Category Archives: Cyber War

Trump’s Son-in-Law to Head new WH Office

Posted on by

Really, at issue for smoother government operations is upgrading computer software across all agencies. Some parts of government is operating on Microsoft products no longer supported while others in fact still use DOS. It was never a lack of appropriations by Congress but rather using those funds for other expenditures and in some cases paying bonuses or for travel to classes, seminars or training.

Rather than have the White House launch this initiative, an outside advisory group should be mobilized to introduce and demonstrate innovation as the private sector is the cutting edge. Each agency lead or cabinet secretary should submit a ‘wants and needs’ wish list such that outside agencies can address those potential solutions, otherwise we end up with the fraud and collusion endured with the launch of the front-end, back-end and website for Obamacare. Anyone remember that disaster?

Image result for white house innovation summit

Anyway, the Obama administration did an innovation summit and solutions showcase at the White House. Has the Trump administration been through those files? Google visited the Obama White House at least once a week. This may be a good mission for government in the end, as Google is in fact offering some assistance to some issues the Trump White House is considering.

***

Trump Pledges New Office to Bring Business Innovation to Government Operations

The Trump administration is launching a new office to spur innovation in government operations, the White House announced Monday, promising to give business acumen a more prominent role in federal activities.

President Trump tapped Jared Kushner, his son-in-law and senior adviser, to lead the new White House Office of American Innovation. The administration is billing the initiative — first reported by The Washington Post — as a SWAT team of former business executives. The goal, the White House said, is to shake up the status quo of the federal bureaucracy by infusing new ideas that allow private enterprises to succeed.

The administration billed the office as non-partisan, looking for any new ideas from both inside and outside government. It will aim to make improvements at every federal agency, including through technology overhauls, projects stemming from Trump’s promised infrastructure investment and procurement reform. A particular area of focus will be improving the Veterans Affairs Department. The White House said the innovation office will function as a service organization offering its assistance to agencies.

Trump formally created the office through a presidential memorandum issued Monday, in which he vowed the office would “solve today’s most intractable problems.” It will consist of about a dozen existing White House staff and consult with the directors of the Office of Management and Budget and the Office of Science and Technology Policy. After hearing from private sector leaders and government officials, the office will make policy recommendations to the president and “coordinate implementation of any resulting plans.”

When an agency is struggling with certain projects, the office and its team of White House advisers and business leaders will come in to offer creative and cost-efficient solutions. The team will look to ensure agencies keep pace with the latest innovations in the private sector.

The office will “apply the president’s ahead-of-schedule and under budget mentality to a variety of government operations and services, enhancing the quality of life for all Americans,” White House Press Secretary Sean Spicer said Monday. He conceded that “government is not business,” as there are certain things that “business would never do” and government must pick up the slack. Business leaders, he explained, can “help us deliver a better product, a better service to the American people.”

The business leaders participating in the project are “looking to give back in some way, shape or form,” Spicer said.

The new office is the latest in a series of moves from Trump aiming to streamline government operations. Earlier this month, he issued an order calling for a “comprehensive plan for reorganizing the executive branch,” which will require a “thorough examination” of every agency to identify “where money can be saved and services improved.” Another order has sent task forces to every agency to identify regulations for elimination or modification.

It also follows initiatives by several recent presidential administrations to modernize and streamline the way agencies do their work. On the technology side, a key focus of the new innovation office, President Obama launched the U.S. Digital Service in 2014 as a White House office to offer a “SWAT team” in troubleshooting high-priority information technology projects, as well as the General Services Administration’s 18F to provide consultant services to agencies looking to build up new technology-based offerings. Still, Spicer said some functions of government are so “outdated and unmodernized” that agencies are no longer serving their constituencies.

Through his Grace Commission, President Reagan tapped business executives to help identify waste and inefficiencies in government.

“What we need from you and your expertise and your associates is to literally come in to the various departments and agencies of government and look at them as if you were considering a merger or a takeover, and to see how modern business practices could be put to work to make government more efficient and more effective,” Reagan told his group in 1982. The commission eventually identified $424 billion in cuts. “There are a million things that you think of and take for granted every day in your business that you’ll find they don’t take it for granted in Washington, and it isn’t done that way, and that’s what it’s all about,” Reagan said.

President Clinton’s National Partnership for Reinventing Government promised to remake the federal government. Its National Performance Review proposed 1,200 changes to “serve customers better,” similar to Kushner’s promise to “achieve successes and efficiencies for our customers, who are the citizens.”

Fired, Preet Bharara and $100 Million Dollars

Posted on by

With the approval of President Trump, Attorney General Jeff Sessions fired several attorneys general including the United States Attorney General for the Southern District of New York, Preet Bharara. In many instances, this may have been a prudent decision, however, Bharara did in fact perform some stellar legal work and credit must be offered where it is due.

This post is not so much about the Attorney General being fired as it is about the matter of hacking and phishing and costing two domestic internet tech companies $100 million dollars. These schemes are a very common daily event and few if any companies ever talk about it publically as they reveal cyber protection vulnerabilities and how employees are duped to the schemes. To be more clear, this is how Hillary Clinton’s campaign architect, John Podesta had his emails scooped up such that WikiLeaks got them, posted them for global access during the United States campaign and election cycle.

Further, to those out there that are angry with the FBI, this case in some fairness illustrates the work rank and file agents are tasked to investigate. When it comes to cyber/hacking cases, they are among the hardest to solve especially with international operatives.

Image result for preet bharara  BusinessInsider

Now enter Preet Bharara and the case he prosecuted against EVALDAS RIMASAUSKAS. The indictment is found here.

In an additional disclosure, Bharara is also being sued by a hedge-fund.

The summary of the case:

Department of Justice

U.S. Attorney’s Office

Southern District of New York

FOR IMMEDIATE RELEASE

 

Lithuanian Man Arrested For Theft Of Over $100 Million In Fraudulent Email Compromise Scheme Against Multinational Internet Companies

Joon H. Kim, the Acting United States Attorney for the Southern District of New York, and William F. Sweeney Jr., the Assistant Director-in-Charge of the New York Office of the Federal Bureau of Investigation (“FBI”), announced criminal charges against EVALDAS RIMASAUSKAS for orchestrating a fraudulent business email compromise scheme that induced two U.S.-based internet companies (the “Victim Companies”) to wire a total of over $100 million to bank accounts controlled by RIMASAUSKAS. RIMASAUSKAS was arrested late last week by authorities in Lithuania on the basis of a provisional arrest warrant.  The case has been assigned to U.S. District George B. Daniels.

Acting U.S. Attorney Joon H. Kim said:  “From half a world away, Evaldas Rimasauskas allegedly targeted multinational internet companies and tricked their agents and employees into wiring over $100 million to overseas bank accounts under his control. This case should serve as a wake-up call to all companies – even the most sophisticated – that they too can be victims of phishing attacks by cyber criminals. And this arrest should serve as a warning to all cyber criminals that we will work to track them down, wherever they are, to hold them accountable. The charges and arrest in this case were made possible thanks to the terrific work of the FBI and the cooperation of the victim companies and their financial institutions. We thank the companies and their banks for acting quickly, coming forward promptly, and cooperating with law enforcement; it led not only to the charges announced today, but also the recovery of much of the stolen funds.”

FBI Assistant Director William F. Sweeney Jr. said:  “As alleged, Evaldas Rimasauskas carried out a business email compromise scheme creatively targeting two very specific victim companies. He was initially successful, acquiring over $100 million in proceeds that he wired to various bank accounts worldwide. But his footprint would eventually lead investigators to the truth, and today we expose his lies. Criminals continue to commit a wide variety of crimes online, and significant cyber data breaches have had a negative impact across a variety of industries. The FBI will continue to work with our domestic and international partners to pursue criminals who engage in this type of activity, wherever they may be hiding.”

According to the allegations contained in the Indictment unsealed today[1]:

From at least in or around 2013 through in or about 2015, RIMASAUSKAS orchestrated a fraudulent scheme designed to deceive the Victim Companies, including a multinational technology company and a multinational online social media company, into wiring funds to bank accounts controlled by RIMASAUSKAS.  Specifically, RIMASAUSKAS registered and incorporated a company in Latvia (“Company-2”) which bore the same name as an Asian-based computer hardware manufacturer (“Company-1”), and opened, maintained, and controlled various accounts at banks located in Latvia and Cyprus in the name of Company-2.  Thereafter, fraudulent phishing emails were sent to employees and agents of the Victim Companies, which regularly conducted multimillion-dollar transactions with Company-1, directing that money the Victim Companies owed Company-1 for legitimate goods and services be sent to Company-2’s bank accounts in Latvia and Cyprus, which were controlled by RIMASAUSKAS.  These emails purported to be from employees and agents of Company-1, and were sent from email accounts that were designed to create the false appearance that they were sent by employees and agents of Company-1, but in truth and in fact, were neither sent nor authorized by Company-1.  This scheme succeeded in deceiving the Victim Companies into complying with the fraudulent wiring instructions.

After the Victim Companies wired funds intended for Company-1 to Company-2’s bank accounts in Latvia and Cyprus, RIMASAUSKAS caused the stolen funds to be quickly wired into different bank accounts in various locations throughout the world, including Latvia, Cyprus, Slovakia, Lithuania, Hungary, and Hong Kong.  RIMASAUSKAS also caused forged invoices, contracts, and letters that falsely appeared to have been executed and signed by executives and agents of the Victim Companies, and which bore false corporate stamps embossed with the Victim Companies’ names, to be submitted to banks in support of the large volume of funds that were fraudulently transmitted via wire transfer.

Through these false and deceptive representations over the course of the scheme, RIMASAUSKAS, the defendant, caused the Victim Companies to transfer a total of over $100,000,000 in U.S. currency from the Victim Companies’ bank accounts to Company-2’s bank accounts.

*                *                *

RIMASAUSKAS, 48, of Vilnius, Lithuania, is charged with one count of wire fraud and three counts of money laundering, each of which carries a maximum sentence of 20 years in prison, and one count of aggravated identity theft, which carries a mandatory minimum sentence of two years in prison.

The maximum potential sentences are prescribed by Congress and are provided here for informational purposes only, as any sentencing of the defendant will be determined by the judge.

Mr. Kim praised the outstanding investigative work of the FBI, and thanked the Prosecutor General’s Office of the Republic of Lithuania, the Lithuanian Criminal Police Bureau, the Vilnius District Prosecutor’s Office and the Economic Crime Investigation Board of Vilnius County Police Headquarters for their assistance in the investigation and arrests, as well as the Department of Justice’s Office of International Affairs.

The case is being prosecuted by the Office’s Complex Frauds and Cybercrime Unit.  Assistant U.S. Attorney Eun Young Choi is in charge of the prosecution.  Assistant U.S. Attorney Edward Diskant is handling the forfeiture aspects of the prosecution.

The charges contained in the Indictment are merely accusations, and the defendant is presumed innocent unless and until proven guilty.

 

[1] As the introductory phrase signifies, the entirety of the text of the Indictment, and the description of the Indictment set forth herein, constitute only allegations, and every fact described should be treated as an allegation.

About that Trump Server with Pings from Alfa Bank

Posted on by

A matter of note: Alfa Bank has FIFA as a customer. Under Loretta Lynch at DoJ, she prosecuted the FIFA fraud, Further, that pesky Trump dossier that was crafted by Christopher Steele is the same person that broke the case on FIFA. (Note the end of this press release).

Image result for alfa bank  Image result for alfa bank russia

Press Statement: Alfa Bank confirms it has sought help from U.S. authorities, and discloses new cyberattacks linked to Trump hoax  —

Alfa Bank, a privately owned Russian bank, confirmed today that it has contacted U.S. law enforcement authorities for assistance and offered U.S. agencies its complete co-operation in finding the people behind attempted cyberattacks on its servers that have made it appear falsely that it has been communicating with the Trump Organization.

Alfa Bank confirmed a story in Circa News that it had been subjected to three new attempted domain name server (DNS) cyberattacks of increasing intensity over the last few weeks. In the attacks, multiple DNS requests were made by unidentified individuals, mostly using U.S. server providers, to a Trump Organization server. The DNS requests were made to appear as if they originated from Alfa Bank. The DNS responses from the Trump server were then erroneously returned to Alfa Bank, activating Alfa Bank’s automated security systems on February 18 and again on March 11 and 13. Alfa Bank has engaged the U.S.-based cyber forensics firm Stroz Friedberg to investigate these new attacks.

Alfa Bank believes that these malicious attacks are designed to create the false impression that Alfa Bank has a secretive relationship with the Trump Organization. In fact, there is not and never has been such a relationship.

New February 2017 attack on Alfa Bank server

On February 18, 2017, Alfa Bank experienced suspicious cyber-activity from an unidentified third-party. Specifically, the unidentified third-party repeatedly sent suspicious DNS queries from servers in the U.S. to a Trump Organization server. The unidentified individuals made it look as though these queries originated from variants of MOSCow.ALFAintRa.nET. As a result, the DNS responses from the Trump server were returned incorrectly to Alfa Bank’s server, which triggered Alfa Bank’s automated security system.

Alfa Bank believes that unknown individuals — using an identified U.S.-based service provider — are behind this recent attack, and that they are attempting to trigger verification signals between Alfa Bank and a server associated with the Trump Organization.

It believes that someone or some group manufactured this deceit by «spoofing» or falsifying DNS lookups to create the impression of communication between Alfa Bank and the Trump Organization. However, Alfa Bank’s DNS servers neither send nor receive email. Instead, they react when contacted by unwanted and unsolicited messages by sending out DNS verification signals asking, in effect, who is the server contacting Alfa Bank.

An Alfa Bank spokesperson said:

“The cyberattacks are an attempt by unknown parties to manufacture the illusion of contact between Alfa Bank’s DNS servers and ’Trump servers’.

«A simple analogy would be someone in the U.S. sending an empty envelope (in this case a DNS signal) to a Trump office (server) addressed to Trump, but on the back of the envelope the return address is Russia (Alfa Bank) instead of its own real address. The Trump office, recognizing there is nothing in the empty envelope to deal with, returns it as undelivered to Russia instead of to the U.S.-based sender. So, on cursory examination, Alfa Bank appears to have been receiving responses to queries it never actually sent.

«We have gone to the U.S. Justice Department and offered our complete co-operation to get to the bottom of this sham and fraud.»

Other indications of human intervention include the fact that the queries occurring in these logs included mixed uppercased and lowercased letters. The majority of DNS queries are machine based queries (for example, browsers and email clients), which would send lowercased queries to the DNS servers.

A few days after the February 18 DNS attack, Alfa Bank again started to receive inquiries from U.S. media outlets, including CNN, about allegations of cyber links with Donald Trump. No such link exists or, in fact, has ever existed between Alfa Bank and Mr. Trump or his organization.

An anonymous group has been trying for months to persuade news organizations to publish stories that such a link is real. Alfa Bank has asked reporters who have contacted it about the traffic to assist by letting the bank know if someone is trying to create the false impression that Alfa Bank has business or other dealings with Mr. Trump.

Two new confirmed March 2017 attacks on Alfa Bank server

On March 11 and 13, Alfa Bank was subjected to two new DNS attacks using similar methods. These attacks appear to have been orchestrated from multiple servers primarily in the U.S.

Between 02:00 and 07:00 (Moscow Time) on March 11 and at 21:00 on March 13, Alfa Bank experienced suspicious cyber activity from an unidentified third party or parties. The unidentified third parties or party repeatedly sent unusual DNS queries to a Trump server, the responses to which again ultimately triggered Alfa Bank’s automated security system.

Over a five-hour period on Saturday — and again on Monday — Alfa Bank received more than 1,340 DNS responses containing mail.trump-email.com.moscow.alfaintra.net.

These malicious and seemingly co-ordinated DNS attacks are coming from unidentified users using a variety of predominantly U.S. servers, including Google and Amazon web services. These IP service providers are inadvertently allowing their infrastructure to be used to attack Alfa Bank.

Alfa Bank suspects the unidentified parties are attempting to cover their tracks by using cloud services from these providers.

Given the frequency of the attacks and the variety of Internet service providers used in the attacks, Alfa Bank’s working hypothesis is that these new attacks are being launched from a botnet.

Possible third new attack In March 2017

Alfa Bank has now started to monitor all incoming messages to its servers containing the word «trump.» This monitoring has revealed that Alfa Bank also is receiving unsolicited marketing emails from «marketing@trumphotels.com.» These incoming spam marketing emails also trigger Alfa Bank’s security system, which automatically sends multiple DNS verification requests back to the originating server — here, the Trump server — in order to ascertain the identity of the sender.

Alfa Bank does not know whether these marketing emails are legitimate, or whether a third-party is orchestrating the campaign in another attempt to create the false impression of inappropriate communications between Alfa Bank and the Trump Organization.

In response to media questions that started last September, Alfa Bank asked Mandiant, one of the world’s leading cyber experts, to investigate allegations suggested by an anonymous cyber group of a link between Alfa Bank and Trump, based on unverified DNS logs.

Mandiant completed its independent investigation late last year. After examining Alfa Bank’s system both remotely and on the ground in Moscow, and the unverified DNS data presented to the media by the anonymous cyber group, Mandiant concluded that there is no evidence of substantive contact, such as emails or financial links, between Alfa Bank and the Trump Campaign or the Trump Organization.

Mandiant investigated (1) the DNS data given to the media, which journalists had shared with independent DNS experts, and (2) Alfa Bank servers for any evidence of links.

Mandiant concluded:

DNS data — There is no information that indicates where the list (obtained by reporters) has come from. The list contains approximately 2,800 look ups of a Domain Name over a period of 90 days. The information is inconclusive and is not evidence of substantive contact or a direct email or financial link between Alfa Bank and the Trump Campaign or Organization.

Alfa Bank servers — Nothing we have or have found alters our view as described above that there is no evidence of substantive contact or a direct email or financial link between Alfa Bank and the Trump Campaign or Organization.

Mandiant’s working hypothesis is that the activity the reporters’ sources alleged last year was caused by an email marketing/spam campaign possibly targeted at Alfa Bank employees by a marketing server, which triggered security software.

Earlier this year, Alfa Bank launched another investigation to find out who was — and maybe still is — behind this elaborate hoax.

Access to other’s DNS data is highly privileged and is usually independently examined for academic purposes and cyber security research. Therefore, the examination and sharing of DNS data by the people involved in these fraudulent activities brings into question whether these data were acquired lawfully and whether it was ethical to misuse privileged access in order to manufacture a deceit.

Alfa Bank’s working hypothesis is that an individual — possibly well known in internet research circles — may have fed selected DNS data to an anonymous cyber group to ensure they reached a specific (and erroneous) conclusion. Alternatively, the cyber group may have been complicit in the deceit. In the most recent cases, unknown individuals demonstrably attempted to insert falsified records onto Alfa Bank’s computer systems designed to create the same impression.

An Alfa Bank spokesperson said: «The anonymous cyber group, which is led according to news accounts by ‘Tea Leaves,’ cannot produce evidence of a link because there never has been one. Alfa Bank believes that it is under attack and has pledged its complete cooperation to U.S. authorities to find out who is behind these malicious attacks and false stories.»

Founded in 1990, Alfa-Bank is a full-service bank operating in most sectors of the financial market, including retail and corporate lending, investment banking, leasing, factoring and trade finance.

According to its IFRS Consolidated Financial Statements as of 31 December 2016, the Alfa Banking Group, which comprises ABH Financial, Joint Stock Company Alfa-Bank as well as its subsidiary financial companies, had total assets of $38.2 bn, gross loans of $23.9 bn, and total equity of $5.7 bn. Net profit for 2016 amounted to $527 mln.

As of December 31, 2016 the Alfa Banking Group serves around 334,000 corporate and 14.3 mln retail customers, while the branch network consists of 733 offices across Russia and abroad, including a subsidiary bank in the Netherlands and financial subsidiaries in United Kingdom and Cyprus.

Alfa-Bank is an official European bank of the 2018 FIFA World Cup and the 2017 FIFA Confederations Cup. Since its foundation in 1990 Alfa-Bank has been known for supporting of large cultural events. With the assistance of Alfa-Bank a lot of world-famous foreign musicians visited Russia: Ray Charles, Elton John, Tina Turner, Bryan Adams, Eric Clapton, Sting, Robbie Williams, Whitney Houston, Paul McCartney, Mark Knopfler and others.

In 2011 the bank organized a 4D show of internationally acknowledged David Atkins on Moscow’s Vorobyovy Hills visited by over 800 000 spectators. In addition, Alfa-Bank is the organizer of the annual modern music and technology festival AlfaFuturePeople.

North Korea’s Weapons Program Includes More Countries

Posted on by

We can go back to 1968 when North Korea hijacked our naval intelligence ship USS Pueblo as a reminder for the basis on how to address North Korea today.

Image result for uss puelbo

Then as today, Russia collaborated with North Korea as does Iran. North Korea dispatched 2 MiG fighter jets along with several attack submarines in the capture of the Pueblo. At the time was also the Vietnam war of which Russia provided unmeasured military support to North Vietnam and did not want to add another theater of conflict with the United States, as noted by the Blue House raid.  noted by the In fact, China cannot be overlooked either for many reasons.

Newly placed U.S. Secretary of State Rex Tillerson is traveling the region meeting with Asian leaders on the matter of stopping North Korea. The question is how far and wide are these talks with regard to additional countries cooperation with North Korea.

As for Iran and North Korea, The Telegraph reported the following:

The Shahab-3 is a modified version of North Korea’s Nodong missile which itself is based on the old Soviet-made Scud.

The Nodong, which Iran secretly acquired from North Korea in the mid-1990s, is designed to carry a conventional warhead. But Iranian engineers have been working for several years to adapt the Shahab-3 to carry nuclear weapons.

“This is a major breakthrough for the Iranians,” said a senior US official. “They have been trying to do this for years and now they have succeeded. It is a very disturbing development.”

The Shahab 3 has a range of 800 miles, enabling it to hit a wide range of targets throughout the Middle East – including Israel.

Image result for north korea high thrust engine UPI

Further in 2015, Forbes reported collaboration between Iran and North Korea where the exchange of engineers and scientists between the two countries is common:

North Korea and Iran are believed to be exchanging critical stuff – North Korean experts and workers remaining in place while Iran sends observers to check out intermittent North Korean missile launches and see what North Korea is doing about staging a fourth underground nuclear explosion.

The nuclear exchange revolves around North Korea’s program for developing warheads with highly enriched uranium – with centrifuges and centrifuge technology in part acquired from Iran. At the same time, North Korea is able to assist Iran in miniaturizing warheads to fit on missiles – a goal the North has long been pursuing – and also can supply uranium and other metals mined in its remote mountain regions.

“North Korea continues to supply technology, components, and even raw materials for Iran’s HEU weaponization program,” says Bruce Bechtol, author of numerous books and studies on North Korea’s military and political ambitions. Moreover, he says, “They are even helping Iran to pursue a second track by helping them to build a plutonium reactor.”

That assessment supports the view of analysts that Iran is counting on North Korean expertise in constructing a reactor that produces warheads with plutonium. The reactor would be a more powerful version of the aging five-megawatt “experimental” reactor with which the North has built perhaps a dozen warheads at its nuclear complex at Yongbyon, including three that it’s tested underground — in October 2006, May 2009 and February 2013, two years ago this month.

Then comes China, where the entire North Korea internet platform used by North Korea is hosted by China. Beyond managing cyber systems for North Korea, China is also collaborating with North Korea on nuclear weapons at key production sites producing lithium for thermonuclear and boosted fission research and development.

Sanctions have been placed on North Korea due to violations of UN resolutions due to the weapons of mass destruction operations which does include missiles and the nuclear program. However, North Korea has not been affected with regard to the research/development and production due to out of country front operations where China and Malaysia are involved.

Forbes also reported:

Although the UN resolutions have highly restricted North Korea’s access to the financial system on paper, the report suggests that these sanctions have not affected the ability of North Korean networks such as Pan Systems Pyongyang to finance its operations, asserting that the network maintains bank accounts in China, Malaysia, Singapore, Indonesia, and the Middle East. By conducting financial transactions under the names of its affiliates such as Pan Systems Singapore, the company has been able to maintain sufficient financial access to the international financial system that it was able to transfer funds to a supply chain of more than twenty companies in China, and has also used front companies to conduct transactions via Hong Kong-registered companies that were cleared through U.S. correspondent banks in New York. The Panel of Experts report also provides details on the interception in the Suez Canal of the Cambodian-flagged and North Korean-crew piloted Jie Shun in what it categorizes as the “largest interdicted ammunition consignment in DPRK sanctions history,” superseding the 2013 interdiction of the North Korean flagged Chong Chon Gang ship that was loaded with vintage Cuban munitions and airplane parts. The interdiction of the Jie Shun by Egypt revealed a cargo from North Korea through the Suez Canal containing 30,000 PG-7 rocket propelled grenades (RPG) and related sub-components shipped in wooden crates concealed under 2,300 tons of limonite (iron ore). The Jie Shun evaded detection by cutting off GPS during most of its journey, with the exception of transit through heavily trafficked straits and ports. The shipment from Haeju in North Korea to an undisclosed Middle Eastern destination were falsely labeled as “assembly parts for an underwater pump,” and the bill of lading showed the address of the “Dalian Haoda Petroleum Chemical Company, Ltd.”

Rex Tillerson stated that ‘strategic patience’ has run out with regard to North Korea and all options remain on the table including preemptive strikes. North Korea has launched 46 missiles since 2011 and the most recent launch was to test a super high thrust rocket steering engine which was designed by Russian blueprints and engineers.

 Tillerson at the DMZ lexpress.fr

The addition of a four-chamber steering engine further points toward a design rooted in Soviet missile technology as RD-250 and its descendants – when used on the R-36 missile and Tsiklon-2/3 orbital launchers – were coupled with a four-chamber RD-68M steering engine.

Photo: KCNA

This engine adaptation in all likelihood uses Unsymmetrical Dimethylhydrazine and Nitrogen Tetroxide propellants – a more powerful combination in terms of specific impulse compared to the Nitric Acid / UDMH propellant used by North Korea’s Unha booster

September 2016 Test Setup vs- March 2017 Test Setup – Images: KCTV/KCNA

 

 

WTH: Siphoning off Cellphone Data in DC is Real

Posted on by

First

An IMSIcatcher (International Mobile Subscriber Identity) is a telephony eavesdropping device used for intercepting mobile phone traffic and tracking movement of mobile phone users. Essentially a “fake” mobile tower acting between the target mobile phone(s) and the service provider’s real towers, it is considered a man-in-the-middle (MITM) attack.

Low-cost IMSI catcher for 4G/LTE networks tracks phones’ precise locations

$1,400 device can track users for days with little indication anything is amiss.

The researchers have devised a separate class of attacks that causes phones to lose connections to LTE networks, a scenario that could be exploited to silently downgrade devices to the less secure 2G and 3G mobile specifications. The 2G, or GSM, protocol has long been known to be susceptible to man-in-the-middle attacks using a form of a fake base station known as an IMSI catcher (like the Stingray). 2G networks are also vulnerable to attacks that reveal a phone’s location within about 0.6 square mile. 3G phones suffer from a similar tracking flaw. The new attacks, described in a research paper published Monday, are believed to be the first to target LTE networks, which have been widely viewed as more secure than their predecessors.

“The LTE access network security protocols promise several layers of protection techniques to prevent tracking of subscribers and ensure availability of network services at all times,” the researchers wrote in the paper, which is titled “Practical attacks against privacy and availability in 4G/LTE mobile communication systems.”

Second

ESD Overwatch:

Generate a continuously updated national situation report by means of distributed detection and localization of a multitude of baseband attacks as well as the manipulation of cellular signaling.

Detect and monitor cellular attacks in real-time

  • IMSI Catchers

    IMSI Catchers

  • Baseband Attacks

    Baseband Processor Attacks

  • Rogue Basestation

    Rogue Basestations

  • Cellular Jamming

    Cellular Jamming

Third

Suspected Hack Attack Snagging Cell Phone Data Across D.C.

Malicious entity could be tracking phones of domestic, foreign officials

FreeBeacon: An unusual amount of highly suspicious cellphone activity in the Washington, D.C., region is fueling concerns that a rogue entity is surveying the communications of numerous individuals, likely including U.S. government officials and foreign diplomats, according to documents viewed by the Washington Free Beacon and conversations with security insiders.

A large spike in suspicious activity on a major U.S. cellular carrier has raised red flags in the Department of Homeland Security and prompted concerns that cellphones in the region are being tracked. Such activity could allow pernicious actors to clone devices and other mobile equipment used by civilians and government insiders, according to information obtained by the Free Beacon.

It remains unclear who is behind the attacks, but the sophistication and amount of time indicates it could be a foreign nation, sources said.

Mass amounts of location data appear to have been siphoned off by a third party who may have control of entire cell phone towers in the area, according to information obtained by the Free Beacon. This information was compiled by a program that monitors cell towers for anomalies supported by DHS and ESD America and known as ESD Overwatch.

Cell phone information gathered by the program shows major anomalies in the D.C.-area indicating that a third-party is tracking en-masse a large number of cellphones. Such a tactic could be used to clone phones, introduce malware to facilitate spying, and track government phones being used by officials in the area.

“The attack was first seen in D.C. but was later seen on other sensors across the USA,” according to one source familiar with the situation. “A sensor located close to the White House and another over near the Pentagon have been part of those that have seen this tracking.”

The data gathered by the ESD Overwatch program indicates the U.S. cell carrier has experienced “unlawful access to their network for the purpose of large scale subscriber tracking,” according to a report prepared by ESD Overwatch, a contractor working on behalf of DHS, and viewed by the Free Beacon.

Information gathered by the program shows a massive uptick in efforts to identify and track cellphones. The third-party hacker appears to be identifying phones as they connect with local cellphone towers and recording this information.

This method of hacking could permit a malicious actor to track an individual’s cellphone and pinpoint phones that may be of importance, such as government entities.

The cellular network involved in the attack is being abused in order to track phones subscribed to the carrier, according to one source familiar with the situation.

DHS’s Office of Public Affairs confirmed that the ESD Overwatch program has been operating under a 90-day pilot program that began Jan. 18. Before the surveillance program was initiated the federal government did not have a method to detect intrusions of the nature seen over the past several months.

The attack on this network is still underway, according to sources monitoring the situation.

An official with ESD Overwatch acknowledged the existence of the DHS program, but would not comment further on the matter.

The issue of cellphone vulnerabilities has been a top concern in Congress, where lawmakers petitioned DHS on Wednesday to outline steps the government is taking to prevent foreign governments from performing the type of attacks observed by Overwatch.

“For several years, cyber security experts have repeatedly warned that U.S. cellular communications networks are vulnerable to surveillance by foreign governments, hackers, and criminals exploiting vulnerabilities in Signaling System 7,” which is used by cellular phones and text messaging applications, according to a letter set by Sen. Ron Wyden (D., Ore.) and Rep. Ted Lieu (D., Calif.).

“U.S. cellular phones can be tracked, tapped, and hacked—by adversaries thousands of miles away—through SS7-enabled surveillance,” the lawmakers write. “We are deeply concerned that the security of America’s telecommunications infrastructure is not getting the attention it deserves.”

“We suspect that most Americans simply have no idea how easy it is for a relatively sophisticated adversary to track their movements, tap their calls, and hack their smartphones,” the lawmakers write.

Concerns continue to mount that the government is not adequately taking steps to secure cellular networks.

The lawmakers request that DHS outline specific steps being taken to insulate networks from attacks and ensure that U.S. cell carriers are doing the same.