Category Archives: Cyber War

Iran Using Same ‘Active Measure’ Tactics Against the U.S.

Posted on by

When traveling internet sites, social media accounts and various news aggregator services, one needs to be even more suspect of what information is out there. Russia has been applying propaganda ‘active measure’ tactics for decades and due to the global internet system, the volume has gone beyond measure.

With all things Russia going on in Washington DC and in media, the success of active measures has been noticed by both China and Iran. Both have launched robust propaganda operations forcing the West and citizens to question authenticity of sites, articles and posts of all forms.

Watch out for those hashtags….influencing voters and fake/false news goes back to at least 2016. The operations are so effective that even big media has been duped and corrections are printed or made often when recognized. Some items are never corrected.

Iran’s Anti-US Propaganda Reflects regime’s instability photo

(Reuters) – Alphabet Inc’s (GOOGL.O) Google said on Thursday it had identified and terminated 39 YouTube channels linked to state-run Islamic Republic of Iran Broadcasting.

Google has also removed 39 YouTube channels and six blogs on Blogger and 13 Google+ accounts.

“Our investigations on these topics are ongoing and we will continue to share our findings with law enforcement and other relevant government entities in the U.S. and elsewhere,” Google said in a blog post here 

On Tuesday, Facebook Inc (FB.O), Twitter Inc (TWTR.N) and Alphabet Inc (GOOGL.O) collectively removed hundreds of accounts tied to an alleged Iranian propaganda operation.

Google, which had engaged cyber-security firm FireEye Inc (FEYE.O) to provide the company with intelligence, said it has detected and blocked attempts by “state-sponsored actors” in recent months.

FireEye said here it has suspected “influence operation” that appears to originate from Iran, aimed at audiences in the United States, the U.K., Latin America, and the Middle East.

Shares of FireEye rose as much as 10 percent to $16.38 after Google identified the company as a consultant.

***

The Daily Beast went for a deeper dive on the tactics by Iran and explained a few cases.

An Iranian propaganda campaign created fake Bernie Sanders supporters online, Facebook disclosed Tuesday.

In a press release, the social-media giant said it had removed 652 pages associated with political-influence campaigns traced to Iran, including coordinated inauthentic behavior that originated in Iran and targeted people across multiple internet services in the Middle East, Latin America, U.K., and U.S.”

The cybersecurity company FireEye, which first alerted Facebook to the influence campaign months ago, wrote in a separate posting on its site that it had traced the campaign—including posts from supposed “American liberals supportive of U.S. Senator Bernie Sanders”—to Iran through email addresses and phone numbers associated with the “inauthentic” accounts.

The investigation began with FireEye’s discovery of a fake U.S. news outlet called Liberty Front Press, which Facebook says was created in 2013. The actors behind that site over time branched out into different personas intended to appeal to different audiences including “anti-Saudi, anti-Israeli, and pro-Palestinian themes.” Examples included accounts like The British Left, which published content in support of U.K. Labour party leader Jeremy Corbyn, and the pro-Palestinian Patriotic Palestinian Front. FireEye also says it “identified multiple Arabic-language, Middle East-focused sites” as part of the effort.

Unlike the Russian cyberinfluence campaign in 2016, FireEye didn’t find a complementary hacking campaign attached to the propaganda activity. Iran has spent big on developing its offensive online capabilities, but FireEye said it found no links to APT35—a hacking group that has targeted U.S. defense companies and Saudi energy firms. Instead, the security firm found links between the campaign and Iran’s state-run TV propaganda channel, PressTV.

The Iranian actors behind the campaign expanded beyond Facebook and Instagram and onto Twitter, according to FireEye. In a separate statement late Tuesday, Twitter announced it had suspended 284 accounts for what it said was “coordinated manipulation” and that “it appears many of these accounts originated from Iran.”

The Daily Beast recovered tweets from what appears to be an account associated with the campaign. @libertyfrontpr has since been deleted, but Google cache results show it linked back to the LibertyFrontPress.com website FireEye attributed to be part of the propaganda effort. The account was active as of at least Tuesday and is not listed as suspended on the platform.

The account used hashtags like “#Resist” and #NotMyPresident when tweeting out anti-Trump sentiments. It also weighed in against the Supreme Court nomination of Judge Brett Kavanaugh. “The #Senate has a responsibility to reject any nominee who would fail to be a fair-minded constitutionalist. That is #BrettKavanaugh. We must #StopKavanaugh.”

In a rare move for Holocaust-denying Iranian propaganda, @libertypr slammed the Republican Party for allowing anti-Semite and Holocaust denier John Fitzgerald to run for a seat in the California legislature.

In addition to the U.S. themes, Liberty’s Twitter account also targeted opponents of the Iranian government, including the Mujahedeen Khalq exile group, or MEK, which advocates the overthrow of Iran’s clerical government, with hashtags like “#BanTerrorOrg.”

The takedown marks the second time since the 2016 election that Facebook has appeared to act without U.S. government pressure to stop an alleged political-influence campaign. In late July, Facebook took down a handful of sock-puppet accounts purporting to be black, Hispanic, and #Resistance activists. Facebook didn’t attribute that campaign to a specific country or group, but it did note that some of the accounts had links to the infamous Russian Internet Research Agency troll farm.

Facebook said Tuesday that it had taken down the new batch of pages only after waiting “many months” after being alerted to the campaign by FireEye. The delay allowed the company to further investigate the campaign and improve its defenses against future efforts.

Securing the Elections, FBI Investigating Hacks

Posted on by

Securing the vote.

The states, which under the US system are responsible for conducting elections, remain concerned about the integrity of the ballot. Thirty-six  states have now deployed Albert sensors on their voting infrastructure to allow the Department of Homeland Security to observe state systems that manage either voter information or voting devices (Reuters).

The states also want the Feds to share more threat intelligence. Forty-four states and the District of Columbia took part in a Department of Homeland Security exercise this week  (US Department of Homeland Security). The states appear to have gained enough insight into the value of threat intelligence to decide that they want more of it (Reuters). Some advocate Federal standards for the conduct of elections, perhaps even mandatory standards (Atlantic Council). More here.

Meanwhile:

Then there is the matter the FBI is investigating in California.

The FBI launched investigations after two Southern California Democratic U.S. House candidates were targeted by computer hackers, though it’s unclear whether politics had anything to do with the attacks.

A law enforcement official told The Associated Press the FBI looked into hacks involving David Min in the 45th Congressional District and Hans Keirstead in the adjacent 48th District. Both districts are in Orange County and are seen as potential pickups as the Democratic Party seeks to win control of the Congress in November.

A person with knowledge of the Min investigation told the AP on Monday that two laptops used by senior staffers for the candidate were found infected with malware in March. It’s not clear what, if any, data was stolen, and there is no evidence the breach influenced the contest.

The CEO of a biomedical research company, Keirstead last summer was the victim of a broad “spear-phishing” attack, in which emails that appear to come from a friend or familiar source are designed to help hackers snatch sensitive or confidential information, the law enforcement official said. There is no evidence Keirstead lost valuable information.

The investigations so far have not turned up evidence the two candidates in Orange County were political targets.

The official and the knowledgeable person were not authorized to discuss the cases publicly and spoke only on condition of anonymity.

Keirstead was narrowly defeated in the June primary for the seat held by Republican Rep. Dana Rohrabacher. Min came in third in the contest to unseat Republican Rep. Mimi Walters.

Min’s staff was alerted to a potential cyberattack by a facility manager in the software incubator where his campaign rented space. It was later found the computers were infected with software that records and sends keystrokes, with additional software that concealed it from conventional anti-virus tools used by the campaign.

Hackers also used a broad spear-phishing attack in an attempt to gain access, and FBI investigators are still piecing together additional details, the official said.

The two laptops were replaced, and Min’s computer was not infected. The attack on the computers was first reported by Reuters.

Keirstead campaign officials detected repeated attempts to access the campaign’s website.

Rolling Stone magazine, which first reported that cyberattack, said hackers or bots tried different username-password combinations in a rapid-fire sequence over a two-and-a-half-month period to get inside the campaign’s WordPress-hosted website.

According to the campaign, there were also more than 130,000 so-called brute force attempts over a monthlong period to gain access to the campaign’s server through the cloud-server company that hosted the Keirstead campaign’s website, Rolling Stone said.

Computer security experts say that many attempts to gain access to a site hosted with the popular and free WordPress software is not unusual.

“Every WordPress hosted website sees 130,000 brute force attempts over a monthlong period, regardless whether it’s Bohemian basket weaving, a blog about furry costume construction, or a politician website,” said Robert Graham, a cybersecurity expert who created the BlackICE personal firewall.

“Hackers don’t know or care who you are: they only care that you use WordPress,” Graham said in a text message.

Min finished third behind fellow Democrat Katie Porter, who faces Walters in November. In the 48th District, Rohrabacher will face Democrat Harley Rouda, who snagged the second runoff spot by defeating Keirstead by 125 votes.

Trump Admin Seeking Global Cyber Dominance

Posted on by

Finally!

https://archive.org/services/img/2007NSAProceduresUsedToTargetNonUSPersons Archivo:Presidential-policy-directive 20.pdf - Wikipedia ...

President Trump signed an order that reverses the classified rules and cyber processes from the Obama administration, known as IVE PPD 20. It was signed in October 2012, and this directive supersedes National Security Presidential Directive NSPD-38. Integrating cyber tools with those of national security, the directive complements NSPD-54/Homeland Security Presidential Directive HSPD-23.

Per WikiPedia:

After the U.S. Senate failed to pass the Cybersecurity Act of 2012 that August,[12] Presidential Policy Directive 20 (PPD-20) was signed in secret. The Electronic Privacy Information Center (EPIC) filed a Freedom of Information Request to see it, but the NSA would not comply.[13] Some details were reported in November 2012.[14] The Washington Post wrote that PPD-20, “is the most extensive White House effort to date to wrestle with what constitutes an ‘offensive’ and a ‘defensive’ action in the rapidly evolving world of cyberwar and cyberterrorism.”[14] The following January,[15] the Obama administration released a ten-point factsheet.[16]

On June 7, 2013, PPD-20 became public.[15] Released by Edward Snowden and posted by The Guardian,[15] it is part of the 2013 Mass Surveillance Disclosures. While the U.S. factsheet claims PPD-20 acts within the law and is, “consistent with the values that we promote domestically and internationally as we have previously articulated in the International Strategy for Cyberspace”,[16] it doesn’t reveal cyber operations in the directive.[15]

Snowden’s disclosure called attention to passages noting cyberwarfare policy and its possible consequences.[15][17] The directive calls both defensive and offensive measures as Defensive Cyber Effects Operations (DCEO) and Offensive Cyber Effects Operations (OCEO), respectively.

President Trump has taken this action to aid not only the military, but it would work to deter foreign actors, impede election influence and apply new penalties for violations. There have been high worries by officials due to electric utilities and the brute cyber attacks.

***

Some lawmakers have raised questions in recent months about whether U.S. Cyber Command, the chief agency responsible for conducting offensive cyber missions, has been limited in its ability to respond to alleged Russian efforts to interfere in U.S. elections due to layers of bureaucratic hurdles.

The policy applies to the Defense Department as well as other federal agencies, the administration official said, while declining to specify which specific agencies would be affected. John Bolton, Mr. Trump’s national security adviser, began an effort to remove the Obama directive when he arrived at the White House in April, the official said.

As designed, the Obama policy required U.S. agencies to gain approval for offensive operations from an array of stakeholders across the federal government, in part to avoid interfering with existing operations such as digital espionage.

Critics for years have seen Presidential Policy Directive 20 as a particular source of inertia, arguing that it handicaps or prevents important operations by involving too many federal agencies in potential attack plans. But some current and former U.S. officials have expressed concern that removing or replacing the order could sow further uncertainty about what offensive cyber operations are allowed.

One former senior U.S. official who worked on cybersecurity issues said there were also concerns that Mr. Trump’s decision will grant the military new authority “which may allow them to have a domestic mission.”

The Obama directive, which replaced an earlier framework adopted during the George W. Bush administration, was “designed to ensure that all the appropriate equities got considered when you thought about doing an offensive cyber operation,” said Michael Daniel, who served as the White House cybersecurity coordinator during the Obama administration. “The idea that this is a simple problem is a naive one.”  More here from the WSJ.

Boy, 11, Hacks into Replica U.S. Vote Website in Minutes

Posted on by

(Reuters) – An 11-year-old boy managed to hack into a replica of Florida’s election results website in 10 minutes and change names and tallies during a hackers convention, organizers said, stoking concerns about security ahead of nationwide votes.

** 11-Year Old Emmett Brewer Hacks Into Replica US Vote ... photo

The boy was the quickest of 35 children, ages 6 to 17, who all eventually hacked into copies of the websites of six swing states during the three-day Def Con security convention over the weekend, the event said on Twitter on Tuesday.

The event was meant to test the strength of U.S. election infrastructure and details of the vulnerabilities would be passed onto the states, it added.

The National Association of Secretaries of State – who are responsible for tallying votes – said it welcomed the convention’s efforts. But it said the actual systems used by states would have additional protections.

“It would be extremely difficult to replicate these systems since many states utilize unique networks and custom-built databases with new and updated security protocols,” the association said.

The hacking demonstration came as concerns swirl about election system vulnerabilities before mid-term state and federal elections.

U.S President Donald Trump’s national security team warned two weeks ago that Russia had launched “pervasive” efforts to interfere in the November polls.

Participants at the convention changed party names and added as many as 12 billion votes to candidates, the event said.

“Candidate names were changed to ‘Bob Da Builder’ and ‘Richard Nixon’s head’,” the convention tweeted.

The convention linked to what it said was the Twitter account of the winning boy – named there as Emmett Brewer from Austin, Texas.

A screenshot posted on the account showed he had managed to change the name of the winning candidate on the replica Florida website to his own and gave himself billions of votes.

The convention’s “Voting Village” also aimed to expose security issues in other systems such as digital poll books and memory-card readers.

***

Mark Earley, the elections supervisor in Leon County who is a cybersecurity liaison between state and local officials, questioned how outsiders could obtain the security protocols used by Florida if they weren’t already behind the system’s firewalls. He said that all this “hacking noise” and “misinformation plays into the hands of the folks who are trying to undermine democracy.”

Jeff Kosseff, a lawyer and assistant professor at the United States Naval Academy Cyber Studies Department, said states are struggling with election security threats. He said they should work with outsiders in order to see if there are flaws in their systems.

“All states should look at this as a wake-up call,” Kosseff said. “What were the shortcomings identified and how they can fix it. I don’t think it should be an adversarial.”

Google Wont Stop Following You, Regardless of Settings

Posted on by

Even when you opt out. Even when you change the settings. Even without your knowledge. Next question that needs an answer…who is Google selling the data to?

Google is tracking your every move, apparently | Metro News photo

SAN FRANCISCO (AP) — Google wants to know where you go so badly that it records your movements even when you explicitly tell it not to.

An Associated Press investigation found that many Google services on Android devices and iPhones store your location data even if you’ve used a privacy setting that says it will prevent Google from doing so.

Computer-science researchers at Princeton confirmed these findings at the AP’s request.

For the most part, Google is upfront about asking permission to use your location information. An app like Google Maps will remind you to allow access to location if you use it for navigating. If you agree to let it record your location over time, Google Maps will display that history for you in a “timeline” that maps out your daily movements.

** In case you missed Tucker Carlson’s segment on Google:

 

Storing your minute-by-minute travels carries privacy risks. So Google will let you “pause” a setting called Location History.

Google says that prevents the company from remembering where you’ve been. Its support page states: “You can turn off Location History at any time. With Location History off, the places you go are no longer stored.”

But this isn’t true. Even with Location History paused, some Google apps automatically store time-stamped location data without asking.

For example, Google stores a snapshot of where you are when you merely open its Maps app. Automatic daily weather updates on Android phones note your location. So can searches that have nothing to do with location.

The privacy issue affects some two billion users of devices that run Google’s Android operating software and hundreds of millions of worldwide iPhone users who rely on Google for maps or search.

Storing location data in violation of a user’s preferences is wrong, said Jonathan Mayer, a Princeton computer scientist and former chief technologist for the Federal Communications Commission’s enforcement bureau. A researcher from Mayer’s lab confirmed the AP’s findings on multiple Android devices; the AP conducted its own tests on several iPhones and found the same behavior.

“If you’re going to allow users to turn off something called ‘Location History,’ then all the places where you maintain location history should be turned off,” Mayer said.

Google says it is being perfectly clear.

“There are a number of different ways that Google may use location to improve people’s experience, including: Location History, Web and App Activity, and through device-level Location Services,” Google said in a statement to the AP. “We provide clear descriptions of these tools, and robust controls so people can turn them on or off, and delete their histories at any time.”

To stop Google from saving these location markers, the company says, users can turn off another setting, though it doesn’t specifically reference location information. Called “Web and App Activity,” that setting stores a variety of information from Google apps and websites to your Google account.

When paused, it will prevent activity on any device from being saved to your account. But leaving “Web & App Activity” on and turning “Location History” off only prevents Google from adding your movements to the “timeline,” its visualization of your daily travels. It does not stop Google’s collection of other location markers.

You can see these stored location markers on a page in your Google account at myactivity.google.com. It’s possible, though laborious, to delete them.

To demonstrate how powerful these other markers can be, the AP created a visual map of the movements of Princeton postdoctoral researcher Gunes Acar, who carried an Android phone with Location history off and shared a record of his Google account.

The map includes Acar’s train commute on two trips to New York and visits to the High Line park, Chelsea Market, Hell’s Kitchen, Central Park and Harlem.

Huge tech companies are under increasing scrutiny over their data practices, following a series of privacy scandals at Facebook and new data-privacy rules recently adopted by the European Union.

Critics say Google’s insistence on tracking its users’ locations stems from its drive to boost advertising revenue.

“They build advertising information out of data,” said Peter Lenz, the senior geospatial analyst at Dstillery, a rival advertising technology company. “More data for them presumably means more profit.”

The AP learned of the issue from K. Shankari, a graduate researcher at UC Berkeley who studies the commuting patterns of volunteers in order to help urban planners. She noticed that her Android phone prompted her to rate a shopping trip to Kohl’s, even though she had turned Location History off.

“I am not opposed to background location tracking in principle,” she said. “It just really bothers me that it is not explicitly stated.”

Google offers a more accurate description of how Location History works in a popup when you pause the setting on your Google account webpage . It notes that “some location data may be saved as part of your activity on other Google services, like Search and Maps.”

There’s another obscure notice if you turn off and re-activate the “Web & App Activity” setting. It notes that the setting “saves the things you do on Google sites, apps, and services … and associated information, like location.”

The warnings offered when you turn Location History off via Android and iPhone device settings are more difficult to interpret.

Since 2014, Google has let advertisers track the effectiveness of online ads at driving foot traffic , a feature that Google has said relies on user location histories.