No Place Safe from CyberTerror

Cant shop at Target. Cant use your plastic at restaurants. Cant use hotspots for internet access. Cant buy medical coverage from Obamacare. Now if you are an employee at many companies your information is compromised. Now, the United States Post Office has been hacked and signs continue to point to China while Russia is just as aggressive.

Postal Service reveals cyber breach

gloved hands

The Postal Service suffered a cybersecurity breach of its information systems and has launched an investigation into the attack that potentially compromised employee and customer personal information, including addresses, Social Security numbers and emails.

The Nov. 10 announcement of the attack, which was discovered in September, comes little more than a week after the White House reported it too had been the victim of hacking.

As in the White House breach, suspicion immediately fell on China, where President Barack Obama is now attending an economic summit and visiting with President Xi Jinping.

“This intrusion was similar to attacks being reported by many other federal government entities and U.S. corporations,” David Partenheimer, manager of media relations at USPS, said in a statement. “We are not aware of any evidence that any of the potentially compromised customer or employee information has been used to engage in any malicious activity.”

But a private sector analyst suggested employees should be on the lookout, nonetheless.

“Unfortunately, this breach is just the latest in a series of incidents that have targeted the U.S. government,” said Dan Waddell, director of government affairs at (ISC)2. “It seems this particular incident revealed information on individuals that could lead to targeted spear-phishing attacks towards USPS employees.”

“All of us need to be aware of potential phishing schemes,” Waddell added, “but in this particular case, USPS employees should be on the lookout for any suspicious email that would serve as a mechanism to extract additional information such as USPS intellectual property, credit card information and other types of sensitive data.”

Call center data submitted to the Postal Service Customer Care Center by customers via email or phone between Jan. 1 and Aug. 16, 2014, is thought to be compromised; that includes names, addresses, telephone numbers, email addresses and other information customers provided to the center. However, USPS officials said they do not believe customers who contacted the call center during that period need to take any action as a result of the incident.

USPS is working with the FBI, Justice Department and the U.S. Computer Emergency Readiness Team to investigate the breach.

USPS is also tapping the private sector and bringing in specialists in forensic investigations and data systems “to assist with the investigation and remediation to ensure that we are approaching this event in a comprehensive way, understanding the full implications of the cyber intrusion and putting in place safeguards designed to strengthen our systems,” according to an agency statement.

According to an April 2014 USPS Inspector General audit on the security of USPS’s wireless networks, “the Postal Service has effective security policies and controls that detect unauthorized access to its wireless network.”

The audit also found that USPS has continuous monitoring technology and procedures to ensure security of the wireless network in place, and that larger USPS facilities have dedicated access points configured for wireless intrusion detection.

As for the security of USPS’s stored data, the OIG found several weak spots in a March 2014 report.

“The Data Management Services group did not manage the storage environment in accordance with Postal Service security requirements because its managers did not provide adequate oversight of the storage teams,” the report said.

In the first half of 2014, more than 500 million commercial records have been compromised by hackers, and “this represents another example of the aggressive nature of nation-state adversaries looking for personally identifiable information for potential phishing attacks and other types of fraud — an area where information can be easily monetized,” said Edward Ferrara, principal analyst at Forrester. “This could also be an attempt to further probe aspects of the United States government’s cyber defenses in the unclassified areas of government operations.”

USPS has implemented additional security measures to improve the security of its information systems, which attracted attention this weekend, as some of USPS’s systems went offline. According to USPS, these additional security measures include equipment and system upgrades, as well as changes in employee procedures and policies to be rolled out in the coming days and weeks.

“It is an unfortunate fact of life these days that every organization connected to the Internet is a constant target for cyber intrusion activity,” Postmaster General Patrick Donahoe said in a statement. “The United States Postal Service is no different. Fortunately, we have seen no evidence of malicious use of the compromised data and we are taking steps to help our employees protect against any potential misuse of their data.”

About the Author:

Colby Hochmuth is a staff writer covering big data, cloud computing and the federal workforce. Connect with her on Twitter: @ColbyAnn.

Asia Pivot, Made in China

The last visit Barack Obama made to China did not go well such that relations have soured on the diplomatic scale. The visit to China this week consumed huge resources to lay the groundwork in advance of the trip for the 2014 Asia Pacific Economic Cooperation. Susan Rice spent the last weeks challenging the fact that China was so slighted during the 2009 extended trip that China has refused since to extend visas and temporary housing permits of Americans in China on business and with media.

First out of the gate, Obama delivered a most generous gift to China and that was to open a new front on visas for Chinese, from one year renewals to 5-10 years effective immediately claiming it will add to American jobs as it is touted that China infuses $80 billion yearly into the U.S economy. $80 billion is hardly a great sum or epic deal when in fact the Chinese hacking world costs the U.S. corporate industry billions and is a top concern of James Comey, Director of the FBI.

It should also be noted that Russia has been quite effective at cultivating a sustained relationship with China while China’s own economy has almost zero growth and their debt ratio to revenue ratio is stagnant cancelling out each other.

China has presented many issues that must be addressed prior to all the enhanced trade talks and global policy cooperation. China has been most aggressive towards yet other U.S. allies in Asia causing outrage and conflict in the S. China sea with regard to island and territory disputes. There is also censorship within the internet industry and continued human rights issues, both of which the White House and the State Department overlook for the sake of placing a happy face on Obama’s foreign policy strategy.

China does have issues when it comes to its own infrastructure including transportation, medical advancements, factories, power and use of energy sources like oil and gas. Each of those conditions facing China are being addressed in partnership with Russia.

Obama will also use his time in China to push for more attention and resources when it comes to Climate Change, an exclusively assigned mission given to John Podesta and investment treaties.

A topic that will likely not receive any time and attention is the Chinese relationship with North Korea and the associated human rights violations on the heels to two Americans being released from a DPRK prison allegedly managed by ODNI Director James Clapper this past weekend.

In summary, what is really behind Obama’s policy platform in China? Well with the beating he took in the midterms, his policy team has decided to focus on the economy. Obama wants Chinese money and he offered a visa pass to get their money. Going visa free in exchange for money is the common ‘go-to’ agenda of the Obama Administration. Question is, exactly who DOES benefit from the $80 billion of Chinese investment where winners and losers are predetermined by the White House.

Rich Chinese overwhelm U.S. visa program

Any foreigner willing to commit at least $500,000 and create 10 jobs in America can apply for an investor immigrant visa — also known as an EB-5.

The demand from mainland Chinese eager to move abroad has already led the U.S. government to warn the program could hit a wall as early as this summer.

Chinese nationals account for more than 80% of visas issued, compared to just 13% a decade ago, according to government data compiled by CNNMoney. That translates to nearly 6,900 visas for Chinese nationals last year, a massive bump up from 2004, when only 16 visas were granted to Chinese.

“The program has literally taken off to the point [that] in China, the minute anybody hears I’m an immigration lawyer, the first thing they say is, ‘Can we get an EB-5 visa?’ ” said Bernard Wolfsdorf, founder of the Wolfsdorf Immigration Law Group.

“There is a panic being created in China about the demand [getting] so big that there is going to be a visa waiting line,” he said.

 

 

 

Dragonfly vs. America, Courtesy of Russia

Can you live without electricity for a day or two? Yes of course if you in advance right? Can you live without power for a week or so? Yes of course with advanced notice right? Can you live without power for a month, 4 months or 18 months? NOPE. It is time to not only think about preparations, but to get prepared and then to practice procedures for short term and long term power outages and the reason is Russia.

There is a sad truth to what is below, the United States is not prepared and what is worse we are not declaring war to stop Russia either. Russia has hacked into U.S. government sites, hacked into corporate sites and hacked into the financial industry all without so much as a whimper as a U.S. reply. We have no countermeasures, we have no offensive measures and have not even written a strongly worded letter.

 

Russia has gone to the dragons against America, well actually to the Dragonflies and this is what you need to know and do. Remember the entire infrastructure is tied to SCADA, that includes water systems, transportation systems, water, hospitals, schools and retail.

Dragonfly: Western Energy Companies Under Sabotage Threat

Cyberespionage campaign stole information from targets and had the capability to launch sabotage operations.

An ongoing cyberespionage campaign against a range of targets, mainly in the energy sector, gave attackers the ability to mount sabotage operations against their victims. The attackers, known to Symantec as Dragonfly, managed to compromise a number of strategically important organizations for spying purposes and, if they had used the sabotage capabilities open to them, could have caused damage or disruption to energy supplies in affected countries.

Among the targets of Dragonfly were energy grid operators, major electricity generation firms, petroleum pipeline operators, and energy industry industrial equipment providers. The majority of the victims were located in the United States, Spain, France, Italy, Germany, Turkey, and Poland.

The Dragonfly group is well resourced, with a range of malware tools at its disposal and is capable of launching attacks through a number of different vectors. Its most ambitious attack campaign saw it compromise a number of industrial control system (ICS) equipment providers, infecting their software with a remote access-type Trojan. This caused companies to install the malware when downloading software updates for computers running ICS equipment. These infections not only gave the attackers a beachhead in the targeted organizations’ networks, but also gave them the means to mount sabotage operations against infected ICS computers.

This campaign follows in the footsteps of Stuxnet, which was the first known major malware campaign to target ICS systems. While Stuxnet was narrowly targeted at the Iranian nuclear program and had sabotage as its primary goal, Dragonfly appears to have a much broader focus with espionage and persistent access as its current objective with sabotage as an optional capability if required.

In addition to compromising ICS software, Dragonfly has used spam email campaigns and watering hole attacks to infect targeted organizations. The group has used two main malware tools: Backdoor.Oldrea and Trojan.Karagany. The former appears to be a custom piece of malware, either written by or for the attackers.

Prior to publication, Symantec notified affected victims and relevant national authorities, such as Computer Emergency Response Centers (CERTs) that handle and respond to Internet security incidents.

Background
The Dragonfly group, which is also known by other vendors as Energetic Bear, appears to have been in operation since at least 2011 and may have been active even longer than that. Dragonfly initially targeted defense and aviation companies in the US and Canada before shifting its focus mainly to US and European energy firms in early 2013.

The campaign against the European and American energy sector quickly expanded in scope. The group initially began sending malware in phishing emails to personnel in target firms. Later, the group added watering hole attacks to its offensive, compromising websites likely to be visited by those working in energy in order to redirect them to websites hosting an exploit kit. The exploit kit in turn delivered malware to the victim’s computer. The third phase of the campaign was the Trojanizing of legitimate software bundles belonging to three different ICS equipment manufacturers.

Dragonfly bears the hallmarks of a state-sponsored operation, displaying a high degree of technical capability. The group is able to mount attacks through multiple vectors and compromise numerous third party websites in the process. Dragonfly has targeted multiple organizations in the energy sector over a long period of time. Its current main motive appears to be cyberespionage, with potential for sabotage a definite secondary capability.

Analysis of the compilation timestamps on the malware used by the attackers indicate that the group mostly worked between Monday and Friday, with activity mainly concentrated in a nine-hour period that corresponded to a 9am to 6pm working day in the UTC +4 time zone. Based on this information, it is likely the attackers are based in Eastern Europe.

figure1_9.png
Figure. Top 10 countries by active infections (where attackers stole information from infected computers)

Tools employed
Dragonfly uses two main pieces of malware in its attacks. Both are remote access tool (RAT) type malware which provide the attackers with access and control of compromised computers. Dragonfly’s favored malware tool is Backdoor.Oldrea, which is also known as Havex or the Energetic Bear RAT. Oldrea acts as a back door for the attackers on to the victim’s computer, allowing them to extract data and install further malware.

Oldrea appears to be custom malware, either written by the group itself or created for it. This provides some indication of the capabilities and resources behind the Dragonfly group.

Once installed on a victim’s computer, Oldrea gathers system information, along with lists of files, programs installed, and root of available drives. It will also extract data from the computer’s Outlook address book and VPN configuration files. This data is then written to a temporary file in an encrypted format before being sent to a remote command-and-control (C&C) server controlled by the attackers.

The majority of C&C servers appear to be hosted on compromised servers running content management systems, indicating that the attackers may have used the same exploit to gain control of each server. Oldrea has a basic control panel which allows an authenticated user to download a compressed version of the stolen data for each particular victim.

The second main tool used by Dragonfly is Trojan.Karagany. Unlike Oldrea, Karagany was available on the underground market. The source code for version 1 of Karagany was leaked in 2010. Symantec believes that Dragonfly may have taken this source code and modified it for its own use. This version is detected by Symantec as Trojan.Karagany!gen1.

Karagany is capable of uploading stolen data, downloading new files, and running executable files on an infected computer. It is also capable of running additional plugins, such as tools for collecting passwords, taking screenshots, and cataloging documents on infected computers.

Symantec found that the majority of computers compromised by the attackers were infected with Oldrea. Karagany was only used in around 5 percent of infections. The two pieces of malware are similar in functionality and what prompts the attackers to choose one tool over another remains unknown.

Multiple attack vectors
The Dragonfly group has used at least three infection tactics against targets in the energy sector. The earliest method was an email campaign, which saw selected executives and senior employees in target companies receive emails containing a malicious PDF attachment. Infected emails had one of two subject lines: “The account” or “Settlement of delivery problem”. All of the emails were from a single Gmail address.

The spam campaign began in February 2013 and continued into June 2013. Symantec identified seven different organizations targeted in this campaign. The number of emails sent to each organization ranged from one to 84.

The attackers then shifted their focus to watering hole attacks, comprising a number of energy-related websites and injecting an iframe into each which redirected visitors to another compromised legitimate website hosting the Lightsout exploit kit. Lightsout exploits either Java or Internet Explorer in order to drop Oldrea or Karagany on the victim’s computer. The fact that the attackers compromised multiple legitimate websites for each stage of the operation is further evidence that the group has strong technical capabilities.

In September 2013, Dragonfly began using a new version of this exploit kit, known as the Hello exploit kit. The landing page for this kit contains JavaScript which fingerprints the system, identifying installed browser plugins. The victim is then redirected to a URL which in turn determines the best exploit to use based on the information collected.

Trojanized software
The most ambitious attack vector used by Dragonfly was the compromise of a number of legitimate software packages. Three different ICS equipment providers were targeted and malware was inserted into the software bundles they had made available for download on their websites. All three companies made equipment that is used in a number of industrial sectors, including energy.

The first identified Trojanized software was a product used to provide VPN access to programmable logic controller (PLC) type devices. The vendor discovered the attack shortly after it was mounted, but there had already been 250 unique downloads of the compromised software.

The second company to be compromised was a European manufacturer of specialist PLC type devices. In this instance, a software package containing a driver for one of its devices was compromised. Symantec estimates that the Trojanized software was available for download for at least six weeks in June and July 2013.

The third firm attacked was a European company which develops systems to manage wind turbines, biogas plants, and other energy infrastructure. Symantec believes that compromised software may have been available for download for approximately ten days in April 2014.

The Dragonfly group is technically adept and able to think strategically. Given the size of some of its targets, the group found a “soft underbelly” by compromising their suppliers, which are invariably smaller, less protected companies.

Two additional links are below for more information and key use.

http://energy.gov/sites/prod/files/Large%20Power%20Transformer%20Study%20-%20June%202012_0.pdf

http://www.fgdc.gov/usng/

 

 

 

Behpajooh and John Kerry

At least four secret letters have been dispatched from the White House and sent to Iran. The full contents of the letters are still unknown except the most recent was revealed by the Wall Street Journal containing two items, points of collaboration over the ISIS war in Iraq and striking a final deal on the Iranian nuclear program.

Denials have been made by the White House that the United States was not working with Iran on the matter of Iraq as noted here. ‘Appearing on NBC’s “Meet the Press” last month, National Security Adviser Susan Rice said the U.S. wasn’t working with Iran on the fight against the Islamic State. “We are not in coordination or direct consultation with the Iranians about any aspect of the fight against ISIL,” Rice said, using an alternate acronym for the jihadist group. “It is a fact that, in Iraq, they also are supporting the Iraqis against ISIL, but we are not coordinating. We are doing this very differently and independently.”

After doing some deep research, it was found that under SecState John Kerry, nothing else matters when it comes to Iraq, Syria, Russia or Iran except gaining a nuclear deal with the help of the P5+1, a deal that has excluded the U.S. Congress and ALL allies in the Middle East.

The United States under the G. W. Bush administration worked a stealthy mission to halt the Iran program in coordination with Israel by creating and infecting the Iranian nuclear program with an undetected virus into the computers controlling the spinning centrifuges. Outside companies were identified and sanctions and later targeted via a thumb drive to infect the computer network to bring a halt to the cascading centrifuge system.

One such company was Behpajooh and there are many more, but all of these associated firms have been ignored by the State Department, Treasury, the interagency and the envoy working in cadence with John Kerry giving freedom to Iran to continue their program.

The betrayal of the State Department and the White House of allies and Congress is epic in nature, when this could lead to a nuclear arms race in the Middle East, a long future of hostilities with Daesh and a much sooner launch of a nuclear weapon by Iran on their targeted enemies the little Satan and the big Satan, Israel and the United States.

Here is the story on how Stuxnet came to be. Clearly, the Bush administration and Israel were clandestine in this regard and the mission was successful. It now begs the question, will it happen again if a deal is reached by the November 24 deadline?

An Unprecedented Look at Stuxnet, the World’s First Digital Weapon

In January 2010, inspectors with the International Atomic Energy Agency visiting the Natanz uranium enrichment plant in Iran noticed that centrifuges used to enrich uranium gas were failing at an unprecedented rate. The cause was a complete mystery—apparently as much to the Iranian technicians replacing the centrifuges as to the inspectors observing them.

Five months later a seemingly unrelated event occurred. A computer security firm in Belarus was called in to troubleshoot a series of computers in Iran that were crashing and rebooting repeatedly. Again, the cause of the problem was a mystery. That is, until the researchers found a handful of malicious files on one of the systems and discovered the world’s first digital weapon.

Stuxnet, as it came to be known, was unlike any other virus or worm that came before. Rather than simply hijacking targeted computers or stealing information from them, it escaped the digital realm to wreak physical destruction on equipment the computers controlled.

Countdown to Zero Day: Stuxnet and the Launch of the World’s First Digital Weapon, written by WIRED senior staff writer Kim Zetter, tells the story behind Stuxnet’s planning, execution and discovery. In this excerpt from the book, which will be released November 11, Stuxnet has already been at work silently sabotaging centrifuges at the Natanz plant for about a year. An early version of the attack weapon manipulated valves on the centrifuges to increase the pressure inside them and damage the devices as well as the enrichment process. Centrifuges are large cylindrical tubes—connected by pipes in a configuration known as a “cascade”—that spin at supersonic speed to separate isotopes in uranium gas for use in nuclear power plants and weapons. At the time of the attacks, each cascade at Natanz held 164 centrifuges. Uranium gas flows through the pipes into the centrifuges in a series of stages, becoming further “enriched” at each stage of the cascade as isotopes needed for a nuclear reaction are separated from other isotopes and become concentrated in the gas.

As the excerpt begins, it’s June 2009—a year or so since Stuxnet was first released, but still a year before the covert operation will be discovered and exposed. As Iran prepares for its presidential elections, the attackers behind Stuxnet are also preparing their next assault on the enrichment plant with a new version of the malware. They unleash it just as the enrichment plant is beginning to recover from the effects of the previous attack. Their weapon this time is designed to manipulate computer systems made by the German firm Siemens that control and monitor the speed of the centrifuges. Because the computers are air-gapped from the internet, however, they cannot be reached directly by the remote attackers. So the attackers have designed their weapon to spread via infected USB flash drives. To get Stuxnet to its target machines, the attackers first infect computers belonging to five outside companies that are believed to be connected in some way to the nuclear program. The aim is to make each “patient zero” an unwitting carrier who will help spread and transport the weapon on flash drives into the protected facility and the Siemens computers. Although the five companies have been referenced in previous news reports, they’ve never been identified. Four of them are identified in this excerpt.

The Lead-Up to the 2009 Attack

The two weeks leading up to the release of the next attack were tumultuous ones in Iran. On June 12, 2009, the presidential elections between incumbent Mahmoud Ahmadinejad and challenger Mir-Hossein Mousavi didn’t turn out the way most expected. The race was supposed to be close, but when the results were announced—two hours after the polls closed—Ahmadinejad had won with 63 percent of the vote over Mousavi’s 34 percent. The electorate cried foul, and the next day crowds of angry protesters poured into the streets of Tehran to register their outrage and disbelief. According to media reports, it was the largest civil protest the country had seen since the 1979 revolution ousted the shah and it wasn’t long before it became violent. Protesters vandalized stores and set fire to trash bins, while police and Basijis, government-loyal militias in plainclothes, tried to disperse them with batons, electric prods, and bullets.

That Sunday, Ahmadinejad gave a defiant victory speech, declaring a new era for Iran and dismissing the protesters as nothing more than soccer hooligans soured by the loss of their team. The protests continued throughout the week, though, and on June 19, in an attempt to calm the crowds, the Ayatollah Ali Khamenei sanctioned the election results, insisting that the margin of victory—11 million votes—was too large to have been achieved through fraud. The crowds, however, were not assuaged.

The next day, a twenty-six-year-old woman named Neda Agha-Soltan got caught in a traffic jam caused by protesters and was shot in the chest by a sniper’s bullet after she and her music teacher stepped out of their car to observe.

Two days later on June 22, a Monday, the Guardian Council, which oversees elections in Iran, officially declared Ahmadinejad the winner, and after nearly two weeks of protests, Tehran became eerily quiet. Police had used tear gas and live ammunition to disperse the demonstrators, and most of them were now gone from the streets. That afternoon, at around 4:30 p.m. local time, as Iranians nursed their shock and grief over events of the previous days, a new version of Stuxnet was being compiled and unleashed.

Recovery From Previous Attack

While the streets of Tehran had been in turmoil, technicians at Natanz had been experiencing a period of relative calm. Around the first of the year, they had begun installing new centrifuges again, and by the end of February they had about 5,400 of them in place, close to the 6,000 that Ahmadinejad had promised the previous year. Not all of the centrifuges were enriching uranium yet, but at least there was forward movement again, and by June the number had jumped to 7,052, with 4,092 of these enriching gas. In addition to the eighteen cascades enriching gas in unit A24, there were now twelve cascades in A26 enriching gas. An additional seven cascades had even been installed in A28 and were under vacuum, being prepared to receive gas.

The performance of the centrifuges was improving too. Iran’s daily production of low-enriched uranium was up 20 percent and would remain consistent throughout the summer of 2009. Despite the previous problems, Iran had crossed a technical milestone and had succeeded in producing 839 kilograms of low-enriched uranium—enough to achieve nuclear-weapons breakout capability. If it continued at this rate, Iran would have enough enriched uranium to make two nuclear weapons within a year. This estimate, however, was based on the capacity of the IR-1 centrifuges currently installed at Natanz. But Iran had already installed IR-2 centrifuges in a small cascade in the pilot plant, and once testing on these was complete and technicians began installing them in the underground hall, the estimate would have to be revised. The more advanced IR-2 centrifuges were more efficient. It took 3,000 IR-1s to produce enough uranium for a nuclear weapon in one year, but it would take just 1,200 IR-2 centrifuges to do the same.

Cue Stuxnet 1.001, which showed up in late June.

The Next Assault

To get their weapon into the plant, the attackers launched an offensive against computers owned by four companies. All of the companies were involved in industrial control and processing of some sort, either manufacturing products and assembling components or installing industrial control systems. They were all likely chosen because they had some connection to Natanz as contractors and provided a gateway through which to pass Stuxnet to Natanz through infected employees.

To ensure greater success at getting the code where it needed to go, this version of Stuxnet had two more ways to spread than the previous one. Stuxnet 0.5 could spread only by infecting Step 7 project files—the files used to program Siemens PLCs. This version, however, could spread via USB flash drives using the Windows Autorun feature or through a victim’s local network using the print-spooler zero-day exploit that Kaspersky Lab, the antivirus firm based in Russia, and Symantec later found in the code.

Based on the log files in Stuxnet, a company called Foolad Technic was the first victim. It was infected at 4:40 a.m. on June 23, a Tuesday. But then it was almost a week before the next company was hit.

The following Monday, about five thousand marchers walked silently through the streets of Tehran to the Qoba Mosque to honor victims killed during the recent election protests. Late that evening, around 11:20 p.m., Stuxnet struck machines belonging to its second victim—a company called Behpajooh.

It was easy to see why Behpajooh was a target. It was an engineering firm based in Esfahan—the site of Iran’s new uranium conversion plant, built to turn milled uranium ore into gas for enriching at Natanz, and was also the location of Iran’s Nuclear Technology Center, which was believed to be the base for Iran’s nuclear weapons development program. Behpajooh had also been named in US federal court documents in connection with Iran’s illegal procurement activities.

Behpajooh was in the business of installing and programming industrial control and automation systems, including Siemens systems. The company’s website made no mention of Natanz, but it did mention that the company had installed Siemens S7-400 PLCs, as well as the Step 7 and WinCC software and Profibus communication modules at a steel plant in Esfahan. This was, of course, all of the same equipment Stuxnet targeted at Natanz.

At 5:00 a.m. on July 7, nine days after Behpajooh was hit, Stuxnet struck computers at Neda Industrial Group, as well as a company identified in the logs only as CGJ, believed to be Control Gostar Jahed. Both companies designed or installed industrial control systems.

electrical systems for the oil and gas industry in Iran, as well as for power plants and mining and process facilities. In 2000 and 2001 the company had installed Siemens S7 PLCs in several gas pipeline operations in Iran and had also installed Siemens S7 systems at the Esfahan Steel Complex. Like Behpajooh, Neda had been identified on a proliferation watch list for its alleged involvement in illicit procurement activity and was named in a US indictment for receiving smuggled microcontrollers and other components.

About two weeks after it struck Neda, a control engineer who worked for the company popped up on a Siemens user forum on July 22 complaining about a problem that workers at his company were having with their machines. The engineer, who posted a note under the user name Behrooz, indicated that all PCs at his company were having an identical problem with a Siemens Step 7 .DLL file that kept producing an error message. He suspected the problem was a virus that spread via flash drives.

When he used a DVD or CD to transfer files from an infected system to a clean one, everything was fine, he wrote. But when he used a flash drive to transfer files, the new PC started having the same problems the other machine had. A USB flash drive, of course, was Stuxnet’s primary method of spreading. Although Behrooz and his colleagues scanned for viruses, they found no malware on their machines. There was no sign in the discussion thread that they ever resolved the problem at the time.

It’s not clear how long it took Stuxnet to reach its target after infecting machines at Neda and the other companies, but between June and August the number of centrifuges enriching uranium gas at Natanz began to drop. Whether this was the result solely of the new version of Stuxnet or the lingering effects of the previous version is unknown. But by August that year, only 4,592 centrifuges were enriching at the plant, a decrease of 328 centrifuges since June. By November, that number had dropped even further to 3,936, a difference of 984 in five months. What’s more, although new machines were still being installed, none of them were being fed gas.

Clearly there were problems with the cascades, and technicians had no idea what they were. The changes mapped precisely, however, to what Stuxnet was designed to do.

Reprinted from Countdown to Zero Day: Stuxnet and the Launch of the World’s First Digital Weapon Copyright © 2014 by Kim Zetter. Published by Crown Publishers, an imprint of Random House LLC.

 

No Definition for Terror

I have no connections to anyone currently employed by the FBI but I do have several with former FBI’ers. Our formal and non-formal discussions are chilling when it comes to operations, assignments and investigations at the agency.

So FBI, here is a tip, this website http://islamophobia.org/ has listed names and organizations they deem as a threat to Islam. Is this some kind of hit list? What criteria creates such a list and is this approved by the FBI?

But take note FBI, those that are paying attention don’t feel safe in America. Your agency is doing little to sway our fears. Share that same sentiment with Jeh Johnson at DHS please.

It was a few years ago after doing some research and gathering evidence that I attempted to have a dialogue with the local FBI office, the agent on duty asked me if I was an Islamophobe and them hung up on me. It was clearly the time when the FBI was given an edict to be politically correct when it comes to investigations on Islam and all the manuals were stripped from the operating and training systems.

 

FBI Director Robert Mueller in 2012 capitulated with the American Muslim and Arab American lobby groups and announced that more than 700 documents and 300 presentations from training materials. Abed Ayoub was able to take a meeting with Mueller who represented groups including the Islamic Society of North America, Muslim Public Affairs Council, MPAC and CAIR. Included in the dialogue was also Thomas Perez of the DoJ’s Civil Rights Division. It all goes a step further as law enforcement agencies around the country are required to do Muslim outreach in a robust campaign of political correctness. No one in America is allowed to have independent thought regarding Islam, Muslims or terror as it is deemed offensive to Islam.

So in the meantime, America sadly has endured domestic terror attacks but government refuses to apply the term ‘terrorism’ instead using ‘work place violence’ as is noted in the Ft. Hood shooting by Major Nidal Hasan and beheading of Colleen Hufford in Moore, Oklahoma at the hands of Alton Nolen. The mosques are connected by a network of imams that are devoted followers of Anwar al Awlaki killed by an American drone in Yemen a few years ago. We cannot overlook the Tsarneav brothers the killers of the Boston bombing.

While we do have many that have left the shores of America to join Daesh we also witness the black flags and ISIS graffiti in many locations around the country. America also has agreements with many countries in a VISA waiver program, making it easier to made round trip journeys to rogue states like Turkey, Iraq, Syria, Sudan, Yemen and Afghanistan.

So terror is here America and yet what does the FBI have to say or do about it? Crickets…

So when it comes to defining terror, here is a formal summary of the term. We can only hope that the Department of Homeland Security, the Federal Bureau of Investigation and the Department of Justice will take note and behave and investigate accordingly.

Terrorism Defies Definition

by Daniel Pipes and Teri Blumenfeld The Washington Times October 24, 2014

http://www.meforum.org/4877/terrorism-defies-definition

 

Defining terrorism has practical implications because formally certifying an act of violence as terrorist has important consequences in U.S. law.

Terrorism suspects can be held longer than criminal suspects after arrest without an indictment They can be interrogated without a lawyer present. They receive longer prison sentences. “Terrorist inmates” are subject to many extra restrictions known as Special Administrative Measures, or SAMs. The “Terrorism Risk Insurance Act of 2002” gives corporate victims of terrorism special breaks (it is currently up for renewal) and protects owners of buildings from certain lawsuits. When terrorism is invoked, families of victims, such as of the 2009 Ft. Hood attack, win extra benefits such as tax breaks, life insurance, and combat-related pay. They can even be handed a New York City skyscraper.

Despite the legal power of this term, however, terrorism remains undefined beyond a vague sense of “a non-state actor attacking civilian targets to spread fear for some putative political goal.” One study, Political Terrorism, lists 109 definitions. American security specialist David Tucker wryly remarks that “Above the gates of hell is the warning that all that who enter should abandon hope. Less dire but to the same effect is the warning given to those who try to define terrorism.” The Israeli counterterrorism specialist Boaz Ganor jokes that “The struggle to define terrorism is sometimes as hard as the struggle against terrorism itself.”

This lack of specificity wreaks chaos, especially among police, prosecutors, politicians, press, and professors.

“Violence carried out in connection with an internationally sanctioned terrorist group” such as Al-Qaeda, Hizbullah, or Hamas has become the working police definition of terrorism. This explains such peculiar statements after an attack as, “We have not found any links to terrorism,” which absurdly implies that “lone wolves” are never terrorists.

The whole world, except the U.S. Department of the Treasury, sees the Boston Marathon bombings as terrorism.

If they are not terrorists, the police must find other explanation to account for their acts of violence. Usually, they offer up some personal problem: insanity, family tensions, a work dispute, “teen immigrant angst,” a prescription drug, or even a turbulent airplane ride. Emphasizing personal demons over ideology, they focus on an perpetrator’s (usually irrelevant) private life, ignoring his far more significant political motives.

But then, inconsistently, they do not require some connection to an international group. When Oscar Ramiro Ortega-Hernandez shot eight rounds at the White House in November 2011, the U.S. attorney asserted that “Firing an assault rifle at the White House to make a political statement is terrorism, plain and simple” – no international terrorist group needed. Similarly, after Paul Anthony Ciancia went on a shooting spree at Los Angeles International Airport in November 2013, killing a TSA officer, the indictment accused him of “substantial planning and premeditation to cause the death of a person and to commit an act of terrorism.”

This terminological irregularity breeds utter confusion. The whole world calls the Boston Marathon bombings terrorism – except the Department of the Treasury, which, 1½ years on “has not determined that there has been an ‘act of terrorism’ under the Terrorism Risk Insurance Act.” The judge presiding over the terrorism trial in January 2014 of Jose Pimentel, accused of planning to set off pipe bombs in Manhattan, denied the prosecution’s request for an expert to justify a charge of terrorism. Government officials sometimes just throw up their hands: Asked in June 2013 if the U.S. government considers the Taliban a terrorist group, the State Department spokeswoman replied “Well, I’m not sure how they’re defined at this particular moment.”

The U.S. Department of State has yet to figure out whether the Taliban are or are not terrorists.

A May 2013 shooting in New Orleans, which injured 19, was even more muddled. An FBI spokeswoman called it not terrorism but “strictly an act of street violence.” The mayor disagreed; asked if he considered it terrorism, he said “I think so,” because families “are afraid of going outside.” Challenged to disentangle this contradiction, a supervisory special agent in the FBI’s New Orleans field made matters even more opaque: “You can say this is definitely urban terrorism; it’s urban terror. But from the FBI standpoint and for what we deal with on a national level, it’s not what we consider terrorism, per se.” Got that?

This lack of clarity presents a significant public policy challenge. Terrorism, with all its legal and financial implications, cannot remain a vague, subjective concept but requires a precise and accurate definition, consistently applied.

After releasing the Taliban 5, matters are worse when it comes to Afghanistan, Syria Yemen, Qatar and Iraq. We witnessed carefully the hostilities between Israel and Hamas and then we watched the demonstrations in America and Europe of those standing in solidarity with Hamas. So, hey, FBI, if you are going to do outreach, it should be to those in America that don’t trust you or the lack of security we feel. Your agenda is misplaced and sadly I would think any agents would be demanding a pro-active objective against jihad in America have long memories. This is shameful.