Category Archives: Cyber War

FBI Prevented from Using Open Source?

Posted on by

‘ISIS Supporters’ Twitter Accounts Traced To UK Government Department’: Report

NDTV: London:  Hackers in Britain have claimed that a number of ISIS supporters’ social media accounts are being run from internet addresses linked to the UK government’s Department for Work and Pensions (DWP).

A group of four young computer experts, who call themselves VandaSec, have unearthed evidence indicating that at least three ISIS-supporting accounts can be traced back to the DWP’s London offices, the ‘Daily Mirror’ reported.

Every computer and mobile phone logs onto the internet using an IP address, which is a type of identification number. The hacking collective showed the newspaper details of the IP addresses used by three separate so-called “digital jihadis” to access Twitter accounts, which were then used to carry out online recruitment and propaganda campaigns.

At first glance, the IP addresses seem to be based in Saudi Arabia, but upon further inspection using specialist tools they appeared to link back to the DWP.

The newspaper learned that the British government had sold on a large number of IP addresses to two Saudi Arabian firms.

After the sale completed in October of this year, they were used by extremists to spread their message of hate.

A Cabinet Office spokesperson said: “The government owns millions of unused IP addresses which we are selling to get a good return for hardworking taxpayers.

“We have sold a number of these addresses to telecoms companies both in the UK and internationally to allow their customers to connect to the internet. We think carefully about which companies we sell addresses to, but how their customers use this internet connection is beyond our control.”

The UK government has not revealed how much money it has made from the sale of IP addresses.

Now we have learned that DHS has an edit to not use social media or open source for reasons of profiling, which likely has handicapped the FBI from sourcing and connecting intelligence when it comes to cultivating data on would-be jihadists.

Jihadists are making their plans public. Why hasn’t the FBI caught on?

Each week, In Theory takes on a big idea in the news and explores it from a range of perspectives. This week we’re talking about Internet encryption. Need a primer? Catch up here.

WaPo: Rita Katz is the director of the SITE Intelligence Group and has spent nearly two decades tracking, studying and reporting on jihadists. She has testified before Congress and in terrorism trials, briefed the White House, and is the author of the book “Terrorist Hunter: The Extraordinary Story of a Woman who Went Undercover to Infiltrate the Radical Islamic Groups Operating in America.”

Following the terrorist attacks in Paris and San Bernardino, Calif., FBI Director James Comey revealed to the Senate Judiciary Committee that one of the two Islamic State-inspired shooters in the May 3 attack in Garland, Tex., “exchanged 109 messages with an overseas terrorist” the morning of the attack. He followed up by saying that the FBI was unable to read those messages. His implication? Better regulation of message-disguising encryption technology could have revealed the shooters’ plans earlier and could help prevent attacks.

However, regulation of encryption is unlikely to provide the government with the counterterrorism benefit it says it will.  Jihadists’ main tool for planning and executing attacks in recent years has been social media — to which the government has full access — not encrypted messaging. In addition, regulation of one messaging technology will lead to immediate adaptation and the creation of ways to circumvent it.

In recent years, smartphones and social media have enabled users from around the world to communicate easily, safely and free of charge. Programs facilitating such communications sprouted, and jihadists — the Islamic State in particular — quickly adopted them as their main means of communication. For over three years, Twitter has been the Islamic State’s most important platform. High-level operatives within the group have used Twitter’s unencrypted direct messaging to recruit, give instructions for donating and plan attacks. Jihadists even rely on Twitter to promote their channels on other platforms, such as Telegram, which supporters would otherwise have difficulty finding.

Jihadists’ presence on social media has also spread the Islamic State around the world, with people of all ages, sexes and ethnicities leaving their families and friends to join the group. Social media use has been linked to executed and attempted lone-wolf attacks in the United StatesCanadaAustraliaFranceDenmark and other Western nations.

The Garland, Tex., shooting — the only example Comey used  as an impetus to regulate encrypted technology — in fact makes the opposite point. Attacker Elton Simpson, who was under previous FBI terror-related investigations, used Twitter to openly follow and communicate with high-profile terrorists. His account was followed by prominent English-speaking Islamic State fighters and recruiters Abu Rahin Aziz and Junaid Hussain — both of whom for a long time were known to provide manuals on how to carry out lone-wolf attacks from Raqqa, Syria, before they were killed. Simpson also followed and communicated with Mohamed Abdullahi Hassan, a known American jihadist in Somalia who pledged allegiance to the Islamic State.

Relatedly, the incitement for the Texas shooting came from Hassan’s 31st Twitter account. Simpson, a friend and follower of Hassan, retweeted the call and later requested that Hassan send him a direct message. We at SITE, using only open-source information, reported on the call before the attack took place, and the FBI had a week to investigate the matter before the shooting. Though only nine Twitter users retweeted the call for attack, the FBI failed to prevent it.

The encrypted messages Comey mentioned before the Judiciary Committee were discovered by the FBI only after the attack took place, but Simpson’s open-source communication was available far in advance. There is in fact no evidence that this or any of these other lone-wolf attacks could have been prevented by regulation of encryption technology.

In stark contrast, a proper, targeted open-source investigation could have. Yet the FBI is reluctant to recognize open-source as an important — arguably the most important — tool to track jihadists online.

It’s also important to note that jihadists are very quick to adapt online. In the past year alone, the Islamic State and al-Qaeda fighters have moved quickly from WhatsApp to Kik, Wickr, Surespot, then to Telegram – all different encryption programs created to give smartphone users safe and free text messaging available across multiple devices.  Jihadists are constantly ranking, debating and explaining which of the services is the safest and most effective. Regulation of these programs will take jihadists next to no time to circumvent; the U.S. government would be the one taking years to catch up. And even if successful, they may be able to regulate companies based in the United States, but such programs would appear everywhere else, from Russia to India to China

SITE’s leadership and continued success do not stem from access to secret databases. Our research, investigations and reporting are based on open-source information — social media, forums, websites, blogs, IP addresses — which can be immensely powerful if used wisely. Government agencies, however, seem blind to this bountiful intelligence resource, and too often rely solely on classified documents and back-end access to websites.

Rather than try to create backdoors to encrypted communication services, or use the lack thereof as an excuse to intelligence failures, the U.S. government must first know how to utilize the mass amount of data it has been collecting and to improve its monitoring of jihadist activity online. A focused approach of this sort is much more likely to lead to success in the war on terrorism.

 

9500 Visas Revoke Due to Terror,Where are they? Don’t Know

Posted on by

FNC: The Obama administration cannot be sure of the whereabouts of thousands of foreigners in the U.S. who had their visas revoked over terror concerns and other reasons, a State Department official acknowledged Thursday.

The admission, made at a House oversight hearing examining immigrant vetting in the wake of major terror attacks, drew a sharp rebuke from the committee chairman.

“You don’t have a clue do you?” Rep. Jason Chaffetz, R-Utah, told Michele Thoren Bond, assistant secretary for the Bureau of Consular Affairs.

Bond initially said the U.S. has revoked more than 122,000 visas since 2001, including 9,500 because of the threat of terrorism.

But Chaffetz quickly pried at that stat, pressing the witness about the present location of those individuals.

“I don’t know,” she said.

The startling admission came as members of the committee pressed administration officials on what safeguards are in place to reduce the risk from would-be extremists.

At issue is how closely the U.S. government examines the background of people seeking entry to the country, including reviews of their social media postings.

Leon Rodriguez, director of U.S. Citizenship and Immigration Services, told committee members that such checks aren’t being done in an abundant manner, and he was not specific about when or how it would occur.

Lawmakers are trying to ascertain which safeguards are in place to ensure that extremists are not exploiting a variety of legal paths to travel to the United States.

One of the San Bernardino, Calif., shooters came to the U.S. on a K-1 fiancee visa last year despite the fact that the FBI believed she was already radicalized.

Tashfeen Malik came to the U.S. on a K-1 fiance visa in July 2014 and passed multiple background checks and at least two in-person interviews, one in Pakistan and another after she married Syed Farook. FBI Director James Comey has said Malik and Farook communicated privately online about jihad and martyrdom before they married.

Lawmakers at times angrily pressed officials on why even public social media wouldn’t routinely be looked at for vetting those trying to enter the country.

“If half the employers are doing it in the United States of America, if colleges are doing it for students, why wouldn’t Homeland Security do it?” said Rep. Stephen Lynch, D-Mass. “We don’t even look at their public stuff, that’s what kills me.”

DHS did launch three pilot programs specifically aimed at reviewing social media postings as part of the immigration vetting process.

“There is less there that is actually of screening value than you would expect, at least in small early samples, some things seem more ambiguous than clear,” Rodriguez told lawmakers Thursday. He said foreign alphabets frequently used in social media posts were a challenge to translate.

“We all continue to believe there’s a potential for there to be information of screening value … particularly in high risk environments,” he added.

Both DHS and the State Department are reviewing the process for vetting visa applications, including the K-1 program, and have been directed by the White House to create specific recommendations for improvements.

DHS is specifically reviewing policies on when authorities at U.S. Citizenship and Immigration Services can look at social media posts as part of the process for evaluating applications for certain visas.

“There are some legal limits to what we can do,” Homeland Security Secretary Jeh Johnson said Wednesday. He added that he thinks reviews of social media should be done more often, but did not provide specifics.

During his opening remarks Chaffetz, said: “It is unclear how someone who so openly discussed her hatred of our country and way of life could easily pass three background checks. We need to understand how the breakdown happened with Malik and what we are doing to make sure it doesn’t happen again.”

Lawmakers have also pressed for changes to the Visa Waiver Program, which allows many citizens from 38 countries to travel to the United States without being subjected to the in-person interview required to receive a visa. Many fear that foreign fighters who carry western passports will be able to exploit that system to travel freely to the United States.

Earlier this month the House voted overwhelmingly to tighten controls on that program and require visas for anyone who has been to Iraq or Syria in the last five years. Security changes to the program were also included in the Senate version of a massive spending bill expected to be approved later this week.

House Oversight and Government Reform Committee Hearing on Immigration and Visas December 17, 2015

PURPOSE:

• To review the screening process for foreign nationals entering the United States, including the ability to review social media as part of the vetting process.
• To assess the likelihood of foreign nationals exploiting the U.S. immigration system and examine vulnerabilities within that system.
• This hearing is a follow-up to an Oversight Subcommittee hearing last week, where a Department of Homeland Security (DHS) official was unable to answer basic questions on the Agency’s ability to vet, track, and screen individuals who arrive in the United States.

BACKGROUND:

• Foreign nationals seeking to enter the U.S. must ordinarily obtain either an immigrant visa or a nonimmigrant visa. A third category of foreign nationals seeking entry into the U.S. are refugees, who enter under refugee status.
• An exception to the rule is the Visa Waiver Program (VWP), where an individual who seeks entry to the U.S. must apply for, and receive, a visa before entering the country. Currently, nationals of 38 countries can enter the U.S. without first obtaining a visa under the VWP.
• Under current law, two departments—the Department of State and DHS—play roles in administering the law and policies on immigration visas.
• In light of the attacks in San Bernardino, CA, Committee Chairman Jason Chaffetz (R-UT) and Subcommittee Chairman Ron DeSantis (R-FL) sent a letter to DHS seeking information relating Tashfeen Malik’s entry into the U.S. on a fiancée visa.

 

Witnesses and testimonies

Name Title Organization Panel Document
The Honorable Anne C. Richards Assistant Secretary, Bureau of Population, Refugees, and Migration U.S. Department of State Document
The Honorable Michele Thoren Bond Assistant Secretary, Bureau of Consular Affairs U.S. Department of State Document
The Honorable Alan Bersin Assistant Secretary for International Affairs, Chief Officer for the Office of Policy U.S. Department of Homeland Security
The Honorable Leon Rodriguez Director, U.S. Citizenship and Immigration Services U.S. Department of Homeland Security

Related Documents

Name Document
Credible Fear Claims Document

German Jihadist Gives Testimony, Islamic State

Posted on by

Back from the ‘Caliphate’: Returnee Says IS Recruiting for Terror Attacks in Germany

Photo Gallery: An IS Returnee Opens Up

Islamist extremist Harry S. wasn’t in Syria for long. But during his stay there, he claims, Islamic State leaders repeatedly tried to recruit him to commit terror attacks in Germany. Security officials believe he could be telling the truth.

Spiegel: It was an early summer morning in the Syrian desert, with not a cloud in the sky, when Mohamed Mahmoud asked those gathered around him: “Here are some prisoners. Which of you wants to waste them?”

Not long before, Islamic State (IS) had taken the city of Palmyra, and now jihadists from Germany and Austria were to participate in the executions of some of the prisoners taken in the operation. They drove to the site of the executions in Toyota pick-ups, bringing along an IS camera team in order to document the atrocity in the city of antique ruins. Even then, Mohamed Mahmoud was known to German security officials for his repeated propaganda-video calls to join the jihad. On that early summer day in Palmyra, though, he didn’t just incite others. He grabbed a Kalashnikov himself and began firing. That day, Mahmoud and his group of executioners are thought to have killed six or seven prisoners.

The story comes from someone who was in Palmyra on that day: Harry S., a 27-year-old from Bremen. “I saw it all,” he says.

Harry S. returned to Germany from Syria and is now in investigative custody. He has told security officials everything about the brief time he spent with Islamic State and has also demonstrated his readiness to deliver extensive testimony to German public prosecutors. He stands accused of membership in a terrorist group. His lawyer Udo Würtz declined to offer a detailed response when contacted, but said of his client: “He wants to come clean.”

German investigators are extremely interested in the testimony of the apparently repentant returnee, even as they are likely unsettled by what he has to say.

A Vital Witness

Harry S., after all, is more than just a witness to firing squads and decapitations. He also says that on several occasions, IS members tried to recruit volunteers for terrorist attacks in Germany. In the spring, just after he first arrived in Syria, he says that he and another Islamist from Bremen were asked if they could imagine perpetrating attacks in Germany. Later, when he was staying not far from Raqqa, the self-proclaimed Islamic State capital city, masked men drove up in a jeep. They too asked him if he was interested in bringing the jihad to his homeland. Harry S. says he told them that he wasn’t prepared to do so.

Harry S. was only in IS controlled territory for three months. Yet he might nevertheless become a vital witness for German security officials. Since the Nov. 13 attacks in Paris, fear of terrorism has risen across Europe, including in Germany, and security has been stepped up in train stations and airports. And the testimony from the Bremen returnee would seem to indicate that the fear is justified. Harry S. says that, during his time in the Syrian warzone, he frequently heard people talking about attacks in the West and says that pretty much every European jihadist was approached with the same questions he had been asked. “They want something that happens everywhere at the same time,” Harry S. says.

Harry S.’s path from the Bremen quarter of Osterholz-Tenever to the jihadists of Islamic State was not particularly remarkable. His radicalization was similar to many other young, directionless men from European suburbs, from the Molenbeek district of Brussels to Lohberg in Dinslaken. In Tenever, some of the residential towers are up to 20 stories tall.

Harry S. is of interest to German security officials also because he claims to...

Harry S. is of interest to German security officials also because he claims to have met Denis Cuspert (the former Berlin rapper known as Deso Dogg), and Mohamed Mahmoud, an Austrian Islamist thought to have a leadership role within Islamic State.

The son of parents from Ghana, Harry S. grew up in “difficult conditions,” according to a court file. His father left the family just as he was entering puberty. Even though Harry S. initially only managed to graduate from a lower tier high school in Germany, he dreamed of returning to his parents’ homeland and working as a construction engineer.

There was even a brief moment when it looked as though he was going to get control over his life. But then, in early 2010, he and some friends robbed a supermarket, getting away with €23,500, and flew to the island of Gran Canaria for a vacation. It wasn’t long before the authorities were on to them and Harry S. was sentenced to two years behind bars for aggravated theft.

A Dangerous Radical

In prison, he met a Salafist named René Marc S., the “Emir of Gröpelingen” — a man who Bremen officials consider to be a dangerous radical. It didn’t take long before prison officials noticed a “change in character” in Harry S. According to prison records, he converted to Islam and expressed “radical sentiments” about world events. After his release, the new convert visited the Furqan Mosque (which has since been shut down) in the Gröpelingen neighborhood of Bremen. At the mosque, he became part of a Salafist clique which sent at least 16 adults and 11 children to Syria in 2014.

Harry S. tried to make the journey as well. From Istanbul, he flew in April 2014 to Gaziantep, a large Turkish city near the border with Syria, but his trip came to a premature end. Turkish authorities arrested him and sent him back to Bremen, where he told police that he had wanted to help out in Syrian refugee camps. The authorities didn’t believe him and confiscated his passport in an effort to prevent him from making another attempt. On Tuesdays and Saturdays, he was required to report to the local police station.

But the authorities were still unable to prevent the Salafist from traveling to Syria to join the war. Harry S. simply grabbed an acquaintance’s passport and, with another Islamist from Bremen, traveled overland via Vienna and Budapest. This time, there were no police waiting for him at the border to Syria. Instead, he was met by smugglers who brought him across the border to an IS safe house set up for new arrivals from around the world.

Harry S., a large man with broad shoulders, was trained as a fighter in Syria. He claims to have been drilled in training camps together with 50 other men: sit-ups, hours of standing in the sun and forced marches lasting the entire day. Those who gave up were locked up or beaten. His Kalashnikov, it was driven home to him, should become like his “third arm” and he was told to keep the weapon in bed with him while sleeping.

Once he finished training, he says he was to become a part of a special unit, a kind of suicide squad for house-to-house combat. Harry S. claims that, during his brief time in Syria, he was never sent into battle — but he claims to know many young men, including Germans, who died in battle. “Luckily, I managed to get away,” he says.

Notorious German-Speaking Jihadists

The insights of the Bremen convert into Islamic State are of interest for security officials. Harry S. is the first returnee who can offer insight into the roles played by two notorious German-speaking jihadists who have joined Islamic State: Mohamed Mahmoud, an Islamist from Austria, and the former Berlin rapper Denis Cuspert (aka Deso Dogg). Rumors that they were recently killed in Syria have thus far not been confirmed by German officials.

Mahmoud initially attracted attention in Vienna for his radical Internet postings and spent four years in prison there. He then moved to Germany, where he founded a Salafist group called “Millatu Ibrahim” together with Cuspert. The association was banned by the German Interior Ministry three years ago, whereupon several members went underground, only to reappear as members of Islamic State in Syria and Iraq.

Harry S. met both Cuspert and Mahmoud in Raqqa. He sat together in a mosque with Cuspert and says the former rapper had just come back from the front. S. said his impression was that Cuspert was more important to Islamic State as the “hero” of propaganda videos used to attract Western recruits than as a fighter. Mahmoud, he said, had more influence and would hold ideology training sessions on Fridays in Raqqa. Mahmoud, Harry S. says, is “really dangerous,” adding that he had never before met such a disturbed person. After the executions in Palmyra, S. says, Mahmoud was proud of what he’d done.

SPIEGEL was unable to confirm everything that Harry S. said. But many of the details he mentioned are consistent both with the findings of security officials and with the testimony of other terror suspects.

‘Walked and Walked’

Plus, there is proof of the executions in Palmyra that Harry S. claims he saw. In the summer, Islamic State released a five-and-a-half minute video that was edited in some parts like a horror film. It was the first German-language execution video released by IS and it depicts two men kneeling between antique columns with Mahmoud and another Islamist from Germany standing behind them, weapons in hand. “Merkel, you dirty dog,” Mahmoud calls into the camera. “We will take revenge.” Then they shoot the prisoners in the head; a jihad hymn plays in the background.

Harry S. likewise makes a brief appearance in the video. Clad in camouflage, he carries an Islamic State flag across the picture. His defense attorney Udo Würtz says that his client didn’t directly participate in the executions. “He is a lackey who allowed himself to be misled by the propaganda of IS and who misled himself.”

Shortly after the executions in Palmyra, Harry S. began his journey out of Syria and back to Germany. He says he could no longer stand all of the violence. Despite his great fear that Islamic State could pursue and kill him as a traitor, he left secretly one evening and made his way to Turkey. “I walked and walked,” he says.

When Harry S. landed in Bremen on July 20, the police were waiting for him — with a warrant for his arrest.

Russian Cyber Attacks on America

Posted on by

Russian cybersecurity intelligence targets critical U.S. infrastructure

By Bill Gertz

U.S. intelligence agencies recently identified a Russian cybersecurity firm, which has expertise in testing the network vulnerabilities of the electrical grid, financial markets and other critical infrastructure, as having close ties to Moscow’s Federal Security Service, the civilian intelligence service.

The relationship between the company and the FSB, as the spy agency is known, has heightened fears among U.S. cyberintelligence officials that Moscow is stepping up covert efforts to infiltrate computer networks that control critical U.S. infrastructure such as oil and gas pipelines and transportation.

The effort appears to be part of FSB and Russian military cyberwarfare reconnaissance targeting, something the Pentagon calls preparation of the battlefield for future cyberattacks. The Russian company is taking steps to open a U.S. branch office as part of the intelligence-gathering, said officials familiar with reports of the effort who spoke on background.

Officials familiar with reports about the company did not identify it by name. However, security officials are quietly alerting government security officials and industry cybersecurity chiefs about the Russian firm and its covert plans for operations in the United States.

The Russian firm is said to have extensive technical experience in security vulnerabilities of supervisory control and data acquisition systems that are used to remotely control critical infrastructure.

These systems are employed by both government and private-sector system controllers for equipment running water treatment and distribution, wastewater collection and treatment, oil and gas pipelines, electrical power grids, wind farms and large communication systems.
In September, Director of National Intelligence James R. Clapper told Congress that Russian hackers have penetrated U.S. industrial control networks operating critical infrastructure. The objective of the hackers is to develop the capability to remotely access the control systems that “might be quickly exploited for disruption if an adversary’s intent became hostile,” Mr. Clapper said.

“Unknown Russian actors successfully compromised the product-supply chains of at least three [industrial control system] vendors so that customers downloaded malicious software designed to facilitate exploitation directly from the vendors’ websites along with legitimate software updates,” Mr. Clapper stated in Sept. 10 testimony to the House Permanent Select Committee on Intelligence.

Russian hackers also were linked to cyberpenetrations of U.S. industrial control networks used for water and energy systems in 2014.

The Russian connection was identified through the use of malware called BlackEnergy that has been linked to Russian government cyberoperations dubbed Sandworm by security researchers.

Mr. Clapper also testified that the Russian Defense Ministry has created a military cybercommand for offensive attacks. Additionally, the Russian military is setting up a specialized branch for computer network attacks.
RUSSIAN GENERAL ISSUES THREAT

Gen. Valery Gerasimov, chief of the General Staff of the Armed Forces of Russia, told foreign military attaches in Moscow on Monday that increased military activities by NATO and the development of global missile defenses were “creating a threat of new conflicts and escalation of existent conflicts,” the official Interfax news agency reported.

“The NATO military policy unfriendly towards Russia is a source of concern,” Gen. Gerasimov said. “The alliance continues to expand its military presence and is stepping up the activity of the bloc’s armed forces along the perimeter of borders of the Russian Federation.”

Because of the deployment of a global missile defense network and the development of new means of armed struggle, including hypersonic weapons, “the problem of upsetting the existent strategic balance of force has been growing,” said the general, referring to high-speed strike weapons.
The Pentagon is developing a conventional rapid-attack capability called “prompt global strike,” which can target any spot on Earth in 30 minutes.

Russia has stepped up nuclear threats against the United States and NATO in response to deployment of missile defenses in Europe.

In recent months, Russian President Vladimir Putin has issued an unprecedented number of threats to use nuclear weapons, most notably after the Russian military annexation of Ukraine’s Crimea last year. On Dec. 11, Mr. Putin said he hoped nuclear weapons would not be needed during operations in Syria.

“Particular attention must be paid to the consolidation of the combat potential of the strategic nuclear forces and the execution of space-based defense programs,” Mr. Putin was quoted as saying at the meeting with his defense chiefs. “We need, as our plans specify, to equip all components of the nuclear triad with new arms.”

Lt. Gen. Ben Hodges, commander of U.S. Army forces in Europe, told reporters last week that Russian nuclear threats are troubling in the current security environment.

“The way that senior Russian officials have talked about Denmark as a nuclear target, Sweden as a nuclear target, Romania as a nuclear target, sort of an irresponsible use of the nuclear word, if you will, you can understand why our allies on the eastern flank of NATO — particularly in the Baltic region — are nervous, are uneasy,” Gen. Hodges said.

Additionally, the Russian military has conducted “large snap exercises without announcement,” which also has increased fears of a Moscow threat, he said.

***

Since the FSB (KGB) company is un-named could it be: (RecordedFuture)

What is SORM?

Russia’s SORM (Система Оперативно-Розыскных Мероприятий, literally “System for Operative Investigative Activities”) is a lawful intercept system operated by the Federal Security Service (or FSB – the Russian successor to the KGB).

Russia SORM Timeline

SORM came to light recently during the Sochi Olympic Games where reports claimed that “all communications” were monitored. SORM differs from the US lawful intercept system, as once the FSB receives approval for access to a target’s communications they are able to unilaterally tap into the system without provider awareness.

Further, SORM is also lawfully used to target opposition parties within Russia. According to the World Policy Institute, on November 12, 2012, Russia’s Supreme Court upheld the right of authorities to eavesdrop on the opposition.

  • SORM-1 intercepts telephone traffic (including both landline (analog) and mobile networks).
  • SORM-2 targets internet traffic (including VoIP calls).
  • SORM-3 has the ability to target all forms of communication providing long-term storage of all information and data on subscribers, including actual recordings and locations.

Former Soviet States (Kazakhstan, Belarus, Uzbekistan and Ukraine) have installed SORM-standard equipment. According to research by Wired Magazine, Ukraine’s SORM is more advanced as the SBU (Ukraine’s Security Service) has the ability to interrupt a target’s communications.

In April 2011, Iskratel – which provides Ukraine’s sole telephone company Ukrtelekom with broadband equipment – announced its SORM device was tested successfully under the new requirements and had been approved by the SBU.

Analyzing SORM manufacturers within Recorded Future identified equipment suppliers including Juniper Networks (US), Cisco Systems (US), Huawei (China) and Alcatel-Lucent (France).

 

The Terror of Hackers

Posted on by

U.S. arrests three men over hacking scheme targeting 60 million people

Cybersecurity researcher Billy Rios points to a computer line reading ''Gods Password,'' a password he was able to uncover by analyzing the software in a Pyxis medical supply dispenser that he says he purchased on Ebay for a few hundred dollars, in Redwood City, California October 10, 2014. REUTERS/Robert Galbraith

Reuters: Three men were arrested on Monday for engaging in a wide-ranging hacking and spamming scheme that targeted personal information of 60 million people including Comcast customers, U.S. prosecutors announced Tuesday.

Timothy Livingston, 30, Tomasz Chmielarz, 32, and Devin McArthur, 27, were named in an indictment filed in federal court in Newark, New Jersey that charged them with conspiracy to commit fraud and related activity among other offenses.

Prosecutors said Livingston, a Boca Raton, Florida, resident, was the leader of a series of computer hacking and illegal spamming schemes that targeted multiple companies and generated illegal profits exceeding $2 million.

The three men were arrested at their respective residences on Tuesday morning, a spokesman for U.S. Attorney Paul Fishman in New Jersey said.

Michael Koribanics, Chmielarz’s lawyer, said his client would plead not guilty at a court hearing on Tuesday. A lawyer for Livingston did not immediately respond to a request for comment, and an attorney for McArthur could not be identified.

Prosecutors said Livingston, who owned a spam company called “A Whole Lot of Nothing LLC,” hired Chmielarz of Rutherford, New Jersey to author hacking tools and other programs that facilitated the hacking and spamming schemes.

Among the companies they targeted was a Pennsylvania-based telecommunications company that employed McArthur, a resident of Ellicott City, Maryland, who installed hacking tools in company networks to gain access to records for 50 million people, prosecutors said.

The company was not identified by name in court papers. But McArthur’s LinkedIn page says he worked at Comcast Corp during the period in question. A Comcast spokeswoman had no immediate comment.

Livingston and Chmielarz also compromised tens of thousands of peoples’ email accounts, including customers of a New York telecommunications company, which they then used to send spam, the indictment said.

Other companies targeted in the schemes included a New York-based technology and consulting company whose website was compromised and a Texas-based credit monitoring firm that was hacked, the indictment said.

In the case of the unnamed credit monitoring firm, the indictment said Livingston paid Chmielarz to write a program to steal a database containing 10 million records.

When law enforcement seized Livingston’s computer in July, they discovered a database with 7 million of that company’s records, the indictment said.

New OPM Cyber Chief Is Bracing for an ISIS Hack

The new cybersecurity adviser hired by the Office of Personnel Management after a Chinese-originated hack says he expects ISIS may ultimately pierce the agency’s systems, too.

The historic data breach exposed the professional and private lives of 21.5 million individuals applying for clearances to handle classified information, plus their families. That kind of information, drawn from background investigations, would be perfect for blackmail attempts.

But Clifton Triplett—named OPM’s first-ever senior cyber and information technology adviser last month—says forthcoming access controls will blunt the severity of any future hack.

I think what I have to do is … assume that, at some point in time, they may be successful,” Triplett said when asked about the ISIS cyber threat during a webcast hosted by Bloomberg Government on Monday.

Going forward, OPM will “make it more of a need-to-know kind of access control,” he said, “so if we do have a compromise, it is far more contained than, for example, our last incident.”

The agency, he explained, will institute the equivalent of tear lines on network data to grant as little information as possible to authorized personnel.

Right now, I think, in some of our situations, the access control is broader than perhaps needs to be,” Triplett said, because OPM computer programs were developed before data security became a governmentwide priority.

So far, ISIS sympathizers have been hacking more for show, than for spying.

In early 2015, the self-described Cyber Caliphate group reportedly took control of the social network accounts of U.S. Central Command.

Then, global television network TV5Monde was disabled for hours in April, when the hacktivists apparently replaced the company’s channels, websites and social media accounts with pro-ISIS messaging.

ISIS’ online propaganda often directs followers to kill U.S. and allied troops and supplies the necessary contact information. But much of the data released has turned out to have already been in the public domain.

Still, America viewed at least one ISIS hacker as enough of a threat to kill him in a targeted attack.

The Justice Department claims Ardit Ferizi breached a server to retrieve identifying details on about 1,350 military and other government personnel. He then allegedly passed the data on to Islamic State member and Cyber Caliphate ringleader Junaid Hussain, a British citizen. Hussain is accused of beckoning adherents to target U.S. personnel, posting links on Twitter to their names, email addresses, passwords, locations and phone numbers. Hussain was reportedly killed in a U.S. drone strike this summer.

But what really frightens Triplett is that OPM’s records sit beside smart toasters and air conditioners in the Internet of Things, he said.

We’re too interconnected. Not enough air gaps in our systems” that physically decouple networks from the Internet, he said. “We are trying to automate and connect one more thing to one more thing.”

Today, background check records are one of those things.

Eventually, Triplett said he fears, “I’ll have a reasonably minor event that will turn into a catastrophic event, and I won’t be able to find out where the root cause was because of the ripple potential.”

Currently, “there’s no way” to cut off the systems from the Internet, OPM’s IT security officer, Jeff Wagner, told Nextgov in October.

Wagner said, “even clearance data” must be online, because the only other option is to exchange paper folders with agency partners like the Social Security Administration.

Adversaries, however, would have to circumvent multiple identity checks and firewalled systems to peer at the personnel records, Wagner said.