Category Archives: Cyber War

ODNI Chief Clapper, Hacked Again

Posted on by

Teen Who Hacked CIA Email Is Back to Prank US Spy Chief

Motherboard: One of the “teenage hackers” who broke into the CIA director’s AOL email account last year hasn’t given up targeting government intelligence officials. His latest victim is the Director of National Intelligence James Clapper, Motherboard has learned.

A group of hackers calling themselves “Crackas With Attitude” or CWA made headlines in October, hacking into CIA Director John Brennan’s email account and apparently getting access to several online tools and portals used by US law enforcement agencies.The hackers’ exploits prompted the FBI to issue an alert warning government officials of their attacks.

One of the group’s hackers, who’s known as “Cracka,” contacted me on Monday, claiming to have broken into a series of accounts connected to Clapper, including his home telephone and internet, his personal email, and his wife’s Yahoo email. While in control of Clapper’s Verizon FiOS account, Cracka claimed to have changed the settings so that every call to his house number would get forwarded to the Free Palestine Movement. When they gained notoriety last year, Cracka and CWA claimed their actions were all in support of the Palestine cause.

“I’m pretty sure they don’t even know they’ve been hacked,” Cracka told me in an online chat.

But Brian Hale, a spokesperson for the Office of the Director of National Intelligence, confirmed the hack to Motherboard on Tuesday.

“We’re aware of the matter and we reported it to the appropriate authorities,” Hale said, declining to answer any other questions on the record. (The FBI declined to comment.)

Cracka, or whoever is pretending to be him, taunted authorities on Twitter (the hacker used a new Twitter account, not the same one he used at the time of the Brennan hack. But the hacker also is in control of a chat app account who’s been using to communicate with me since last October).
Cracka provided me with what he claimed to be Clapper’s home number. When I called it on Monday evening, I got an answer from Paul Larudee, the co-founder of the Free Palestine Movement. Larudee told me that he had been getting calls for Clapper for the last hour, after an anonymous caller told him that he had set Clapper’s number to forward calls to him. Larudee said that one of the callers said he was sitting in Clapper’s house next to his wife.

According to public records, the phone number does belong to James Clapper’s household. Cracka also provided another number, a cellphone, which he said belonged to either Clapper or Clapper’s wife, Susan. When I called, a woman picked up and I asked if this was Susan Clapper. The woman responded that Susan wasn’t there, but that she’d tell her to call me back. But nobody ever did.

Cracka also claimed to have gotten into Susan’s Yahoo email account, as well as Clapper’s email account. He provided a series of screenshots to prove he had control of their Verizon FiOS account, as well as Susan’s Yahoo account. Motherboard couldn’t independently verify the authenticity of the screenshots.

The hacker also sent me a list of call logs to Clapper’s home number. In the log, there was a number listed as belonging to Vonna Heaton, an executive at Ball Aerospace and a former senior executive at the National Geospatial-Intelligence Agency. When I called that number, the woman who picked up identified as Vonna Heaton. When I told her who I was, she declined to answer any questions.

“A journalist? Oh my gosh” she said, laughing uncomfortably. “I have somebody on the line, I’m sorry, I have no insight into that. But that’s really unfortunate, have a great day.”

“I just wanted the gov to know people aren’t fucking around, people know what they’re doing and people don’t agree #FreePalestine.”
Michael Adams, an information security expert who served more than two decades in the US Special Operations Command, said that this looks “more of a social engineering hack than a real hack,” but also added that “every serious hack starts with social engineering.”

Adams also said that it’s “insane” that Clapper doesn’t do more to hide his home address and phone number (both can be found with a Google search).

“If I’m the Director of National Intelligence of the United States of America nobody is going to know where the fuck I live, nobody is going to have my goddamn phone number or address,” Adams told me in a phone interview.

On Tuesday, Cracka asked me not to name him in the article, saying he “doesn’t like the attention.”

“You Asked why I did it,” he added. “I just wanted the gov to know people aren’t fucking around, people know what they’re doing and people don’t agree #FreePalestine.”

 

Saudi Arabia Reveals Iran Spy Ring and JPOA

Posted on by

Saudi Cites Iran Spy Ring

ABU DHABI [MENL] — Saudi Arabia, amid a propaganda war, has reported an Iranian espionage presence in the Gulf Cooperation Council kingdom.

Officials said authorities have launched prosecution of four Iranians on charges of espionage. They said at least one of the defendants was accused of working for Iranian intelligence and recruited Saudi nationals.

This marked the second alleged Iranian spy cell dismantled in Saudi Arabia over the last year. Officials said a fifth Iranian was also accused of being part of the cell and linked to attacks in the Gulf Cooperation Council kingdom since 2003.

Officials said the fifth Iranian, sentenced to 13 years, was convicted of recruiting Saudis in Iran and sending them to fight in Afghanistan. The Iranian, who was not identified, was also charged with relaying funds for recruitment.

The Iranian espionage cell, reported in the Saudi-controlled media, was disclosed amid the crisis with Teheran fueled by Riyad’s execution of a leading Shi’ite cleric. The Saudi leadership has responded to Iranian condemnations by releasing information on Teheran’s executions of hundreds of dissidents over the last two years.

The Saudi media said the latest Iranian espionage cell stemmed from the arrival of an Iranian intelligence officer to the annual pilgrimage in the Saudi city of Mecca. The media said the cell, detected as early as 2014, also planned attacks but did not elaborate.

Riyad was said to have dismantled a previous Iranian cell in 2013. The Saudi media said the cell consisted of at least 27 alleged members, 24 of them Saudis and the rest nationals from Iran, Lebanon and Turkey.

Officials said Iran has sought to infiltrate Saudi Arabia from both the northern and southern border. On Jan. 8, the Saudi military battled hundreds of Iranian-backed Houthi fighters from neighboring Yemen, 35 of them were killed in the Raboua region.

“We are looking at additional measures to be taken if it [Iran] continues with its current policies,” Saudi Foreign Minister Adel Al Jubeir said on Jan. 9.

Meanwhile, there is little in the news about the JOPA, the P5+1 Iranian nuclear deal and there are good reasons…..lifting sanctions.

The Implications of Sanctions Relief Under the Iran Agreement

Congressional testimony by Mark Dubowitz

 

 

(1) The Joint Comprehensive Plan of Action’s (JCPOA) major design flaws, which provide Iran with patient paths to nuclear weapons and greater ballistic missile, heavy weaponry, and economic capabilities;

(2) The interplay between the P5+1 economic sanctions “snapback” and Iran’s “nuclear snapback” in limiting the ability of the United States to impose sanctions (a) to address Iranian non-compliance with the JCPOA and, (b) to punish Iranian illicit conduct in a range of non-nuclear activities such as support for terrorism; and,

(3) How sanctions relief under the JCPOA benefits the most hardline elements in Iran including the Islamic Revolutionary Guard Corps (IRGC) and Iran’s Supreme Leader Ali Khamenei.

First, on so-called “Implementation Day,” Iran will receive substantial sanctions relief with which it can defend its economy against future sanctions pressure. Iran may also use sanctions relief to increase its support for terrorism and other rogue regimes and to expand its conventional military power. The JCPOA front-loads sanctions relief, providing Iran with access to around $100 billion in restricted oil revenues and reconnecting Iranian banks, including the Central Bank of Iran, back into the global financial system. Sanctions on Iran’s crude oil export transactions will be lifted, as will sanctions on key sectors of the Iranian economy including upstream energy investment and energy-related technology transfers, the auto industry, petrochemicals, and shipping, as well as the precious metals trade. This sanctions relief will enable Iran to build greater economic resilience against future pressure—both sanctions aimed at isolating other illicit financial conduct and so-called “snapback” sanctions in the event of Iranian nuclear non-compliance.

Then, after five years, or earlier if the International Atomic Energy Agency (IAEA) reaches a broader conclusion that Iran’s nuclear program is only for peaceful purposes, the international arms embargo will be lifted, meaning that Iran can also expand its conventional military capabilities and those of its proxies. Former Under Secretary of State for Political Affairs Nicholas Burns, one of the other witnesses at this hearing, noted one week before the announcement of the JCPOA that lifting the arms embargo “would be a great mistake. Iran is selling arms, giving arms, fueling civil wars in Yemen, in Lebanon, in Syria and Iraq, and so those arms prohibitions on Iran are very important.”1 He also has explained that the arms embargo was put in place “for very good reason.” He continued that it is not in the interest of the United States “to see these arms embargos lifted from Iran. It is an issue that should not be part of these negotiations. … I think we ought to maintain these U.N. embargos.”2 In five years, however, they will disappear, giving Iran access to combat aircraft, attack helicopters, battle tanks, among other advanced weapons systems. Read the full testimony here.

 

Secret Companies with Secret Objectives Near You

Posted on by

Is the nation’s largest online retailer part of a spy network? Have you given thought to the countless databases, harvesting data, human behavior, and all the interactions you have through the internet? Is Amazon now part of a larger incubation center for the federal government? You decide.

 Amazon network

Why Amazon’s Data Centers Are Hidden in US Spy Country

DefenseOne: Of all the places where Amazon operates data centers, northern Virginia is one of the most significant, in part because it’s where AWS first set up shop in 2006. It seemed appropriate that this vision quest to see The Cloud across America which began at the ostensible birthplace of the Internet should end at the place that’s often to blame when large parts of the U.S. Internet dies.

Northern Virginia is a pretty convenient place to start a cloud-services business: for reasons we’ll get into later, it’s a central region for Internet backbone. For the notoriously economical and utilitarian Amazon, this meant that it could quickly set up shop with minimal overhead in the area, leasing or buying older data centers rather than building new ones from scratch.

The ease with which AWS was able to get off the ground by leasing colocation space in northern Virginia in 2006 is the same reason that US-East is the most fragile molecule of the AWS cloud: it’s old, and it’s running on old equipment in old buildings.

Or, that’s what one might conclude from spending a day driving around looking for and at these data centers. When I contacted AWS to ask specific questions about the data-center region, how they ended up there, and the process of deciding between building data centers from scratch versus leasing existing ones, they declined to comment.

The fact that northern Virginia is home to major intelligence operations and to major nodes of network infrastructure isn’t exactly a sign of government conspiracy so much as a confluence of histories (best documented by Paul Ceruzzi in his criminally under-read history Internet Alley: High Technology In Tysons Corner, 1945-2005). To explain why a region surrounded mostly by farmland and a scattering of American Civil War monuments is a central point of Internet infrastructure, we have to go back to where a lot of significant moments in Internet history take place: the Cold War.

Postwar suburbanization and the expansion of transportation networks are occasionally overlooked, but weirdly crucial facets of the military-industrial complex. While suburbs were largely marketed to the public via barely concealed racism and the appeal of manicured “natural” landscapes, suburban sprawl’s dispersal of populations also meant increased likelihood of survival in the case of nuclear attack. Highways both facilitated suburbs and supported the movement of ground troops across the continental United States, should they need to defend it (lest we forget that the legislation that funded much of the U.S. highway system was called the National Interstate and Defense Highways Act of 1956).

Unlike Google and Facebook, AWS doesn’t aggressively brand or call attention to their data centers. They absolutely don’t give tours, and their website offers only rough approximations of the locations of their data centers, which are divided into “regions.” Within a region lies at minimum two “availability zones” and within the availability zones there are a handful of data centers.

I knew I wasn’t going to be able to find the entirety of AWS’ northern Virginia footprint, but I could probably find bits and pieces of it. My itinerary was a slightly haphazard one, based on looking for anything tied to Vadata, Inc., Amazon’s subsidiary company for all things data-center-oriented.

Facebook data-center

Google’s web crawlers don’t particularly care about AWS’ preference of staying below the radar, and searching for Vadata, Inc. sometimes pulls up addresses that probably first appeared on some deeply buried municipal paperwork and were added to Google Maps by a robot. It’s also not too hard to go straight to those original municipal documents with addresses and other cool information, like fines from utility companies and documentation of tax arrangements made specifically for AWS. (Pro tip for the rookie data-center mapper: if you’re looking for the data centers of other major companies, Foursquare check-ins are also a surprisingly rich resource). My weird hack research methods returned a handful of Vadata addresses scattered throughout the area: Ashburn, Sterling, Haymarket, Manassas, Chantilly. Much more of the report is here.

 Amazon’s Cloud center

CNBC: Palantir is notorious for its secrecy, and for good reason. Its software allows customers to make sense of massive amounts of sensitive data to enable fraud detection, data security, rapid health care delivery and catastrophe response.

Government agencies are big buyers of the technology. The FBI, CIA, Department of Defense and IRS have all been customers. Between 30 and 50 percent of Palantir’s business is tied to the public sector, according to people familiar with its finances. In-Q-Tel, the CIA’s venture arm, was an early investor.

Annual revenue topped $1.5 billion in 2015, sources say, meaning Palantir is bigger than top publicly traded cloud software companies like Workday and ServiceNow. It has about 1,800 employees and is growing headcount 30 percent annually, said the sources, who asked not to be named because the numbers are private.

Palantir serves up free meals for employees at 542 High Street, home to its cafeteria. A red sign reading “Private Company Meal” is attached to the window, and a neon blue sign on the inside says “Hobbit House.”

Other perks, according to people with knowledge of the company’s policies, include subsidized housing for employees who live in the neighborhood and help with monthly commuter Caltrain passes for those traveling down from San Francisco or up from San Jose. Employees who drive in get complimentary parking permits.

“They’re making a commitment here,” said Cannon.

“The idea is that it’s physically locked down and there’s no way you can take information out.” -Avivah Litan, Gartner analyst

For Palantir to stay, it has no choice but to spread out. Only one building in downtown Palo Alto even tops 100,000 square feet, and last year city officials limited total annual development in the commercial districts to 50,000 square feet.

There’s another benefit to having a disparate campus. In doing highly classified work for government agencies, some contracts require the use of particular types of units called Sensitive Compartmented Information Facilities, or SCIFs.

Avivah Litan, a cybersecurity analyst with Gartner, says qualities of a SCIF building include advanced biometrics for security, walls that are impenetrable by radio waves and heavily protected storage of both physical items and digital data.

“They have to make the walls so that no signals can be transmitted out of those walls,” said Litan, who is based in Washington, D.C. “The idea is that it’s physically locked down and there’s no way you can take information out.”

Having entirely separate facilities makes it easier to clear that hurdle, but even so, the vast majority of Palantir’s offices aren’t SCIFs. Read the full summary here.

Facts of the Guzman Re-Capture, Warning Graphic

Posted on by

Sean Penn is gonna make a movie? He used a Mexican actress as the go-between? Signals intelligence and cell (burn) phone tracking? Yes all of those but much more.

The region where el Chapo Guzman lives is well protected by all other residents in the area, they are on the Guzman payroll. We have known for years his location, at issue was crafting a well organized and well trained military style operation to re-capture him. There is some chatter that finally too, Mexico will extradite Guzman to the United States, but that could take at least a year. What is worse, Guzman was not taken to another prison with higher security but rather back to the very prison from which he escaped. What????

So, what role did the United States play in this recent capture of Guzman? A BIG one.

JSOC’s Secretive Delta Force Operators on the Ground for El Chapo Capture

Delta Force Operators on the Ground for El Chapo Capture

Murphy/SofRep: Mexico’s most notorious drug lord, Joaquín Guzmán Loera, better known as El Chapo, was recaptured following an intense firefight between Mexican Marines and Chapo’s goons in Sinaloa, Mexico, last Friday. Although Mexican officials claimed that the entire operation to recapture El Chapo after he escaped from prison for the second time was planned and executed by Mexico, multiple sources report to SOFREP that American law enforcement officers and JSOC operators were involved in the mission.

The operation, dubbed “Black Swan” by the Mexican government, was actually targeting Chapo’s lead sicario (assassin) but came across the cartel leader by chance. The Mexican Marines stormed the house, and in the ensuing firefight five cartel gunmen were killed and six were injured. One Marine was also injured. During the firefight, Chapo escaped through a series of tunnels and then tried to flee in a stolen vehicle. Federal agents caught sight of him and arrested him on the spot. According to one account, the arresting agents had not even been aware of the larger mission being carried out in the area by Mexican Marines. Arresting Chapo was simply a chance encounter, a stroke of good luck.

Rumors of American special operations personnel roaming around the badlands of Mexico have been floating around for well over a decade at this point, but the idea of bearded, ball cap- and Oakley-wearing American soldiers south of the border has been more fiction than fact. JSOC maintained a small analysis cell in Mexico, but the Mexican government has been extremely wary of an American military presence on the ground. Much of this has to do with fears of neocolonialism, as well as Latin American machismo—insecurity over the fact that Mexico cannot manage its own internal affairs.

chaporaid2

(Pics of the recent raid that resulted in the capture of El Chapo)

While America’s so-called “war on drugs” is perhaps at an all-time low socially and politically, with our focus on the Middle East, the capture of El Chapo is still a tactical win for the United States, even if it only gets us incrementally closer to securing the rule of law in Mexico.

In the lead for the capture were the Mexican Marines, who are the go-to preferred force for counter-drug cartel operations in a country where public officials are often hopelessly corrupt. It is interesting to see how, around 2006 or 2007, the Mexican Marines suddenly became very effective at direct-action (DA) raids. Such raids were responsible for capturing and killing high-value targets (HVTs), causing speculation that the Marines were receiving a little help from their North American neighbors. America has also leveraged its significant signals intelligence (SIGINT) capabilities to help the Mexican authorities track down drug cartel leaders.

chaporaid1

(Another Chapo goon killed in the raid that resulted in his capture)

In regards to the latest El Chapo capture, SOFREP has been told that it was actually the U.S. Marshals who had an important role in tracking down the drug lord. Also on the ground was the U.S. Army’s elite counterterrorism unit, Delta Force. Operators from Delta served as tactical advisors but did not directly participate in the operation.

This type of arrangement is hardly unprecedented, as Delta also worked in the shadows during the search for, and eventual killing of, Pablo Escabar in Colombia. They’ve also served in advisory capacities during hostage-rescue missions in places as diverse as Sudan and Peru. Delta Force has also remained behind the scenes in the capture of other HVTs, from Manuel Noriega in Panama during the 1989 invasion, to the killing of Uday and Qusay Hussein in Iraq in 2003. Also worth noting is the unit’s role in tracking down and arresting Bosnian war criminals in the 1990s.

Although Delta had some level of involvement in the operation, their presence is probably less interesting than many would assume.  Law enforcement agencies often request the presence of Delta operators as advisors to sensitive operations.  These operators are often there putting in face time to appease the request of a federal agency, but may have little if any actual participation in the planning and execution of events.  Such was the case when Delta was asked to consult on the Waco stand-off between the ATF, FBI, and the Branch Davidians in 1993.  Law enforcement agencies are said to regard the presence of a JSOC operator as a sort of lucky talisman.

The good news is that it is now unlikely that Chapo will be escaping from prison a third time as the Mexican government is signaling that he will be extradited to the United States to face prosecution.  When the black Chinook comes for Chapo, we will know that he will finally face the justice that he has long evaded.

 

 

 

 

SERCO, Unknown but Really Known….

Posted on by

Serco U.S. political donations found here. This is the exact type of company where spies…spy.

Further reading, Serco’s 2014 financial results and strategy review.

By Zerohedge: Serco. Chances are you’ve never heard of the company. If you have heard of the company, chances are you misunderstand the shear enormity of the global company and their contracts.

From transport to air traffic control, getting your license in Canada, to running all 7 immigration detention centers in Australia, private prisons in the UK, military base presence, running nuclear arsenals, and running all state schools in Bradford, Serco, somewhere, has played a part in moving, educating, or detaining people.

serco

New contracts awarded to Serco include a Saudi Railway Company, further air traffic control in the US and also IT support services for various European agencies. You can read more on their future projects below.

 

Serco HY15 Results SEA 11 August 2015

 

A Very Brief History

Serco’s history began in 1929 as a UK subsidiary, RCA Services Limited to support the cinema industry.

In the 1960s the company made a leap into military contracts to maintain the UK Air Force base Ballistic Missile Early Warning System. From there, the company continues to grow.

Now trading as Serco Group, 2015 trading as of August 11 2015, maintained a revenue of £3.5 billion, and an underlying trading profit of £90 million. The data was presented at JPMorgan in London.

In 2013 Serco was considered a potential risk, and became a representation of the dangers of outsourcing. The U.K. government developed contingency plans in case Serco went bankrupt. When the concerns came to light, Serco faced bans (along with G4S, another outsourcing contractor) from further bidding on new U.K. government work for six months. It wasn’t until Rupert Soames OBE – Sir Winston Churchill’s grandson – took on the job as Serco’s Chief Executive in 2014, that Serco turned a new corner of profit growth.

Serco Today

Serco today is one of the biggest global companies to exist. They have contracts with:

Alliant – the vehicle for IT services across the Federal IT market;

 

National Security Personnel System (NSPS) – For “(NSPS) training and facilitating services throughout the Department of Defense (DoD) and agencies that needs NSPS training and implementation services;”

 

Seaport – The NAVSEA SEAPORT Multiple Award contract focuses on “engineering, technical, and programmatic support services for the Warfare Centers.” This is inclusive of Homeland Security and Force Protection, Strategic Weapons Systems, and multiple warfare systems.

 

CIP-SP3 Services and Solutions (Cost $20 Billion, expiration date 2022) – biomedical-related IT services with the National Institutes of Health (NIH) with the main objective focused on Biomedical Research and Health Sciences extending to information systems throughout the federal government. Also implementation in several key areas of Biomedical Sciences including legislation and critical infrastructure protection.

The few contracts listed above are among the vast array of transport, detention center and private prison contracts.

Serco, the biggest company you’ve never heard of…..