Category Archives: Cyber War

Hillary Emails Back in the News, Again

Posted on by

  Yoga and wedding arrangements? Not so much..

State Dept: Top Official Didn’t Know About Hillary’s Server, Even Though He Was On Email Discussing It

DailyCaller: A spokesman for the State Department insisted during a press conference on Wednesday that Patrick Kennedy, the Under Secretary of Management at the department, was not aware Hillary Clinton maintained a private server in her home while she was secretary of state.

But that claim — made by spokesman Mark Toner — is a curious one given that emails published by The Daily Caller last month show that Kennedy was involved in an August 2011 email exchange with two of Clinton’s top aides and another State Department official in which Clinton’s private email server was discussed.

Whether Kennedy knew about Clinton’s private server is a key point in the ongoing email kerfuffle. In his role, the 42-year veteran manages all facets of State Department business, including personnel matters, logistics, information technology, and budgetary issues. He is also the official who has served as the State Department’s main point of contact with Clinton, her attorneys, and her aides throughout the ongoing email scandal. He sent the letters requesting that Clinton and her aides hand their emails over to the State Department.

Given his central position at State, it would stand to reason that Kennedy should have known — and should have been informed — that Clinton was using a private email server housed in her New York residence.

As one reporter put it during Wednesday’s press briefing: “How could he not know if he’s responsible for both [Diplomatic Security] and for the people who do the technical and computer stuff at State?”

But Kennedy knowing about the server would also raise questions about why the career diplomat allowed Clinton to use an email system was vulnerable to outside threats. Not to mention the risks posed by Clinton’s sending and receiving of classified information.

Kennedy’s name popped up on Wednesday when Fox News’ Catherine Herridge reported that he was one of the State Department officials who handled 22 “top secret” emails found on Clinton’s server. Clinton and her aides, Jake Sullivan, Huma Abedin, Cheryl Mills, and Philippe Reines all either sent the sensitive emails, received them, forwarded them, or commented on them.

 

The State Department has determined that the emails are so sensitive that they will be withheld from the Clinton records being released in batches at the end of each month since June.

Fox’s Herridge also reported that Kennedy told the House Select Committee on Benghazi during an interview earlier this month that he knew about Clinton’s personal email account from the beginning of her tenure, but that he was not aware of the “scope” of its use for government business.

A spokesperson for the Committee declined to comment on matters involving private interviews.

During Wednesday’s questioning, Toner said three times that Kennedy, who frequently emailed with Clinton about work-related issues, did not know about Clinton’s private server.

“He’s spoken to it before — or we’ve spoken to it before — that he did not have knowledge of the computer server that she set up in her residence,” said Toner, who also stated that Kennedy told the Benghazi Committee that he did not know about the server.

“What his knowledge or what his awareness at the time — other than what he has said already, or what we have said already — which is that he was not aware of her having a private server at her home,” Toner said later in the press briefing.

But an Aug. 30, 2011 email chain obtained by TheDC last month through a FOIA lawsuit shows that Kennedy was involved in a conversation that explicitly mentioned Clinton’s server.

 

In the email, Stephen Mull, then-executive secretary at State, thanked Cheryl Mills for alerting him to problems that Clinton was having sending emails on the personal Blackberry that she used to send and receive work email. The Blackberry was “malfunctioning,” Mull noted, “possibly because of [sic] her personal email server is down.”

Kennedy was copied on that email as well as on a response from Abedin. On top of indicating that Kennedy was made aware of Clinton’s use of a personal server, the emails also show that Abedin, Clinton’s deputy chief of staff and an official on her presidential campaign, vetoed a proposal to set Clinton up with a second Blackberry equipped with a State.gov email address.

“Doesn’t make a whole lot of sense,” Abedin said in response to the proposal. Clinton was never provided a State Department-issued Blackberry. Why Kennedy did not intervene at that time is anybody’s guess.

TheDC reached out to the State Department to find out more about the apparent inconsistency between Toner’s comments on Wednesday and the August 2011 emails. Perhaps Kennedy didn’t see the email? Perhaps he assumed that another email server that was linked to Clinton’s Blackberry was being discussed by Stephen Mull, the executive secretary of State?

But the agency provided few additional details.

“Today the State Department indicated that comments made by Under Secretary Kennedy to the Benghazi Committee were being misconstrued. Beyond that, we are not going to speak to this further,” ‎‎a State Department official told TheDC.

Hat tip Chuck!

 

 

Iran’s Windfall From Nuclear Deal Cut in Half by Debts

Posted on by

NYT’s -WASHINGTON — Iran gained access to about $100 billion in frozen assets when an international nuclear agreement was implemented last month, but $50 billion of it already was tied up because of debts and other commitments, a U.S. official said on Thursday.

Stephen Mull, the State Department’s lead coordinator for implementing the international nuclear agreement with Tehran, also told the House Foreign Affairs Committee there was no evidence Iran had cheated in the first few weeks since the deal was implemented.

Mull and John Smith, acting director of the Treasury Department office that oversees sanctions, faced heated questioning from some members of the committee, where several Democrats had joined Republican lawmakers in opposing the nuclear pact that was reached in July.

Many have worried that Iran would cheat on the deal and use unfrozen funds for action against Israel or to support Islamist militants elsewhere in the region.

“Of that amount, a significant portion of it, more than $50 billion, is already tied up,” Mull said.

It was the first top-level congressional hearing on the nuclear pact since Jan. 16, when world powers lifted crippling sanctions against Iran in return for it compliance with the agreement to curb its nuclear ambitions.

“We seem to be in many instances talking tough about Iran,” said U.S. Representative Eliot Engel, the panel’s top Democrat, a deal opponent. “In reality our actions are far away from our rhetoric and that’s a worrisome thing. We want to make sure that Iran’s feet are held to the fire.”

Many members of the U.S. Congress, where every Republican and a few dozen Democrats opposed the agreement, have been calling for legislation to impose new sanctions on Iran over its ballistic missile program and human rights record.

House Republicans have been pushing legislation to restrict the ability of President Barack Obama, a Democrat, to lift sanctions under the nuclear pact. One measure passed the House on Feb. 2 almost entirely along party lines but it has not yet been taken up in the Senate and Obama has promised a veto.

*** Not so fast, all is still not kosher….

WASHINGTON (AP) — A State Department official says the U.S. does not know the precise location of tons of low-enriched uranium shipped out of Iran on a Russian vessel under the landmark nuclear agreement.

Testifying Thursday, Ambassador Stephen Mull tells the House Foreign Affairs Committee the stockpile is a Russian custody issue.

Critics of the nuclear deal seized on the shipment’s status to show the agreement’s flaws. New Jersey GOP congressman Chris Smith says it’s “outrageous and unbelievable” that Russia is being trusted to be the repository for such sensitive material. Russia is a close ally of Iran.

The low-enriched uranium is suitable mainly for generating nuclear power and needs substantial further enrichment for use in the core of a nuclear warhead. Mull says he’s confident the material will be controlled properly.

***

Saudi Arabia and Bahrain have banned Iranian-flagged vessels from entering their waters and imposed other shipping restrictions, according to ship insurers citing local reports, potentially escalating tensions between Tehran and Riyadh.

Iran has been struggling to ramp up oil exports and still faces insurance and financing hurdles despite the lifting of international curbs on its banking, insurance and shipping sectors last month as part of a nuclear deal with world powers.

A ban on Iranian ships in those ports is unlikely to affect international trade, although the uncertainty will add to trade hiccups for Iran.

Some ship insurers in recent days, citing reports from local agents and correspondents, said in notes to members that Saudi Arabia and Bahrain had banned all Iranian-flagged ships from entering their waters.

Norwegian ship insurer Gard said Bahrain had imposed a ban on any vessel that has visited Iran as one of its last three port calls.

“There is currently no such restriction in Saudi Arabia,” Gard wrote, citing information from a logistics provider. Saudi Arabian and Bahraini authorities did not immediately respond to requests for comment.

Ship insurer West of England said separately: “An entered vessel has since been denied entry to Bahrain after visiting an Iranian port two port calls earlier, resulting in the fixture being cancelled.”

Other ship insurers had yet to issue any guidance or confirm there were new regulations in place.

 

While oil companies such as Italy’s Eni and France’s Total have been looking to book cargoes from Iran, international insurers are no nearer to resolving concerns over US sanctions that remain in place.

Last month, Sunni Muslim Saudi Arabia cut ties with Shi’ite Iran after its Tehran embassy was attacked following Riyadh’s execution of a Shi’ite cleric.

In solidarity with Riyadh, Kuwait and Qatar subsequently pulled out their ambassadors from Tehran, and the United Arab Emirates downgraded its ties. Bahrain and two non-Gulf states, Djibouti and Sudan, severed relations completely.

Saudi Arabia and Iran – leading members of the Organisation of the Petroleum Exporting Countries – continue to grapple with weak oil prices.

Clapper Breaks with Obama’s Threat Crisis Plank

Posted on by

North Korea has restarted plutonium reactor: US

North Korea has restarted a plutonium reactor that could fuel a nuclear bomb and is seeking missile technology that could threaten the United States, Washington’s top spy said on Tuesday.

Intel Chief Breaks From Obama Narrative On Iran Deal

DailyCaller: The head of U.S. intelligence believes that Iran’s recent actions speak loudly to its intentions, particularly given the country’s recent provocations since the Iran nuclear deal came into effect.

Testifying to the Senate Committee on Armed Services Tuesday, director of national intelligence James Clapper gave a very somber description of what he sees as Iran’s intentions toward the U.S. now that last summer’s nuclear deal has commenced. In particular, his statements offered little assurance that Iran is acting as an honest actor with the U.S. and the other states involved in last year’s negotiations, or that the nuclear deal will stop Iran from obtaining a nuclear weapon.

“Iran probably views JCPOA [Iran deal] as a means to remove sanctions while preserving nuclear capabilities, as well as the option to eventually expand its nuclear infrastructure,” said Clapper, who also noted that, so far, he sees no evidence that Iran is violating the nuclear deal.

Clapper’s statements stand in stark contrast with those made by President Barack Obama, who lauded the nuclear accord last summer, claiming it would not only stop all of Iran’s possible pathways to a nuclear weapon, but that “under its terms, Iran is never allowed to build a nuclear weapon.” More here.

***

Clapper went into all specifics on the threat matrix both at home and globally. He did not leave anything behind, from cyber wars, space wars, weapons systems, human trafficking, terror organizations, economic instability, migrants, disinformation and drug cartels.

 STATEMENT FOR THE RECORD WORLDWIDE THREAT ASSESSMENT of the US INTELLIGENCE COMMUNITY
February 9, 2016
INTRODUCTION
Chairman McCain, Vice Chairman Reed, Members of the Committee, thank you for the invitation to offer
the United States Intelligence Community’s 2016 assessment of threats to US national security. My statement reflects the collective insights of the Intelligence Community’s extraordinary men and women, whom I am privileged and honored to lead. We in the Intelligence Community are committed every day to provide the nuanced, multidisciplinary intelligence that policymakers, warfighters, and domestic law enforcement personnel need to protect American lives and America’s interests anywhere in the world.
 The order of the topics presented in this statement does not necessarily indicate the relative importance or magnitude of the threat in the view of the Intelligence Community. Information available as of February 3, 2016 was used in the preparation of this assessment.
 
TABLE OF CONTENTS
 
GLOBAL THREATS Cyber and Technology Terrorism Weapons of Mass Destruction and Proliferation Space and Counterspace
 
Counterintelligence Transnational Organized Crime
 
Economics and Natural Resources Human Security
 
REGIONAL THREATS East Asia
China Southeast Asia North Korea
Russia and Eurasia
Russia Ukraine, Belarus, and Moldova The Caucasus and Central Asia
Europe
 
Key Partners The Balkans Turkey Middle East and North Africa 
Iraq Syria Libya  Yemen Iran  Lebanon Egypt Tunisia
 
South Asia
Afghanistan Bangladesh Pakistan and India
Sub-Saharan Africa  Central Africa Somalia South Sudan Sudan Nigeria
 
Latin America and Caribbean
 
Central America Cuba Venezuela Brazil
 

 

 

 

 

Obama’s Final Cyber Offense, Einstein?

Posted on by

Sheesh, just the name points to a misguided failure since 2008. Einstein has a price tag, $ 5 billion. There are other questions to be asked like what does the NSA have to offer or the countless cyber security professionals in the private sector?

From the White House, there has been a 12 point plan and it has not advanced at all.

In May 2009, the President accepted the recommendations of the resulting Cyberspace Policy Review, including the selection of an Executive Branch Cybersecurity Coordinator who will have regular access to the President.

Meanwhile, hacks are real, dangerous and coming at mach speed. Using old software language such as COBOL speaks volumes as to how antiquated protections are and how dysfunctional all agencies are in maintaining crack-proof.

The Department of Homeland Security appears to be the lead agency for Einstein compliance, what could go wrong and has? The fact sheet from DHS is here.

Obama makes final push to cement cyber legacy

TheHill: President Obama on Tuesday made what is likely his last major push to bolster the government’s digital defenses before leaving office.

As part of the annual White House budget proposal, the Obama administration rolled out a sweeping plan to inject billions of extra dollars into federal cybersecurity funding, establish a new senior federal cyber official and create a presidential commission on cyber that will establish a long-term road map.

The move is likely to complete Obama’s cyber legacy, which will include an historic attention to digital security, unprecedented executive orders on the topic, and shepherding through Congress the largest-ever cyber bill, as well as numerous bruising hacks at federal agencies and allegations that government networks were woefully outdated.

In a release, the White House called the plan “the capstone of more than seven years of determined effort.”

“[Obama] is the first president that is making a big cybersecurity push and I think that’s tremendously important,” Rep. Ted Lieu (D-Calif.), one of Congress’s most prominent cyber voices, told The Hill.

The proposal aims to inject more than $5 billion in new funding across the government to strengthen network defenses that have been repeatedly infiltrated by suspected foreign government spies.

The ask is a 35-percent increase over last year’s allotment of $14 billion, and would put overall federal cyber spending at over $19 billion.

The budget request earmarks $3.1 billion for an “Information Technology Modernization Fund” that the White House described as a “down payment on the comprehensive overhaul” of federal IT systems.

Lieu said this fund could help solve one of the inherent budgeting problems when it comes to defending interconnected networks from hackers.

“What’s important about [the fund] is it can go across agencies and upgrade systems that touch more than one agency,” said Lieu, who sits on both the House Budget and Oversight committees.

Currently, each agency has its own individual cybersecurity budget that can be spent on its network, but that cannot necessarily be expended on portions of the agency’s IT infrastructure at other agencies.

Hackers have exploited this balkanized budgeting process.

Over the summer, suspected Chinese cyber spies cracked into the Office of Personnel Management (OPM), pilfering over 22 million people’s personal information in two separate hacks. The initial intrusion — which exposed roughly 4.2 federal workers’ personnel files — occurred at an OPM database that was housed at the Interior Department.

The OPM hacks also exposed the antiquated legacy systems the government relied on to run its networks.

Congress bashed OPM officials for not fully encrypting all their sensitive data. But the agency’s systems were simply too old to even accept modern encryption, they repeatedly explained.

The network also relied on the dated COBOL programming language, which initially became popular in the 1960s and is now eschewed by younger programmers.

A new federal official will oversee much of these update efforts.

As part of its proposal, the White House is establishing a federal chief information security officer, or CISO. The official will be housed within the Office of Management and Budget (OMB) and report to federal chief information officer, Tony Scott, who oversees government technology.

“This is the first time that there will be a dedicated senior official who is solely focused on developing, managing, and coordinating cybersecurity strategy, policy and operations across the entire federal domain,” the White House said.

Centralizing cybersecurity oversight is an attempt to help overcome the lack of agency-to-agency communication on the subject.

“For a while, I’ve seen the argument that there are too many lines of authority in the federal government on cybersecurity,” said Lieu. “Sometimes it’s not clear who is responsible for what.”

The CISO will also help monitor the government’s digital defense spending, which has been knocked as cost-ineffective.

Recently, a federal watchdog report concluded that the government’s main cyber defense system, known as “Einstein,” was largely ineffectual at thwarting sophisticated hackers. The report echoed long-standing criticism from security experts who say the program is a much-delayed boondoggle that is already obsolete.

Federal officials insist the system is in its final phase of implementation and will soon serve as a platform to add on leading cyber tools.

This budget infusion and new federal CISO will with these technology updates, the White House said.

The proposal also includes a robust research and public awareness component.

In a bid to build a bridge to the next administration, Obama is launching a “Commission on Enhancing National Cybersecurity.”

The administration is directing a bipartisan group of lawmakers to appoint top industry representatives and leading technologists to the commission. The group will be tasked with taking the long view.

“The commission will make recommendations on actions that can be taken over the next decade to strengthen cybersecurity in both the public and private sectors while protecting privacy,” the White House said.

Security experts almost unanimously agree that one of these actions will be eliminating the traditional online password.

Since 2011, the White House has been trying to push people away from passwords. Tuesday’s plan includes a last bid to encourage stronger people to adopt stronger login practices.

The proposal creates a new public awareness campaign that includes leading tech firms such as Google, Facebook and Microsoft.

“By judiciously combining a strong password with additional factors, such as a fingerprint or a single-use code delivered in a text message, Americans can make their accounts even more secure,” the White House said.

The proposal is likely Obama’s concluding statement on cybersecurity.

During his presidency, cybersecurity has gone from a fringe issue to one that most leaders acknowledge is vital to national and economic security. The topic received an increasing amount of attention in all but Obama’s final State of the Union address.

In recent years, the U.S. has seen the dramatic rise of global cyber crime syndicates that have pillaged banks, department stores and hotels.

According to an October report from Hewlett Packard and the Ponemon Institute, cyber crime costs the average American firm $15.4 million annually, up 82 percent over the last six years. By 2019, it’s believed the cost of data breaches will reach $2.1 trillion globally.

Digital adversaries such as China, Russia, Iran and North Korea have also swooped in unexpectedly, plundering health insurers, airlines, nuclear plants, government agencies and, most memorably, a major movie studio.

Even terrorist groups such as the Islamic State in Iraq and Syria (ISIS) are causing fears by hijacking high-profile twitter accounts and digitally defacing websites around the world.

These trends are bound to continue after Obama leaves the White House, but this ultimate cyber thrust could help cement his reputation as the first president to actively address the digital security challenge.

“If we can get this through, the funding, I think that would be very positive for his legacy,” Lieu said. “This is not just a federal government problem, it’s endemic in the private sector.”

What is YOUR Profile? Ask Google and Facebook

Posted on by

You have been profiled, but is it accurate? You have been sold and sold out.

Scary New Ways the Internet Profiles You

Morrison/DailyBeast: Facebook, Google, and the other Internet titans have ever more sophisticated and intrusive methods of mining your data, and that’s just the tip of the iceberg.

The success of the consumer Internet can be attributed to a simple grand bargain. We’ve been encouraged to search the web, share our lives with friends, and take advantage of all sorts of other free services. In exchange, the Internet titans that provide these services, as well as hundreds of other lesser-known firms, have meticulously tracked our every move in order to bombard us with targeted advertising. Now, this grand bargain is being tested by new attitudes and technologies.

Consumers who were not long ago blithely dismissive of privacy issues are increasingly feeling that they’ve lost control over their personal information. Meanwhile, Internet companies, adtech firms, and data brokers continue to roll out new technologies to build ever more granular profiles of hundreds of millions, if not billions, of consumers. And with next generation of artificial intelligence poised to exploit our data in ways we can’t even imagine, the simple terms of the old agreement seem woefully inadequate.

In the early days of the Internet, we were led to believe that all this data would deliver us to a state of information nirvana. We were going to get new tools and better communications, access to all the information we could possibly need, and ads we actually wanted to receive. Who could possibly argue with that?

For a while, the predictions seemed to be coming true. But then privacy goalposts were (repeatedly) moved, companies were caught (accidentally) snooping on us, and hackers showed us just how easy it is to steal our personal information. Advertisers weren’t thrilled either, particularly when we adopted mobile phones and tablets. That’s because the cookies that track us on our computers don’t work very well on mobile devices. And with our online activity split among our various devices, each of us suddenly appeared to be two or three different people.

This wasn’t a bad thing for consumers, because mobile phones emit data that enable companies to learn new things about us, such as where we go, who we meet, places we shop, and other habits that help them recognize and then predict our long-term patterns.

But now, new cross-device technologies are enabling the advertising industry to combine all our information streams into a single comprehensive profile by linking each of us to our desktop, mobile phone, and iPad. Throw in wearable devices like a Fitbit, connected TVs, and the Internet of Things, and the concept of cross-device tracking expands to potentially include anything that gives off a signal.

The ad industry is drooling over this technology because it can follow and target us as we move through our daily routines, whether we are searching on our desktop, surfing on our iPad, or out on the town with our phone in hand.

There are two methods to track people across devices. The more precise technique is deterministic tracking, which links devices to a single user when that person logs into the same site from a desktop computer, phone, and tablet. This is the approach used by Internet giants like Facebook, Twitter, Google, and Apple, all of which have enormous user bases that log into their mobile and desktop properties.

A quick glance at Facebook’s data privacy policy shows it records just about everything we do, including the content we provide, who we communicate with, what we look at on its pages, as well as information about us that our friends provide. Facebook saves payment information, details about the devices we use, location info, and connection details. The social network also knows when we visit third-party sites that use its services (such as the Like button, Facebook Log In, or the company’s measurement and advertising services). It also collects information about us from its partners.

Most of the tech giants have similar policies and they all emphasize that they do not share personally identifiable information with third parties. Facebook, for example, uses our data to deliver ads within its walled garden but says it does not let outsiders export our information. Google says it only shares aggregated sets of anonymized data.

Little-known companies—primarily advertising networks and adtech firms like Tapad and Drawbridge—are also watching us. We will never log into their websites, so they use probabilistic tracking techniques to link us to our devices. They start by embedding digital tags or pixels into the millions of websites we visit so they can identify our devices, monitor our browsing habits, look for time-based patterns, as well as other metrics. By churning massive amounts of this data through statistical models, tracking companies can discern patterns and make predictions about who is using which device. Proponents claim they are accurate more than 90 percent of the time, but none of this is visible to us and is thus very difficult to control.

In recent comments to the Federal Trade Commission, the Center for Democracy and Technology illustrated just how invasive cross-device tracking technology could be. Suppose a user searched for sexually transmitted disease (STD) symptoms on her personal computer, used a phone to look up directions to a Planned Parenthood clinic, visited a pharmacy, and then returned home. With this kind of cross-device tracking, it would be easy to infer that the user was treated for an STD.

That’s creepy enough, but consider this: by using the GPS or WiFi information generated by the patient’s mobile phone, it would not be difficult to discover her address. And by merging her online profile with offline information from a third-party data broker, it would be fairly simple to identify the patient.

So, should we be concerned that companies use cross-device tracking to compile more comprehensive profiles of us? Let us count the reasons:

Your data could be hacked: Privacy Rights Clearinghouse reports that in 2015 alone, hackers gained access to the records of 4.5 million patients at UCLA Health System, 37 million clients of online cheating website Ashley Madison, 15 million Experian accounts, 80 million Anthem customers, as well as more than 21 million individuals in the federal Office of Personnel Management’s security clearance database. And these were just the headliners that garnered media attention. No site or network is entirely safe and numerous researchers have already demonstrated how incredibly easy it is to “reidentify” or “deanonymize” individuals hidden in anonymized data.

Your profile could be sold: In fact, it typically is, in anonymized fashion. That’s the whole point. But in many cases, Internet companies’ privacy policies also make it clear our profiles are assets to be bought and sold should the company change ownership. This was the case when Verizon bought AOL and merged their advertising efforts, creating much more detailed profiles of their combined user base. Yahoo might be next should it decide to spin off its Internet properties.

Your data could be used in ways you did not anticipate: Google, Facebook, and other companies create customized web experiences based on our interests, behavior, and even our social circles. On one level, this makes perfect sense because none of us want to scroll through reams of irrelevant search results, news stories, or social media updates. But researchers have demonstrated that our online profiles also have real world consequences, including the prices we pay for products, the amount of credit extended to us, and even the job offers we may receive.

Our data is already used to build and test advanced analytics models for new services and features. There is much more to come. The Googles and the Facebooks of the Internet boast that newly emerging artificial intelligence will enable them to analyze greater amounts of our data to discern new behavioral patterns and to predict what we will think and want before we actually think and want it. These companies have only begun to scratch the surface of what is possible with our data.

We are being profiled in incredible and increasingly detailed ways, and our data may be exploited for purposes we cannot yet possibly understand. The old bargain—free Internet services in exchange for targeted advertising—is rapidly become a quaint relic of the past. And with no sense of how, when, or why our data might be used in the future, it is not clear what might take its place.