Category Archives: Cyber War

Why is Rocket Kitten Important?

Posted on by

Security firm says it shut down extensive Iranian cyber spy program

A security firm with headquarters in Israel and the United States says it detected and neutralized an extensive cyber espionage program with direct ties to the government of Iran. The firm, called Check Point Software, which has offices in Tel Aviv and California, says it dubbed the cyber espionage program ROCKET KITTEN. In a media statement published on its website on Monday, Check Point claims that the hacker group maintained a high-profile target list of 1,600 individuals. The list reportedly includes members of the Saudi royal family and government, American and European officials, North Atlantic Treaty Organization officers and nuclear scientists working for the government of Israel. The list is said to include even the names of spouses of senior military officials from numerous nations.

News agency Reuters quoted Check Point Software’s research group manager Shahar Tal, who said that his team was able to compromise the ROCKET KITTEN databases and acquire the list of espionage targets maintained by the group. Most targets were from Saudi Arabia, Israel, and the United States, he said, although countries like Turkey and Venezuela were also on the list. Tal told Reuters that the hackers had compromised servers in the United Kingdom, Germany and the Netherlands, and that they were using these and other facilities in Europe to launch attacks on their unsuspecting targets. According to Check Point, the hacker group was under the command of Iran’s Revolutionary Guards Corps, a branch of the Iranian military that is ideologically committed to the defense of the 1979 Islamic Revolution.

Reuters said it contacted the US Federal Bureau of Investigation and Europol, but that both agencies refused comment, as did the Iranian Ministry of Foreign Affairs. However, an unnamed official representing the Shin Bet, Israel’s domestic security agency, said that ROCKET KITTEN “is familiar to us and is being attended to”. The official declined to provide further details. Meanwhile, Check Point said it would issue a detailed report on the subject late on Monday.

*** In part from SCMagazine:

The researchers uncovered more thorough indicators of compromise, along with new malware strains, including a Remote Access Trojan (RAT) the group apparently favored.

Further down the Rocket Kitten rabbit hole, the researchers appeared to identify the mastermind behind the operation, who goes by “Wool3n.H4t,” as Yaser Balaghi.

The company found references to his alias and real name on various developer forums, within the server itself, and eventually, in an online tutorial he posted on SQL injection.

Additionally, a reported resume for Balaghi has listed “designing a phishing system” as ordered by a “cyber-organization.”

Saying technical evidence can be forged, or information be planted, Tal said he backs his company’s findings because of “overwhelming evidence.”

“All evidence fits the same story and same narrative,” he said. “The probability that this is a false lead is extremely nonexistent in my opinion.”

Given that Balaghi resides in Iran, there will likely not be any repercussions or extradition. However, Tal said the findings have been passed along to European and U.S. search bodies, as well as service providers who hosted the malicious servers.

Most infrastructure has been taken down since then, Tal said, and continued, “don’t expect to see them attacking any time soon.”

Crackas With Attitude Hit FBI Director

Posted on by

A few days ago, it was the Director of the CIA, John Brennan, now it is the Director of the FBI. The hacking group boasted their success on Twitter, but that account has since been terminated.

CIA email hackers breach FBI-run site, deputy director’s private email

The same hackers who breached the email account of CIA Director John Brennan last month are now believed to be behind another set of intrusions, including accessing a FBI-run law enforcement portal and a private email account of a top bureau official.

The hackers, who call themselves Crackas With Attitude, posted Friday personal data of law enforcement officials that appears to have been stolen from the Law Enforcement Enterprise Portal, CNN reported.

The FBI-run site, also known as LEO.gov, connects local and federal law enforcement officials and allows local, state and federal agencies to share information, including details of ongoing investigations.

Three U.S. law enforcement officials confirmed the breach. Users of the portal received notices that their data may have been compromised.

In addition, a Twitter account that investigators believe is operated by the hackers posted screenshotsThursday that appear to have come from a private email account belonging to FBI Deputy Director Mark Giuliano and his wife.

The same Twitter account also posted data that appeared to come from the LEO.gov site, including names and contact information for law enforcement employees.

The three officials told CNN that the same hackers who accessed Mr. Brennan’s email account are believed to be behind the latest breaches.

An FBI spokeswoman declined to comment on the alleged breaches.

“We have no comment on specific claims of hacktivism, but those who engage in such activities are breaking the law,” FBI spokeswoman Carol Cratty told CNN. “The FBI takes these matters very seriously. We will work with our public and private sector partners to identify and hold accountable those who engage in illegal activities in cyberspace.”

Hillary DID Sign the NDA

Posted on by

The FBI is still investigating Hillary yet some interesting items continue to surface and even perhaps be leaked.

Remember when Jen Psaki at the State Department said she did not know whether Hillary signed the appropriate documents on protecting classified material? Heh, well low and behold, Hillary did as is evidenced below.

Hillary Clinton's SCI Nondisclosure Agreement

Thanks to FreeBeacon and DailyMail: Hillary signed State Department contract saying it was HER job to know if documents were classified top secret, and laid out criminal penalties for ‘negligent handling’

  • Clinton signed ‘Sensitive Compartmented Information Nondisclosure Agreement’ on her second day at the State Department
  • It says she was personally responsible for determining if sensitive documents in her possession were classified at the highest level
  • Spelled out criminal laws under which she could be prosecuted
  • Hillary has said on the campaign trail that top-secret classified info found on her private email server wasn’t classified originally and it wasn’t her job to know better 

 

 

Hillary Clinton‘s claim that she was unaware top secret documents on her private email server were highly classified took a hit on Friday, with the revelation of a State Department contract she signed in 2009.

The ‘Sensitive Compartmented Information Nondisclosure Agreement,’ which Clinton inked during her second day as Secretary of State, declared that she was personally responsible for determining if sensitive documents in her possession were classified at the government’s highest level.

‘I understand that it is my responsibility to consult with appropriate management authorities in the Department … in order to ensure that I know whether information or material within my knowledge or control that I have reason to believe might be SCI.’

SCI – Sensitive Compartmented Information – is the highest level of ‘top secret’ classification, applying to information so sensitive because of the sources and methods used to obtain it that it can only be viewed in a special room, hardened against electronic eavesdropping, constructed for that purpose. The agreement Clinton signed in 2009, which warns against ‘negligent handling’ of state secrets, conflicts with her more recent positions on the presidential campaign trail.

Clinton has said none of the hundreds of classified documents found among emails on her unsecured server were classified at the time she sent or received them, and suggested that without a marking from intelligence officials, she wasn’t expected to know what is classified.

The libertarian Competitive Enterprise Institute think-tank obtained the document with Hillary’s signature, which the State Department declassified on Thursday, and gave it to the conservative Washington Free Beacon.

‘I have been advised that the unauthorized disclosure, unauthorized retention, or negligent handling of SCI by me could cause irreparable injury to the United States or be used to advantage by a foreign nation,’ the agreement Clinton signed states.

The U.S. Intelligence Community’s inspector general has said two of the Clinton emails released by the State Department so far in complying with a federal judge’s order contained SCI-level information, and had to be sanitized by experts before they could be published.

A spokesman for Hillary’s presidential campaign did not respond to DailyMail.com’s request for comment on Friday.

But the text of the agreement spells out plainly that Clinton agreed she was responsible for seeking help if she wasn’t clear about what was classified at the SCI level.

It also spelled out what might happen if she broke the terms of the contract.

‘I have been advised that any breach of this Agreement may result in my termination of my access to SCI and removal from a position of special confidence and trust requiring such access,’ the agreement reads, ‘as well as the termination of my employment or other relationships with my Department of Agency that provides me with access to SCI.’

‘In addition,’ she agreed, ‘I have been advised that any unauthorized disclosure of SCI by me may constitute violations of United States criminal laws, including provisions of Sections 793, 794, 796, and 952, Title 18, United States Code; and of Section 783(b), Title 50, United States Code.’

‘Nothing in this Agreement constitutes a waiver by the United States of the right to prosecute me for any statutory violations.’

Government officials who sign the same document Clinton signed acknowledge ‘agree that I shall return all materials that may have come into my possession or for which I am responsible because of such access, upon demand by an authorized representative of the United States Government or upon the termination of my employment.’

Clinton never returned her email server to the federal government. She housed it in her Chappaqua, New York home while she was America’s top diplomat, and then moved it when she left the Obama administration – entrusting it to a Colorado company that was not cleared to handle SCI-level documents.

The State Department acknowledged in September that Clinton’s home-brew server also was never authorized to handle such information.

The FBI is currently investigating Hillary’s email mess, in an information dragnet that has also roped in her former chief of staff Cheryl Mills and current top campaign aide Huma Abedin.

Both of those women also signed the DCI nondisclosure agreement.

*** One more thing, there were at least 5 attempts, perhaps even successful by the Russians hacking into Hillary’s emails.

Shake Your Head at This DoJ Case, Netcracker

Posted on by

Ever wonder where the NSA was on this? Ever wonder where the background check was for Netcracker as a bona fide government contractor? More fleecing that several people in the decision chain approved this.

USDOJ: Netcracker Technology Corp. and Computer Sciences Corp. Agree to Settle Civil False Claims Act Allegations  (The spin in this statement is in full testimony of how things operate in the Federal government, meanwhile the risk, well frankly the treasonous decision is epic.

 

Pentagon Farmed Out Its Coding to Russia

 
By Patrick Malone, Center for Public Integrity

The Pentagon was tipped off in 2011 by a longtime Army contractor that Russian computer programmers were helping to write computer software for sensitive U.S. military communications systems, setting in motion a four-year federal investigation that ended this week with a multimillion-dollar fine against two firms involved in the work.

The contractor, John C. Kingsley, said in court documents filed in the case that he discovered the Russians’ role after he was appointed to run one of the firms in 2010. He said the software they wrote had made it possible for the Pentagon’s communications systems to be infected with viruses.

Greed drove the contractor to employ the Russian programmers, he said in his March 2011 complaint, which was sealed until late last week. He said they worked for one-third the rate that American programmers with the requisite security clearances could command. His accusations were denied by the firms that did the programming work.

“On at least one occasion, numerous viruses were loaded onto the DISA [Defense Information Systems Agency] network as a result of code written by the Russian programmers and installed on servers in the DISA secure system,” Kingsley said in his complaint, filed under the federal False Claims Act in U.S. District Court in Washington, D.C., on March 18, 2011.

Asked to confirm that the Russians’ involvement in the software work led to the presence of viruses in the U.S. military’s communications systems, Alana Johnson, a spokeswoman for the Defense Information Systems Agency, declined to answer on the grounds that doing so could compromise the agency’s “national security posture.”

“It’s something that we take very seriously,” Johnson said in a telephone interview on Tuesday. “The Department of Defense’s posture on cybersecurity ultimately affects national security.”

Kingsley first told a Defense Information Systems Agency official on Jan. 10, 2011, that Russians had been doing computer programming for Massachusetts-based NetCracker Technology Corporation under a federal contract, through an arrangement that corporate officials referred to as its “Back Office,” he said in his complaint. He said the work had been done in Moscow and elsewhere in Russia.

The DISA official confirmed that the practice of outsourcing the work to employees in Russia violated both the company’s contract and federal regulations that mandate only U.S. citizens with approved security clearances work on classified systems, Kingsley’s complaint said.

On Monday, NetCracker and the much larger Virginia-based Computer Sciences Corporation—which had subcontracted the work—agreed to pay a combined $12.75 million in civil penalties to close a four-year-long Justice Department investigation into the security breach. They each denied Kingsley’s accusations in settlement documents filed with the court.

The agency’s inspector general, Col. Bill Eger, who had investigated Kingsley’s allegations, said the case was a good example of how his office combats fraud. In a separate statement released Monday, Channing D. Phillips, the U.S. Attorney for the District of Columbia, said that “in addition to holding these two companies accountable for their contracting obligations, this settlement shows that the U.S. Attorney’s Office will take appropriate measures necessary to ensure the integrity of government communications systems.”

The $22 million contract the companies were working on dates from 2008, when the Pentagon first asked Computer Sciences Corporation to fortify and administer the computer networks of the Defense Information Systems Agency. The agency supports battlefield operations by running communication systems that enable soldiers, officers, and coalition partners to communicate in secret.

Computer Sciences Corporation collected a total of $1.5 billion from the Pentagon in fiscal year 2014, according to the Federal Procurement Data System. The work at the heart of this case was part of a $613 million contract between the Defense Information Systems Agency and the corporation. Netcracker, which has done direct work for the Air Force and the General Services Administration, worked as a subcontractor on the deal.

In his complaint, Kingsley asserted that Computer Sciences Corporation executives knew about Netcracker’s work in Russia. But a corporation spokeswoman, in a written statement, denied it. “[Computer Sciences Corporation] believes it is as much a victim of NetCracker’s conduct as is our [Defense Information Systems Agency] customer and agreed to settle this case because the litigation costs outweigh those of the settlement,” Heather Williams wrote. “Security is of the utmost importance” to the corporation, she wrote.

Kingsley also said in his whistleblower complaint that when he questioned NetCracker’s general counsel about the propriety of the arrangement, the counsel assured him nothing was wrong. When he asked the company’s board of directors for permission to discuss the Russians’ participation with the Defense Information Systems Agency, his “requests were rebuffed,” he said in the complaint.

The next day, in an email to the board of directors at NetCracker Government Services, the company’s general counsel characterized Kingsley’s conversation with the government official as an “unscheduled, one-on-one meeting” that ended with a “vitriolic rampage” and left the Defense Information Systems Agency officer with the impression that Kingsley was a “lunatic,” according to Kingsley’s complaint. Kingsley said in his complaint that this description of the meeting was incorrect and intended to hurt Kingsley’s reputation with the company’s other board members.

Joanna Larivee, a spokeswoman for Netcracker, responded with a written statement that it “has cooperated fully with the Department of Justice throughout its review of this matter and explicitly denies liability for any wrongdoing. We have always taken responsible steps to ensure that best practices are deployed when managing client information and that NetCracker is compliant with the terms of our contracts. We have decided that it is in the best interest of all stakeholders to settle the matter.”

Of the total fines, NetCracker agreed to pay $11.4 million while the Computer Sciences Corporation agreed to pay $1.35 million. Under the False Claims Act, Kingsley’s share of the settlement is $2.3 million, according to the Justice Department.

Kingsley did not respond to a phone message left at his home in Fairfax, Virginia, on Tuesday. His lawyer, Paul Schleifman, said Kingsley spoke up about the Back Office in Russia because he was worried that it could harm national security. “[Kingsley] believes that his obligation is to the United States first,” Schleifman said, “not to his pocket.”

The settlement agreement leaves the door open for the Justice Department to pursue criminal charges based on Kingsley’s allegations. A Justice Department spokeswoman did not respond before deadline when asked whether any such charges are expected.

 

Iran: Death to America, Back ‘Atcha’ Iran

Posted on by

 Iran’s hardliners mark hostage anniversary with ‘infiltration’ warning

Reuters: Thousands of Iranians rallied to celebrate the anniversary of the 1979 hostage-taking at the U.S. embassy on Wednesday, as hardliners alleged Western “infiltration” following a landmark nuclear deal with world powers.

President Hassan Rouhani, however, in remarks highlighting division between moderates and hardliners, criticised the arrest of at least two journalists, the latest in a series of detentions also including dissident writers and artists.

“We should not arrest people without reason, making up cases against them and say they are a part of an infiltration network,” Rouhani told a cabinet meeting.

Demonstrators gathered in front of the abandoned U.S. Embassy in Tehran chanting “death to America” and urging Iran’s foreign minister and chief nuclear negotiator, Mohammad Javad Zarif, “Don’t trust the Americans.”

The U.S. embassy was sacked by students in the early days of the Islamic Revolution in 1979. The ensuing U.S. hostage crisis lasted 444 days and Washington and Tehran have yet to restore diplomatic ties.

Some protesters dragged a coffin marked “Obama” through the street while others carrying long balloons representing Iran’s latest ballistic missile, which was tested in October in defiance of a United Nations ban.

It is about time to terminate the Iran nuclear agreement and to declare a new adversarial front against Iran. The reasons are countless, one reason is above and the other is below.

U.S. Officials: Iranian Cyber-Attacks, Arrest of Americans May Be Linked

by TheTower.org Staff |

U.S. officials believe that the increasing number of hacking attacks carried out this past month by Iran’s Islamic Revolutionary Guard Corps (IRGC) against American government personnel may be linked to the arrests of American-Iranian citizens by the regime, The Wall Street Journal reported (Google link) Thursday.

The Islamic Revolutionary Guard Corps, or IRGC, has routinely conducted cyberwarfare against American government agencies for years. But the U.S. officials said there has been a surge in such attacks coinciding with the arrest last month of Siamak Namazi, an energy industry executive and business consultant who has pushed for stronger U.S.-Iranian economic and diplomatic ties.

Obama administration personnel are among a larger group of people who have had their computer systems hacked in recent weeks, including journalists and academics, the officials said. Those attacked in the administration included officials working at the State Department’s Office of Iranian Affairs and its Bureau of Near Eastern Affairs.

“U.S. officials were among many who were targeted by recent cyberattacks,” said an administration official, adding that the U.S. is still investigating possible links to the Namazi case. “U.S. officials believe some of the more recent attacks may be linked to reports of detained dual citizens and others.”

At the time of his arrest, the IRGC seized Namazi’s computer.

According to the Journal, friends and associates of Washington Post reporter Jason Rezaian were similarly targeted following his arrest last year.

Associates of Namazi say that the IRGC, which is believed to be responsible for his arrest and which reports directly to Iranian Supreme Leader Ayatollah Ali Khamenei, is using the cyber-attacks to help “build a false espionage case” against him.

Last month, the Journal reported that a cyber-security company, Dell Secureworks, had identified a scheme where Iranian hackers had set up false LinkedIn accounts in order to learn sensitive information from the defense and telecommunications sectors. In August, it was reported that Iran was targeting political dissidents living abroad with cyber-attacks.

Earlier this year, The New York Times revealed that the United States had enlisted the help of its allies, including Britain and Israel, to confront the escalating Iranian cyber-attacks.

A report released in 2014 by cyber-security firm Cylance highlighted Iran’s growing cyber-terror capabilities, including “bone-chilling evidence” that its hackers had taken control of gates and security systems at airports in South Korea, Saudi Arabia, and Pakistan.

Iran’s cyber-attacks are not just directed at other countries and individuals abroad, but also its own citizens. Massive attacks on Iranian Google accounts were detected prior to the presidential election two years ago as part of a broader crackdown on dissent.

In Iran Has Built an Army of Cyber-Proxies, published in the August 2015 issue of The Tower Magazine, Jordan Brunner examined how Iran became one of the world’s leading forces in cyber-warfare:

Iran is adept at building terrorist and other illicit networks around the world. Its cyber-capabilities are no different. It uses the inexpensive method of training and collaborating with proxies in the art of cyber-war. It may also have collaborated with North Korea, which infamously attacked Sony in response to the film The Interview. It is possible that Iran assisted North Korea in developing the cyber-capability necessary to carry out the Sony hack. While acknowledging that there is no definite proof of this, Claudia Rosett of the Foundation for Defense of Democracies raised the question in The Tower earlier this year.

More importantly, Iran is sponsoring the cyber-capabilities of terrorist organizations in Lebanon, Yemen, and Syria. The first indication of this was from Hezbollah. The group’s cyber-activity came to the attention of the U.S. in early 2008, and it has only become more powerful in cyberspace since then. An attack that had “all the markings” of a campaign orchestrated by Hezbollah was carried out against Israeli businesses in 2012.

Lebanon’s neighbor, Syria, is home to the Syrian Electronic Army (SEA), which employs cyber-warfare in support of the Assad regime. There are rumors that indicate it is trained and financed by Iran. The SEA’s mission is to embarrass media organizations in the West that publicize the atrocities of the Assad regime, as well as track down and monitor the activities of Syrian rebels. It has been very successful at both. The SEA has attacked media outlets such as The Washington Post, the Chicago Tribune, the Financial Times, Forbes, and others. It has also hacked the software of companies like Dell, Microsoft, Ferrari, and even the humanitarian program UNICEF.

The group has carried out its most devastating cyber-attacks against the Syrian opposition, often using the anonymity of online platforms to its advantage. For example, its hackers pose as girls in order to lure opposition fighters into giving up seemingly harmless information that can lead to lethal crackdowns. The SEA’s sophisticated use of cyberspace developed in a very short time, and it is reasonable to infer that this was due to Iranian training. Iran has long supported the ruling Assad regime in Syria and would be happy to support those who support him.

In recent months, a group called the Yemen Cyber Army (YCA) has arisen, hacking into systems that belong to Saudi Arabia. The YCA supports the Houthi militia, which is fighting the Yemenite government and the Saudis; the Houthis are, in turn, supported by Iran. Thus far, the YCA has attacked Saudi Arabia’s Foreign, Interior, and Defense Ministries. They have also hacked the website of the Saudi-owned newspaper Al-Hayat. Messages from the group indicate that they are sponsored by Iran, and might even be entirely composed of Iranians.