Category Archives: Cyber War

Facebook Suggested Friends Feature Recruited for ISIS

Posted on by

Ooops, call it Artificial Intelligence or an automated outcome friend feature because Mark Zuckerberg thinks connecting people to be friends globally is a good thing. In this case, not so much and who was paying attention? Further, has it been fixed? Nah.

Remember the time when Islamic State has mastered social media to exploit their jihad successes including their videos and publications? The world was in shock and yet, it continues today.

What about al Qaeda, or other domestic militant groups? Facebook says there is no easy fix, what? Anyone considering other social media platforms or the tech companies such as Google?

Facebook (FB) is being accused of inadvertently helping Islamist extremists connect and recruit new members. A new report in The Telegraph cites research suggesting that the social media giant connected and introduced thousands of extremists through its “suggested friends” feature. One writer who spoke to CBSN says “it’s cause for concern.”

The research was conducted by the Counter Extremism Project, a non-profit organization that pressures companies to remove extremist content online. It plans to release its findings in an extensive report later this month.

“The failure to effectively police its platform has allowed Facebook to become a place where extensive (Islamic State of Iraq and Syria or ISIS) supporting networks exist, propaganda is disseminated people are radicalized and new supporters are recruited,” researcher Gregory Waters told The Telegraph.

Facebook is already facing criticism for failing to remove terrorist material from its platform. The platform has also been blamed for spreading disinformation that stokes violence in Myanmar.

“There is no place for terrorists on Facebook,” a Facebook spokesperson said in a statement. “We work aggressively to ensure that we do not have terrorists or terror groups using the site, and we also remove any content that praises or supports terrorism. 99 percent of ISIS and Al Qaeda-related content we remove is found by our automated systems.”

J.M. Berger, author of “Extremism” and a fellow with the Counter-Terrorism Strategic Communications program, told CBSN’s Elaine Quijano that this issue is something that’s been known for some time and says “it’s cause for concern,” but further analysis of the research is needed. Berger said that “the online environment for ISIS and other jihadist extremists is much more difficult than it was just a couple of years ago.”

“It’s a problem we’ve known about for a long time … I first wrote about it in 2013,” Berger said. “All of the social media platforms use algorithms that allow them to suggest content that you might be interested in. It’s a key, integral part of their functioning and what we’ve seen is that these algorithms will recommend whatever kind of content … whether it’s extremist content or normal content. Managing that is a slightly different problem than managing extremist content where you go in and look for keywords.”

“You can be on Facebook and be an ISIS supporter and not post content that would get you suspended — if you don’t put anything publicly than you’re not going to get caught,” Berger explained. “But if you’re part of a social network that supports ISIS, then once a person becomes friends with you — Facebook is going to suggest that they all become friends.”

Berger elaborated: “It used to be that it was extraordinarily easy to find this content — to find other people doing active recruiting who are being open supporters — now that is no longer the case. We can’t realistically hope for 100 percent elimination of this content on these platforms, but now the question is how much is left?”

China and Russia Using Same Aggressive Military Playbook

Posted on by

So, we cannot deny that Russia has been quite aggressive against the United States and our allies that go beyond the conflict in Syria and hacking. Russian spy ships cruise our coastlines, Russian fighter jets buzz our aircraft and Russian mercenaries from the Wagner Group attack our forces. Russia also encroaches on other countries and successfully annexes them such as Crimea and Ukraine.

So, what about China?

Photos show scale of construction in disputed area of ... photo

Well there are those disputed Spratley Island, claimed by several countries where China has taken full control. Now those islands which are part of one the largest maritime shipping channels in the world are weaponized and fortified by China with cruise missiles and surface to air weapons platforms. China is well known for hacking, successful industrial espionage and intellectual property theft.

The placement of the defensive weapons also comes on the heels of China’s recent South China Sea installation of military jamming equipment, which disrupts communications and radar systems. By all accounts, the new coastal defense systems represent a significant addition to Beijing’s military portfolio in one of the most contested regions in the world.

The land-based anti-ship cruise missiles, designated as YJ-12B, allow China to strike surface vessels within 295 nautical miles of the reefs. Meanwhile, the long-range surface-to-air missiles designated as HQ-9B, have an expected range of targeting aircraft, drones and cruise missiles within 160 nautical miles.

The defensive weapons have also appeared in satellite images of Woody Island, China’s military headquarters in the nearby Paracel Islands. More here.

As the Chinese have a military base just one mile from the American base in Djibouti, at least ten nasty encounters by the Chinese against American aircraft have been recorded. So, the Pentagon has filed a demarche.

In a press briefing Thursday, Pentagon Chief Spokesperson Dana White told reporters that the “very serious incidents” had resulted in “two minor injuries,” noting that Chinese laser use “poses a true threat to our airmen.” White said the U.S. has asked China to investigate laser use in the area. “It’s a serious matter. And so we’re taking it very seriously,” White explained. “We expect China to investigate it thoroughly.”

China’s ‘neighbouring base’ in Djibouti worries Pentagon ... photo

Camp Lemonnier is the only permanent American base in Africa and is home to around 4,000 troops. Opened in 2001, the installation has become a vital staging point for U.S. counter-terrorism operations, especially as a regional hub for American drone missions launched from a network of other nearby bases. Initially an 88-acre base, an agreement was signed with the Djibouti government in 2006 to expand the facility to 500 acres.

Chinese military observers told the Post that China’s laser use may be trying to scare off birds near its airfield or disrupting spy drones flying above, rather than targeting foreign pilots. Analyst Zhou Chenming told the newspaper, “The Chinese and U.S. bases in Djibouti are really close, so one could disturb the other if the two sides don’t have a proper communication mechanism.”

*** But hold on…Tucker Carlson asked a handful of key questions to Senator Marco Rubio. The answers were terrifying.

Remembering Some Facts on the Iran Nuclear Deal

Posted on by

There are at least two side deals, which Susan Rice admitted to. One dealing with the IAEA and the other of the PMD’s (possible military dimension) sites with particular emphasis on Parchin and Fordow.

Fordow is protected by Russian-made, S-300 advanced air defense system at the Fordow underground uranium enrichment facility. dordow s300

So, what is going on now?

 

  • Europe Works to Save the JCPOA | The P5+1 and Iran Nuclear Deal Alert, April 25, 2018
    April 25, 2018
    As time winds down to the May 12 deadline President Trump set for negotiating a “fix” to the nuclear deal with Iran, Washington’s P5+1 partners are warning Washington of the consequences if the deal collapses.
  • The P5+1 and Iran Nuclear Deal Alert, March 22, 2018
    March 22, 2018
    The JCPOA Joint Commission met for its first full meeting since Trump’s threat to pull out of the deal unless so-called “flaws” are corrected. Director General Yukiya Amano reports that the IAEA has access to all needed locations. Russia vetoed a resolution condemning Iran for failing to implement an arms embargo on Yemen, and more in this issue.

 

For some historical context on the deal…..

When the Obama administration decided to launch this effort, he even called on the Catholic Bishops? Are we to assume there was some confab at the Vatican? Yup!

Back in March 2014, a delegation of US bishops made a historic visit to Qom, Iran and held a meeting with Iranian religious leaders. On November 17, an audience at the Carnegie Endowment for International Peace in Washington, DC will have the chance to hear firsthand what they discussed in Qom, and during a subsequent meeting in Rome in June of this year.

The first meeting focused on the need for a world free of nuclear weapons. Following up on opportunities presented by this visit, in July 2014, Ploughshares Fund provided a $50,000 grant to the US Conference of Catholic Bishops (USCCB) to build a sustainable and effective channel of communication between US and Iranian religious leaders. Supporting such ‘Track II’ dialogues can indirectly aid official negotiations around tough issues, in this case, talks around Western sanctions and Iran’s nuclear program.

Although purely a people to people moral dialogue, the sensitive political situation made it difficult for a reciprocal delegation of Muslim clerics from Iran to visit the US, so the two parties met in Rome. The June 5-10 encounter focused on the moral tenets of each faith, especially as they relate to human rights, weapons of mass destruction, and terrorism. Keeping this constructive dialogue open remains important – even though the Iran nuclear agreement has entered into effect and is working, relationships between Iranians and Americans remain fragile.

Ayatollah Mahdi Hadavi Moghaddam Tehrani and Ayatollah Abolghasem Alidoost headed the five-member Iranian delegation. Representatives from the USCCB participating in the dialogue included Bishop Oscar Cantú of Las Cruces, New Mexico, chair of the bishops’ Committee on International Justice and Peace; Cardinal Theodore McCarrick, archbishop emeritus of Washington; Bishop Richard Pates of Des Moines, Iowa; and Bishop Denis Madden, auxiliary bishop of Baltimore. Bishops Cantú, Madden and Pates will report out on the Qom and Rome meetings during the November 17th Washington, DC event.

Following the dialogue, a joint declaration was issued by US Catholic bishops and Iranian religious leaders calling for developing a culture of encounter, tolerance, dialogue and peace that respects the religious traditions of others. The leaders emphasized that they regard the development and use of weapons of mass destruction and acts of terrorism as “immoral.”

“Together,” Bishop Cantú said on the occasion, “we commit ourselves to continued dialogue on the most pressing issues facing the human family, such as poverty, injustice, intolerance, terrorism, and war.” He called the joint declaration “the fruit of sincere dialogue between two religions that are united in their concern for the life and dignity of the human person.”

Ploughshares Fund is proud to support these extraordinary dialogues, which aid in fostering cross-border understanding around the thorniest problem we face today: the risks associated with nuclear weapons and nuclear weapons proliferation.

*** Who is Ploughshares? It was founded by Sally Lilienthal.

Instead of getting ready for a quiet life of retirement, the 62-year-old sculptor, human rights activist and mother decided to take on nuclear weapons.

“I thought that if a lot of people felt the same way I did but didn’t know what to do about it, we might get together and search for new ways together to get rid of nuclear weapons that were threatening us all,” she later told the San Francisco Chronicle.

With a little help from her friends and a lot of grit and determination, Sally founded Ploughshares Fund in her San Francisco living room in 1981, the same year IBM announced its first Personal Computer.

Sally was ahead of her time in many ways. After college, she moved to Washington, DC during World War II to work in the Office of War Information when few women held office jobs. Later, she co-founded the California chapter of the NAACP Legal Defense and Education Fund, served on the regional ACLU board and was national vice chairwoman of Amnesty International.

*** Where did the 35-year-old organization get its war chest to support a major media organization’s coverage of the negotiations and contribute so generously to one of the most prominent campaigns championing the deal?

Mostly through other large-scale grant-making foundations and philanthropic organizations, some of the largest in the world, such as The John D. and Catherine T. MacArthur Foundation, The Hewlett Foundation, Open Society Foundations and the Rockefeller Brothers Fund, each of which gave more than $100,000 to Ploughshares in 2015, according to its latest financial report. The craigslist Charitable Fund, of the classified advertisement website company, chipped in with between $25,000 and $99,000.

Ploughshares also received its share of support from members of the Hollywood community, particularly Jewish ones. It received a donation of between $10,000 and $24,999 from actor Michael Douglas, and between $5,000 and $9,999 from the Streisand Foundation, which was established by the Jewish singer-actress Barbra Streisand.

Through the rest of its donors, Ploughshares received $6,980,384 last year, much of which went toward pushing the nuclear accord, which was struck between the P5+1 world powers and Iran last July and then defeated congressional scrutiny. In September, a bill to reject the deal ultimately failed to receive the required backing to override President Obama’s veto power.

Col. Kang Defects from North Korea, Manhunt Underway

Posted on by

Mr. Kang is likely under protection of the West and has offered key intelligence that has aided the United States, Japan and South Korea in the talks with the Kim regime.

One of North Korea’s most senior intelligence officials, who played a major role in building Pyongyang’s nuclear weapons program, has disappeared and is believed to have defected to France or Britain, according to sources. South Korean media identified the missing official as “Mr. Kang”, and said he is a colonel in North Korea’s State Security Department (SSD), also known as Ministry of State Security. Mr. Kang, who is in his mid-50s, enjoyed a life of privilege in North Korea, because he is related to Kang Pan-sok (1892-1932), a leading North Korean communist activist and mother to the country’s late founder, Kim Il-sung.

According to South Korean reports, Kang was in charge of North Korea’s counter-espionage operations in Russia and Southeast Asia, including China. He is also believed to have facilitated secret visits to Pyongyang by foreign nuclear scientists, who helped build North Korea’s nuclear weapons program. In recent years, Kang was reportedly based in Shenyang, the largest Chinese city near the North Korean border, which is home to a sizeable ethnic Korean population. According to reports, Kang led Unit 121, an elite North Korean hacker group based in Shenyang, with the aim of carrying out cyber-attacks without implicating North Korea. The South Korean-based DailyNK website said on Wednesday that Kang had been based at the Zhongpu International Hotel in Shenyang (until recently named Chilbosan Hotel), which has historically been operated through a joint Chinese-North Korean business venture and is known to host numerous North Korean government officials.

Chilbosan Hotel Shenyang (Shenyang) photo

But according to DailyNK, Kang disappeared from Shenyang in February and is now believed to have defected, possibly “to France or Great Britain”. The Seoul-based website said Kang took “a lot of foreign currency with him” as well as “a machine capable of printing American dollars”. Following Kang’s disappearance, the government in Pyongyang launched a worldwide manhunt for him, sending at least 10 agents to assassinate him before he is given political asylum in the West, said DailyNK. Pang’s family, including his wife and children, are believed to still be in Pyongyang.

***

While it is reported that North Korea has released 3 Americans from a labor camp to detention at a hotel from observation and deprogramming. There is no word on full release however, there is more going on with behind the scenes and that includes this defection along with the unit this Colonel worked for while living and stationed in China.

***

The North Korean hackers hit the systems of the Israeli energy company to attempt to penetrate the best electronic protection systems, South Korea’s newspaper Naver reported. According to the company’s experts, the North Korean cyber actors have real capabilities to damage the infrastructure of the United States, Japan and other countries.

Last year, experts warned that the North Korean cyber army could be far more dangerous to global security than its nuclear missiles. “North Korean cyberattacks and other malicious cyber activities pose a risk to critical infrastructure in countries around the world and to the global economy,” the statement said.

Since 2011, Pyongyang has been scaling up its cyber capacities. The North Korean regime is suspected to be exploiting its cyber weapons for political purposes to intimidate its opponents as well as to steal crypto-currency.

North Korean hackers are involved in major cyber offensives
In 2013, the three largest broadcasting companies and two banking institutions of South Korea suffered a massive attack against their systems. According to Shinhan Bank and Nonghyup Bank representatives, about 32,000 computers were infected while internet banking and ATMs stopped working. While Pyongyang still denies any involvement, cybersecurity experts pointed to North Korean group Lazarus.

In August 2014, North Korea hacked the Channel 4 to prevent the production of a drama depicting the fictional story of a nuclear scientist kidnapped in the country.

However one of the most advanced attacks was the intrusion into the network of Sony Corporation in September 2014. The malware destroyed 70% of information stored in the company’s computers. According to Jim Lewis, senior fellow at the Center for Strategic and International Studies, the attack turned out to be the worst of its type on a company on U.S. soil.

North Korean hackers raise funds for regime
International sanctions forced Kim Jong-un to look for alternative and illegal sources of financing. By late 2015, the North Korean hackers shifted their attention to the global financial system, according to researchers at BAE Systems, FireEye and Symantec.

In 2016, they were about to commit the most astonishing bank robbery in history. The cybercriminals were close to stealing a billion dollars from the Federal Reserve of New York and only a misprint in the word “foundation” kept them from it.

North Korean state-backed hackers have been also accused of the WannaCry ransomware attack that affected hundreds of thousands of computers worldwide in 2017. Taking into account large amounts of stolen money, it becomes clear that despite the growing political and economic pressure Pyongyang will be able to stay afloat for long.

“Winter is coming”
According to the commander of the US forces in South Korea, General Brooks, the North Korean military forces are currently capable of carrying out the most efficient and well-prepared cyber-attacks in the world.

Robert Hannigan, former director of the Center for Government Communication of Great Britain says that as of June 2017, North Korea had 1,700 state-sponsored hackers and more than 5,000 support staff personnel. They all operate under the Main Intelligence Department of North Korean Armed Forces, known as Unit 586. The so-called Bureau 121 is the main unit conducting cyberattacks abroad. The US Department of Homeland Security refers to this structure as Hidden Cobra, while private companies gave the common name Lazarus to all North Korean hackers. But no one exactly knows how many different subdivisions the North Korea’s cyber-army has.

Earlier this year, cybersecurity firm McAfee reported that hackers have targeted organizations involved in the 2018 Pyeongchang Winter Olympics, which are set to start this week.  The malicious actors attempted to obtain passwords and sensitive financial data. Speculations have risen that the North could be responsible amid anti-North Korean demonstrations in the Korean Republic and increasingly hostile rhetoric between Pyongyang and Washington.

Some analysts believe that the ongoing talks between Pyongyang and Seoul are Kim Jong-un ruse aimed to distract attention from the North Korea’s nuclear program and its malicious activities in cyberspace. But even if talks go smoothly, Pyongyang will never give up further development of its cyber weapons.

North Korea’s advanced cyber warfare capabilities could be truly scaring and risk escalating the crisis. As international bodies consider enforcing sanctions, Pyongyang continues its campaign of outright theft. Korean Olympic detente won’t last forever.

Next time when Kim Jong-Un feels trapped or insulted his cyber army will be ready to wreak havoc.

 

Approval Process for Cyberwarfare Challenged

Posted on by

Cyber is a real battlefield and yet it gets almost zero ink in the media. The reason is due in part to exposing vulnerabilities, forced ransoms and stolen data.

NotPetya could be the beginnings of a new kind of ... photo

Just a couple of years ago: Chet Nagle, a former CIA agent and current vice president of M-CAM, penned an article in the Daily Caller, stating, “At FBI headquarters in July, the head of FBI counterintelligence, Randall Coleman, said there has been a 53% increase in the theft of American trade secrets, thefts that have cost hundreds of billions of dollars in the past year. In an FBI survey of 165 private companies, half of them said they were victims of economic espionage or theft of trade secrets — 95% of those cases involved individuals associated with the Chinese government.”

The threats all appear to have a foreign genesis and the United States does not have a real cyber policy due in part to debates over whether cyber attacks are acts of war. Can the United States fight back with her own cyber weapons? Not really, kinda, maybe.

Tracking the theft is left to the FBI, while responding is left to the U.S. Cyber Command. Army Lt. Gen. Paul Nakasone is the head of Cyber Command facing strategic threats from Russia, China, North Korea and Iran. During his confirmation hearings, Nakasone was grilled on how he would position the agencies to confront mounting Russian aggression in cyberspace, whether through attempted interference in U.S. elections or targeting the electric grid and other critical industrial systems.

Members of the White House’s National Security Council are pushing to rescind Presidential Policy Directive 20, an important policy memorandum that currently guides the approval process for government-backed cyberattacks, three current U.S. officials familiar with the matter tell CyberScoop.

The effort is driven in part by a desire from some NSC staff to create a more streamlined channel for military leaders to get their offensive cyber operations greenlit, insiders familiar with the matter said. The sources spoke under the condition of anonymity to freely discuss sensitive national security matters.

The move comes as lawmakers openly question whether U.S. Cyber Command, the nation’s premier cyber warfare unit, is hamstrung from responding to Russian meddling due to bureaucratic red tape. CyberScoop previously reported that multiple congressional committees are considering policies that could empower the military’s cyber mission.

But the push for change faces resistance from the intelligence community and several other federal agencies involved in cybersecurity.

Senior U.S. intelligence officials have expressed concerns over what rescinding the directive will mean for their own active computer spying missions. These covert operations, which are typically pursued by intelligence agencies like the CIA or NSA, could be exposed by the launch of “louder” disruptive-style attacks from the military. The presence of multiple hacking teams simultaneously targeting a single network often makes it easier for them all to be discovered by the victim.

Prior reporting by CyberScoop has shown that a long-running turf war exists between different federal agencies regarding the proper use of hacking tools in order to protect the homeland.

Even before Trump came to office though, the framework in question was considered a source of frustration inside the Pentagon.

Signed by President Barack Obama in 2012, the directive’s critics say that it was written in a confusing manner that leaves open-ended questions. In addition, critics tell CyberScoop that too many federal agencies are allowed to weigh in on proposed cyber operations, causing “even reasonable” plans to be delayed or outright rejected.

Insiders who are resistant to eliminating the directive admit that PPD-20 is flawed, but fear change because they’ve not seen a replacement plan.

“Better the devil you know, or something like that,” a former U.S. official said. “This is such a crucial decision because whatever comes next will dictate how arguments are settled inside government … you have the military on one side and the IC on the other.”

The NSC, CIA and Office of the Director of National Intelligence declined to comment. The NSA referred CyberScoop to U.S. Cyber Command, who in turn did not respond to a request for comment.

Currently, PPD-20 requires U.S. government agencies to run approvals for offensive operations through a chain of command that stretches across the federal government. The process is largely focused on controlling those operations that go beyond the confines of everyday digital espionage, or computer exploitation, to simply collect information.

According to PPD-20, if an operation is considered “of significant consequence,” it requires the direct blessing of the president in addition to the interagency group. Hacking operations that, for example, shut down a power grid or cause equipment to explode would fit into such a description. But experts say it also includes less flashy tactics like deleting data or corrupting software in a destructive manner.

“This directive pertains to cyber operations, including those that support or enable kinetic, information, or other types of operations,” PPD-20 reads. “The United States has an abiding interest in developing and maintaining use of cyberspace as an integral part of U.S. national capabilities to collect intelligence and to deter, deny, or defeat any adversary.”

After coming under scrutiny last month, outgoing NSA Director Adm. Michael Rogers told lawmakers that there’s an “ongoing policy discussion” about redrawing the regulations looming over military cyber operations. Unlike conventional military activities, the internet makes it difficult for policymakers to draw clear cut boundaries. This challenges also runs up against longstanding laws that underpin, and therefore divide, the work of soldiers and spies.

Historically, intelligence agencies — empowered by Title 50 of the U.S. Code — have led the way on U.S.-backed hacking that occur in countries like Iran or China; where armed conflict is absent. Military operations fall under the purview of Title 10 of the U.S. Code.

It’s not clear whether giving military leaders more leeway to conduct hacking operations will ultimately make those units more effective at their missions. The details surrounding these activities are always classified, which inhibits the public from having a substantive policy debate.

Ultimately, the decision to eliminate PPD-20 falls solely to the executive branch. Sources tell CyberScoop no final decision has been made.

What makes PPD-20 difficult to analyze is the fact that it remains a classified document, despite it being leaked by NSA whistleblower Edward Snowden. The classification means current officials are barred from publicly commenting on it.

Thomas Rid, a professor of strategic studies at Johns Hopkins University, said that Snowden’s PPD-20 leak was notable because it revealed the U.S. government’s thought process behind “the rise of unwanted norms caused by escalatory cyberattacks.”

“Reading between the lines, the framework acknowledges the negative effect on global cyber norms that events like Stuxnet can cause because of escalation,” said Rid.

Rid also believes the directive was “naïvely constructed,” relying too much on the idea that cyberattacks only impact other machines, and not people.

“When you look at what’s happened in 2016, and really since then, it makes the people who wrote PPD-20 seem like they don’t understand the current threat environment where Russia, and to some degree Iran, are combining active measures with cyber to change public perception,” he told CyberScoop. “Russia is basically kicking the U.S.’ ass.”