Category Archives: Cyber War

Every U.S. Corporation Hacked by China

Posted on by

From the Former NSA Director McConnell via CNN:

“The Chinese have penetrated every major corporation of any consequence in the United States and taken information,” he said. “We’ve never, ever not found Chinese malware.”
He said the malware lets Chinese spies extract information whenever they want. McConnell, who also led the NSA from 1992 until 1996, continues to investigate hacks as a high-ranking adviser to Booz Allen Hamilton (BAH).
He listed victims he has come across during his investigations: U.S. Congress, Department of Defense, State Department (which is currently dealing with Russian hackers) and major corporations.
The U.S. government has said it has caught Chinese spies stealing blueprints and business plans. Last year, federal prosecutors took the unprecedented step of filing formal criminal charges against five Chinese government spies for breaking into Alcoa (AA), U.S. Steel Corp. (X), Westinghouse and others.

Exclusive: Secret NSA Map Shows China Cyber Attacks on U.S. Targets

A secret NSA map obtained exclusively by NBC News shows the Chinese government‘s massive cyber assault on all sectors of the U.S economy, including major firms like Google and Lockheed Martin, as well as the U.S. government and military.

The map uses red dots to mark more than 600 corporate, private or government “Victims of Chinese Cyber Espionage” that were attacked over a five-year period, with clusters in America’s industrial centers. The entire Northeast Corridor from Washington to Boston is blanketed in red, as is California’s Silicon Valley, with other concentrations in Dallas, Miami, Chicago, Seattle, L.A. and Detroit. The highest number of attacks was in California, which had almost 50.

Each dot represents a successful Chinese attempt to steal corporate and military secrets and data about America’s critical infrastructure, particularly the electrical power and telecommunications and internet backbone. And the prizes that China pilfered during its “intrusions” included everything from specifications for hybrid cars to formulas for pharmaceutical products to details about U.S. military and civilian air traffic control systems, according to intelligence sources.

The map was part of an NSA briefing prepared by the NSA Threat Operations Center (NTOC) in February 2014, an intelligence source told NBC News. The briefing highlighted China’s interest in Google and defense contractors like Lockheed Martin, and in air traffic control systems. It catalogued the documents and data Chinese government hackers have “exfiltrated” — stolen — from U.S. corporate, government and military networks, and also listed the number and origin of China’s “exploitations and attacks.”

The map suggests that NSA has been able to monitor and assess the Chinese cyber espionage operations, and knows which specific companies, government agencies and computer networks are being targeted.

The NSA did not immediately respond to repeated requests for comment.

 

 

The China Hack of United Airlines, Electronic Insurgency

Posted on by

Warning corporations, industry and government entities is one thing, action and protection and or declaration of a cyber war is yet another.

July 2015:

Aspen Institute: Cyber warfare is one of the most potent security threats the United States faces, National Security Agency Director and Commander of the US Cyber Command General Keith Alexander told the crowd at the Aspen Security Forum in Aspen, discussing in conversation with NBC News Correspondent Pete Williams the nature of the threat and how his department is working to address it.
With the Stuxnet, Duqu, and Flame viruses in the fore of the public consciousness, Alexander took pains to point out that nation-states were not the only potential cyber actors. Citing power and water grids as his chief concerns, he said, “Somebody who finds vulnerability in our infrastructure could cause tremendous problems. They could erase the Input/output of a system so it can’t boot, and would have to be replaced. And these capabilities are not only nation-state-only capabilities.”

Alexander assessed the US’ readiness to confront such an attack as a three on a scale of ten, calling lack of adequately trained cyber defense forces the critical impediment to greater preparedness. “Our issue isn’t [having the tools] to address the threat,” he said. “It’s having the capacity, and building and training cyber forces. We have a big requirement, and a small force that is growing steadily.”

China-Tied Hackers That Hit U.S. Said to Breach United Airlines

Bloomberg:

The hackers who stole data on tens of millions of U.S. insurance holders and government employees in recent months breached another big target at around the same time — United Airlines.

United, the world’s second-largest airline, detected an incursion into its computer systems in May or early June, said several people familiar with the probe. According to three of these people, investigators working with the carrier have linked the attack to a group of China-backed hackers they say are behind several other large heists — including the theft of security-clearance records from the U.S. Office of Personnel Management and medical data from health insurer Anthem Inc.

The previously unreported United breach raises the possibility that the hackers now have data on the movements of millions of Americans, adding airlines to a growing list of strategic U.S. industries and institutions that have been compromised. Among the cache of data stolen from United are manifests — which include information on flights’ passengers, origins and destinations — according to one person familiar with the carrier’s investigation.

 

It’s increasingly clear, security experts say, that China’s intelligence apparatus is amassing a vast database. Files stolen from the federal personnel office by this one China-based group could allow the hackers to identify Americans who work in defense and intelligence, including those on the payrolls of contractors. U.S. officials believe the group has links to the Chinese government, people familiar with the matter have said.

That data could be cross-referenced with stolen medical and financial records, revealing possible avenues for blackmailing or recruiting people who have security clearances. In all, the China-backed team has hacked at least 10 companies and organizations, which include other travel providers and health insurers, says security firm FireEye Inc.

Tracking Travelers

The theft of airline records potentially offers another layer of information that would allow China to chart the travel patterns of specific government or military officials.

United is one of the biggest contractors with the U.S. government among the airlines, making it a rich depository of data on the travel of American officials, military personnel and contractors. The hackers could match international flights by Chinese officials or industrialists with trips taken by U.S. personnel to the same cities at the same time, said James Lewis, a senior fellow in cybersecurity at the Center for Strategic and International Studies in Washington.

“You’re suspicious of some guy; you happen to notice that he flew to Papua New Guinea on June 23 and now you can see that the Americans have flown there on June 22 or 23,” Lewis said. “If you’re China, you’re looking for those things that will give you a better picture of what the other side is up to.”

Computer Glitches

The timing of the United breach also raises questions about whether it’s linked to computer faults that stranded thousands of the airline’s passengers in two incidents over the past couple of months. Two additional people close to the probe, who like the others asked not to be identified when discussing the investigation, say the carrier has found no connection between the hack and a July 8 systems failure that halted flights for two hours. They didn’t rule out a possible, tangential connection to an outage on June 2.

Luke Punzenberger, a spokesman for Chicago-based United, a unit of United Continental Holdings Inc., declined to comment on the breach investigation.

Zhu Haiquan, a spokesman for the Chinese embassy in Washington, said in a statement: “The Chinese government and the personnel in its institutions never engage in any form of cyberattack. We firmly oppose and combat any forms of cyberattacks.”

Embedded Names

United may have gotten help identifying the breach from U.S. investigators working on the OPM hack. The China-backed hackers that cybersecurity experts have linked to that attack have embedded the name of targets in web domains, phishing e-mails and other attack infrastructure, according to one of the people familiar with the investigation.

In May, the OPM investigators began drawing up a list of possible victims in the private sector and provided the companies with digital signatures that would indicate their systems had been breached. United Airlines was on that list.

Safety Concerns

In contrast to the theft of health records or financial data, the breach of airlines raises concerns of schedule disruptions or transportation gridlock. Mistakes by hackers or defenders could bring down sensitive systems that control the movement of millions of passengers annually in the U.S. and internationally.

Even if their main goal was data theft, state-sponsored hackers might seek to preserve access to airline computers for later use in more disruptive attacks, according to security experts. One of the chief tasks of the investigators in the United breach is ensuring that the hackers have no hidden backdoors that could be used to re-enter the carrier’s computer systems later, one of the people familiar with the probe said.

United spokesman Punzenberger said the company remains “vigilant in protecting against unauthorized access” and is focused on protecting its customers’ personal information.

There is evidence the hackers were in the carrier’s network for months. One web domain apparently set up for the attack — UNITED-AIRLINES.NET — was established in April 2014. The domain was registered by a James Rhodes, who provided an address in American Samoa.

James Rhodes is also the alias of the character War Machine in Marvel Comics’ Iron Man. Security companies tracking the OPM hackers say they often use Marvel comic book references as a way to “sign” their attack.

Targeting Pentagon

This isn’t the first time such an attack has been documented. Chinese military hackers have repeatedly targeted the U.S. Transportation Command, the Pentagon agency that coordinates defense logistics and travel.

A report last year from the Senate Armed Services Committee documented at least 50 successful hacks of the command’s contractors from June 2012 through May 2013. Hacks against the agency’s contractors have led to the theft of flight plans, shipping routes and other data from organizations working with the military, according to the report.

“The Chinese have been trying to get flight information from the government; now it looks as if they’re trying to do the same in the commercial sector,” said Tony Lawrence, a former Army sergeant and founder and chief executive officer of VOR Technology, a Columbia, Maryland-based cybersecurity firm.

It’s unclear whether United is considering notifying customers that data may have been compromised. Punzenberger said United “would abide by notification requirements if a situation warranted” it.

The airline is still trying to determine exactly which data was removed from the network, said two of the people familiar with the probe. That assessment took months in the OPM case, which was discovered in April and made public in June.

M&A Strategy

Besides passenger lists and other flight-related data, the hackers may also have taken information related to United’s mergers and acquisitions strategy, one of the people familiar with the investigation said.

Flight manifests usually contain the names and birthdates of passengers, but even if those files were taken, experts say that would be unlikely to trigger disclosure requirements in any of the 47 states with breach-notification laws.

Those disclosure laws are widely seen as outdated. The theft by hackers of corporate secrets usually goes unreported, while the stealing of customer records such as Social Security numbers and credit cards is required in most states.

“In most states, this is not going to trigger a notification,” said Srini Subramanian, state government leader for Deloitte cyber risk services.

Immigrants Globally a Boon to Mafia and Gangs

Posted on by

Given civil wars, drug cartels, failed states, lawlessness and financial crises, refugees, asylum seekers and those fleeing their home countries for countless reasons are falling prey to gangs and organized crime operations like the Mafia.

This is a building phenomenon not only globally but here in the United States. Consider Libya, Syria, Sudan, Iraq, Yemen, Honduras, Guatemala, El Salvador and Mexico are noted to be failed states.

Every action has a reaction and the Obama administration is not facing any conditions or consequences here at home.

Italy’s Mafia is Profiting From the Immigration Crisis
The Mafia in Italy have demonstrated devious ingenuity in everything from drug trafficking to counterfeiting. Now they’re exploiting the immigration crisis.

The care and feeding of such migrants may end up costing the Italian government as much as €800m per year, with it offering private individuals, companies and non-profit organisations up to €35 a day per person to host them. That includes a daily pocket money allowance of €2.50 that hosts are supposed to pay directly to the refugees.

Those funds have proven irresistible to the Mafia, according to Italian prosecutors and watchdog groups, who say criminal groups have succeeded at rigging the awarding of the contracts for the management of migrant reception centres in several high-profile cases.

Then here at home, let us look no farther than Long Island.

Gangs on LI trying to recruit newly arrived Central American children

Latino street gangs led by MS-13 have tried to lure Long Island’s newest child immigrants into their ranks, police said, causing concern among local investigators as well as immigrant advocacy groups.

The violent, drug-dealing gangs have been vying for new members among the more than 3,000 children younger than 18 who resettled in Nassau and Suffolk counties between September 2013 and September 2014.

MS-13 has gone international as their syndicate is appearing in Australia.

FreeBeacon: Vice President of the National Border Patrol Council Shawn Moran told Fox News that the violent MS-13 gang is exploiting the chaos on the U.S. border to recruit new juvenile members.

“We know the cartels were exploiting this and continue to exploit this crisis in south Texas, it makes sense that MS-13 and other gangs would do the same,” said Moran.

According to Moran, the gang has been using a Red Cross phone bank on the border, originally intended for unaccompanied minors to use to contact relatives: “These phones are being utilized by gang members to recruit, to enlist, to pressure people, other juveniles into joining the MS-13 gang.”

And, Moran explained, border security is unable to isolate these gang members because they are juveniles, and they are required to treat all juveniles a certain way. “We’re being told we have to look the other way. If we see gang tattoos, we’re not allowed to treat them any differently than anybody else applying to be allowed to stay here or to apply for asylum.”

“It’s a security issue that we feel could really snowball out of control and it would put agents at risk. It puts the other detainees at risk,” Moran said.

Moran described MS-13 as “one of the biggest threats we face on our southern border. They do not hesitate to use extreme violence if necessary. They are considered one of the top threats to border patrol agents.”

Iran Leader’s Nephew To Obama: They’re Lying To You

Posted on by

When Washington DC is full discussions due to the Iran deal and hearings have occurred almost every day since the agreement was signed, there is reason to escalate real concerns for what the White House and John Kerry are attempting to sell.

TEHRAN (FNA)- Iranian Defense Minister Brigadier General Hossein Dehqan underlined that Tehran will not allow any foreigner to discover Iran’s defensive and missile capabilities by inspecting the country’s military sites.

“Missile-related issues have never been on agenda of the nuclear talks and the Islamic system will resolutely implement its programs in this field,” Brigadier General Dehqan said at a meeting with a group of Defense Ministry managers and employees on Monday, commenting on the nuclear agreement recent struck between Iran and the six world powers (the US, Russia, China, France, Britain and Germany).

He pointed to the recent statements of the US officials on Iran, and said, “The US officials make boastful remarks and imagine that they can impose anything on the Iranian nation because they lack a proper knowledge of the Iranian nation.”

The Iranian Defense Minister reiterated that the time has come now for the Americans to realize that they are not the world’s super power and no one recognizes them as such any longer.

Brigadier General Dehqan pointed to the recent nuclear tests conducted by the US concurrent with nuclear talks in Vienna, and said, “Such measures indicate their lack of commitment to international peace and security and it is for the same reason that independent nations and governments can never trust the US.”

On Saturday, Commander of the Islamic Revolution Guards Corps (IRGC) Major General Mohammad Ali Jafari underlined that there are still some concerns lingering about the sum-up agreement reached between Tehran and the Group 5+1 (the US, Russia, China, France and Britain plus Germany) and the relevant draft resolution to be adopted by the UN Security Council.

***
Then the nephew of the Supreme leader wrote a letter to Barack Obama about the lies from the Iranian regime.
PJ Media reports that an open letter to President Obama from the nephew of Iranian Supreme Leader Ayatollah Ali Khamenei, Dr. Mahmoud Moradkhani, was posted on an Iranian website this past Tuesday.
The extraordinary letter states in no uncertain terms that Khamenei is lying in his negotiations with the West, relying on taqiyya, (the Shia doctrine which allows Muslims to lie to infidels in order to further Islam’s goals). Moradkhani clearly states that the Islamic regime has deceived the Iranian people, compares their deception to Hitler’s actions, accuses some of the West’s media of censoring remarks made by Iranian opponents of the regime, calls for Obama to reject the nuclear deal and pleads for the end of the Islamic regime in Iran.The full text follows:

Dear Mr. President

I am presenting this open letter as one of the serious opponents of the Islamic republic of Iran on behalf of the like-minded opposition groups and myself. Because of my knowledge of this regime, especially of Ali Khamenei who is my uncle (my mother’s brother), I see it as my duty to inform you about this regime and the issue of nuclear negotiations with the Islamic regime of Iran.

Let me at first inform you that the regime that falsely calls itself a republic came to power in 1979 by deceiving Iranian people and the world through provoking Iranian people against the regime of Mohammad Reza Pahlavi and gaining the support of the world community.

The tragedy of Cinema Rex*, believing in Khomeini’s words and then establishing a backward regime that is violent, medieval and against all international laws are all results of Iranian people and the world community being deceived. We are witnessing that not only a rich and cultured country like Iran has become a victim of this regime but also the Middle East and the whole free world. The intervention of Ali Khamenei’s regime (following Khomeini’s footsteps who had no other intention other that domination of Iraq) in Lebanon, Palestine, Afghanistan, Iraq, and Syria is more than obvious. As if these were not enough, he has now added the Arabian Peninsula to that list.

In any case, this regime has done great damage to Iranians and to the international community.

We can find a historical example of this kind of deception prior to the Second World War. Hitler manipulated and deceived German people and European countries and the hesitation in addressing the problem with Hitler led to a great disaster.

Due to the changes in time, the domain of the disaster might become limited now but breach of human rights is the same, regardless of the number of people who become victimized in the process.

Ali Khamenei and his collaborators know very well that they will never become a nuclear power. They certainly do not have the national interest of Iranian in their mind; they just use the nuclear issue to bully the countries in the region and export their revolution and middle-aged culture to other countries. Obviously, you and European countries do not give the Islamic regime any concession unless you are certain that they comply with the agreement. The Islamic regime of Iran will certainly prolong the verification period the same way that they have delayed and prolonged the nuclear talks. It is in this period that the wounded regime will retaliate with its destructive policies.

The countless breaches of human rights violations, spreading of Islamic fundamentalism, intervention and creating crisis in the Middle East are all unacceptable and contrary to democratic and humane beliefs of yours and ours.

While we can, with some measure of decisiveness and courage, uproot the wicked tree of the Islamic regime of Iran, just settling for cutting its branches is nothing more than avoiding responsibility.

It is clear that the eradication of the Islamic regime of Iran is the responsibility and mission of Iranian people and specially the opposition abroad; however, by putting obstacles in front of Iranian people and the Iranian opposition abroad one prevents them from doing their task.

The Islamic regime of Iran, based on their deceptive nature have sent their mercenaries abroad and even managed to recruit and manipulate some American-Iranians. Individuals who out of self-interest are lobbying for the Islamic regime of Iran and hiding its true nature and giving a false picture of its intentions; in the same manner that while Khomeini was in France, the so-called Iranian intellectuals did not let people of Iran and the world, realize the true meaning “the Islamic republic”. Those so-called intellectuals polished the remarks of Khomeini and converted them to positive, popular, strong and victorious ones.

We see that unfortunately in your country and your state media (the Persian section of Voice of America) and especially in UK (the Persian section of BBC) the remarks of the opposition of Islamic regime of Iran are being censored and instead the indecent habit of analyzing and relaying statements of the Islamic regime of Iran have become a norm.

I have a deep understanding and insight of the habits, morals and true indentions of this regime and I find it necessary to let you and the world know that the true evil of the Islamic regime of Iran is far more damaging and dangerous to be resolved by just signing an agreement.

People who have always lied, deceived and believe in Taqiya**, people whose main goal is supremacy and domination over others can never be trusted.

Instead they should be confronted with the very basic principles that have led to their criminality

and

  • To put an end on breaching of human rights violations; in other words, an end to Qisas***, random executions, discrimination, suppression of dissent, media repression, religious and ideological hegemony.
  • Devolving power to the people and the abolition of restrictive laws, such as mandatory supervision in elections.
  • Giving freedom to religious minorities and repealing laws limiting the choice of thought and religion.
  • Non-interfere policy toward governments of countries such as Afghanistan, Iraq, Lebanon, Syria and Yemen.
  • Cancelling the assassination orders of dissidents in the world that have resulted in the killing of journalists, writers and even cartoonists.

I believe that any agreement or concession that is not associated with these basic conditions in reality will only be assisting this regime in achieving its indecent goals.

The possible disaster following this kind of hesitation will be similar to the historical mistake made prior to the Second World War.

Ali Khamenei will not be satisfied with the little that he has today and surely, and in all secrecy, at the first possible moment will attempt to bully and dominate.

Removing the crippling sanctions without fundamental changes in this regime will not be in Iran’s interest and will only facilitates the Islamic regime of Iran in reaching its objectives.

United States of America and Europe should not jeopardize their long-term interests due to short-term ones.

There are powerful and pro-active forces in the Iranian opposition and if the censorship of the media that are supporting the Islamic regime of Iran were to be removed, the opposition can easily organize and assist the powerful civil disobedience of Iranian people.

Iranian people want peace and freedom; without this regime not only can they ensure the resurrection of a civilized country but also a peaceful region.

Yours respectfully

Dr.Mahmoud Moradkhani

ISIS Online Propagandists are Russian

Posted on by

Personally, I have investigated the matter of the Islamic State cyber-caliphate and all clues led back to Russia. Now others are investigating the same thing and forming the same conclusions. Fundamentally we are in a new dimension of a Cold War tactic using the internet as the platform. So far the Obama administration ignores this but military generals are sounding the alarms.

Why Are Russian Hackers Posing as ISIS Propagandists?

by: Helle Dale

The multi-front cyberspace information war in which we recently have found ourselves just got a little more complicated.

A group which calls itself Cyber Caliphate, assumed to have ties to the terrorist group ISIS, may in fact be a creation of Russian hackers taking advantage of the havoc wrecked on social media and the Internet by ISIS propagandists.

The complex picture this presents adds to the challenges faced by the U.S. government as it seeks to adjust its counterterrorism communication and cybersecurity measures to deal with rising threats from abroad.

According to a new report, “Who Is Cyber Caliphate? Re-examining the Online ISIL Threat,” produced by the State Department’s Office of Diplomatic Security (DS), a major cyber attack on French television TV5Monde last April by Cyber Caliphate hackers took the station off the air for 20 hours and exposed employee email accounts.

It was more sophisticated than anything previously seen from ISIS hackers.

French and American investigators tracking the electronic footprints of the hackers found they led to a Russian hacker group known as APT28, which usually hack in favor of the Russian government and directs its efforts at NATO.

In fact, they found no electronic tracks leading back to ISIS. Russian information warfare, which has intensified massively over the past several years, is taking ever changing twists and turns, and this one took investigators by surprise.

Russian hackers are greatly more sophisticated than the ISIS variety.

The Diplomatic Security report does, however, also stress the heavy influence of ISIS on Twitter in particular, as it seeks to create radicalized followers among disaffected and alienated Muslim youth in Western societies.

From September to December, 2014 alone, an estimated 46,000 Twitter accounts were associated with ISIS, the group’s most potent method to reach into impressionable minds.

Under the new leadership of Rashad Hussein at the U.S. Center for Strategic Counterterrorism Communication of the State Department (CSCC,) the policy of the U.S. government is to counter terrorism propaganda with a positive message, presenting a more attractive vision in the war of ideas.

This strategy dovetails with the administration’s dubious argument that terrorist acts arise from populations deprived of economic opportunity and have to be dealt with by addressing “root causes,” like poverty.

The new counterterrorism approach is a departure from the work of the Center for Strategic Counterterrorism Communication under the recently departed Ambassador Alberto Fernandez, who took a harder line, attacking ISIS (and Cyber Caliphate) propagandists head on, and exposing graphically the brutality and horrors perpetrated by ISIS terrorists.

For this tough and confrontational approach, Fernandez was heavily criticized in the U.S. media and shunned by the executive branch.

With Russian hackers parading as ISIS propagandists, we now seem to have a perfect storm.

The complexity of cyber conflict certainly suggests that the U.S. government must intensify and improve its own efforts to outsmart our enemies.

***

By Jack Murphy at SofRep in part:

ISIS feeds the West loaded information

There is no proof that Russian intelligence has a hand in ISIS information/propaganda operations. However, considering what we have discussed thus far, this scenario should be taken seriously. ISIS is actively gaming the psychological makeup of Western audiences in order to provoke the United States and allied nations into a full-blown military confrontation with the Islamic State in Syria and Iraq. If the hypothesis about Russian influence agents in ISIS is correct, and if they are participating in ISIS propaganda efforts, then we should ask why Russia would be interested in doing this to begin with.

The answer is fairly straightforward. Keeping America bogged down and preoccupied in the Middle East is of massive benefit to the Russian Federation. By goading America into another war in the Middle East, Russia has more opportunity to engage in military aggression in Ukraine, Dagestan, Chechnya, Georgia, Moldova, Akbazia, Nagorno-Karabakh, Uzbekistan, Tajikistan, Turkmenistan, and on and on throughout Russia’s near abroad. For sure, there would also be some more specific tactical and strategic goals, but in the general sense, the Gulf War III would help keep America off Russia’s back.

ISIS, and perhaps Russian intelligence, understands America’s future rationalizations for war very well. In the past we could justify war as being battles against communism or fascism for the preservation of the American way of life. Before that, more jingoistic narratives about manifest destiny were brought into play. But these justifications for war, racial or nationalistic, will have no place in future liberal Western nations. Instead wars will be justified as fights for gay rights, women’s rights, and other equality issues. One hypothetical example: Americans will be told that we have to invade Iran because gays are stoned to death or beheaded by the Iranian regime.

The Islamic State knows that there is no better way to terrify and incite Americans than to use mass executions, the murder of Christians, the use of sex slaves, the destruction of ancient relics, and the killing of homosexuals. ISIS is at war with Western consciousness, and it is a very deliberate effort.

Read more