Due to N Korea, Hawaii Goes to Nuclear Warning Systems

Posted on November 28, 2017November 28, 2017 by Denise Simon

TOKYO/WASHINGTON (Reuters) – Japan has detected radio signals suggesting North Korea may be preparing for another ballistic missile launch, although such signals are not unusual and satellite images did not show fresh activity, a Japanese government source said on Tuesday.

After firing missiles at a pace of about two or three a month since April, North Korean missile launches paused in September, after Pyongyang fired a rocket that passed over Japan’s northern Hokkaido island.

“This is not enough to determine (if a launch is likely soon),” the source told Reuters.

Japan’s Kyodo news agency reported late on Monday that the Japanese government was on alert after catching such radio signals, suggesting a launch could come in a few days. The report also said the signals might be related to winter military training by the North Korean military.

South Korea’s Yonhap news agency, citing a South Korean government source, also reported that intelligence officials of the United States, South Korea and Japan had recently detected signs of a possible missile launch and have been on higher alert.

photo

Hawaii reinstates Cold War-era nuclear attack warning signal amid North Korea tension

Hawaii is reinstating a statewide nuclear attack warning signal in December to prepare for a potential attack from North Korea.

The alarm, which has not been used since the Cold War, will be reinstated on Dec. 1 as part of a ballistic missile preparedness program, according to the Hawaii Emergency Management Agency (HI-EMA).

The agency instructed residents to immediately “Get inside, stay inside and stay tuned” if they hear the siren. Alerts will be sent to resident’s phones and broadcast on television and radio. “When [HI-EMA] started this campaign, there were concerns we would scare the public. What we are putting out is information based on the best science that we have on what would happen if that weapon hit Honolulu or the assumed targets,” said HI-EMA Administrator Vern Miyagi during an emergency preparedness presentation.

Since officials would have only 15 minutes or less of warning time before a North Korean missile’s impact, Hawaii residents are advised to have a designated place to go for shelter. “There will be no time to call our loved ones, pick up our kids and find a designated shelter. We should all prepare and exercise a plan ahead of time so we can take some comfort in knowing what our loved ones are doing,” said Miyagi in an interview with The Honolulu Star Advertiser.

Although the U.S. has conducted successful missile interception tests, there is no guarantee that the Navy would detect and intercept a target, the HI-EMA warns.

An HI-EMA fact sheet explains that, based on the estimated yield of North Korean missiles, there could be anywhere from 50,000 to 120,000 burn casualties and nearly 18,000 fatalities if an attack occurs.

After an attack, residents would have to stay sheltered in place until the HI-EMA has fully assessed the radiation and fallout, which could take a few hours or as long as 14 days, the agency says on its website.

State officials have been holding town halls to answer questions from residents.

3 Chinese Nationals Charged with Hacking, Stealing Intellectual Property

Posted on November 27, 2017November 27, 2017 by Denise Simon

Indictment found here.

Wonder if President Trump has called President Xi….The U.S. Treasury should at least sanction Guangzhou Bo Yu Information Technology Company Limited….

Pittsburgh:

The Justice Department on Monday unsealed an indictment against three Chinese nationals in connection with cyberhacks and the alleged theft of intellectual property of three companies, according to US officials briefed on the investigation.

But the Trump administration is stopping short of publicly confronting the Chinese government about its role in the breach. The hacks occurred during both the Obama and Trump administrations.

The charges being brought in Pittsburgh allege that the hackers stole intellectual property from several companies, including Trimble, a maker of navigation systems; Siemens, a German technology company with major operations in the US; and Moody’s Analytics.

US investigators have concluded that the three charged by the US attorney in Pittsburgh were working for a Chinese intelligence contractor, the sources briefed on the investigation say. But missing from court documents filed in the case is any explicit mention that the thefts were state-sponsored.

A 2015 deal between then-President Barack Obama and Chinese President Xi Jinping prohibits the US and China from stealing intellectual property for the purpose of giving advantage to domestic companies.

In recent months some US intelligence agencies have concluded that China is breaking the agreement, sources briefed on the matter say. But there’s debate among intelligence officials about whether there’s sufficient evidence to publicly reveal the Chinese government’s role in the infractions, these people say.

Obama administration officials had touted the Obama-Xi agreement, as well as 2014 Justice Department charges against members of the Chinese People’s Liberation Army for commercial espionage, for reducing some of the Chinese cyberactivity against companies in the US.

But the 2015 Obama-Xi deal was met with skepticism inside the US agencies whose job it is to guard against Chinese cyberactivity targeting US companies. Some now say there was only a brief drop in the number of cyberspying incidents, if at all.

Image result for Guangzhou Bo Yu Information Technology Company Limited

photo

In the waning months of the Obama administration, intelligence officials briefed senior White House officials on information showing that the Chinese cyberattacks were back to levels previously seen, sources familiar with the matter told CNN. Early in the Trump administration, US intelligence officials briefed senior officials, including the President and vice president, as well as advisers Jared Kushner and Steve Bannon. More here.

photo

***

Acting U.S. Attorney for Western Pennsylvania Soo C. Song charged Wu Yingzhuo, Dong Hao and Xia Lei with conspiracy to commit computer fraud and abuse, conspiracy to steal trade secrets, wire fraud and identity theft.

The most serious charge, wire fraud, carries a sentence of up 20 years in federal prison. Each conspiracy charge has a possible sentence of up to 10 years and the identity theft carries a sentence of up to two years.

The indictment alleged that Wu, Dong and Xia worked with Guangzhou Bo Yu Information Technology Company Limited, a Chinese cybersecurity firm in Guangzhou, but used their skills to launch attacks on corporations in the U.S.

Between 2011 and May 2017, the trio stole files containing documents and data pertaining to a new technology under development by Trimble, along with employee usernames and passwords and 407 gigabytes of proprietary data concerning Siemens’ energy, technology and transportation efforts, according to the indictment. The trio gained access to the internal email server at Moody’s Analytics and forwarded all emails sent to an “influential economist” working for the firm, the indictment stated. Those emails contained proprietary and confidential economic analyses, findings and opinions. The economist was not named in the indictment.

A Siemens spokesperson said that the company “rigorously” monitors and protects its infrastructure and continually detects and hunts for breaches. The company did not comment on the alleged breach by the Chinese hackers and declined to comment on internal security measures.

Michael Adler, a spokesman for Moody’s Analytics, said that to the company’s knowledge no confidential consumer data or other personal employee information was exposed in the alleged hack.

“We take information security very seriously and continuously review and enhance our cybersecurity defenses to safeguard the integrity of our data and systems,” Adler wrote in an email to the Tribune-Review.

Trimble, in a statement sent to the Trib, wrote that no client data was breached. The company concluded that the attack had no meaningful impact on its business.

Song, however, said the loss to the companies targeted was considerable.

“The fruit of these cyber intrusions and exfiltration of data represent a staggering amount of dollars and hours lost to the companies,” Song said.

Wu, Dong and Xia used “spearphish” emails to gain access to computers, spread malware to infect networks and covered their tracks by exploiting other computers known as “hop points.”

Hop points allow users to hide their identities and locations by routing themselves through third-party computer networks.

“But there were missteps that led our investigators right to them,” said FBI Special Agent in Charge Bob Johnson of the Pittsburgh office.

Johnson would not elaborate on the missteps the accused hackers took, claiming doing so could jeopardize future investigations.

The U.S. Attorney’s Office led the investigation and was assisted by the FBI’s Pittsburgh Division, the Navy Criminal Investigative Service Cyber Operations Field Office and the Air Force Office of Special Investigations.

AP Blames FBI for Few Warning on Fancy Bear Hacks

Posted on November 27, 2017November 27, 2017 by Denise Simon

While much of the global hacking came to a scandal status in 2015-16, the Russian ‘Fancy Bear’ activity goes back to at least 2008. The FBI is an investigative wing and works in collaboration with foreign intelligence and outside cyber experts. For official warnings to be provided to U.S. government agencies, contractors, media or political operations, the FBI will generally make an official visit to affected entities to gather evidence. The NSA, Cyber Command and the DHS all have cyber experts that track and work to make accurate attributions of the hackers.

Image result for fancy bear apt 28

The Department of Homeland Security is generally the agency to make official warnings. The Associated Press gathered independent cyber experts to perform an independent study and is ready to blame the FBI for not going far enough in warnings.

When it came to the Clinton presidential campaign hack, the FBI made several attempts to officials there and were met with disdain and distrust. The FBI wanted copies of the ‘log-in’ files for evidence and were denied.

In part the AP report states:

“CLOAK-AND-DAGGER”

In the absence of any official warning, some of those contacted by AP brushed off the idea that they were taken in by a foreign power’s intelligence service.

“I don’t open anything I don’t recognize,” said Joseph Barnard, who headed the personnel recovery branch of the Air Force’s Air Combat Command.

That may well be true of Barnard; Secureworks’ data suggests he never clicked the malicious link sent to him in June 2015. But it isn’t true of everyone.

An AP analysis of the data suggests that out of 312 U.S. military and government figures targeted by Fancy Bear, 131 clicked the links sent to them. That could mean that as many as 2 in 5 came perilously close to handing over their passwords.

It’s not clear how many gave up their credentials in the end or what the hackers may have acquired.

Some of those accounts hold emails that go back years, when even many of the retired officials still occupied sensitive posts.

Overwhelmingly, interviewees told AP they kept classified material out of their Gmail inboxes, but intelligence experts said Russian spies could use personal correspondence as a springboard for further hacking, recruitment or even blackmail.

“You start to have information you might be able to leverage against that person,” said Sina Beaghley, a researcher at the RAND Corp. who served on the NSC until 2014.

In the few cases where the FBI did warn targets, they were sometimes left little wiser about what was going on or what to do.

Rob “Butch” Bracknell, a 20-year military veteran who works as a NATO lawyer in Norfolk, Virginia, said an FBI agent visited him about a year ago to examine his emails and warn him that a “foreign actor” was trying to break into his account.

“He was real cloak-and-dagger about it,” Bracknell said. “He came here to my work, wrote in his little notebook and away he went.”

Left to fend for themselves, some targets have been improvising their cybersecurity.

Retired Gen. Roger A. Brady, who was responsible for American nuclear weapons in Europe as part of his past role as commander of the U.S. Air Force there, turned to Apple support this year when he noticed something suspicious on his computer. Hughes, a former DIA head, said he had his hard drive replaced by the “Geek Squad” at a Best Buy in Florida after his machine began behaving strangely. Keller, the former senior spy satellite official, said it was his son who told him his emails had been posted to the web after getting a Google alert in June 2016.

A former U.S. ambassador to Russia, Michael McFaul, who like many others was repeatedly targeted by Fancy Bear but has yet to receive any warning from the FBI, said the lackluster response risked something worse than last year’s parade of leaks.

“Our government needs to be taking greater responsibility to defend its citizens in both the physical and cyber worlds, now, before a cyberattack produces an even more catastrophic outcome than we have already experienced,” McFaul said. Read the full article here.

photo

***

Every organization has a Chief Technology Officer, even small business has a ‘go-to’ person for issues. To be in denial there are any vulnerabilities is reckless and dangerous. To assume systems are adequately protected against cyber intrusions is also derelict in duty.

Fancy Bear is listed as APT 28. APT=Advanced Persistent Threat.

APT28 made at least two attempts to compromise Eastern European government organizations:

•

In a late 2013 incident, a FireEye device

deployed at an Eastern European Ministry of

Foreign Affairs detected APT28 malware in

the client’s network.

•

More recently, in August 2014 APT28 used a

lure (Figure 3) about hostilities surrounding a

Malaysia Airlines flight downed in Ukraine in

a probable attempt to compromise the Polish

government. A SOURFACE sample employed

in the same Malaysia Airlines lure was

referenced by a Polish computer security

company in a blog post.

The Polish security

company indicated that the sample was “sent

to the government,” presumably the Polish

government, given the company’s locations and visibility.

Additionally:

Other probable APT28 targets that we have

identified:

•

Norwegian Army (Forsvaret)

•

Government of Mexico

•

Chilean Military

•

Pakistani Navy

•

U.S. Defense Contractors

•

European Embassy in Iraq

•

Special Operations Forces Exhibition (SOFEX)

in Jordan

•

Defense Attaches in East Asia

•

Asia-Pacific Economic Cooperation

There is also NATO, the World Bank and military trade shows. Pure and simple, it is industrial espionage.

MALWARE

Evolves and Maintains Tools for Continued, Long-Term Use

•

Uses malware with flexible and lasting platforms

•

Constantly evolves malware samples for continued use

•

Malware is tailored to specific victims’ environments, and is designed to hamper reverse engineering efforts

•

Development in a formal code development environment

Various Data Theft Techniques

•

Backdoors using HTTP protocol

•

Backdoors using victim mail server

•

Local copying to defeat closed/air gapped networks

TARGETING

Georgia and the Caucasus

•

Ministry of Internal Affairs

•

Ministry of Defense

•

Journalist writing on Caucasus issues

•

Kavkaz Center

Eastern European Governments & Militaries

•

Polish Government

•

Hungarian Government

•

Ministry of Foreign Affairs in Eastern Europe

•

Baltic Host exercises

Security-related Organizations

•

NATO

•

OSCE

•

Defense attaches

•

Defense events and exhibitions

RUSSIAN ATTRIBUTES

Russian Language Indicators

•

Consistent use of Russian language in malware over a period of six years

•

Lure to journalist writing on Caucasus issues suggests APT28 understands both Russian and English

Malware Compile Times Correspond to Work Day in Moscow’s Time Zone

•

Consistent among APT28 samples with compile times from 2007 to 2014

•

The compile times align with the standard workday in the UTC + 4 time zone which includes major Russian cities such as Moscow and St. Petersburg

Excerpts from above were extracted in part from this 45 page report.

FireEye, is a non-government independent cyber agencies that has performed and continues to perform cyber investigations and attributions. There are others that do the same. To blame exclusively the FBI for lack of warnings is unfair.

Hacking conditions were especially common during the Obama administration and countless hearings have been held on The Hill, while still there is no cyber policy, legislation or real consequence. Remember too, it was the Obama administration that chose to do nothing with regard to Russia’s interference until after the election in November and then only in December did Obama expel several Russians part of diplomatic operations and those possibly working under cover including shuttering two dachas and one mission post in San Francisco.

Foreign Agent Registry, in U.S. and Russia for Media

Posted on November 16, 2017November 16, 2017 by Denise Simon

FARA is the most broken system we have when it comes to checks and balances…we cant begin to determine foreign media operations in the U.S. that are really espionage networks much less ad agencies or lobbyists. Scary right? How about foreign students that are operatives or foreign workers with jobs in government roles or in government contractor positions…we dont even know what we dont know….

Senator Chuck Grassley has called for some changes to FARA.

This is getting testier by the day….the United States is requiring RT to register as a foreign agent. Likewise, Moscow is requiring the same…so thinking about WikiLeaks or Fusion GPS, is there enough evidence they should be registered as foreign agents? Sheesh…here is the rub…

Russian Lawmakers: 9 US-Funded News Outlets Could Be Forced to Register as ‘Foreign Agents’

Russia said Thursday it has warned nine United States government-funded news operations they will probably be designated “foreign agents” under new legislation in retaliation to a U.S. demand that Kremlin-supported television station RT register as such in the United States.

The Russian Justice Ministry said Thursday it had notified the Voice of America (VOA), Radio Free Europe/Radio Liberty (RFE/RL) and seven separate regional outlets active in Russia they could be affected.

The ministry published a list of the outlets on its website, including a statement that said the changes were likely to become law “in the near future.”

Expands 2012 law

Russia’s lower house of parliament approved amendments Wednesday to expand a 2012 law that targets non-governmental organizations to include foreign media. A declaration as a foreign agent would require foreign media to regularly disclose their objectives, full details of finances, funding sources and staffing.

Media outlets also may be required to disclose on their social platforms and internet sites visible in Russia that they are “foreign agents.” The amendments also would allow the extrajudicial blocking of websites the Kremlin considers undesirable.

“We can’t say at this time what effect this will have on our news gathering operations within Russia,” said VOA Director Amanda Bennett. “All we can say is that Voice of America is, by law, an independent, unbiased, fact-based newsorganization, and we remain committed to those principles.”

RFE/RL President Tom Kent said until the legislation becomes law, “we do not know how the Ministry of Justice will use this law in the context of our work.”

No access to cable in Russia

Kent said unlike Sputnik and other Russian media operating in the U.S., U.S. media outlets operating in Russia do not have access to cable television and radio frequencies.

“Russian media in the U.S. are distributing their programs on American cable television. Sputnik has its own radio frequency in Washington. This means that even at the moment there is no equality,” he said.

The speaker of Russia’s lower house, the Duma, said Tuesday that foreign-funded media outlets that refused to register as foreign agents under the proposed legislation would be prohibited from operating in the country.

However, since the law’s language is so broad, it potentially could be used to target any foreign media group, especially if it is in conflict with the Kremlin. Comparatively, the U.S. law targets only state-funded groups. The privately owned American television channel CNN and the German public broadcaster Deutsche Welle also have been mentioned as potential targets.

The amendments, which Amnesty International said would inflict a “serious blow” to media freedom in Russia if they become law, were approved in response to a U.S. accusation that RT executed a Russian-mandated influence campaign on U.S. citizens during the 2016 presidential election, a charge the television channel denies.

Putin has last word

The amendments must next be approved by the Russian Senate and then signed into law by President Vladimir Putin.

RT, which is funded by the Kremlin to provide Russia’s perspective on global issues, confirmed Monday it met the Justice Department’s deadline by registering as a foreign agent in the U.S.

The United States considers RT a propaganda arm of Russia, and told it to register its foreign operation under the Foreign Agents Registration Act aimed at attorneys and lobbyists representing political interests.

Former KGB Officer Hired for US Embassy Moscow Security

Posted on November 15, 2017November 15, 2017 by Denise Simon

photo

Synopsis:

Added: Oct 27, 2017 1:51 pm

Local Guard Services for US Mission Russia. Contract was awarded in accordance with FAR 6.302-2, Unusual and compelling urgency.

Contract is in accordance with 52.216-25 CONTRACT DEFINITIZATION.

The 4 page contract is here, it appears it was an emergency choice and hire.

US_Mission_Russia_17R0554_-_J&A_FBO

Are there any people left in the contract office that have any brains? Is there anyone at the State Department providing guidance or final approvals with brains?

photo

US embassy hires security firm of former Russian spy who worked with Putin

The US embassy in Moscow is to be guarded by a company owned by a former head of KGB counter-intelligence who worked with British double agent Kim Philby and young Vladimir Putin, after cuts to US staff demanded by Russia.

Elite Security Holdings was awarded a $2.83 million contract to provide “local guard services for US mission Russia,” which includes the Moscow embassy and consulates in St Petersburg, Yekaterinburg and Vladivostok, according to a post on a US state procurement website.

The contract and background of the firm came to light in a Kommersant newspaper report on Friday.

Elite Security, a private company and the oldest part of the eponymous holding, was founded in 1997 by Viktor Budanov and his son Dmitry, according to a Russian business registry.

A 2002 article posted on the site of Russia’s foreign intelligence service identified Mr Budanov as a major general in the agency who became a Soviet spy in 1966 and retired a year after the collapse of the USSR.

His long work in Soviet and Russian intelligence could raise questions about whether the guard services contract poses a security or intelligence risk to the US mission.

The US embassy referred The Telegraph to the state department, which did not respond to requests for comment.

Moscow forced Washington to cut its diplomatic staff in Russia from more than 1,200 to 455 in response to sanctions adopted against Russia in August.

Before his work in foreign intelligence Mr Budanov was the director of the KGB’s counter-intelligence division, he has told Russian media.

He also was head of the KGB branch in East Germany in the late 1980s, where a young Mr Putin served under him. In a 2007 interview, Mr Budanov lamented the collapse of the USSR, praised Mr Putin’s leadership and warned that Russia “can’t constantly act as (the Americans) want” or it would be destroyed.

He has also said he worked with Britain’s most infamous Soviet double agent after Philby defected to the USSR in 1963 and was once a guest at a private lunch given in Philby’s honour by Yury Andropov, the KGB head who became leader of the Soviet Union.

In the 1990s, Mr Budanov became acquainted with high-level US intelligence officials while providing business intelligence and security to foreign companies.

He formed a joint venture with the former assistant director of the National Security Agency and said in 2007 he personally knew the head of security at the US embassy in Moscow.

International Risk and Information Services, a company Mr Budanov founded in 1992 that later became part of Elite Security Holdings, says on its website it employs staff with experience in “state security organs”.

In testimony before a UK court in 1993, Oleg Gordievsky, a KGB bureau chief in London who became a British agent, said Mr Budanov had drugged and interrogated him after he was recalled to Moscow under suspicion.

Mr Budanov also handled sensitive operations like teaching Bulgarian agents how to use a poisonous umbrella to kill dissidents, Mr Gordievsky said.