Category Archives: Cyber War

Tips from FBI on Cyber Security

Posted on by

National Cyber Security Awareness Month 2017

Protecting Yourself Online in an Interconnected World

As hacks, data breaches, and other cyber-enabled crime become increasingly commonplace, this year’s National Cyber Security Awareness Month is an important reminder of the need to take steps to protect yourself and your family when using the Internet. Launched in 2004 by the Department of Homeland Security and the National Cyber Security Alliance, the annual campaign held every October is designed to help the public stay safe online and to increase national resiliency in the event of a cyber incident. We could all learn a little more about cyber security, which is why the Alpine Security cybersecurity blog is so valuable.

“Cyber risks can seem overwhelming in today’s hyper-connected world, but there are steps you can take to protect yourself and reduce your risk,” said Assistant Director Scott Smith of the FBI’s Cyber Division. “The FBI and our partners are working hard to stop these threats at the source, but everyone has to play a role. Use common sense; for example, don’t click on a link from an unsolicited e-mail, and remember that if an online deal seems too good to be true, it probably is. And overall, remain vigilant to keep yourself and your family safe in the online world, just as you do in the physical world.”

How can you protect yourself?

  • Learn about the IC3—and use it if you’re ever a victim. The Internet Crime Complaint Center (IC3) is a reliable and convenient reporting mechanism for the public to submit complaints about Internet crime and scams to the FBI. The IC3 uses the information from public complaints to refer cases to the appropriate law enforcement agencies and identify trends. The IC3 has received nearly 4 million complaints since it was created in 2000. Anyone who is a victim of an Internet enabled crime, such as an online scam, should file a complaint with IC3 to help the FBI stop hackers and other cyber criminals. Learn more about the lifecycle of a complaint submitted to the IC3.
  • Practice good cyber hygiene at work. When you’re at work, you’re a target. From personal data to financial information to company secrets, company networks are a gold mine for hackers and fraudsters. One common scam that victimizes companies is Business e-mail compromise, in which a hacker will gain access to a company official’s e-mail to defraud the company or access employees’ private information. Additionally, ransomware, in which hackers will place malware in digital files that demands ransom, is a serious threat to companies and other large organizations. If you are conserned about your business being vunerable online then you may need a comprehensive threat intelligence platform to protect you. Learn more about cyber hygiene to protect yourself and your employer.
  • Know the risks of the Internet of Things (IOT). Cyber security goes beyond your computer and phone. Many homes are now filled with Internet-connected devices, such as home security systems, connected baby monitors, smart appliances, and Internet-connected medical devices. All of these devices present opportunities for hackers to spy on you and get your personal information. Using strong passwords and purchasing IOT devices from companies with a good security track record are just a few of the things you can do to protect your family and home. Learn more about IOT devices.
  • Cyber savvy? Uncle Sam wants you. As the cyber threat continues to grow, the FBI is similarly ramping up its efforts to recruit cyber experts to work as special agents, intelligence analysts, computer scientists, and more. The FBI partners with universities and other educational institutions with a science, technology, engineering, and math (STEM) focus to encourage students to pursue an FBI career, whether as an agent investigating hackers, an analyst looking strategically at threats, or a scientist evaluating evidence. The FBI offers a rewarding career in thwarting cyber attacks and bringing hackers and other criminals to justice. Visit FBIjobs.gov to apply.
  • Learn how the FBI and partner agencies are protecting critical infrastructure. Terrorist groups and other adversaries view the U.S. critical infrastructure—ranging from the financial sector to hospitals to electricity grids—as high-value targets that would disrupt American life if attacked. The FBI plays a key role in thwarting these attacks by stopping plots against critical infrastructure and investigating cyber attacks. Protecting these targets is a team effort among federal, state, local, and private sector partners. Three of the key partnership organizations the FBI is a member of are InfraGard, the Domestic Security Alliance Council, and the National Cyber-Forensics and Training Alliance. These strategic relationships promote timely information sharing between the FBI and the private sector, which helps to keep critical infrastructure networks safe from hackers and terrorists. If you’re concerned about Cyber Security, check out managed cyber security, to help you.

NCSAM 2017
Weekly Links to Cyber Resources

Week 1: Internet Crime Complaint Center (IC3)

Week 2: Work-Related Scams

Week 3: The Internet of Things (IoT)

Facebook Scrubbed Data, Possible Obstruction of Investigation

Posted on by

Related reading: Facebook COO Sheryl Sandberg meets with lawmakers investigating Russia-linked Facebook ads

Blame ‘crowdtangle’ among others. As noted on their site: ‘the easiest way to keep track of what’s happening of social media. Other sites such as meltwater broadcasts that they are ‘influencers’ and then leaderboards are created such that real or hoax operations become a trending topic.

Lots of fake news gets blamed on bloggers posing as official media outlets while quoting unnamed sources and rightly so. Some of those blogs are concoctions of Moscow while others websites repeated fake stories stoking issues and divisions within the United States from Russia media outlets such as Sputnik News and RT.

Facebook is the location of choice for millions to park links and fake items resulting in Facebook often being referred to as Fakebook.

Moscow, along with out social media tech software in the United States created algorithms that counted ‘likes and ‘shares’ which then manifested unreliable stories and questionable sources. These analytic tools have become the norm across the world and consequentially having credibility and reliance on issues or stories has fallen.

It all boils down to communication, collaboration, branding, feedback and scoring results. You are the sheep, money is made from your activity on social media with every keystroke and you don’t get paid a dime….secret financial extortion, meaning without your knowledge unless you read ALL the mice type. Facebook is a master and frankly a player where you are being punked.

This is yet another form of cyber-warfare….

Facebook scrubbed potentially damning Russia data before researchers could analyze it further

  • Facebook scrubbed thousands of posts shared during the 2016 campaign by accounts linked to Russia.
  • The removals came as a Columbia University researcher was examining their reach.
  • Facebook says the posts were removed to fix a glitch.

BI: Facebook removed thousands of posts shared during the 2016 election by accounts linked to Russia after a Columbia University social media researcher, Jonathan Albright, used the company’s data analytics tool to examine the reach of the Russian accounts.

Albright, who discovered the content had reached a far broader audience than Facebook initially acknowledged, told The Washington Post on Wednesday that the data had allowed him “to at least reconstruct some of the pieces of the puzzle” of Russia’s election interference.

“Not everything, but it allowed us to make sense of some of this thing,” he said.

Facebook confirmed that the posts had been removed, but said it was because the company had fixed a glitch in the analytics tool — called CrowdTangle — that Albright had used.

“We identified and fixed a bug in CrowdTangle that allowed users to see cached information from inactive Facebook Pages,” said Andy Stone, a Facebook spokesman.

Facebook’s decision to remove the posts from public view raised questions about whether the company could be held liable for suppressing potential evidence, given its role in the wide-ranging investigation of Russia’s election interference.

Albright told Business Insider that “because this is clearly a legal and imminent justice-related matter, I can’t provide much critical insight at this stage.

“I feel like my 10 rounds with the $500 billion dollar tech juggernaut are over,” he said.

Legal experts and scholars on the subject say scrubbing the data Albright used for his research is Facebook’s prerogative as long as it isn’t knowingly removing content sought under a court order or by government request.

“If Facebook has no reason to think that it should retain the data (subpoena, court order), then it can make choices about what appears on its platform,” said Danielle Citron, a professor of law at the University of Maryland, where she teaches and writes about information privacy.

Citron said Facebook and other private tech companies have in the past argued, successfully, that they have free speech interests and enjoy immunity from liability for the content posted by their users — immunity that extends to their ability to remove it if it violates their terms of service.

Albert Gidari, the director of privacy at the Stanford Center for Internet and Society, said it’s likely that Facebook has kept copies of “anything at issue as part of its preservation obligation” in light of special counsel Robert Mueller’s search warrant and the House and Senate Intelligence Committee subpoenas.

Gidari said that because there hasn’t been any allegation against Facebook itself, the company has no obligation, absent a court order, to maintain information “that later may be evidence.”

But the question becomes more complicated when considering the ethical obligations of a company whose tools were exploited by a foreign adversary to try to influence a US election.

Gidari, for his part, said he doesn’t think “any platform has an independent or ethical obligation to run a research playground for third-party data analysts.”

But Tom Rubin, a lecturer at Stanford Law School, said that Facebook’s “credibility as a global social platform and its responsibility as an internet giant require it to fully embrace an independent, urgent and public review of the facts.”

“Facebook’s Russia predicament is of its own doing — it controls the platform, runs the ads, and profits mightily,” said Rubin, who previously served as the assistant US Attorney in New York heading investigations and prosecutions of computer crimes.

“The investigation here is as serious as it gets: illegal and hostile foreign influence on the US presidential election,” Rubin said. “The issue confronting Facebook is the extent to which it should commit to complete transparency, and the answer to that is straightforward.”

Citron agreed.

“For transparency’s sake and for our broader interest in our democracy, people should know the extent to which they have been played by the Russians and how a hostile state actor has interfered with, manipulated, and generally hacked our political process,” she said.

That is what Albright said was his mission when he downloaded the last 500 posts shared by six accounts that Facebook has confirmed were operating out of Russia. Those accounts — Blacktivists, Being Patriotic, Secured Borders,  Heart of Texas, LGBT United, and Muslims of America — were among the 470 pages Facebook shut down in September as part of its purge of “inauthentic accounts” linked to Russia’s Internet Research Agency.

The data Albright obtained using CrowdTangle showed that the Russians’ reach far exceeded the number of Facebook users they were able to access with advertisements alone — content including memes, links, and other miscellaneous postings was shared over 340 million times between the six accounts.

The other 464 accounts closed by Facebook have not yet been made public. If they are, an analysis of their combined posts would likely reveal that their content was shared an estimated billions of times during the election.

Iran Will Not Allow Inspections of Secret Nuclear Sites

Posted on by

Primer: The Iranian Resistance has been monitoring the Islamic Revolutionary Guard Corps-controlled entity tasked with building the nuclear bomb, the Organization of Defensive Innovation and Research (Sazman-e Pazhouheshhaye Novin-e Defa’i), known by its Persian acronym SPND, for nearly two decades. SPND is comprised of 7 subdivisions, each of which carries out a certain portion of nuclear weapons research.

The unit responsible for conducting research and building a trigger for a nuclear weapon is called the Center for Research and Expansion of Technologies for Explosion and Impact (Markaz-e Tahghighat va Tose’e Fanavari-e Enfejar va Zarbeh), known by its acronym METFAZ.

Since April 2017, when the NCRI found out about a new military location being used by SPND, the coalition has focused its attention on all the potential SPND sites that we suspected were tasked with building the bomb. The NCRI’s investigation inside Iran was conducted by the network associated with the Mujahedin-e Khalq (MEK), which was responsible for blowing the cover off the program, particularly since 2002. More here.

photo

***

In December 2015, the IAEA decided to “close” the file on outstanding concerns about possible military dimensions of Iran’s nuclear program.
Without ever admitting to weaponization activities, Iran convinced the international community to wipe the slate clean. The IAEA’s report on the possible military dimensions of Iran’s nuclear program left many questions unanswered. In addition to prohibiting on site inspections of suspected military sites, Iran can delay IAEA
inspections of suspected sites without facing consequences. The JCPOA creates a minimum of a 24 day delay possibly longer between a formal IAEA request to access
a suspicious site and the date Iran must allow access. As Mr. Tobey explains, “24 days … [is] ample time for Iran to hide or destroy evidence.” More here.

***

“Iran’s military sites are off limits,” he said. “All information about these sites are classified. Iran will never allow such visits. Don’t pay attention to such remarks that are only a dream.”

Iranian President Hassan Rouhani followed up later by saying the U.S. call was unlikely to be accepted by the U.N. nuclear watchdog.

So much for what John Kerry and Barack Obama pledged to America right?

***

Decertifying the nuclear deal without walking away gives the Trump administration an opening to confront the Islamic Republic’s foreign meddling.

Jonathan Schanzer
11 October 2017 The Atlantic

President Donald Trump is taking considerable heat for his expected announcement this week that he will “decertify” the 2015 Iran nuclear deal. Critics say he is heedlessly discarding a deal that has been working, and needlessly putting America on a collision course with Iran.

As it turns out, Trump is actually not poised to “rip up the deal.” By decertifying it, the president and his advisors are, in fact, signaling their intent to strengthen it, with the help of Congress, so that the deal advances U.S. national security interests. Those interests are key criteria for the certification process, which takes place every 90 days, as laid out in the Iran Nuclear Agreement Review Act (INARA) of 2015. Right now, with the Iranians hindering inspection of military sites, working feverishly on their ballistic missile program, and banking on the nuclear deal’s sunset clauses, which all but guarantee Tehran an advanced nuclear program in roughly a decade, it’s hard to argue the deal is working for the United States.

Decertification has the potential to change all of that. The move will plunge Iran and the other parties involved in the nuclear deal into a state of limbo. It will prompt all sides to consider what the deal is worth to them, and what further compromises they may be willing to make to satisfy the national interests of the United States, as laid out by the Trump administration.

Under President Barack Obama, whose foreign-policy legacy was anchored to the nuclear deal, the promise of deferring (not preventing) Iran’s nuclear ambitions superseded all else. As a result, the fear of Iran walking away paralyzed Washington and prevented the Obama White House from making even reasonable demands of Tehran. The credible threat of a U.S. response to Iranian aggression was effectively off the table. So was the imposition of meaningful new sanctions, for that matter.

The coming decertification announcement provides an opportunity to break this paralysis. Trump is effectively telling Tehran that he sets the terms for the nuclear deal because he is not tethered to its success the way Obama was. The administration will then have a chance to chart its own Iran policy. As the 60-day INARA review period plays out, Trump can regain U.S. leverage, establish new red lines on Iranian behavior, and (unlike his predecessor) actually enforce them. If he does it right, he can do all of this without exiting the deal.

In response to decertification, Iran’s leadership will undoubtedly threaten to walk away from the table. But it’s not that simple. There are benefits the Iranians have yet to reap from the deal—beyond the more than $100 billion in released oil funds—ranging from increased foreign investment to greater integration with the global economy after years of economic isolation. In other words, Iran can still cash in considerably, but not if it balks at Trump’s calls to fix the deal.

The Europeans, Russians, and Chinese, are also reluctant to go along with Trump’s certification gambit. Some are already howling with disapproval. But some are already voicing their willingness to work with the White House. As the primary investors in Iran’s recent economic rebound, they have little choice but to try to resolve American concerns.

Of course, even the Chinese, Russians, and Europeans understand that they have a daunting task ahead of them. Iran is on a collision course with the West, one that has little to do with the nuclear file. Rather, it is about what the nuclear deal negotiators chose to ignore: Iran’s aggression across the Middle East.

Iran has harassed American ships in the Persian Gulf, held American sailors at gunpoint, bankrolled the murderous Assad regime in Syria, supported the Houthi rebels in Yemen, and furnished the majority of Hezbollah’s operating budget. And those are just a few of the highlights.

Tehran’s broader efforts to dominate the Middle East are also intensifying. From the deployment of its Revolutionary Guard Corps to far-flung corners of the region to the conscripting of Shiite irregular proxies to fight or hold territory in Syria and Iraq, Iran’s footprint continues to grow.

For American policymakers, Iran’s bid for regional hegemony is just as troubling as its nuclear ambitions. Together, they represent a dual Iranian strategy that cannot be separated, despite the P5+1’s efforts to do so back in 2015. This is why Trump should build on his decertification announcement with the rollout of a new Iran policy that actively counters these activities.

As it happens, the timing is fortuitous. The administration is slated to complete and roll out its Iran Policy Review by October 31st. If the policy lives up to the hints dropped by senior officials, the United States will once again push back on Iran’s malign behavior. If done right, it will do so wherever possible, and by using every pressure point available.

Such a policy would include designating the Revolutionary Guards as a terrorist group (a move mandated by statute by October 31st), but also new tranches of Treasury sanctions on Iranian bad actors, and other economic pressure. The financial targets figure to be non-nuclear in nature, to ensure that the United States remains compliant with the nuclear deal. But the pressure should be palpable.

From there, Washington is also expected to actively target Hezbollah, Iran’s most powerful and active proxy. The Trump administration and Congress have already signaled they will take aim at Hezbollah’s economic interests, while also weakening their positions across the Middle East.

Beyond that, Washington can take further steps to strengthen America’s allies, such as the Sunni Arab states and Israel, who are also willing to challenge Iranian aggression. This could mean greater intelligence-sharing and bilateral cooperation, but could also include new hardware and military capabilities. More broadly, the United States must signal that Iranian threats to its allies will be seen as threats to the United States itself.

Admittedly, none of this will be easy. The Middle East is a dangerous region that doesn’t respond well to change. The same can be said for Washington in the Trump era. But whatever challenges loom will be the cost of shattering the paralysis in Washington that has reduced America’s Iran policy to a false binary of either hewing to the nuclear deal or war.

The choices to counter Iranian aggression before the nuclear deal were many. President George W. Bush understood this at the tail end of his presidency. President Obama even understood this at the beginning of his. But Obama then chose to limit his options through the nuclear deal. This has not served America well. It’s time to restore those options. Decertification and a new Iran policy, if done right, can potentially put America back in the driver’s seat after two years of going along for the ride.

WC-135 Dispatched to Investigate Europe for Radiation

Posted on by

Gotta look deep for information and there are two theories, one is Russia as the other is the medical industry. Humm….it goes something like this…. By the way, the dates could easily lineup.

Related reading: US sends specialist ‘nuke sniffer’ plane to the UK as ‘radiation spike’ sparks fears Putin has tested nuclear weapon in the Arctic

Primer:

The Washington Free Beacon quotes Pentagon officials saying the unmanned underwater vehicle, code named Kanyon by the Pentagon, was test-launched from the Sarov-class submarine on November 27th.

What Pentagon names Kanyon is what in Russia is known as the «Ocean Multipurpose System Status-6» – a top secret weapon system the world has never seen anything like before.  A year ago, Russian state-TV Channel One showed a glimpse of a graphic slide of the Status-6, later on said to be an unauthorized leak of a secret weapon development plan. 

The drawings on the slide could very well be a purpose leak aimed at telling the world what weapon-systems are under development. The TV news covered the meeting in Sochi where President Putin was told by high-ranking officers in the Strategic forces how Russia’s nuclear deterrence strategy is developing. Moscow are looking for ways to overcome the United States’ Anti-Ballistic Missile Defence system, and one answer is to go deep with the nukes. Highly suggested reading more here.

Mysterious Radiation Spike Across Europe

Nuclear scientists are struggling to determine the source of small amounts of nuclear radiation that bloomed over Europe throughout January.

France’s IRSN institute, the public body for radiological and nuclear risks, announced in a statement on February 13 that Iodine-131, a radionuclide of human origin, was detected in trace amounts at ground-level atmosphere in continental Europe. First detected in the second week of January over northern Norway, Iodine-131 presence was then detected over Finland, Poland, Germany, Czech Republic, France, and Spain. However, the levels have since returned to normal and scientists have yet to determine the source of the radiation.

Norway’s Radiation protection Authority (NRPA), which first detected the Iodine-131 over its northern Russian border, told Motherboard over the phone today that the levels present essentially no risk to human health. “I can assure you that the levels are low,” said a press a spokesperson.

But with a half-life of just eight days, the detection of Iodine-131 is proof of a recent release, said IRSN in its statement to the media.

Rumors are circulating, of course, that Russia has secretly tested a low-yield nuclear weapon in the Arctic, possibly in the Novaya Zemlya region—historically used for Russia’s nuclear tests. Iodine-131, discovered by two University of California researchers in 1938, is a radioisotope synonymous with the atomic bomb tests carried out by the US and Russia throughout the 1950s, and has recently presented threats from leaking during the Chernobyl nuclear power plant disaster and the 2011 Fukushima nuclear accident.

But Iodine-131 is also found in the medical industry, commonly used for treating thyroid-related illnesses and cancers. Astrid Liland, head of the section for emergency preparedness at the NRPA, told Motherboard in an email today, “Since only Iodine-131 was measured, and no other radioactive substances, we think it originates from a pharmaceutical company producing radioactive drugs.
Iodine-131 is used for treatment of cancer.”

Particulate Iodine-131 (value +/- uncertainty) in the atmosphere(µBq/m3). Image: IRSN

Britain’s Society for Radiological Protection (SRP) also told Motherboard that the exclusive presence of Iodine-131 suggests the source is not a nuclear incident, but rather a medical facility such as a hospital or a supplier of radio-pharmaceuticals. “The release was probably of recent origin. Further than this it is impossible to speculate,” the SRP’s Brian Gornall told Motherboard in an email.

Still, where exactly that pharma company could be located is unknown. “Due to rapidly changing winds, it is not possible to track exactly where it came from. It points to a release source somewhere in Eastern Europe,” Liland told Motherboard.

The Iodine cloud prompted the United States Air Force to send over a specialized particle-sniffing aircraft to investigate. As per reports on The Aviationist, a US Air Force WC-135 deployed to Royal Air Force base Mildenhall in the UK on February 17, equipped to test the atmosphere over Europe for radiation. The aircraft’s last intercontinental expedition was to analyse the atmosphere over the Korean Peninsula following an alleged North Korean nuclear test.

The deployment spurred on rumors of a nuclear test from Russia, but a spokesperson for the the Comprehensive Nuclear-Test-Ban Treaty Organization (CTBTO), an international body that monitors nuclear weapon tests, told Motherboard in an email today, “Although some readings of I-131 above minimal detection level have been observed since beginning of year in Europe nothing extraordinary has been measured.”

The IRSN said in its statement that the data has now been shared between the members of the informal European network called Ring of Five, a group of organizations that research radiation levels in the atmosphere.

Russia has Provided N Korea Additional Hacking Platforms

Posted on by

Hackers from North Korea are reported to have stolen a large cache of military documents from South Korea, including a plan to assassinate North Korea’s leader Kim Jong-un.

Rhee Cheol-hee, a South Korean lawmaker, said the information was from his country’s defence ministry.

The compromised documents include wartime contingency plans drawn up by the US and South Korea.

They also include reports to the allies’ senior commanders.

Plans for the South’s special forces were reportedly accessed, along with information on significant power plants and military facilities in the South.

Mr Rhee belongs to South Korea’s ruling party, and sits on its parliament’s defence committee. He said some 235 gigabytes of military documents had been stolen from the Defence Integrated Data Centre, and that 80% of them have yet to be identified.

The hack took place in September last year. In May, South Korea said a large amount of data had been stolen and that North Korea may have instigated the cyber attack – but gave no details of what was taken.

North Korea denied the claim. The isolated state is believed to have specially-trained hackers based overseas, including in China. More here.

Russia is always part of the rogue nation process, it is curious of the timing as you read on. TransTeleCom is owned by Russia’s state-run railway company and has fiber optic cables that follow all the country’s main train lines, including all the way up to the North Korean border.

photo

Related reading: North Korea gets new internet access via Russia

Reuters: North Korea has opened a second internet connection with the outside world, this time via Russia, a move which cyber security experts said could give Pyongyang greater capability to conduct cyber attacks.

Previously traffic was handled via China Unicom (0762.HK) under a deal dating back to 2010. TransTeleCom now appears to be handling roughly 60 percent of North Korean internet traffic, while Unicom transmits the remaining 40 percent or so, Dyn said.

The new external connection was first reported by 38 North, a project of the U.S.-Korea Institute at Johns Hopkins School of Advanced International Studies (SAIS).

TransTeleCom declined to confirm any new routing deal with the North Korean government or its communications arm. In a statement, it said: “TransTeleCom has historically had a junction of trunk networks with North Korea under an agreement with Korea Posts and Telecommunications Corp signed in 2009.”

North Korea’s internet access is estimated to be limited to somewhere between a few hundred and just over 1,000 connections. These connections are vital for coordinating the country’s cyber attacks, said Bryce Boland, chief technology officer for the Asia-Pacific region at FireEye, a cyber-security company.

Boland said the Russian connection would enhance North Korea’s ability to command future cyber attacks.

Having internet routes via both China and Russia reduces North Korea’s dependence on any one country at a time when it faces intense geo-political pressures, he said.

Many of the cyber attacks conducted on behalf of Pyongyang came from outside North Korea using hijacked computers, Boland said. Those ordering and controlling the attacks communicate to hackers and hijacked computers from within North Korea.

“This will improve the resiliency of their network and increase their ability to conduct command and control over those activities,” Boland said.

The Washington Post reported earlier that the U.S. Cyber Command has been carrying out denial of service attacks against hackers from North Korea designed to limit their access to the internet. (wapo.st/2yRbg8w)

In February 2005, the TTK became the largest party in terms of the European Internet Exchange London Internet Exchange (LINX). In July 2005, the TTK became the fifth operator in Russia, received the right to provide long-distance services (after Rostelecom, Tsentrinfokoma, Golden Telecom and MTT). “TransteleCom” JSC provides communications services in Kazakhstan and for a map of locations and services, go here.