Category Archives: Cyber War

CyberWar Vulnerabilities

Posted on by

A Hacker’s Hit List of American Infrastructure

In an 800-page document dump, the U.S. government revealed critical vulnerabilities.

On Friday, December 19, the FBI officially named North Korea as the party responsible for a cyber attack and email theft against Sony Pictures. The Sony hack saw many studio executives’s sensitive and embarrassing emails leaked online. The hackers threatened to attack theaters on the opening day of the offending film, The Interview, and Sony pulled the plug on the movie, effectively censoring a major Hollywood studio. (Sony partially reversed course, allowing the movie to show in 331 independent theaters on Christmas Day, and to be streamed online.)

Technology journalists were quick to point out that, even though the cyber attack could be attributable to a nation-state actor, it wasn’t particularly sophisticated. Ars Technica’s Sean Gallagher likened it to a “software pipe bomb.”

But according to cybersecurity professionals, the Sony hack may be a prelude to a cyber attack on United States infrastructure that could occur in 2015, as a result of a very different, self-inflicted document dump from the Department of Homeland Security in July.

Here’s the background: On July 3, DHS, which plays “key role” in responding to cyber attacks on the nation, replied to a Freedom of Information Act (FOIA) request on a malware attack on Google called “Operation Aurora.”

Unfortunately, as Threatpost writer Dennis Fisher reports, DHS officials made a grave error in their response. DHS released more than 800 pages of documents related not to Operation Aurora but rather the Aurora Project, a 2007 research effort led by Idaho National Laboratory demonstrating how easy it was to hack elements in power and water systems.

Oops.

The Aurora Project exposed a vulnerability common to many electrical generators, water pumps, and other pieces of infrastructure, wherein an attacker remotely opens and closes key circuit breakers, throwing the machine’s rotating parts out of synchronization causing parts of the system to break down.

In 2007, in an effort to cast light on the vulnerability that was common to many electrical components, researchers from Idaho National Lab staged an Aurora attack live on CNN. The video is below.

How widespread is the Aurora vulnerability? In this 2013 article for Power Magazine:

The Aurora vulnerability affects much more than rotating equipment inside power plants. It affects nearly every electricity system worldwide and potentially any rotating equipment—whether it generates power or is essential to an industrial or commercial facility.

The article was written by Michael Swearingen, then manager for regulatory policy for Tri-County Electric Cooperative (now retired), Steven Brunasso, a technology operations manager for a municipal electric utility, Booz Allen Hamilton critical infrastructure specialist Dennis Huber, and Joe Weiss, a managing partner for Applied Control Solutions.

Weiss today is a Defense Department subcontractor working with the Navy’s Mission Assurance Division. His specific focus is fixing Aurora vulnerabilities. He calls DHS’s error “breathtaking.”

The vast majority of the 800 or so pages are of no consequence, says Weiss, but a small number contain information that could be extremely useful to someone looking to perpetrate an attack. “Three of their slides constitute a hit list of critical infrastructure. They tell you by name which [Pacific Gas and Electric] substations you could use to destroy parts of grid. They give the name of all the large pumping stations in California.”

The publicly available documents that DHS released do indeed contain the names and physical locations of specific Pacific Gas and Electric Substations that may be vulnerable to attack.

Defense One shared the documents with Jeffrey Carr, CEO of the cybersecurity firm Taia Global and the author of Inside Cyber Warfare: Mapping the Cyber Underworld. “I’d agree…This release certainly didn’t help make our critical infrastructure any safer and for certain types of attackers, this information could save them some time in their pre-attack planning,” he said.

Perpetrating an Aurora attack is not easy, but it becomes much easier the more knowledge a would-be attacker has on the specific equipment they may want to target.

* * *

In a 2011 paper for the Protective Relay Engineers’ 64th Annual Conference, Mark Zeller, a service provider with Schweitzer Engineering Laborites lays out—broadly—the information an attacker would have to have to execute a successful Aurora attack. “The perpetrator must have knowledge of the local power system, know and understand the power system interconnections, initiate the attack under vulnerable system load and impedance conditions and select a breaker capable of opening and closing quickly enough to operate within the vulnerability window.”

“Assuming the attack is initiated via remote electronic access, the perpetrator needs to understand and violate the electronic media, find a communications link that is not encrypted or is unknown to the operator, ensure no access alarm is sent to the operators, know all passwords, or enter a system that has no authentication.”

That sounds like a lot of hurdles to jump over. But utilities commonly rely on publicly available equipment and common communication protocols (DNP, Modbus, IEC 60870-5-103,IEC 61850, Telnet, QUIC4/QUIN, and Cooper 2179) to handle links between different parts their systems. It makes equipment easier to run, maintain, repair and replace. But in that convenience lies vulnerability.

In their Power Magazine article, the authors point out that “compromising any of these protocols would allow the malicious party to control these systems outside utility operations.”

Defense One reached out to DHS to ask them if they saw any risk in the accidental document dump. A DHS official wrote back with this response: “As part of a recent Freedom of Information Act (FOIA) request related to Operation Aurora, the Department of Homeland Security (DHS) National Programs and Protection Directorate provided several previously released documents to the requestor. It appears that those documents may not have been specifically what the requestor was seeking; however, the documents were thoroughly reviewed for sensitive or classified information prior to their release to ensure that critical infrastructure security would not be compromised.”

Weiss calls the response “nonsense.”

The risk posed by DHS accidental document release may be large, as Weiss argues, or nonexistent, as DHS would have you believe. But even if it’s the latter, Aurora vulnerabilities remain a key concern.

Perry Pederson, who was the director of Control Systems Security Program at DHS in 2007 when the Aurora vulnerability was first exposed, said as much in a blog post in July after the vulnerability was discovered. He doesn’t lay blame at the feet of DHS. But his words echo those of Weiss in their urgency.

“Fast forward to 2014. What have we learned about the protection of critical cyber-physical assets? Based on various open source media reports in just the first half of 2014, we don’t seem to be learning how to defend at the same rate as others are learning to breach.”

* * *

In many ways the Aurora vulnerability is a much harder problem to defend against than the Sony hack, simply because there is no obvious incentive for any utility operator to take any of the relatively simple costs necessary to defend against it. And they are simple. Weiss says that a commonly available device installed on vulnerable equipment could effectively solve the problem, making it impossible to make the moving parts spin out of synchronization. There are two devices on the market iGR-933 rotating equipment isolation device (REID) and an SEL 751A, that purport to shield equipment from “out-of-phase” states.

To his knowledge, Weiss says, Pacific Gas and Electric has not installed any of them anywhere, even though the Defense Department will actually give them away to utility companies that want them, simply because DOD has an interest in making sure that bases don’t have to rely on backup power and water in the event of a blackout. “DOD bought several of the iGR-933, they bought them to give them away to utilities with critical substations,” Weiss said. “Even though DOD was trying to give them away, they couldn’t give them to any of the utilities because any facility they put them in would become a ‘critical facility’ and the facility would be open to NERCCIP audits.”

Aurora is not a zero-day vulnerability, an attack that exploits an entirely new vector giving the victim “zero days” to figure out a patch. The problem is that there is no way to know that they are being implemented until someone, North Korea or someone else, chooses to exploit them.

Can North Korea pull of an Aurora vulnerability? Weiss says yes. “North Korea and Iran and are capable of doing things like this.”

Would such an attack constitute an act of cyber war? The answer is maybe. Speaking to reporters at the Pentagon on Friday, Pentagon Press Secretary Rear Adm. John Kirby said “I’m also not able to lay out in any specificity for you what would be or wouldn’t be an act of war in the cyber domain. It’s not like there’s a demarcation line that exists in some sort of fixed space on what is or isn’t. The cyber domain remains challenging, it remains very fluid. Part of the reason why it’s such a challenging domain for us is because there aren’t internationally accepted norms and protocols. And that’s something that we here in the Defense Department have been arguing for.”

Peter Singer, in conversation with Jason Koebler at Motherboard, says that the bar for actual military engagement against North Korea is a lot higher than hacking a major Hollywood movie studio.

“We didn’t go to war with North Korea when they murdered American soldiers in the 1970s with axes. We didn’t go to war with North Korea when they fired missiles over our allies. We didn’t go to war with North Korea when one of their ships torpedoed an alliance partner and killed some of their sailors. You’re going to tell me we’re now going to go to war because a Sony exec described Angelina Jolie as a diva? It’s not happening.”

Obama said Friday that there would be some sort of response to the hack, but declined to say what. “We have been working up a range of options. They will be presented to me. I will make a decision on those based on what I believe is proportional and appropriate to the nature of this crime,” he said.

Would infrastructure vandalism causing blackouts and water shutdowns constitute an act of war? The question may be moot. Before the United States can consider what sort of response is appropriate to cyber attacks, it must first be able to attribute them.

The FBI was able to finger North Korea for the hack after looking at the malware in the same way a forensics team looks for signs of a perpetrator at the scene of the crime. “Technical analysis of the data deletion malware used in this attack revealed links to other malware that the FBI knows North Korean actors previously developed. For example, there were similarities in specific lines of code, encryption algorithms, data deletion methods, and compromised networks,” according to the FBI statement. (Attribution has emerged as a point of contention in technology circles, with many experts suggesting that an inside hack job was more likely.)

An Aurora vulnerability attack, conversely, leaves no fingerprints except perhaps a single IP address. Unlike the Sony hack, it doesn’t require specially written malware to be uploaded into a system—malware that could indicate the identity of the attacker, or at least his or her affiliation. Exploiting an Aurora attack is simply a matter of gaining access, remotely, possibly because equipment is still running on factory-installed passwords, and then turning off and on a switch.

“You’re using the substations against whatever’s connected to them. Aurora uses the substations as the attack vector. This is the electric grid being the attack vector,” said Weiss, who calls it “a very, very insidious” attack.

The degree to which we are safe from that eventuality depends entirely on how well utility companies have put in place safeguards. We may know the answer to that question in 2015.

Meanwhile Back in Syria, Destruction

Posted on by

Extremists destroy 13th century Muslim tomb in Syria

Nusra Front Islamist militants linked to al-Qaeda have blown up the 13th century tomb of a revered Islamic scholar in southern Syria, Syrian state news agency SANA and monitoring group, the Syrian Observatory for Human Rights, reported.

The mausoleum of Imam Nawawi is in Nawa in Deraa province near the Jordanian border, a town captured by groups fighting the Syrian government in November.

The Nusra Front follows the same puritanical interpretation of Sunni Islam adopted by the Islamic State group that has also destroyed shrines in areas of eastern and northern Syria that it controls. They see tombs as sacrilegious.

Investigators confident that chlorine gas was used in 3 Syrian villages

UNITED NATIONS — Chemical weapons investigators concluded “with a high degree of confidence” that chlorine gas was used as a weapon against three opposition-controlled villages in Syria last year, affecting between 350 and 500 people and killing 13, according to a report obtained Tuesday by The Associated Press.

The third report by a fact-finding mission from the Organization for the Prohibition of Chemical Weapons didn’t apportion blame but said 32 of 37 people interviewed “saw or heard the sound of a helicopter over the village at the time of the attack with barrel bombs containing toxic chemicals.”

The investigators said 26 people heard the distinctive “whistling” sound of the falling barrel bombs containing toxic chemicals and 16 visited the impact sites and saw the bombs or their remnants. They said 29 people smelled “the distinctive odor of the gas cloud” released after the bombs hit the ground, mainly describing it “as intense, chlorine-like, similar to cleaning material used to clean toilets, but much stronger.”

The report includes a description of 142 videos and 189 pieces of material obtained by the investigators as well as photos of impact sites and the inner chlorine cylinder from a barrel bomb.

The mission was established by the OPCW on April 29 to establish the facts surrounding allegations of the use of chlorine “for hostile purposes” in Syria. Chlorine gas is readily available and is used in industry around the world, but it can also be used as a weapon.

The U.N. Security Council has been intensely involved in the issue of alleged chemical weapons use in Syria. After an August 2013 sarin gas attack near Damascus in which the U.S. says more than 1,400 people were killed, the Security Council unanimously adopted a resolution backed by the U.S. and Russia on Sept. 27, 2013, ordering Syria’s chemical weapons stockpile to be destroyed. U.N. investigators could not find enough evidence to assess blame for the sarin attack. Syria’s declared chemical weapons stockpiles have since been destroyed under international supervision, but questions remain about whether it may still be hiding deadly chemical agents.

Chlorine gas is not listed as a chemical weapon. But eight council members, including the United States, said in a Dec. 30 letter accompanying the OPCW report that the 2013 resolution also states that any use of chemical weapons threatens international peace and security and must be condemned.

The 15 council members discussed the fact-finding mission’s report behind closed doors Tuesday, and diplomats said the U.S. and other Western nations who signed the letter along with Jordan urged Security Council action in response to the findings. But Russia, Syria’s closest ally, insisted that the report on chlorine attacks was an issue for the OPCW, which polices the Chemical Weapons Convention, the diplomats said, speaking on condition of anonymity because consultations were private.

Syria’s Deputy Foreign Minister Faysal Mekdad told an OPCW meeting on Dec. 1 that his government has never used chemical weapons or chlorine gas during the country’s four-year civil war, which has claimed over 200,000 lives and displaced one third of the country’s population. He said terror groups “have used chlorine gas in several of the regions of Syria and Iraq.”

But U.S. Ambassador Samantha Power tweeted that “only Syrian regime uses (helicopters).” She also tweeted that the Syrian “Regime must be shown it is not enough to destroy declared CW (chemical weapons); must stop dropping chemical-laden explosives on civilians.”

The investigators interviewed 14 people from the village of Talmenes in Idlib governorate about barrel bomb attacks on April 21 and April 24. At two houses that were hit, a 7-year-old boy, a teenage girl, and the matriarch of a family died from exposure to chlorine gas, they said. Domestic animals including cows, goats and sheep also died at both houses.

Fourteen people from the village of Al Tamanah, also in Idlib, were interviewed by the mission’s investigators about five incidents in April and May – all but one at night. Eight members of two families who had sought refuge in the village died shortly after separate attacks involving the toxic chemical, the report said.

Investigators said they interviewed nine people from Kafr Zita in Hama Governorate in northern Syria and were told that the village had been the target of hundreds of attacks with conventional weapons and 17 attacks using toxic chemicals between April and August.

Who is Funding the Leftists in Latin America?

Posted on by

It has been proven that the Soviet KGB funded terror and operations against the West.

Now we have China doing the same thing in the Western hemisphere.

China Boosts Support for Latin Leftists

China Pledged Billions of Dollars of Financing to Venezuela and Ecuador, Two South American Energy Exporters Battered by Falling Oil Prices

China pledged billions of dollars of financing to Venezuela and Ecuador, two South American energy exporters battered by falling oil prices, as Beijing moved to secure resources and allies in the region.

China has increased its diplomatic clout throughout Latin America by extending over $100 billion in credit to the region since 2005, according to figures from Boston University’s Global Economic Governance Initiative.

Beijing has become the biggest foreign financier of both Venezuela and Ecuador, two oil-rich, leftist allies eager to help counter U.S. sway in the region.

Following a meeting with Chinese President Xi Jinping , his Venezuelan counterpart Nicolás Maduro announced bilateral accords that would bring $20 billion in new investment to Venezuela. Ecuador said it secured $7.5 billion in financing.

Both Mr. Maduro and his Ecuadorian counterpart, Rafael Correa, were in Beijing along with officials from various Latin American nations to take part in a regional gathering.

Both Latin countries, highly dependent on oil exports to pay for heavy public spending, were in dire need of a helping hand as crude prices tumble to less than half of their level from several months ago. A barrel of oil sold for about $50 on Wednesday.

Last week, Venezuela’s central bank released long-delayed figures, revealing the country entered a recession in 2014.

Venezuela needs oil to average around $117.50 a barrel to balance its 2015 budget, according to Deutsche Bank estimates.

In Ecuador, officials have reported a slowing economy, with growth of 3.4% in the third quarter, down from 5.6% in the July-through-September period in 2013.

Mr. Maduro, who has seen his approval rating swoon along with oil prices, offered few details on the new accords with China, which he said involved projects in the energy, industrial and housing sectors.

The Venezuelan leader, who has struggled to keep supporters happy amid shortages of basic goods, praised China for coming to the rescue.

“The economic war against our people and the oil price war is an opportunity to grow closer to our allies,” said Mr. Maduro, who has blamed Venezuela’s spiraling economy on an alleged plot by enemies of his leftist government.

Venezuela is slated to hold hotly contested legislative elections in December that many analysts see as a referendum on Mr. Maduro’s performance.

At a daily press briefing on Wednesday, Chinese Foreign Ministry spokesman Hong Lei said “Relevant financing cooperation is going smoothly” with Venezuela. State-run China Central Television paraphrased Chinese President Xi Jinping as calling for “promoting oil development” in a meeting with Mr. Maduro.

Experts said it was unclear without further details what kind of impact the new financing would have on the Venezuelan and Ecuadorian economies.

China has extended to Caracas some $50 billion in credit since 2007 in exchange for guaranteed oil. It has committed more than $12 billion in financing to Ecuador between 2009 and 2014.

Wednesday’s agreement underscored China’s continuing support for Mr. Maduro despite his political woes, said Risa Grais Targow, senior Latin America analysts for Eurasia Group.

“This is because the Chinese are heavily exposed to Venezuela and are likely concerned about the prospect of regime change,” she said in a client note.

China-Latin America Finance Database

Since 2005, China has provided upwards of $87 billion in loan commitments to Latin American countries. China’s loan commitments of $37 billion in 2010 were more than those of the World Bank, Inter-American Development Bank, and U.S. Export-Import Bank combined. This interactive database provides up-to-date information on Chinese lending in Latin America by country, lender, sector and year.

This database stems from a collaborative project by Boston University’s Global Economic Governance Initiative and Tufts University’s Global Development and Environment Institute. The resulting Inter-American Dialogue publication, The New Banks in Town: Chinese Finance in Latin America, by Kevin Gallagher, Amos Irwin, and Katherine Koleski is the main source of featured data and conclusions. Loan data is updated on an annual basis.

Apprehended in U.S. from Terror States

Posted on by

Consider as you read below, how many we did not catch. Consider how many actually got a pass. Consider how many received visas from the State Department to come here under a green card.

Just consider Iraq, a worn torn country currently in a war. How many have been allowed into the United States and why? This is chilling only from 2013.

WASHINGTON—Two Iraqi citizens living in Bowling Green, Kentucky who admitted using improvised explosive devices (IEDs) against U.S. soldiers in Iraq and who attempted to send weapons and money to al Qaeda in Iraq (AQI) for the purpose of killing U.S. soldiers were sentenced today to serve federal prison terms by Senior Judge Thomas B. Russell in U.S. District Court for the Western District of Kentucky.

The sentences was announced Lisa Monaco, Assistant Attorney General for National Security; David J. Hale, U.S. Attorney for the Western District of Kentucky; and Perrye K. Turner, Special Agent in Charge of the FBI Louisville Division.

Mohanad Shareef Hammadi, 25, a former resident of Iraq, was sentenced to life in federal prison, and Waad Ramadan Alwan, 31, a former resident of Iraq, was sentenced to 40 years in federal prison, followed by a life term of supervised release. Both defendants had pleaded guilty to federal terrorism charges.

Iraqi Refugee Processing

Part of the humanitarian mission of the USRAP is to provide resettlement opportunities to especially vulnerable Iraqi refugees. Since large-scale Iraqi refugee processing was announced in February 2007, DHS and DOS have worked cooperatively to increase the number of Iraqi refugees admitted to the United States as part of the worldwide commitment. DHS and DOS have worked closely to expand processing capacity for Iraqi refugee applicants while ensuring the highest level of security. In support of these efforts, USCIS currently deploys approximately 55 officers per quarter to the Middle East to conduct refugee processing circuit rides. Since the inception of the program in 2007, 203,321 Iraqi nationals have been referred to the USRAP for resettlement to the United States. USCIS has interviewed 142,670 Iraqi refugee applicants; approved 119,202 for resettlement and, 84,902 Iraqi refugees have arrived in the United States.

Does Customs and Border Patrol coordinate with ICE, then DHS then the FBI? Well take a look at the FBI homepage on terrorism.

(CNSNews.com) – The Department of Homeland Security’s Customs and Border Protection reports that in fiscal year 2014 (Oct. 1 through Sept. 30) agents apprehended 1,191 individuals from 12 of the 14 countries that DHS and the State Department have considered as countries that have problems with terrorism.

In December, CBP released its apprehension statistics for 2014, which show that of the 486,651 apprehensions, 257,473 were from countries “other than Mexico.” Of those apprehended from countries “other than Mexico,” CBP provided CNSNews.com the countries of origin of those taken into custody.

Of those from countries “other than Mexico,” 1,191 were from 12 countries – Iran, Sudan, Cuba and Syria (state sponsors of terror), and Afghanistan, Algeria, Lebanon, Libya, Nigeria, Iraq, Pakistan, Saudi Arabia, Somalia and Yemen (“countries of interest”) – designated by the federal government to have terrorist links.

The breakdown of the apprehension of individuals from 12 countries designated as “countries of interest” is as follows, according to CBP: Afghanistan (4); Algeria (3); Cuba (1,061); Iran (4); Iraq (7); Lebanon (10); Nigeria (29); Pakistan (31); Saudi Arabia (16); Somalia (6); Syria (14); and Yemen (6).

As CNSNews.com reported in 2010, following the failed attempt to bring down Northwest Flight 253 on Dec. 25, the Transportation Safety Administration (TSA) announced enhanced airport screening for people traveling through or from 14 “countries of interest.” TSA did not specify which nations it considered “countries of interest.”

“TSA is mandating that every individual flying into the U.S. from anywhere in the world who holds a passport issued by or is traveling from or through nations that are state sponsors of terrorism or other countries of interest will be required to go through enhanced screening,” the TSA said.

“TSA directed the increased use of enhanced screening technologies and mandates threat-based and random screening for majority passengers on U.S. bound international flights,” it added.

But a Jan. 4, 2010 New York Times report, citing Obama administration officials, identified them as Afghanistan, Algeria, Lebanon, Libya, Nigeria, Iraq, Pakistan, Saudi Arabia, Somalia and Yemen. The other four – Iran, Sudan, Syria and Cuba – were identified as state sponsors of terrorism by the State Department.

A Jan. 4, 2010 report in USA Today, citing the TSA as the source, described the full list of nations whose citizens would be targeted for enhanced security checks as “14 countries with terrorism problems.”

 

Streets of Paris, al Qaeda Cold Blooded Murder

Posted on by

Cherif Kouachi, 26, and Thamar Bouchnak, 25, were arrested in Paris in January 2005 as they prepared to fly to Damascus. They were sentenced to three years, as requested by Xavier- Rolai.

Kouachi said on the stand that he was inspired by detainee abuse by U.S. troops at Baghdad’s Abu Ghraib prison, though he was relieved he was stopped. The court said Kouachi had wanted to attack Jewish targets in France, but Benyettou had told him that France wasn’t a “land of jihad” but Iraq was.

Update:  21.30. the three suspects have been identified. It comes from Saïd Kouchi., born in 1980 in Paris, Charles Kouchi., born in 1982 in Paris and Waleed M. Hamyd, born in 1996. All three are originating in Gennevilliers (Hauts-de-Seine). They were reportedly arrested but no official confirmation comes for the hour of the Ministry of the Interior.

21 h 20.According to Metronews, the three suspects have been identified. It would be two brothers of 32 and 34 years, born in Paris, and a young 18-year-old man, whose nationality is not known.

2110. thousands of people gathered Wednesday evening in several European cities, like Berlin, Brussels, Madrid, Vienna or London. In Berlin, they were 500 late afternoon outside the Embassy of France. Near the Brandenburg Gate, in the centre of the German capital, many demonstrators came with candles, waving placards proclaiming “I’m Charlie” or ancient some of Charlie Hebdo. And this sign: “Europe United in solidarity ‘. In Brussels, several hundred people gathered outside the Consulate of France and the European Parliament, where they brandished silently pencils or pens in solidarity. Candles, too, have been lighted, under the sign “I’m Charlie” clings to a statue. A little more than 200 people gathered in Liège. At Trafalgar square, in the heart of London, several hundred people gathered, serious faces, including many French. Many had brought with them placards ‘I am Charlie’ or displayed the message on the screen of their mobile phone.

In Madrid, they were several hundred outside the Embassy of France, in the presence of Ambassador Jérôme Bonnafont. The crowd chanted “freedom of expression, freedom of expression, before singing the Marseillaise in front of a blue-white-red flag. The Socialist former President José Luis Rodríguez Zapatero, was there, too, to show his support. In the Hague, a hundred people gave themselves go to the Spui, in downtown. Some waved french flags while others sang when you have that love, Jacques Brel. Stockholm, 70 people gathered outside the Embassy of France, some with flowers, others of candles.

20 h 57. «»”Trips, stays and outputs school, an exceptional nature, organized by region Île-de-France are, until further notice, suspended”, announced the Ministry of Education by way of press release. Same set sent to mayors, in charge of organizing extracurricular activities. “For the whole of the national territory, the presence of adults to the inputs and outputs is implemented.” A Visual inspection must be done on bags and “special attention is requested in order to avoid any gathering in the vicinity of these institutions.” Finally, the Department asked rectors, in relation to the prefects, to identify schools and sensitive schools. A minute’s silence will be observed in all schools and universities, at noon tomorrow

 

The gunmen (3) still at large, spoke perfect French. al Qaeda claims involvement. This is militant Islam, where Paris sadly had their own Benghazi. The media operation had unarmed security. Holland immediately called this a terror attack, as French intelligence had already foiled several like operations in recent weeks.

Jihadi chatter abounds now on all social media stating that Paris burns. Close but graphic video perspective is here. Signs are pointing to AQAP. AQAP put the publication on their target list.

Reactions On The Forum Jihadi Media Platform

Members of the pro-ISIS forum Jihadi Media Platform (alplatformmedia.com) lashed out at France. A member called Al-Dia’ Al-Gharib wrote: “France was [once] part of the land of Islam and will return to be the land of Islam, in spite the worshippers of the Cross.” Another, who goes by the name Muhib Al-Salihin, wrote: “France is one of the harshest enemies of Islam and of the Islamic State in particular.” Forum member Abu Al-Qassem Al-Shawqi commented: “[This] is news that quenches the thirst for revenge. By Allah, beloved ones, let us not think lightly of prayers. By Allah, they [the attackers] are soldiers of Allah.” And a member calling himself Abu Bakr Al-Zari’ni remarked: “Congratulations to France and to its people for reaping what their hands sowed. Did these evil cartoonists think that we were a nation that would remain silent in face of those who insult our Prophet…? Did [French President] Hollande and the governments that preceded him think that their interventions and despotism in the lands of the Muslims would not be met with retribution? No, by Allah, from now on the youths of Islam will no longer remain silent, especially since we have a state [ISIS] to mobilize armies if anybody insults the nation of Islam.”

Richard Clarke, the former White House counter-terrorism czar called this operation a military operation complete with AK-47’s and rocket launchers.

The video from a close by roof perspective is here.

Steve Gomez, former head of the Counter-Terrorism Division for the FBI in Los Angeles, said that the attack appeared markedly different from recent “lone wolf” attacks, such as the deadly incident in Ottawa in October.

“Many lone wolves are looking to die. Those are suicide operations. This, Paris, isn’t a suicide mission,” said Gomez, an ABC News consultant. “They went in, shot up people and they’re out. They probably have an escape hatch and, if they’re connected to terrorists, who knows what kind of support system could be helping them out.

French security forces are hunting for three gunmen who stormed the offices of satirical newspaper Charlie Hebdo in Paris, killing 12 people Wednesday. A cartoonist with the publication told a French newspaper of the moment she encountered the two attackers as they entered the office. “When I arrived in front of the door of the building of the paper, two men hooded and armed brutally threatened us,” she said. She indicated that the men spoke French perfectly, and that they claimed to be with al-Qaeda. An estate agent who also witnessed the attack said that, before launching the assault, the attackers approached another man in the street saying, “Tell the media that this is al-Qaeda in the [sic] Yemen.”

Here is what we know so far, as night falls in Paris:

A woman pays tribute during a gathering at the Place de la Republique in Paris.
A woman pays tribute during a gathering at the Place de la Republique in Paris. Photograph: Gonzalo Fuentes/Reuters

I’m now handing over this liveblog to my colleague Tom McCarthy, who will continue with updates throughout the rest of the day. Thank you for reading.

The Queen has sent a message to French president François Hollande:

Prince Philip and I send our sincere condolences to the families of those who have been killed and to those who have been injured in the attack in Paris this moming.

We send our thoughts and prayers to all those who have been affected.

Radio France, Le Monde and France Télévisions have put out a statement saying they will offer staff and other support to help the Charlie Hebdo magazine “continue to live”.

They invite all French media to do the same, “to defend the principles of independence, freedom of thought and expression, the guarantors of our democracy”.