Category Archives: Cyber War

2 Iranians Charged with Stealing Terabytes of National Security Data

Posted on by

JTN: Two Iranian nationals have been charged in connection with an intermittently state-sponsored campaign to target computers inside the United States, Europe and the Middle East, the Department of Justice announced Wednesday. The cyber-intruders acted at times on behalf of the Islamic Republic of Iran, the DOJ said.

iranian-hackers.png photo

In a 10-count indictment dated Sept. 15, Iranians Hooman Heidarian, 30, and Mehdi Farhadi, 34, were charged with stealing hundreds of terabytes of data. The purloined data included a range of confidential documents pertaining to national security, foreign policy intelligence, aerospace data, and unpublished scientific research, the DOJ said.

“In some instances, the defendants’ hacks were politically motivated or at the behest of Iran, including instances where they obtained information regarding dissidents, human rights activists, and opposition leaders,” the DOJ wrote in a Wednesday statement. “In other instances, the defendants sold the hacked data and information on the black market for private financial gain.”

The alleged perpetrators selected their victims after conducting “online reconnaissance” to target the victims’ areas of expertise, the DOJ wrote.

“Unfortunately, our cases demonstrate that at least four nations — Iran, China, Russia and North Korea — will allow criminal hackers to victimize individuals and companies from around the world, as long as these hackers will also work for that country’s government — gathering information on human rights activists, dissidents and others of intelligence interest,” Assistant Attorney General for National Security John C. Demers said in a statement. ” Today’s defendants will now learn that such service to the Iranian regime is not an asset, but a criminal yoke that they will now carry until the day they are brought to justice.”

Obtain a Ballot Just by Taking a Photo of a Signature

Posted on by

Ah what? A signature photo using your smart phone? Whose signature? How many signatures?

How This Solo Founder Got Into a Top Tech Accelerator ...

Meet Debra Cleaver, Founder & CEO, of Vote.org. February of 2017. The Institute of Politics as Harvard hosted a panel discussion, titled “Leaders of the Resistance’. The Panelists included Debra Cleaver, Founder & CEO of Vote.org; Leah Greenberg, Co-Founder of Indivisible; Andrea Hailey, Founder of Civic Engagement Fund; Amanda Litman, Founder of Run for Something; and Jess Morales Rocketto, Digital Community Organizer for OccupyAirports joined moderator Meighan Stone, a Spring 2017 Entrepreneurship Fellow at the Harvard Kennedy School Shorenstein Center on Media, Politics and Public Policy and President of Malala Fund for a panel discussion on the women-led “Resistance” against the current White House. The panelists discussed recent events in voter and candidate outreach, especially on the local level, in achieving their efforts to advance Democratic causes in the upcoming 2018 and 2020 elections.

Meanwhile……

With November looming, the scramble to protect the 2020 U.S. election from coronavirus chaos is on.

To that end, a small, skilled cluster of voting rights advocates are launching a new voter mobilization project. Called VoteAmerica, the new non-profit shares DNA with Vote.org, the esteemed nonpartisan voter mobilization site VoteAmerica founder Debra Cleaver first launched in 2008.

VoteAmerica’s goal is to boost voter turnout by helping people vote by mail. In a normal year that might mean striving to drive record turnout. But in the midst of the pandemic, the team is working to ensure that 2020’s presidential election turnout doesn’t slump like it would in a midterm election year.

“It seems at this point that Americans are either going to be unable or unwilling to vote in person in the November election, which could lead to catastrophically low turnout,” Cleaver said in an interview with TechCrunch . “But if we have our way, there will be no perceivable dip in turnout in November.”

While Vote.org is still around, the organization severed ties with Cleaver last summer in a drawn out battle with the group’s board. As Recode reported last month, some key Vote.org partners and donors walked out the door with Cleaver—a major concern for an organization with valuable ties in Silicon Valley and a more dire mission than ever in 2020.

With VoteAmerica, they might be back in the picture. Some of Cleaver’s previous Silicon Valley backers include Y Combinator’s Sam Altman (Cleaver is a YC alum), LinkedIn founder Reid Hoffman and angel investor Ron Conway. In a conversation with TechCrunch, Cleaver noted that at least Conway is back on board, pitching in with the $5 million in initial funding—a mix of grants and early contributions—to get the fledgling organization off the ground.

“We have the expertise, the team, the experience, and the plan,” Cleaver wrote in a Facebook post last month, adding that a “generous donor” had already stepped up to cover the nascent organization’s payroll costs.

Cleaver describes VoteAmerica as a lean team with deep experience—and one ready to hit the ground running. The project’s new website VoteAmerica.com fittingly displays an election day countdown clock in stark white-on-red lettering to convey the urgency of its task.

In the announcement for the new project, Cleaver said she believes that the 2020 elections “will be the most chaotic in American history”—a prediction that unfortunately is very difficult to argue with.

“Chaos driven by a global pandemic, foreign interference, threats of political violence, a radicalized electorate, a virulent campaign of disinformation, and fragile election administration technology all combine to make voting in person more difficult and less secure than ever before,” Cleaver said.

Because states conduct elections in the United States, her group’s core mission is to shepherd voters through the national patchwork of voting registration systems. On the simple site, visitors can register to vote, check their registration status, find a polling place, request an absentee ballot or sign up to vote-by-mail.

While many states in the U.S. already administer a large chunk of their voting through absentee vote-by-mail, It looks likely that the urgent public health threat posed by the coronavirus will mean that mass public gatherings in crowded polling places remain unwise. In light of that threat, states are looking to dramatically scale up those systems now to get them ready in time for November.

Old systems, new solutions

For VoteAmerica, navigating the quirks of American election systems can look like lending voters a fax machine.

“You can only sign up [for a mail-in ballot] online in 15 states, which is not actually a significant number, but there’s another 15 more where you can fax in your form, which doesn’t seem relevant because it’s 2020 and who uses a fax machine?”

But using fax APIs, VoteAmerica is building out a system that allows voters to request a vote-by-mail application just by taking a photo of their signature. VoteAmerica’s tool then uses code to put the signature in the right spot on the form and then programmatically faxes it to the relevant local election official.

“This is kind of wonky because we’re using truly antiquated technology to modernize the vote-by-mail process,” Cleaver said. “But if you have a mobile device—and 87% of Americans have a smartphone—we’re building technology that lets you sign up directly from your mobile device without printing and mailing.”

It’s just one way that VoteAmerica plans to employ technology solutions to civic problems—like the outdated government systems that still haunt American life. The solution sounds small, but at scale it can mobilize a huge amount of voters who otherwise could have been tangled up in the bureaucratic process. Naturally, that kind of elegant workaround to inefficient systems attracts interest from the tech community.

“We definitely do get a lot of tech money, and I think it’s because tech people both appreciate and trust using technology to clear antiquated hurdles,” Cleaver said.

“The things that we do, people in Silicon Valley are very receptive to it, whereas people outside the Valley might take a little more time to warm up to it.” More here.

NK Hackers are Robbing Banks Around the World

Posted on by

Primer:

North Korea’s Foreign Ministry on Saturday called the United States a “mastermind of cybercrime” as it responded to a report detailing Pyongyang’s efforts to hack banks.

In an English-language statement posted on the ministry’s website, a spokesperson for the country’s “National Coordination Committee for Anti-Money Laundering and Countering the Financing of Terrorism” denied the regime’s link to any online criminal activities, claiming there was no truth to the “preposterous rumors” circulated by the United States.

The U.S. Treasury Department and three federal agencies including the FBI said in an alert issued Wednesday that hackers attempted to initiate fraudulent money transfers and ATM “cash-outs” from multiple countries that appeared to be part of the North’s “extensive, global cyber-enabled bank robbery scheme.” More here.

US govt warns of North Korean hackers targeting banks ... source/article

The BeagleBoyz have made off with nearly $2 billion since 2015, and they’re back to attacking financial institutions after a short lull in activity.

The BeagleBoyz, part of the North Korean government’s hacking apparatus, are back to targeting banks around the world after a brief pause in activity.

The US Cybersecurity and Infrastructure Security Agency (CISA) has released an alert with details of how the BeagleBoyz have made off with an estimated $2 billion in fiat and cryptocurrency since 2015, along with details on how financial institutions can protect themselves against their known patterns of attack.

Along with the theft of massive amounts of money that the United Nations believes is used for North Korea’s nuclear weapons and ballistic missile programs, the robberies also pose a serious risk to financial institutions’ reputations, their operations, and public confidence in banking, CISA said.

The BeagleBoyz aren’t typical cybercriminals either: They conduct “well-planned, disciplined, and methodical cyber operations more akin to careful espionage activities,” CISA warns. “Over time, their operations have become increasingly complex and destructive. The tools and implants employed by this group are consistently complex and demonstrate a strong focus on effectiveness and operational security.”

The group has used a variety of approaches to gaining initial access: Spear phishing, watering holes, social engineering, malicious files, and even contracted third-party hacking groups have been used for initial penetration.

Once inside a network, the BeagleBoyz have again used a wide variety of approaches to meet their objectives, establish a persistent presence, evade defense, and harvest credentials of privileged users.

CISA said that the BeagleBoyz appear to seek out two particular systems in a financial institution’s network: It’s SWIFT terminal and the server hosting the payment switch application for the bank. They map networks using locally-available administrative tools, deploy a constantly evolving list of command and control software, and ultimately try to make off with any possible money they can get their hands on via fraudulent ATM cashouts.

“After gaining access to either one or both of these operationally critical systems, the BeagleBoyz monitor the systems to learn about their configurations and legitimate use patterns, and then they deploy bespoke tools to facilitate illicit monetization,” CISA said.

It isn’t known if the BeagleBoyz have successfully targeted a US-based financial institution, and CISA’s report suggests they’ve been active primarily in other parts of the world. That doesn’t mean they won’t attempt to break into a US-based bank: Everyone in the cybersecurity arm of the financial industry should be alert.

Protecting against the BeagleBoyz

CISA makes the following mitigation suggestions based on particular industry:

All financial institutions:

Institutions with retail payment systems:

  • Require chip and PIN for all transactions
  • Isolate payment system infrastructure behind multiple authentication factors
  • Segment networks into separate, secure enclaves
  • Encrypt all data in transit
  • Monitor networks for anomalous behavior

Institutions with ATMs or point-of-sale devices:

  • Validate issuer responses to financial request messages
  • Implement chip and PIN for debit transactions

These suggestions come along with general good security habits such as enforcing strong password policies, keeping all systems up to date, disabling all unnecessary services on workstations, scanning documents and emails for potential malicious code, and staying up to date on the latest threats.

 

Chinese Regime Rushes to Destroy Files Overseas

Posted on by

In part: The Chinese Communist Party (CCP) has directed certain overseas Party cells to destroy sensitive documents and safeguard Party secrets, in response to heightened scrutiny in the West of the regime’s covert activities abroad, an internal document obtained by The Epoch Times reveals.

A notice issued in August by China’s state-owned oil giant China National Petroleum Corporation (CNPC) instructed that the company’s overseas offices in more than ten countries, including Australia and Canada, must “urgently destroy or transfer sensitive documents” relating to “overseas Party-building activities.”

China National Petroleum Corporation - Barco source

Party-building activities overseas, according to New York-based China commentator Qin Peng, refers to the CCP’s efforts to expand its global influence. Under this program, Chinese consulates can instruct Chinese multinational companies to carry out tasks beyond their business operations, such as collecting intelligence, stealing sensitive information, and influencing local officials, he said.

The notice said that important documents that can’t be easily destroyed may be given to the Chinese embassy in Cambodia for safekeeping.

It also directs the company’s Party members not to divulge sensitive information to local law enforcement.

“When subject to foreign investigations, Party members and cadres must abide by [the principle of] ‘strictly guarding Party secrets,’” the document said. “This is an iron rule and discipline.”

The directive was a response to recent actions by the United States and other Western governments, the document said, citing an incident in Australia where authorities searched and seized mobile phones and computers of Chinese diplomatic personnel because they contained material relating to the CCP. It did not provide further detail about this incident.

The United States has in recent months escalated efforts in combating Chinese espionage and malign influence activities. The Trump administration in July ordered the closure of the Chinese consulate in Houston, saying the diplomatic outpost was a “hub of spying and intellectual property theft.” Federal agents also made a string of arrests of suspected undercover Chinese military officers studying in the country, who prosecutors say are part of a broader network spanning 50 U.S. cities.

The regime’s covert foreign influence operations have also come under the spotlight in many democracies, particularly in Australia, where the government has stepped up actions targeting Chinese influence in politics and university campuses.

Nicholas Eftimiades, a former senior U.S. intelligence official and author of the book “Chinese Intelligence Operations,” told The Epoch Times that the incident in Australia may have referred to an unreported seizure by border officials at the country’s ports of entry, or the recent raid of a Chinese-Australian’s home as part of an investigation into Chinese foreign interference.

Going Underground

The notice said the United States, the U.K., Australia, Canada, and New Zealand were “highly sensitive countries,” and directed staff in those countries to delete all Party-building materials from electronic devices and destroy physical files. Where documents can’t be destroyed, they should be “sealed and stored” in a secure location or handed over to the Chinese embassy in Cambodia, the document instructed.

In Australia and Canada, CNPC staff are to report to their local Chinese consulate the status of how they have dealt with “sensitive urgent information,” the notice said.

The document also demands that all the company’s overseas party organizations, particularly those located in Malaysia, Singapore, and Saudi Arabia, should “proactively accept the leadership role of the Party committee at Cambodia’s Chinese embassy.”

The instructions also emphasized limiting public exposure of overseas Party activities. It prohibited events from being promoted on Chinese social media such as Weibo and WeChat, and issuing public reports of such activities. Communications about Party members or organizations, and reports on Party-building activities should be sent via encrypted channels. Party members were also banned from raising the Chinese national flag, wearing the Party badge, and displaying the content of Party activities on notice boards.

Chinese diplomats return from Houston consulate shut by US ...

In addition, when holding Party-building activities, staff are not to disclose the identities of Party members and their Party positions, the notice said.

‘Damage Control’

Eftimiades said that it’s very likely this directive was issued to other state-owned enterprises. The notice, he said, revealed an “extraordinary global operation to protect information, to restrict activities so that they don’t come up on the radar of foreign governments.”

James Carafano, vice president of the Heritage Foundation’s institute for national security and foreign policy, said this move would not be surprising given that the regime is likely anticipating much more scrutiny from Western countries.

“If there’s one thing they’re really good at, it’s covering up their tracks,” Carafano told The Epoch Times.

The notice also reveals the close cooperation between the regime and state-owned companies, Eftimiades said.

“A huge dimension of this is the role of the consulates in directing and coordinating the activities of state-owned enterprises abroad,” he said.

The Chinese regime also publicly reveals how Chinese consulates preside over overseas Chinese companies.

A document on “risk prevention guidelines” for overseas Chinese companies, found on the website of China’s Ministry of Foreign Affairs, points out that companies must register with their local consulates and accept their “guidance and management.”

In the event of sudden “safety-related incidents,” Chinese companies must do their public relations under the guidance of corresponding consulates and related Chinese agencies, to “positively guide the public opinion.”

In March 2019, Qi Yu, secretary of the Party committee at China’s Ministry of Foreign Affairs, held a meeting, during which the committee said Chinese consulates should “enhance their political understanding…in order to better serve” the Party.

While the document suggests the CCP has become more cautious, countries shouldn’t let up their guard, Qin warns, adding that as these activities go underground, the Chinese regime is likely to engage in more covert actions, and it’s a long-term threat that countries shouldn’t dismiss.

N. Korea has 60 Nuclear Bombs, 5000 tons of Chemical Weapons

Posted on by

An Army report has the following information in part regarding North Korea:

A new assessment made by the United States Department of the Army estimates that the North Korean regime is in possession of massive amounts of conventional and non-conventional weapons that they are “highly likely” to use in specific circumstances, according to the Yonhap News Agency.

The assessment was published in a report entitled “North Korean Tactics,” and attributes North Korea’s huge armaments program to a desire to “prevent other countries from contemplating regime change.” Apparently, Kim Jong-un, the North Korean dictator, took note of what happened to his Libyan counterpart Muammar Gaddafi and “does not want something similar to happen” to him. (Gaddafi was killed by rebel Libyan forces, after a multi-national force including NATO countries attacked Libya with the stated goal of imposing an arms embargo, sanctions, and an assets freeze against regime leaders.)

According to the report, North Korea already has between 20 and 60 nuclear bombs and “the capacity to produce six new devices each year.” It also boasts the world’s third-largest stockpile of chemical weapons – between 2,500 and 5,000 tons of various substances – and is engaged in research into biological warfare as well. “Only one kilogram of anthrax could kill up to 50,000 people in Seoul,” the capital of South Korea, the report’s authors note.

Another ongoing source of concern is North Korea’s Cyber Warfare Guidance Unit, which employs over 6,000 computer hackers who “can successfully conduct invasive computer warfare activities from the safety of its own territory.” North Korean operatives are known to already be operating in several foreign countries including Belarus, China, India, Malaysia, and Russia.

Negotiations between the United States and North Korea broke down entirely following an unproductive summit between Kim Jong-un and US President Donald Trump in February, 2019.

Further details in the report to Congress includes:

North Korea’s military “uses tactics based on former Soviet or current Russian doctrine, Chinese developments, lessons learned, and observation of recent military actions,” according to a new US Army manual on the subject.

“While North Korea maintains large amounts of military equipment, much of it is outdated making it quantitatively superior to most armies but qualitatively inferior,” the new manual said. See North Korean Tactics, Army Techniques Publication (ATP) 7-100.2, 24 July 2020.

But North Korea has proved resourceful in other areas, including offensive cyber warfare.

“The primary organization responsible for computer warfare in North Korea is Bureau 121, which fielded at least 1,000 elite hackers in 2010 who focused on other countries’ computer systems. This number is likely much higher now” and includes “cyberspace teams [deployed] in foreign countries.”

And not least of all, “The country’s possession of a nuclear arsenal and its pursuit of missile technology are attempts to ensure that external powers do not interfere with its internal affairs for fear of a nuclear reprisal,” the Army manual said.

 

“North Korea is constantly adapting and evolving its capabilities,” the Army said.

***

Formed in the late 1990s, Bureau 121 is unit 121 of the General Bureau of Reconnaissance in North Korea’s military. (now made up of 6000 hackers)

Part of the unit is sometimes known as the DarkSeoul Gang, according to a report by Reuters.

Despite being one of the poorest countries in the world, North Korea puts a lot of its cash into Bureau 121.

North Korea is still technically at war with South Korea and cyber-warfare is arguably its best weapon. Coming from a defector in 2015, more details were provided to the BBC.

There is an official training school for the younger hacking applicants.

North Korea's Bureau 21 cyber-warriors trained up for ... source

Students sent to the Military school after graduating from Geumseong Middle School in the capital. A report into the cyber threat written by US Major Steve Sin in 2009 revealed Unit 121 had a base in Chilbosan Hotel, in Shenyang, China, from where could launch its attacks.The 164-room three star hotel – which is jointly owned by the North Koreans and Chinese. More details here.