Category Archives: Cyber War

Ukraine at the Center of the NATO vs. Russia Debate?

Posted on by

Few appear to remember the brazen, corruption and deceptive operation when pro-Russian separatists invaded Crimea. The world was in shock and now Ukraine is falling victim to the same operation as NATO fights against this.

 

If you want to understand the Russian operation in Eastern Europe and how the Kremlin game is played, one must begin with the twisting of information, news and propaganda.

Much has been debated as to the penetration of Russia into the U.S. election system. This is not a new phenomenon for the Kremlin.

The survival of Ukraine as a sovereign, democratic nation was at stake. And the presidential election needed to go smoothly—thus making it a prime target for a Russian cyberattack.

Four days prior to the election, on May 21, 2014, a pro-Russian hacktivist group called CyberBerkut launched a cyberattack against Ukraine’s Central Election Commission computers. According to Ukrainian news reports, the attack destroyed both hardware and software, and for 20 hours shut down programs to monitor voter turnout and tally votes.

On election day, 12 minutes before polls closed, CyberBerkut hackers posted false election results to the election commission’s website. Russia’s TV Channel One promptly aired the bogus results. More here.

 For a full summary go here as annotated by USAToday.

An in depth report on ‘disinformation actions by the Kremlin is found below.

The Dynamics of Russia’s Information Activities against Ukraine during the Syria Campaign

The Top Spy Who Is Fighting Corruption in Ukraine

Newsweek: Ukraine’s former top security official has gone from tracking down Russian spies to fighting what he perceives to be the country’s greatest threat—corruption.

“The question is, are we going to survive or not?” Valentyn Nalyvaichenko told The Daily Signal from his offices in Kiev, Ukraine’s capital.

Nalyvaichenko, 50, is the former head of the Security Service of Ukraine, or SBU, which is Ukraine’s successor agency to the Ukrainian Soviet Socialist Republic’s branch of the KGB, the Soviet Union’s main security agency.

“At stake is survival of the country,” Nalyvaichenko said. “At stake is whether we’ll finally get rule of law and a functioning state instead of chaos, corruption, weakness and [being] not capable to defend our territory and the country. So, at stake is the country, its independence.”

During his interview with The Daily Signal, Nalyvaichenko wore a well-appointed suit and tie. He spoke fluent English, evidence of his university degree in linguistics.

His affable demeanor and emotive manner of talking hinted more at his background as a diplomat and member of parliament than his years in charge of Ukraine’s successor agency to the KGB.

Nalyvaichenko led the SBU for the first time from 2006 to 2010. He took over the security agency for a second time on Feb. 24, 2014, two days after deposed former Ukrainian President Viktor Yanukovych fled to Russia in the closing days of the revolution.

Nalyvaichenko has also served as a member of parliament and as Ukraine’s deputy minister of foreign affairs.

Nalyvaichenko’s 2015 departure from the SBU was controversial. In June 2015, while the security agency was investigating high-level Ukrainian officials for financial crimes, Ukrainian President Petro Poroshenko sacked Nalyvaichenko from his leadership post at the SBU.

Today, Nalyvaichenko is the leader of two upstart anti-corruption political platforms: the Justice Civil-Political Movement, and the Nalyvaichenko Anti-Corruption Movement.

“Our people, our common people, are suffering because of corruption, corruption at the top,” Nalyvaichenko said, pounding his fist on the table for emphasis.

“I really like what [Winston] Churchill said in the Second World War,” Nalyvaichenko said. “‘If you’re going through hell, keep going.’ If we’re corrupt, it doesn’t mean we have to say, ‘OK, we’re a failed state.’ No, it’s not true.”

Purge

True to his diplomatic roots, Nalyvaichenko recently traveled to Washington to present evidence to Congress about Russia’s involvement in the war in eastern Ukraine and to press for U.S. assistance in anti-corruption efforts.

As part of his anti-corruption platform, Nalyvaichenko has called for the FBI to investigate the financial crimes of Ukraine’s current and former political leaders.

He also wants U.S. and EU prosecutors to oversee the adjudication of corruption investigations, and for the U.S. to press Ukrainian officials to make Ukraine’s newly minted National Anti-Corruption Bureau independent from the executive and judicial branches.

01_20_Kiev_Spy_01 People look out over the Maidan, or Independence, Square on May 22, 2014, in Kiev, Ukraine. Nolan Peterson writes that corruption still taints almost every aspect of Ukrainian life. University students in Kiev, for example, say it’s still common practice to pay their professors a bribe to pass exams. Dan Kitwood/Getty

Nalyvaichenko said Ukraine has a chance to “show for the whole world, especially to the Russian people, that there is an opportunity, there is a plan B, to such nations after the Soviet Union time to be democratic, to be not corrupt, to live in a not corrupt state, to be independent.”

“Ukraine belongs to the Western world,” he added.

Nalyvaichenko added that Ukraine has “several months, two or three months” to show real progress in anti-corruption measures before Western partners begin to break ranks on measures such as maintaining punitive sanctions against Russia.

“It will be no tolerance from the new administration in the United States,” Nalyvaichenko said. And next year, “there might be many changes in the European Union,” he said. “That’s, I think, what is at stake when we’re talking about the European Union and the United States.”

Within Ukraine, Nalyvaichenko’s strategy is to reach out to civil society leaders working at the grassroots level. He wants to convince Ukrainians to believe in the democratic process, despite a quarter-century of oligarchic thug rule after the fall of the Soviet Union.

To that end, Nalyvaichenko’s two anti-corruption organizations—which comprise 10,000 activists across Ukraine—have provided pro bono legal assistance to more than 3,000 Ukrainian citizens involved in court cases against allegedly corrupt government officials.

Nalyvaichenko’s groups have also given free medical care to more than 9,000 civilians in the war zone.

“If you would like to stop Russian aggression, if you would like to get back not only territories but people…we have to show them what?” Nalyvaichenko said. “Believe me, not Kalashnikovs and not tanks. We have to show them a better life.”

Lifestyle

That better life has not yet materialized for many Ukrainians.

For one, the hryvnia, Ukraine’s national currency, is currently less than one-third its value against the dollar than it was before the revolution. Wages have not concurrently risen to match the falling currency, dramatically reducing Ukrainians’ spending power.

Also, corruption still taints almost every aspect of Ukrainian life. University students in Kiev, as an example, say it’s still common practice to pay their professors a bribe to pass exams.

Related: Nolan Peterson: Brothers in arms on the Ukraine front line

According to an October 2016 public opinion poll conducted by the International Republican Institute, and funded by the government of Canada, 30 percent of Ukrainians surveyed who had visited a doctor in the previous 12 months said they paid a bribe for service.

Among those who interacted with the police, 25 percent said they paid a bribe.

A large part of Ukraine’s economy is off the books—what Ukrainians refer to as the “shadow economy.” Ukraine’s Economic Development and Trade Ministry said the shadow economy was 40 percent of the country’s gross domestic product in 2015.

This black market economy robs the government of valuable tax revenue. It also leaves many returning combat veterans, many of whom were drafted, no legal recourse to recover their jobs at the conclusion of their military service.

Many veterans previously worked off the books and were paid in cash so their employers could skirt payroll taxes.

According to the 2016 International Republican Institute study, 72 percent of Ukrainians surveyed said the country was moving in the wrong direction, while 11 percent said the country was on the right track.

As a point of comparison, a year prior to the revolution in May 2013, 69 percent of Ukrainians surveyed said the country was moving in the wrong direction, and 15 percent said the country was moving in the right direction.

According to the same poll, 73 percent of Ukrainians disapprove of Poroshenko’s performance as president, and 87 percent of Ukrainians have an unfavorable opinion of their parliament.

Nalyvaichenko said he no longer has faith in Poroshenko.

“For me this is not personal,” he said. “Whoever becomes president or prime minister is immediately part of a corrupt and not transparent system. Immediately they are reproducing the same Soviet or simply corrupt practices and environment…. So, to get rid of that, to dismantle, to change the system, to reboot the country [we need to] get new people with absolutely different minds and mentality into the governmental offices.”

A New Fight

Nalyvaichenko is among a new breed of Ukrainian reformers who have emerged after the 2014 revolution.

Among Nalyvaichenko’s allies is former Georgian President Mikheil Saakashvili, who resigned as governor of Ukraine’s Odessa Oblast in November. The move was a protest against what Saakashvili claimed was stonewalling by Poroshenko and the majority of Ukraine’s political class in implementing anti-corruption reforms.

Saakashvili has since launched his own anti-corruption, opposition party called Wave.

“We had a revolution with lots of casualties,” Saakashvili told The Daily Signal in an earlier interview. “And every time a revolution happens, people have a right to expect revolutionary changes.”

One bright spot for Ukraine is its budding civil society. Across the country, political activists and humanitarian workers, including many millennials, have enabled the spread of democratic norms and are pushing for government accountability at the grassroots level.

“Across the country there is real willingness at the local level, at the grassroots level to stop corruption,” Nalyvaichenko said. “Fifteen or 20 years ago it was unimaginable that Ukraine would have such a powerful civil society.”

He continued:

I remember my parents and how modest the family used to be. How we young, young kids in Zaporizhia and other regions dreamed about another life. And to really have a chance with a free market, with the rule of law … for our children to create a new country with more opportunities. Our better future is here, and we should fight for that. I will not take no for an answer—from anyone.

Sacked

As head of the SBU, Nalyvaichenko endeavored to purge the security agency of its Soviet KGB past. He booted many personnel who had served in the SBU when it was the Ukrainian Soviet Socialist Republic’s branch of the KGB.

Nalyvaichenko spearheaded an effort to open up the SBU’s KGB archives, launching fresh investigations into Soviet crimes in Ukraine, including Joseph Stalin’s organized mass famine in the 1930s known as the Holodomor.

Related: Nolan Peterson: Dispatches from the forgotten war in Ukraine

He also hunted down and expelled Russian spies in Ukraine who were working for Russia’s successor agency to the KGB, the Federal Security Service of Russia, or FSB.

“With SBU, what I started with was to stop KGB practices,” Nalyvaichenko said. “I was the first and only chief of the SBU who actually started to detain FSB officers in Ukraine.”

The intent of Nalyvaichenko’s personnel scrub at the SBU went beyond security concerns. He wanted to shed the agency of its “Soviet mindset.”

To fill out the SBU’s thinned ranks, Nalyvaichenko tapped young political activists and reformers who had no living memory of life in the Soviet Union.

“That is my approach and my understanding of how it could be done in all the country,” Nalyvaichenko said, explaining how his SBU scrub could be used as a model for nationwide reforms.

The solution to beating corruption in Ukraine, according to Nalyvaichenko, is to elevate a new generation of political and business leaders.

“Let the generation shift happen in Ukraine,” Nalyvaichenko said. “For the new generation to be in the offices, to let them finally rule the country … it’s high time to finally stop with old practices.”

Nalyvaichenko’s second term as head of the SBU came at a tumultuous time for Ukraine. In the months following the February 2014 revolution, Russia launched a hybrid invasion of Ukraine’s Crimean Peninsula, ultimately annexing the territory.

Russia followed up the seizure of Crimea with a proxy war in the Donbas. A combined force of pro-Russian separatists and Russian regulars was on the march in eastern Ukraine in 2014, and there were worries then that Ukraine could be cleaved in two, or that Russian forces massed on Ukraine’s borders might stage a large-scale invasion.

In Kiev, the post-revolution government was at the time trying to establish its legitimacy and follow through on the pro-democratic promise of the revolution.

Meanwhile, officials were piecing together a military campaign out of the remnants of Ukraine’s armed forces, which had been gutted by decades of corruption and purposeful neglect.

Amid all of this, Nalyvaichenko pushed to prosecute corrupt government officials.

A New Fight

In Ukraine, opinions diverge about the hierarchy of threats facing the country.

A nearly three-year-old war between Ukrainian troops and a combined force of pro-Russian separatists and Russian regulars continues to simmer in the Donbas, Ukraine’s embattled eastern territory on the border with Russia.

About 10,000 Ukrainians have so far died in the conflict, which has also displaced about 1.7 million people. The war cost Ukraine an equivalent 20 percent of its gross national product in 2015, according to a 2016 report by the Institute for Economics and Peace.

The February 2015 cease-fire has failed. Military and civilian casualties still occur almost every day from landmines, artillery fire, rocket attacks, and small arms gun battles.

Ukraine’s military has rebuilt itself since 2014, but many front-line soldiers complain that after nearly three years of combat, they still aren’t getting basic supplies.

Despite the war’s cost in blood and treasure, Nalyvaichenko said the greatest threat facing Ukraine today is not on the battlefields of the Donbas, but within Kiev’s government halls.

“If you don’t understand how deep and how destroying the corruption is, you’ll never win the war,” Nalyvaichenko said. “This system, as I understand it, is not workable anymore. And because of war, because of Russian aggression, we now understand why. We simply, as a country, as a nation, have no time and no space anymore to continue with such corrupt practices.”

There is, however, a countervailing, quieter faction, particularly among Ukraine’s military brass, which says the war effort should take priority over any anti-corruption crusades.

Ukrainian military officials who spoke to The Daily Signal on background cautioned against ambitious anti-corruption agendas while the country is still at war.

And, according to the October 2016 International Republican Institute poll, most Ukrainians consider the war to be the biggest threat to the country.

Of the Ukrainians surveyed in the poll, 53 percent said the war in the Donbas was the country’s most important issue, compared with 38 percent who singled out corruption as the top issue.

“The tens of thousands of Russian soldiers, tanks, and artillery sitting along Ukraine’s southern and eastern borders are Ukraine’s sole existential threat,” Alexander Motyl, professor of political science at Rutgers University-Newark, wrote in OZY. “If [Russian President] Vladimir Putin gives the command, they could invade and possibly destroy large parts of the country. Corruption, by comparison, could eviscerate Ukraine’s institutions, but only in the long term.”

Outsider

As SBU chief, Nalyvaichenko spearheaded an investigation into a June 8, 2015, fire at an oil depot near Vasylkiv, Ukraine. The investigation allegedly implicated government officials in financial crimes, according to Nalyvaichenko’s account of events.

The investigation also revealed the undisclosed involvement of a Russian company in the oil depot.

Nalyvaichenko said he personally presented Poroshenko with the evidence and pushed for the issuance of arrest warrants.

Then, on June 15, 2015, Poroshenko fired Nalyvaichenko as head of the SBU. And three days later, Ukraine’s parliament voted to approve Nalyvaichenko’s ouster.

“That’s why I decided to be outside the government,” Nalyvaichenko said. “I really understood and understand for sure that to be subordinated and to fight the corruption, which is above you, is impossible. You become a part of this corrupt group of people, or you are outside. Here’s a red line. For me it was a clear decision.”

The Poroshenko administration declined a request for comment for this article. But, in an emailed statement to The Daily Signal, the SBU defended its track record of investigating and prosecuting corrupt officials.

“After the Revolution of Dignity, state leadership gave a clear indication to law enforcement authorities to begin the real fight against corruption, regardless of position, party affiliation, and the number of stars on one’s epaulets,” the SBU wrote in its statement to The Daily Signal.

According to the SBU, the security agency investigated 673 Ukrainian officials for corruption in 2016, compared with 545 in 2015, and 359 in 2014. The SBU said its investigations led to 256 convictions in 2016, an increase from 184 in 2015, and 181 in 2014.

“This suggests an increase in the intensity of the intelligence agencies in this cause,” the SBU said in its statement.

Nalyvaichenko acknowledged that Ukraine has made some progress in fighting corruption, but he said the past few years of investigations have largely targeted mid- and low-level government officials.

“The worst thing, I think, is that no single person from the top of the previous government [has been] prosecuted,” Nalyvaichenko said. “No single trial, or public hearings, or other procedures were organized by this government, by these officials. That’s I think the worst thing for the country and for Ukrainians.”

Nolan Peterson, a former special operations pilot and a combat veteran of Iraq and Afghanistan, is The Daily Signal’s foreign correspondent based in Ukraine.

Hey Trump Meet America Under Siege 2017

Posted on by

Add outgoing Secretary of State John Kerry who will not be attending and not providing a reason. Further, in Barack Obama’s last White House press briefing, he refused to comment on his thoughts as to those in his party that will not be attending.

****

In his final press conference as president on Wednesday, Barack Obama declined to comment on the growing list of Democrats who are refusing to attend President-elect Donald Trump’s inauguration on Friday

FOX News’ Kevin Corke asked the 44th president if he supports the dozens of Democratic lawmakers who have vowed to boycott Trump’s inauguration.

“With respect to the inauguration, I’m not going to comment on those issues,” Obama responded. “All I know is I’m going to be there, so is Michelle.”

First lady Michelle Obama seemed to indicate her support for Rep. John Lewis, who is one of the most prominent lawmakers boycotting the inauguration, when she sent a tweet calling him a “great leader” on Monday. More here.

Related reading: A.N.S.W.E.R. Sued over Free Speech Space on Inauguration

Related reading: Here Are All the Members of Congress Who Are Boycotting Trump’s Inauguration — and Why

 

Protesters host ‘Queer Dance Party’ in front of Mike Pence’s DC home

2 Strange Things in DC on the Same Day, Russia Again?

Posted on by

Politico reports: Senate Intelligence Chairman Richard Burr (R-N.C.) said late Friday that his committee would investigate possible contacts between Donald Trump’s campaign and Russia, reversing himself one day after telling reporters that the issue would be outside of his panel’s ongoing probe into Moscow’s election-disruption efforts.
In a statement issued jointly with the committee’s top Democrat, Virginia Sen. Mark Warner, Burr said the committee would use “subpoenas if necessary” to secure testimony from Obama administration officials as well as Trump’s team on Russia’s cyberattacks and on other efforts at election meddling.

While members of Congress received a briefing on Russian intrusions, what more do they know that is not being reported? Could the two items below be part of Russian interference?

C-SPAN Feed Mysteriously Broadcasts Russia Today

IBT: In a strange moment of startling symmetry with the current state of American politics, C-SPAN—the public affairs network that regularly broadcasts proceedings of the House of Representatives and Senate—was interrupted by a broadcast of Russia Today.

The state-funded Russian news network briefly took over the online feed of C-SPAN1, which had been broadcasting a discussion in Congress regarding the Securities and Exchange Commission Regulatory Accountability Act.

As Rep. Maxine Waters, D-Calif., was speaking the feed suddenly cut from the House floor to a broadcast of RT. The feed cut in with a commercial break before returning to the RT news desk, where an anchor spoke of a suicide bombing.

C-Span confirmed the incident in a statement to IB Times: “This afternoon the online feed for C-SPAN was briefly interrupted by RT programming. We are currently investigating and troubleshooting this occurrence. As RT is one of the networks we regularly monitor, we are operating under the assumption that it was an internal routing issue. If that changes we will certainly let you know.”

Multiple C-SPAN watchers made mention of the sudden change on Twitter, including Deadspin editor Timothy Burke, who captured the moment the C-SPAN feed switched to RT.

The takeover reportedly lasted about 10 minutes before the C-SPAN feed returned. The interruption does not appear on the saved broadcast hosted on the network’s website.

Viewers who caught the original broadcast and the subsequent clip shared on Twitter assumed the interruption was the result of Russian hacking.

Despite the initial assertion from people on social media implicating Russia of hacking C-SPAN, the network viewed it as a likely technical problem.

IB Times also reached out to Russia Today but has not yet received a response.

The apparent takeover of the C-SPAN feed comes after reports of Russian hackers interfering with the U.S. presidential election. According to recent reports, Russian president Vladimir Putin was directly involved in the hacking efforts, which resulted in the theft and publication of private emails belonging to the Democratic National Committee and John Podesta, the chairman of the Hillary Clinton campaign.

U.S. intelligence chiefs are in apparent agreement that Russia attempted to influence the outcome of the election to benefit Donald Trump.

****

CBS: CIA Director nominee Mike Pompeo is on Capitol Hill Thursday for his hearing in front of the Senate Intelligence Committee — but that hearing was put on hold when the lights unexpectedly went out.

Committee Chairman Richard Burr (R-N.C.) gave brief opening remarks and introduced Pompeo, saying that if confirmed he will lead “what I believe to be one of our nation’s most treasured assets.”

Next, Vice Chairman Mark Warner (D-Virginia) began speaking, saying he looked forward to hearing Pompeo’s thoughts on a number of the challenges facing the CIA in 2017.

“The agency you have been nominated to head is facing a number of challenges brought on by a changing world and which will require great leadership to drive organizational adaptation to meet,” Warner said.

As Warner began to address concerns over Russian election interference, at about 10:15 a.m., the lights went out — and C-SPAN’s cameras cut out completely.

Warner initially continued with his remarks, but ultimately took a recess because of the power issue. The hearing was moved to another room.

Cruz: Obama ‘rolled over’ on hacking and Trump gets Advice

Posted on by

He is right and the proof most recently was in February of 2016, with the posted Executive Orders.

WASHINGTON — Through two executive orders signed Tuesday, President Obama put in place a structure to fortify the government’s defenses against cyber attacks and protect the personal information the government keeps about its citizens.

The orders came the same day as Obama sent to Congress a proposed 2017 budget that includes $19 billion for information technology upgrades and other cyber initiatives.

In September of 2015, Obama held a meeting on cyber with China’s Xi. Perhaps there was no formal sanction or punishment of China due in part to the U.S. debt they hold. Obama also held meetings with key Congressional leaders in 2015 on the issue of cyber. Going back to 2013, Obama held sessions with corporate CEO’s to discuss efforts to improve cybersecurity amid growing concerns within the administration over attacks from China targeting American businesses.

The president will discuss efforts to address the cyber threat facing the country and get the executives’ feedback on how the government and private sector can forge a relationship to improve cybersecurity in the United States, according to The White House. The meeting will be held in the Situation Room and attendees include AT&T CEO Randall Stephenson and Northrup Grumman CEO Wesley Bush.

Not until February of 2016, did Obama launch the Cybersecurity National Action Plan which was headed by Tom Donilon, his National Security Advisor and Sam Palmisano, former CEO of IBM. There was no traction and given the recent cyber intrusions, there is likely a LOT of ‘ooops’ coming from the White House and should. No corporation, bank, government agency or other private entity ever wants to publically announced they have been hacked or their vulnerability, as it only invites more cyber chaos but the United States including top government agencies and the White House along with the State Department have all been victim of both Russian and Chinese cyber attacks of various forms.

***

Sen. Ted Cruz says he hopes the incoming Trump administration is tougher on dealing with cyberattacks than the “weakness” he saw from President Obama on hacking by Russia and other foreign adversaries.

“One of the reasons these cyberattacks are so prevalent is that Barack Obama and his administration have rolled over for eight years,” Cruz said Thursday on “The Mike Gallagher Show.”

“They have shown nothing but weakness and appeasement in the face of those attacks. This is something I hope and believe will change with the new administration,” he said.

Cruz insisted neither Russian hacking nor WikiLeaks revelations last year about the Democratic Party significantly influenced Donald Trump’s victory in the presidential election.

“I think that there’s no evidence whatsoever that Russia’s efforts against us, which have been longstanding, did anything to affect the campaign,” said Cruz, who competed against Trump in last year’s GOP primaries.

“It’s, frankly, patently absurd,” Cruz added of claims Russia or WikiLeaks helped Trump win. “You can’t credibly argue that [WikiLeaks’] disclosures impacted the election because most voters never heard it.” More here from TheHill.

****

Task Force Issues Cybersecurity Advice to Donald Trump

‘From Awareness to Action: A Cybersecurity Agenda for the 45th President’

A task force co-chaired by two U.S. lawmakers and a former federal CIO is issuing a 34-page report recommending a cybersecurity agenda for the incoming Trump administration. The report recommends the new administration jettison outdated ways the federal government tackles cybersecurity, noting: “Once-powerful ideas have been transformed into clichés.”

The report from the CSIS Cyber Policy Task Force – From Awareness to Action: A Cybersecurity Agenda for the 45th President – will be formally unveiled on Jan. 5. It comes from the think tank Center for Strategic and International Studies, which sponsored the Commission on Cybersecurity for the 44th Presidency that made recommendations to then-President-elect Barack Obama in 2008.

“In the eight years since that report was published, there has been much activity, but despite an exponential increase in attention to cybersecurity, we are still at risk and there is much for the next administration to do,” the new report’s introduction states.

Cybersecurity Goals for Trump Administration

The task force outlined five major issues President-elect Donald Trump and his administration should address, including:

  1. Deciding on a new international strategy to account for a very different and dangerous global security environment.
  2. Making a greater effort to reduce and control cybercrime.
  3. Accelerating efforts to secure critical infrastructures and services and improving cyber hygiene across economic sectors. As part of this, the Trump administration must develop a new approach to securing government agencies and services and improve authentication of identity.
  4. Identifying where federal involvement in resource issues, such as research or workforce development, is necessary, and where such efforts are best left to the private sector.
  5. Considering how to organize the U.S. effort to defend cyberspace. Clarifying the role of the Department of Homeland Security is crucial, and the new administration must either strengthen DHS or create a new cybersecurity agency.

Ditching Outmoded Security Practices

Task force members recommend the new administration should get rid of outdated ways the federal government tackles cybersecurity. The report notes: “Statements about strengthening public-private partnerships, information sharing or innovation lead to policy dead ends. … Once-powerful ideas have been transformed into clichés. Others have become excuses for inaction.”

As an example, the task force cites the National Strategy for Trusted Identities in Cyberspace, a government initiative unveiled in 2011, which envisioned a cyber-ecosystem that promotes trust and security while performing sensitive transactions online. The task force contends NSTIC “achieved little,” asserting that such initiatives fail because they aren’t attuned to market forces. “There are few takers for a product or service for which there is no demand or for which there are commercial alternatives.”

The task force makes recommendations on dozens of policies and technologies.

On encryption, for instance, it suggests that the president develop a policy that supports the use of strong encryption for privacy and security while specifying the conditions and processes under which assistance from the private sector for lawful access to data can be required. It also states that the president should direct the National Institute of Standards and Technology to work with encryption experts, technology providers and internet service providers to develop standards and ways to protect applications and data in the cloud and provide secure methods for data resiliency and recovery.

“Ultimately,” the report says, “encryption policy requires a political decision on risk. Untrammeled use of encryption increases the risk from crime and terrorism, but societies may find this risk acceptable given the difficulty of imposing restrictions. No one in our groups believed that risk currently justifies restrictions.”

Battling Cybercrime

In battling cybercrime, the task force sees “active defense,” a term it says has become associated with vigilantism, hack back and cyber privateers, as only a stopgap measure to address the private sector’s frustration over the apparent impunity of trans-border criminals. The Trump administration should seek ways to help companies move beyond their traditional perimeter defenses and focus on identifying federal actions that could disrupt cybercriminals’ business model or expand the work of federal agencies and service providers against botnets, according to the report.

To make cybercrime less profitable, the task force recommends the new administration identify actions that would impede the monetization of stolen data and credentials. Other recommendations include accelerating the move to multifactor authentication and identifying better ways to counter and disrupt botnets, a growing risk as more devices become connected to the internet. The task force says this could be done by expanding the ability to obtain civil injunctions for use against botnets and raising the penalties for using botnets against critical infrastructure.

The role of the military to protect civilian critical infrastructure turned out to be among the most contentious issues the group debated. A few task force members said that the Defense Department should play an expanded and perhaps leading role in critical infrastructure protection, according to the report. Most members, though, believed that this mission must be assigned to a civilian agency, not to DoD or a law enforcement agency such as the FBI.

“While recognizing that the National Security Agency, an element of DoD, has unrivaled skills, we believe that the best approach is to strengthen DHS, not to make it a ‘mini-NSA,’ and to focus its mission on mitigation of threats and attacks, not on retaliation, intelligence collection or law enforcement,” the report states.

Organizing Government Cybersecurity

DHS is the focal point in cybersecurity protection among civilian agencies as well as civilian-led critical infrastructure. The task force recommends that an independent agency be established within DHS focused exclusively on cybersecurity.

The task force says Trump should quickly name a new cybersecurity coordinator and elevate the White House position two notches to assistant to the president from special assistant to the president. Also, the group says Trump should back away from his pledge to conduct a cybersecurity review, as was done at the beginning of the Obama administration.

The task force co-chairs are:

  • Rep. Michael McCaul, R-Texas, chairman of the House Homeland Security Committee and co-founder of the Congressional Cybersecurity Caucus;
  • Sen. Sheldon Whitehouse, D-R.I., sponsor of legislation to require federal law enforcement and national security agencies to account for cyberattacks;
  • Karen Evans, a cybersecurity adviser to the Trump transition team who’s national director of the U.S. Cyber Challenge and formerly served as White House administrator for e-government and information technology, a position now known as U.S. CIO; and
  • Sameer Bhalotra, co-founder and CEO of the cybersecurity startup Stackrox and a senior associate at CSIS.

CSIS Senior Vice President James Lewis, the think tank’s cybersecurity expert, served as the task force project director.

How bad is it?

USAToday:

Exhibit A: The Social Security Administration system still runs on a platform written in the 1960s in the COBOL programming language, and takes 400 people just to maintain, Obama said.

“If we’re going to really secure those in a serious way, then we need to upgrade them,” Obama told reporters Tuesday after meeting with advisers on the issue. “And that is something that we should all be able to agree on. This is not an ideological issue. It doesn’t matter whether there’s a Democratic President or a Republican President. If you’ve got broken, old systems — computers, mainframes, software that doesn’t work anymore — then you can keep on putting a bunch of patches on it, but it’s not going to make it safe.”

To implement those upgrades, Obama created two new entities Tuesday: The first, a Commission on Enhancing National Cybersecurity, will be made up of business, technology, national security and law enforcement leaders who will make recommendations to strengthen online security in the public and private sectors. It will deliver a report to the president by Dec. 1.

The second, a Federal Privacy Council, will bring together chief privacy officers from 25 federal agencies to coordinate efforts to protect the vast amounts of data the federal government collects and maintains about taxpayers and citizens.

Obama’s cybersecurity adviser, Michael Daniel, said the structure allows the administration to move forward even without additional authority from Congress by “driving our executive authority to the limit.”

The administration’s plan will look at cybersecurity both inside and outside the government. There will be more training and shared resources among government agencies, 48 dedicated teams to respond to attacks, and student loan forgiveness to help recruit top technical talent.

But the will plan also promote better security practices throughout the economy, by encouraging through multi-factor authentication that uses additional information in addition to a password. The government is also looking to reduce its use of Social Security numbers the unique identifier for all Americans.

Across the government, the Obama administration wants to spend $19 billion on cybersecurity in 2017, a 35% increase over 2016. But the plan does not rely on an increase in funding. “We can do quite a bit of it even without the additional resources,” Daniel said.

The White House said it also plans to create the new position of Chief Information Security Officer to coordinate modernization efforts across the government, including a a $3.1 billion Information Technology Modernization Fund. “That’s a key role that many private-sector companies have long implemented, and it’s a good practice for the federal government,” said Tony Scott, the U.S. Chief Information Officer.

The president is expected to meet with national security advisers Tuesday morning to launch the new effort.

Cyber Hacking Tools for Sale on Underground Network

Posted on by

Executive Editor Fionnuala Sweeney sits down with Steve Grobman, Chief Security Officer with the Intel Security Group. When it comes to America’s security in the cyberspace, the U.S. government and the private sector haven’t always seen eye to eye.

****

Stop the denial about Russian intrusion…..how about taking the United States out of the debate and examine other countries… you must also remember that all payments and or salaries are often paid for using Bitcoin….un-traceable. Have you thought about Islamic State migrating to hacking operations using ransomware?

****

Brit cyber warriors fight off two hacking attempts against the state every day

The National Cyber Security Centre has foiled 86 attacks in its first month – most of which are suspected to have come from China, North Korea, Russia, Iran and criminal gangs

Cyber warriors are fighting off more than two major hacking attempts against the British state every day.

Top targets include the Bank of England , the Ministry of Defence , nuclear bases, security services and infrastructure such as transport, the NHS and power systems.

Chief suspects are China, North Korea, Russia, Iran and major criminal gangs.

The National Cyber Security Centre foiled 68 major attacks in the first month after it was launched in October.

China is suspected of trying to steal technology or probing our security and finance systems while Russian is feared to be testing security and military networks.

It is believed North Korea may be doing all the above and Iran is suspected of acting for other countries, including Syria .

Retail, technology and security firms have also been hit. Senior security sources say a major theft of aerospace technology cost hundreds of millions of pounds.

It is thought cyber experts have responded to many of the attacks by hacking into systems used by the attackers. A source said: “This is the new front line.”

The NCSC was formed as part of a £1.9billion government crackdown.

At its launch Chancellor Philip Hammond said we had to hit back against “foreign actors” or face having planes grounded or being left in darkness.

Going back to 2012, was this fella part of a Kremlin authorized hack operation? If not, is he a proxy? Note what corporations and operations had cyber intrusions…

A Russian man was arrested in Cyprus last week for allegedly launching two distributed denial-of-service attacks on Amazon.com in June 2008.

Dmitry Olegovick Zubakha, a 25-year-old man from Moscow, was indicted last year by a Seattle grand jury for conspiracy to intentionally cause damage without authorization to a protected computer and possession of more than 15 unauthorized access devices.

In addition to the attack on Amazon, Zubakha was linked to similar attacks on Priceline.com and eBay.

Along with fellow hacker Sergey Logashov, Zubakha is alleged to have launched the attack using a botnet of computers under the control of multiple users. The duo brazenly took credit for the attacks on hacker forums, according to the indictment.

In addition to their denial-of-service attacks, law enforcement also traced 28,000 stolen credit-card numbers back to both men, which helped lead to the arrest.

“Amazon is willing to expend dollars and energy beyond even what can be economically justified in order to bring cybercriminals to justice,” said company spokesperson Mary Osako in a statement.

If found guilty on all charges, Zubakha could face up to 37 years in prison and $750,000 in fines. Intentionally causing damage to a protected computer with a resulting loss of more than $5,000 is punishable by up to 10 years in prison. Logashov was also charged with the same count.

The arrest in Cyprus was a complex undertaking, with the U.S. Secret Service, the U.S. Attorney’s Office for the Western District of Washington and the Seattle Police Department all working together with global officials.

“The [three agencies] talking to each other is a direct result of the birth of the Department of Homeland Security,” security consultant Robert Siciliano told the E-Commerce Times.

American authorities are seeking Zubakha’s extradition.

According to the indictment, the first of two attacks lasted four and a half hours on June 6, 2008, before Amazon was able to intervene. Amazon’s servers were working overtime, on a magnitude of between 600 and 1,000 percent of normal traffic. The second attack began on June 9 of the same year and lasted until June 12.

Zubakha was also charged with aggravated identity theft for using the credit card of a Lake Stevens, Wash.,  resident illegally.

“This defendant could not hide in cyberspace,” said U.S. Attorney Jenny A. Durkan, head of the Justice Department’s Cybercrime and IP Enforcement Committee. “I congratulate the international law enforcement agencies who tracked him down and made this arrest.”

Logashov is still at large.