Category Archives: Cyber War

Huawei Snooping via Backdoor on US Telecom Network

Posted on by

For ten years…..

U.S. officials say Huawei Technologies Co. can covertly access mobile-phone networks around the world through “back doors” designed for use by law enforcement, as Washington tries to persuade allies to exclude the Chinese company from their networks.

Chinese tech giant Huawei can reportedly access the networks it helped build that are being used by mobile phones around the world. It’s been using backdoors intended for law enforcement for over a decade, The Wall Street Journal reported Tuesday, citing US officials. The details were disclosed to the UK and Germany at the end of 2019 after the US had noticed access since 2009 across 4G equipment, according to the report.

The backdoors were inserted for law enforcement use into carrier equipment like base stations, antennas and switching gear, the Journal said, with US officials reportedly alleging they were designed to be accessible by Huawei.

“We have evidence that Huawei has the capability secretly to access sensitive and personal information in systems it maintains and sells around the world,” Robert O’Brien, national security adviser, reportedly said.

The White House and Huawei didn’t immediately respond to a request for comment, but the tech giant rejected the claims according to the Journal.

UK Prime Minister Boris Johnson approved Huawei for 5G last month with some conditions: The British restrictions are to exclude Huawei from building core parts of the UK’s 5G networks, have Huawei’s market share capped at 35% and exclude Huawei from sensitive geographic locations. The European Union allowed higher-risk vendors for 5G with similar restrictions at the end of January.

Huawei’s 5G approval there came despite the US urging the UK to ban the Chinese telecommunications giant.

Huawei was blacklisted in May when it was added to the United States’ “entity list” (PDF). In addition, US President Donald Trump at the same time signed an executive order essentially banning the company in light of national security concerns that Huawei had close ties with the Chinese government. Huawei has repeatedly denied that charge.

*** Huawei faces further investigation into Chinese 'spying ... source

Huawei disputed the latest allegations, as it has done in the past, saying it “has never and will never do anything that would compromise or endanger the security of networks and data of its clients.” Huawei also said that the United States made its latest accusations “without providing any kind of concrete evidence.”

“No Huawei employee is allowed to access the network without an explicit approval from the network operator,” a Huawei official said, according to the Journal.

The US government has been moving to reduce the amount of Huawei and ZTE equipment in telecom networks. The Federal Communications Commission voted unanimously in November to ban Huawei and ZTE gear in projects paid for by the FCC’s Universal Service Fund (USF). FCC Chairman Ajit Pai said at the time that Huawei and ZTE “have close ties to China’s Communist government and military apparatus” and “are subject to Chinese laws broadly obligating them to cooperate with any request from the country’s intelligence services and to keep those requests secret.”

The ban is expected to hit small carriers the hardest, as Huawei has appealed to small network operators by selling low-cost gear. By contrast, big telcos like AT&T “have long steered clear of Huawei,” a March 2018 Wall Street Journal report said.

 

 

4 Members of the Chinese Military Hacked Equifax

Posted on by

(AP) — Four members of the Chinese military have been charged with breaking into the networks of the Equifax credit reporting agency and stealing the personal information of tens of millions of Americans, the Justice Department said Monday, blaming Beijing for one of the largest hacks in history to target consumer data.

The 2017 breach affected more than 145 million people, with the hackers successfully stealing names, addresses, Social Security and driver’s license numbers and other personal information stored in the company’s databases.

4 Chinese military members charged in Equifax case

The four — members of the People’s Liberation Army, an arm of the Chinese military — are also accused of stealing the company’s trade secrets, including database designs, law enforcement officials said.

The accused hackers exploited a software vulnerability to gain access to Equifax’s computers, obtaining log-in credentials that they used to navigate databases and review records. The indictment also details efforts the hackers took to cover their tracks, including wiping log files on a daily basis and routing traffic through dozens of servers in nearly 20 countries.

  Source

“The scale of the theft was staggering,” Attorney General William Barr said Monday. “This theft not only caused significant financial damage to Equifax, but invaded the privacy of many millions of Americans, and imposed substantial costs and burdens on them as they have had to take measures to protect against identity theft.”

Equifax, headquartered in Atlanta, maintains a massive repository of consumer information that it sells to businesses looking to verify identities or assess creditworthiness. All told, the indictment says, the company holds information on hundreds of millions of Americans in the U.S. and abroad.

The case is the latest Justice Department accusation against Chinese hackers suspected of breaching networks of American corporations. It comes as the Trump administration has warned against what it sees as the growing political and economic influence of China, and efforts by Beijing to collect data on Americans and steal scientific research and innovation.

The administration has also been pressing allies not to allow Chinese tech giant Huawei to be part of their 5G wireless networks due to concerns that the equipment could be used to collect data and for surveillance.

The accused hackers are based in China and none is in custody. But U.S. officials nonetheless view criminal charges like the ones brought in this case as a powerful deterrent to foreign hackers and a warning to other countries that American law enforcement has the capability to pinpoint individual culprits behind hacks.

A spokesperson for the Chinese embassy did not immediately return an email seeking comment Monday.

The case resembles a 2014 indictment from the Obama administration Justice Department that accused five members of the PLA of hacking into major American corporations to steal their trade secrets. U.S. authorities also suspect China in the massive 2015 breach of the Office of Personnel Management and of intrusions into the Marriott hotel chain and Anthem health insurance company.

“This kind of attack on American industry is of a piece with other Chinese illegal acquisitions of sensitive personal data,” Barr said of Monday’s announcement, adding that “for years we have witnessed China’s voracious appetite for the personal data of Americans.”

The criminal charges — which include conspiracy to commit computer fraud and conspiracy to commit economic espionage — were filed in federal court in Atlanta.

Equifax last year reached a $700 million settlement over the data breach, with the bulk of the funds intended for consumers affected by it.

Equifax didn’t notice the intruders targeting its databases for more than six weeks. Hackers exploited a known security vulnerability that Equifax hadn’t fixed.

Once inside the network, officials said, the hackers spent weeks conducting reconnaissance. They stole login credentials and ultimately downloaded and extractedate data from Equifax to computers outside the United States.

The indictment says the hackers obtained names, birth dates, and Social Security numbers for about 145 million American victims, along with credit card numbers and other personal information for about 200,000.

According to the Government Accountability Office, the investigative arm of Congress, a server hosting Equifax’s online dispute portal was running software with a known weak spot. The hackers jumped through the opening to reach databases containing consumers’ personal information.

Equifax officials told GAO the company made many mistakes, including having an outdated list of computer systems administrators. When the company circulated a notice to install a patch for the software vulnerability, the employees responsible for installing the patch never got it.

Equifax’s $700 million settlement with the U.S. government gives affected consumers free credit-monitoring and identity-restoration services, plus money for their time or reimbursement for certain services. However, because so many people made claims, officials said some consumers would get far less than the eligible amounts because of caps in the settlement pool.

Tell Tucker the Russians Really Did Interfere

Posted on by

The Obama Administration found itself in “uncharted territory” as the scope of Russian meddling in the 2016 elections became clear to senior officials, a report issued on Thursday by the Senate Intelligence Committee found.

The panel — led by Sens. Richard Burr (R-NC) and Mark Warner (D-VA) — found that the U.S. government “was not well-postured to counter Russian election interference activity with a full range of readily-available policy options.”

The Obama administration issued “high-level warnings of potential retaliation” to Moscow, “but tempered its response over concerns about appearing to act politically on behalf of one candidate, undermining public confidence in the election, and provoking additional Russian actions.”

The report marks the third volume in the Senate Intelligence Committee’s years-long investigation of Russia’s interference campaign in the 2016 election. Previous reports have focused on the use of social media manipulation by Russia in 2016 and its attacks on local and state election infrastructure.

Some sections of the report remain partially or totally redacted, but nonetheless a picture emerges of the uncertainty and contradictions the administration faced in figuring out how to address Russia’s attack on the U.S. elections.

Even as the U.S. government was well aware of Moscow’s decades-long campaigns against the U.S., the 2016 attack was “unprecedented” in “scale and sophistication,” Thursday’s report said, and Russia’s weaponization of the information it hacked from Democrats was unlike anything government officials had ever seen before.

Some top administration officials first learned that the DNC had been hacked and had emails stolen when it was reported by the Washington Post in June 2016.

“In fact, had the DNC not approached and cooperated with the Washington Post to publish a June 14, 2016, article, senior administration leadership probably would not have been aware of the issue until later, in all likelihood when WikiLeaks, Guccifer 2.0, and DCLeaks began to publish emails taken from the DNC’s network,” the report reads.

The administration faced several constraints as it grappled with how to respond to the attack, according to the report. One was the concern that public warnings would help Russia achieve its very goals, by sowing fear and undermining confidence in the election.

Another, however, was the fear of giving the appearance that the White House was “siding with one candidate,” particularly as then-candidate Donald Trump was amping up his rhetoric about the election being “rigged” against him, officials noted to the committee.

The report cites then-Homeland Security Adviser Lisa Monaco recalling Senate Majority Leader Mitch McConnell (R-KY) raising similar concerns.

“[Y]ou security people should be careful that you’re not getting used,” the report cites Monaco as remembering of McConnell’s reaction to the prospect of a public, bipartisan statement on the interference campaign.

Monaco, the report states, interpreted this as meaning that intelligence on Russia’s interference efforts “was being inflated or used for partisan ends.”

Sen. Burr, at a committee hearing cited in the report, phrased McConnell’s concern as “Would this not contribute to Russia’s efforts at creating concerns about our election process, if the leadership of the Congress put that letter out?”

Separate reporting has indicated that McConnell told Obama in a September 2016 meeting about Russian interference that he would interpret a public warning about the matter as an attempt to interfere in the election, and not sign on to a bipartisan announcement about the threat.

The report recounts several direct warnings Obama officials delivered to Moscow regarding the attack, including an in-person confrontation between President Obama and Vladimir Putin at a September 2016 G20 summit in China.

A paragraph titled “Secretary Kerry and Minister Lavrov” in that section is completely redacted. In Obama’s warning to Putin, which was crafted carefully with a small group of principals, the potential consequences were “purposely left ambiguous by the President in an effort to intimate that a range of diplomatic, economic, [redacted] options were available to use in response to Russia.”

Putin gave Obama an “energetic” and “non-substantive” denial, then-Ambassador Susan Rice told the committee, based on Obama’s account of the conversation to her.

CIA Director John Brennan also brought up the interference on an August call with Russian FSB head Alexander Bortnikov, as did Rice, with a phone call to then-Ambassador Sergey Kislyak and a written message from Obama that was passed through her to Putin.

“The written message was a more specific warning that contained ‘the kind of consequences that he could anticipate would be powerfully impactful to their economy and far exceed anything that he had seen to date,’” the report said, quoting Rice.

The administration also used a cyber hotline to deliver warnings to Russia, where at least eight messages — four on each side — were exchanged, but only three of them carrying substantive information, according to the committee.

At one point, the Russian government denied “technical information” that the Obama administration supplied about the interference campaign. In that message, the report reads, Moscow said that “it too had been victim to some of the same cyber activity.”

The report recounts the administration’s efforts to inform stakeholders about the threat to election infrastructure and the blowback the administration experience when DHS floated designating election systems as critical infrastructure (a designation it ultimately made in Jan. 2017).

Former DHS Secretary Jeh Johnson told the committee that the move in October to release a public statement attributing the attacks to Russia was “a very, very big decision.” The statement was ultimately overshadowed by the revelation of the Trump Access Hollywood tape and the dump of another tranche of emails hacked from Democrats.)

Administration officials told the committee that at the time they believed that their warnings to Moscow — and particularly the Oct. 7 warning from Obama to Putin — had had a deterrent effect. However the report identified three events after that warning that showed Russia’s cyber-activity continued: the scanning Russian actors did of state and local election websites to identify vulnerabilities; spearfishing emails sent to Florida election officials and organizations; and a third episode that was completely redacted in the report.

After the election, the administration felt less constrained in how to punish Russia now that it now longer had to worry about provoking further meddling, according to the report. Among the post-election responses were the expulsion of Russian diplomats, the levy of additional sanctions and the designation by DHS of election infrastructure as critical infrastructure. Much of this section of the report is also redacted.

The White House also considered whether to impose more punitive economic sanctions that would have been severe enough to “incur significant blowback” to the U.S. and Europe.

That path was not taken, in part because of the blowback, and in part because of “uncertainty about the future Russia policy of the incoming administration” and the possibility of wavering European allies.

In an addendum to the report, Sens. Marco Rubio (R-FL), Tom Cotton (R-AR), John Cornyn (R-TX), Ben Sasse (R-NE), and James Risch (R-ID) criticized the Obama administration for being “inept.”

“Hollow threats and slow, hapless responses from the administration translated to perceived weakness on the part of the U.S., and Putin exploited that weakness with impunity,” the addendum reads. “It appears to us that either the Obama administration was woefully unprepared to address a known and ongoing national security threat, or even worse, that the administration did not take the threat seriously.

The committee said it was “appalling” that senior Obama administration officials didn’t recognize Russia’s malign activities until late July, despite intelligence pointing in that direction.

Sen. Wyden also filed an attachment to the report, bemoaning “a political environment in which one candidate was questioning the legitimacy of the election with falsehoods (“large scale voter fraud”)” as “a reason to keep the public in the dark about real threats to America’s democracy.”

He criticized the report for failing to provide detailed information about the September 2016 meeting between top Obama administration officials and Senate leaders as the White House pressed for a bipartisan statement on the interference campaign.

“As the report describes, the Obama Administration believed that any public statements about Russian interference it might make would be seen as partisan, a concern that would be mitigated if members of Congress were to publicly support the available intelligence,” Wyden wrote. “I believe that warning the public about a foreign influence campaign should not depend on the support of both parties, particularly when one of the parties stands to gain politically from that campaign. But that is how the Obama Administration felt.”

AG Barr/Director Wray Warning on China Threat

Posted on by

Question is, who is listening? Corporation America, small business, academia, individuals? 5G needs national attention readers, what do you know? Learn it fast, it is here.

AG Barr Hints at His Dangerous Position Overseeing Deep ...

Attorney General Barr recalled, a fellow student once told him Russia wanted to conquer the world and the United States could deal with that. But China, the student said at the time, wanted to own the world and that was a bit more difficult.

“There was a certain truth in that,” Barr told the audience Thursday.

Barr made his remarks at the Center for Strategic and International Studies in Washington, reminding his audience that the Communist Party remains in control of the Chinese economy and is “authoritarian through and through.”“Their goal is the eventual demise of capitalism,” the attorney general said.

The United States has long accused China of intellectual property theft on a grand scale. “It has been estimated that the annual cost to the U.S. economy could be $600 billion,” Barr said.

U.S. officials are also worried that China is threatening to become the dominant world force in the race to transition to 5G.

Aside from serving as the attorney general once before, Barr also spent several years in the telecom industry and used that experience to sound another dire warning.

The attorney general called the impending jump to 5G “a quantum leap” which will have major economic implications. The Chinese telecom giant Huawei “is the leading supplier of 5G on every continent except North America,” Barr said, adding that the U.S. market needed to “pick a horse” to back in the race for domestic 5G influence.

“The Chinese are using every lever of power to expand their 5G market share around the globe,” he said.

U.S. officials say Chinese leaders are working toward being the geopolitical, economic and military world leader by the year 2049, the 100th anniversary of the Peoples Republic of China.

“China wants the fruits of America’s brainpower to harvest the seeds of its planned economic dominance,” said John Demers, the assistant attorney general for the National Security Division.

***  Christopher Wray vows independence: No 'pulling punches ...

FBI Director Wray described the threat from China as “diverse” and “multi-layered.” He noted that the Chinese government exploits the openness of the American economy and society.

“They’ve pioneered an expansive approach to stealing innovation through a wide range of actors,” Wray said during opening remarks at the half-day Department of Justice China Initiative Conference in Washington, D.C.

Wray told the audience that China is targeting everything from agricultural techniques to medical devices in its efforts to get ahead economically. While this is sometimes done legally, such as through company acquisitions, China often takes illegal approaches, including cyber intrusions and corporate espionage.

“They’ve shown that they’re willing to steal their way up the economic ladder at our expense,” he said.

The FBI is using traditional law enforcement techniques as well as its intelligence capabilities to combat these threats. He said the FBI currently has about 1,000 investigations into Chinese technology theft.

“They’ve shown that they’re willing to steal their way up the economic ladder at our expense.”

Just last month, a Harvard University professor was charged with lying about his contractual arrangement with China.

Wray also called for a whole-of-society response to these threats. He urged U.S. companies to carefully consider their supply lines and whether and how they do business with Chinese companies. While a partnership with a Chinese company may seem profitable today, a U.S. company may find themselves losing their intellectual property in the long run.

Additionally, U.S. universities should work to protect their foreign students from coercion from foreign governments, Wray said. When China violates our criminal laws and well-established international norms, we are not going to tolerate it, much less enable it,” he said. “The Department of Justice and the FBI are going to hold people accountable for that and protect our nation’s innovation and ideas.”

 

Russia Hacked Burisma Per Area 1

Posted on by

Someone alert Tucker Carlson that Russia is still inside our political system.

Just reported by a California based company called Area 1 it began when the whole Burisma scandal broke last Fall during the impeachment hearings.

Image result for burisma

WSJ/Volz:

Hackers believed to be affiliated with Russia’s military breached the Ukrainian gas company where former Vice President Joe Biden’s son had served on the board as it became a focus of the impeachment inquiry into President Trump, according to a U.S. cybersecurity firm.

Attempts to hack into Burisma Holdings began last November, as Congress was holding hearings into whether Mr. Trump abused his office by pressuring his Ukrainian counterpart to work with his personal lawyer, Rudy Giuliani, to investigate Mr. Biden and his son, Hunter according to research published Monday by Area 1, a California based company.

The hacking attempts are ongoing and are linked to the Russian military intelligence unit previously known as the GRU, which hacked and leaked Democratic emails during the 2016 presidential election, Area 1 said.

The Russia Embassy in Washington didn’t immediately respond to a request for comment. They have historically denied hacking into U.S. elections.

It wasn’t known what information the hackers were seeking or what they obtained, the firm said. In at least one instance, the hackers tricked the recipient of a phishing email into sharing login credentials that allowed them access into on the Burisma’s servers, the company said. Area 1’s findings were earlier reported by the New York Times.

Messrs. Trump and Giuliani have argued without evidence, that Mr. Biden’s anti-corruption push in Ukraine was designed to head off any investigation of Burisma. Both Bidens have denied wrongdoing and said they never discussed business in Ukraine.

Area 1’s documentation is found here.

In part from the preface of the report:

Like all phishing campaigns, we observe the GRU was successful because they found ways to appear authentic to their targets, rather than using any technical sophistication. Everything about their approach is technically unremarkable, yet highly effective. In this campaign the GRU combines several different authenticity techniques to achieve success: Domain-based authenticityBusiness process and application authenticityPartner and supply chain authenticityA key aspect of cyberattack preemption is having a deep understanding of cyber actor patterns and continually discovering and deconstructing campaigns to anticipate future ones. Our report is not noteworthy because we identify the GRU launching a phishing campaign, nor is the targeting of a Ukrainian company particularly novel. It is significant because Burisma Holdings is publically entangled in U.S. foreign and domestic politics. The timing of the GRU’s campaign in relation to the 2020 U.S. elections raises the spectre that this is an early warning of what we have anticipated since the successful cyberattacks undertaken during the 2016 U.S. elections.

Area 1 Security has correlated this campaign against Burisma Holdings with specific tactics, techniques, and procedures (TTPs) used exclusively by the GRU in phishing for credentials. Repeatedly, the GRU uses Ititch, NameSilo, and NameCheap for domain registration; MivoCloud and M247 as Internet Service Providers; Yandex for MX record assignment; and a consistent pattern of lookalike domains.

Special counsel Robert Mueller indicted seven officers with the G.R.U in 2018.