the incident and specified that the compromised system was “Get Transcript.” The Transcript service could be used by taxpayers to get a transcript online or by mail to view their tax account transactions.

In August 2015, the Internal Revenue Service disclosed a new review of its system, revealing that 334,000 taxpayers (more than three times it initially estimated) may be affected by the hack it announced in May.

A couple of weeks ago the IRS detected roughly unauthorized attempts using 464,000 unique SSNs, and 101,000 attempts allowed crooks in generating PINs.

The U.S. Internal Revenue Service confirmed that cyber criminals abused the Electronic Filing PIN application running on irs.gov that allows taxpayers to generate a PIN that they can use to file tax returns online.

Pierluigi Paganini

 

Now China Deployed Fighter Jets to Disputed Islands

Posted on by

EXCLUSIVE: China sends fighter jets to contested island in South China Sea

FNC: EXCLUSIVE: In a move likely to further increase already volatile tensions in the South China Sea, China has deployed fighter jets to a contested island in the South China Sea, the same island where China deployed surface-to-air missiles last week, two U.S. officials tell Fox News.

The dramatic escalation comes minutes before Secretary of State John Kerry was to host his Chinese counterpart, Foreign Minister Wang Yi, at the State Department.

Chinese Shenyang J-11s (“Flanker”) and  Xian JH-7s (“Flounder”) have been seen by U.S. intelligence on Woody Island in the past few days, the same island where Fox News reported exclusively last week that China had sent two batteries of HQ-9 surface-to-air missiles while President Obama was hosting 10 Southeast Asian leaders in Palm Springs.

Wang was supposed to visit the Pentagon Tuesday, but the visit was canceled. It was not immediately clear which side canceled the visit. Pentagon press secretary Peter Cook said a “scheduling conflict” prevented the meeting, when asked by Fox News at Tuesday’s press briefing.

When asked about the earlier Fox News story in Beijing, Wang said the deployment of the missiles was for “defensive purposes.”

Woody Island is the largest island in the Paracel chain of islands in the South China Sea.  It lies 250 miles southeast of a major Chinese submarine base on Hainan Island. China has claimed Woody Island since the 1950s, but it is contested by Taiwan and Vietnam.

Ahead of Wang’s visit to Washington, a spokeswoman likened China’s military buildup on Woody Island to the U.S. Navy’s in Hawaii.

“There is no difference between China’s deployment of necessary national defense facilities on its own territory and the defense installation by the U.S. in Hawaii,” Foreign Ministry spokeswoman Hua Chunying said Monday.

More than $5 trillion of worth of natural resources and goods transit the South China Sea each year.

Earlier Tuesday, the head of the U.S. military’s Pacific Command said China is “clearly militarizing” the South China Sea, in testimony before the Senate Armed Services Committee.

“You’d have to believe in a flat Earth to believe otherwise,” Admiral Harry Harris said.

China has sent fighter jets to Woody Island before. In November, Chinese state media published images showing J-11 fighter jets on the island, but this was the first deployment of fighter jets since the Chinese sent commercial airliners to test the runway at one of its artificial islands in the South China Sea.

The Pentagon sailed a guided-missile destroyer past a contested island in the South China Sea as a result.  Late last year, the U.S. military conducted a flight of B-52 bombers and another warship to conduct a “freedom of navigation” exercise.

The Chinese have protested the moves and vowed “consequences.”

On Monday, new civilian satellite imagery from CSIS showed a possible high frequency radar installation being constructed in late January.

The imagery shows radar installations on China’s artificial islands in the Spratley Island chain of reefs-Gaven, Hughes, Johnson South, and primarily on Cuarteron reefs—the outermost island in the South China Sea.

*** 

FNC: China apparently has been building radar facilities on some of the artificial islands it constructed in the South China Sea in a move to bolster its military power in the region, according to a report released Tuesday by a U.S.-based think tank.

The Center for Strategic and International Studies (CSIS) says the radars on the outposts of Gaven, Hughes, Johnson South and Cuarteron reefs in the disputed Spratly Islands “speak to a long-term anti-access strategy by China—one that would see it establish effective control over the sea and airspace throughout the South China Sea.”

The report was released one week after Fox News reported that China had deployed an advanced surface-to-air missile system as well as a radar system on Woody Island, part of the Paracel Island chain located north of the Spratlys.

The release of the report also coincides with the first day of a three-day visit to the U.S. by Chinese Foreign Minister Wang Yi, during which the issue of competing South China Sea claims is expected to be discussed, as well as North Korea’s latest nuclear test.

OPM Top Person Donna Seymour Resigns

Posted on by

Chaffetz Responds to Retirement of OPM CIO Donna Seymour

Oversight Committee: WASHINGTON, D.C.—This afternoon, House Oversight and Government Reform Committee Chairman Jason Chaffetz (R-UT) issued the following statement upon learning of the retirement of U.S. Office of Personnel Management (OPM) Chief Information Officer (CIO) Donna Seymour:

“Ms. Seymour’s retirement is good news and an important turning point for OPM. While I am disappointed Ms. Seymour will no longer appear before our Committee this week to answer to the American people, her retirement is necessary and long overdue. On her watch, whether through negligence or incompetence, millions of Americans lost their privacy and personal data. The national security implications of this entirely foreseeable breach are far-reaching and long-lasting. OPM now needs a qualified CIO at the helm to right the ship and restore confidence in the agency.” 

 Background: 

Chairman Chaffetz has publicly expressed the need for Ms. Seymour’s removal on the following occasions:

Chaffetz to OPM: Remove Donna Seymour (12/10/2015)

Chaffetz Responds to Nomination of Beth Cobert as OPM Director (11/10/2015)

Chaffetz Renews Call for Removal of OPM CIO Donna Seymour (08/06/2015)

Chaffetz Statement on Latest OPM Data Breach Revelation (07/09/2015)

GOP Lawmakers to President Obama: Remove OPM Director Archuleta and CIO Donna Seymour (06/26/2015)

Related:

The Breach We Could Have Avoided (09/30/2015)

Fingerprints of Additional 4.5 Million Individuals Stolen in OPM Breach, Chaffetz Responds (09/23/2015)

Chaffetz Statement on OPM Infrastructure Improvement Plan (09/14/2015)

OPM Data Breach: Part II Hearing (06/24/2015)

OPM: Data Breach Hearing (06/16/2015)

*** For reference and background on Office of Personnel Management

Second OPM Hack Revealed: Even Worse Than The First

from the the-federal-government,-ladies-and-gentlemen dept

TechDirt: Oh great. So after we learned late yesterday that the hack of all sorts of data from the federal government’s Office of Personnel Management (OPM) was likely much worse than originally believed — including leaking all Social Security numbers unencrypted — and that the so-called cybersecurity “experts” within the government weren’t even the ones who discovered the hack, things are looking even worse. That’s because, late today, it was revealed that there was likely a separate hack, also by Chinese state actors, accessing even more sensitive information:

The forms authorities believed may have been stolen en masse, known as Standard Form 86, require applicants to fill out deeply personal information about mental illnesses, drug and alcohol use, past arrests and bankruptcies. They also require the listing of contacts and relatives, potentially exposing any foreign relatives of U.S. intelligence employees to coercion. Both the applicant’s Social Security number and that of his or her cohabitant is required.

In a statement, the White House said that on June 8, investigators concluded there was “a high degree of confidence that … systems containing information related to the background investigations of current, former and prospective federal government employees, and those for whom a federal background investigation was conducted, may have been exfiltrated.”

“This tells the Chinese the identities of almost everybody who has got a United States security clearance,” said Joel Brenner, a former top U.S. counterintelligence official. “That makes it very hard for any of those people to function as an intelligence officer. The database also tells the Chinese an enormous amount of information about almost everyone with a security clearance. That’s a gold mine. It helps you approach and recruit spies.”

And yet… this is the same federal government telling us that it wants more access to everyone else’s data to “protect” us from “cybersecurity threats” — and that encryption is bad? Yikes.

Putin Exploiting Open Skies Treaty

Posted on by

In this fresh era of Putin’s aggression in Syria, Europe, Ukraine and the Baltics, it seems no one is willing to force a stop of Russia in any part of the globe. What is especially disturbing is the Open Skies Treaty and Putin has been exploiting this agreement, to what end, no one seems to explain his objectives.

The U.S. State Department has a twisted mission of diplomacy when it intersects with operational security and future threat risks having particular emphasis on Iran, North Korea and Russia.

The Treaty on Open Skies establishes a regime of unarmed aerial observation flights over the territories of its signatories. The Treaty is designed to enhance mutual understanding and confidence by giving all participants, regardless of size, a direct role in gathering information through aerial imaging on military forces and activities of concern to them. Open Skies is one of the most wide-ranging international arms control efforts to date to promote openness and transparency in military forces and activities.

Russia wants to fly over U.S. with advanced digital camera

WASHINGTON (AP) — Russia will ask permission on Monday to start flying surveillance planes equipped with high-powered digital cameras amid warnings from U.S. intelligence and military officials that such overflights help Moscow collect intelligence on the United States.

Russia and the United States are signatories to the Open Skies Treaty, which allows unarmed observation flights over the entire territory of all 34 member nations to foster transparency about military activity and help monitor arms control and other agreements. Senior intelligence and military officials, however, worry that Russia is taking advantage of technological advances to violate the spirit of the treaty.

Russia will formally ask the Open Skies Consultative Commission, based in Vienna, to be allowed to fly an aircraft equipped with high-tech sensors over the United States, according to a senior congressional staffer, who spoke on condition of anonymity because the staff member wasn’t authorized to discuss the issue publicly.

The request will put the Obama administration in the position of having to decide whether to let Russia use the high-powered equipment on its surveillance planes at a time when Moscow, according to the latest State Department compliance report, is failing to meet all its obligations under the treaty. And it comes at one of the most tension-filled times in U.S.-Russia relations since the end of the Cold War, with the two countries at odds over Russian activity in Ukraine and Syria.

“The treaty has become a critical component of Russia’s intelligence collection capability directed at the United States,” Adm. Cecil D. Haney, commander of the U.S. Strategic Command, wrote in a letter earlier this year to Rep. Mike Rogers, R-Ala., chairman of a House subcommittee on strategic forces.

“In addition to overflying military installations, Russian Open Skies flights can overfly and collect on Department of Defense and national security or national critical infrastructure,” Haney said. “The vulnerability exposed by exploitation of this data and costs of mitigation are increasingly difficult to characterize.”

A State Department official said Sunday that treaty nations had not yet received notice of the Russian request, but that certification of the Russian plane with a “digital electro-optical sensor” could not occur until this summer because the treaty requires a 120-day advance notification. The official spoke on condition of anonymity because he wasn’t authorized to discuss the issue publicly.

The official also said that the treaty, which was entered into force in 2002, establishes procedures for certifying digital sensors to confirm that they are compliant with treaty requirements. The official said all signatories to the treaty agree that “transition from film cameras to digital sensors is required for the long-term viability of the treaty.”

In December, Rose Gottemoeller, undersecretary of state for arms control and international security, sought to temper concerns about Russian overflights, saying that what Moscow gains from the observation flights is “incremental” to what they collect through other means.

“One of the advantages of the Open Skies Treaty is that information – imagery – that is taken is shared openly among all the treaty parties,” she said at a joint hearing of the House Foreign Affairs and Armed Services committees in December. “So one of the advantages with the Open Skies Treaty is that we know exactly what the Russians are imaging, because they must share the imagery with us.”

Still, military and intelligence officials have expressed serious concern.

“The open skies construct was designed for a different era,” Lt. Gen. Vincent Stewart, director of the Defense Intelligence Agency, told lawmakers when asked about the Russian overflights during a congressional hearing. “I’m very concerned about how it’s applied today.”

Robert Work, deputy secretary of defense, told Congress: “We think that they’re going beyond the original intent of the treaty and we continue to look at this very, very closely.”

Steve Rademaker, former assistant secretary of state for the bureau of arms control and the bureau of international security and nonproliferation, told Congress at a hearing on security cooperation in Europe in October that Russia complies with the Open Skies Treaty, but has “adopted a number of measures that are inconsistent with the spirt” of the accord.

The treaty, for instance, obligates each member to make all of its territory available for aerial observation, yet Russia has imposed restrictions on surveillance over Moscow and Chechnya and near Abkhazia and South Ossetia, he said. Russian restrictions also make it hard to conduct observation in the Kaliningrad enclave, said Rademaker, who believes Russia is “selectively implementing” the treaty “in a way that suits its interests.”

Obama Secret Talks, World is Normalized with DPRK

Posted on by

Upon Obama’s departure from  the Oval Office in January 2017, there will be no more rogue nations or enemies of America and the West.

Next up after Iran and Cuba is North Korea. (shhhh, but I predicted this)

TheHill: The White House had signaled to the Kim Jung Un regime that it is willing to cut a deal similar to that brokered with Iran to curtail its nuclear program in exchange for sanctions relief.

But North Korea has expedited its plans to develop a nuclear bomb, which it sees as a valuable bargaining chip in eventual peace negotiations.

A long-range rocket launched by North Korea earlier this month triggered additional international sanctions, including a law signed Thursday by President Obama imposing steeper penalties.

Un, who took power at the end of 2011, has demanded additional conditions for a treaty with South Korea, 63 years after the Korean War ended with an armistice.

Obama Administration Secretly Approached North Korea About Diplomatic Talks Days Before Its Latest Nuclear Test: WSJ

Days before North Korea’s Jan. 6 nuclear test, the Obama administration clandestinely agreed to talks that would have formally ended the Korean War, the Wall Street Journal reported Sunday.

As part of the offer, reported to have been made at a U.N. meeting, the U.S. dropped its longstanding prerequisite that North Korea first make efforts to reduce its nuclear arsenal, instead calling for the military dictatorship to make its nuclear weapons program part of the talks. But the test ended those discussions.

North Korea began 2016 on a belligerent footing, even considering the unpredictable pariah state’s history. In addition to the January nuclear test, North Korea launched a rocket earlier this month, resulting in swift pushback from Japan and South Korea, which closed a joint industrial park that provided North Korea with valuable hard currency.

The most recent offer to North Korea was one of several overtures extended by the Obama administration, insiders told the Journal, which happened at the same time the administration was working on an ultimately successful diplomatic outreach to Iran. North Korea first tested a nuclear weapon in 2006, and its nuclear capabilities were confirmed in 2009. North and South Korea have technically been at war ever since the “hot” phase of the Korean War ended in 1953, but the North’s recent nuclear developments have increased the urgency to ultimately resolve the dispute diplomatically.

In addition to its unsanctioned nuclear activity, the North Korean regime is also alleged to operate a system of concentration camps where political prisoners are worked and starved to death. The U.N. released a 2014 report that suggested the regime’s security chiefs and leader Kim Jong Un should be prosecuted for crimes against humanity.

*** Note there is nothing about Unit 121, North Korea’s hacking division. Known since at least 2007.

CNet: North Korea’s Reconnaissance General Bureau (RGB) is in charge of both traditional and cyber operations, and is known for sending agents abroad for training in cyberwarfare. The RGB reportedly oversees six bureaus that specialize in operations, reconnaissance, technology, and cyber matters — and two of which have been identified as the No. 91 Office and Unit 121. The two bureaus in question comprise of intelligence operations and are based in China.

The RGB also reportedly oversees state-run espionage businesses located in 30 to 40 countries, often hosted in unsuspecting places such as cafes. Members of this espionage network reportedly “send more than $100 million in cash per year to the regime and provide cover for spies,” the report says.

In addition, the country’s Worker’s Party oversees a faction of ethnic North Koreans living in Japan. Established in 1955, the group — dubbed the Chosen Soren — refuse to assimilate in to Japanese culture and live in the country in order to covertly raise funds via weapons trafficking, drug trafficking, and other black market activities. The group also gathers intelligence for the country and attempts to procure advanced technologies.

Despite aging infrastructure and power supply problems, North Korea reportedly was able to gain access to 33 of 80 South Korean military wireless communication networks in 2004, and an attack on the US State Department believed to be approved by North Korean officials coincided with US-North Korea talks over nuclear missile testing in the same time period. In addition, a month later, South Korea claimed that Unit 121 was responsible for hacking into South Korean and US defense department networks.