Category Archives: Department of Homeland Security

Forget the EMP, It’s the Hack, You’re at Risk

Posted on by

Iranian hackers infiltrated computers of small dam in NY

WASHINGTON (Reuters) – Iranian hackers breached the control system of a dam near New York City in 2013, an infiltration that raised concerns about the security of the country’s infrastructure, the Wall Street Journal reported on Monday, citing former and current U.S. officials.

Two people familiar with the breach told the newspaper it occurred at the Bowman Avenue Dam in Rye, New York. The small structure about 20 miles from New York City is used for flood control.

The hackers gained access to the dam through a cellular modem, the Journal said, citing an unclassified Department of Homeland Security summary of the incident that did not specify the type of infrastructure.

The dam is a 20-foot-tall concrete slab across Blind Brook, about five miles from Long Island Sound.

“It’s very, very small,” Rye City Manager Marcus Serrano told the newspaper. He said FBI agents visited in 2013 to ask the city’s information-technology manager about a hacking incident.

The dam breach was difficult to pin down, and federal investigators at first thought the target was a much larger dam in Oregon, the Journal said.

The breach came as hackers linked to the Iranian government were attacking U.S. bank websites after American spies damaged an Iranian nuclear facility with the Stuxnet computer worm.

It illustrated concerns about many of the old computers controlling industrial systems, and the White House was notified of the infiltration, the Journal said.

The newspaper said the United States had more than 57,000 industrial control systems connected to the Internet, citing Shodan, a search engine that catalogs each machine.

Homeland Security spokesman S.Y. Lee would not confirm the breach to Reuters. He said the department’s 24-hour cybersecurity information-sharing hub and an emergency response team coordinate responses to threats to and vulnerabilities in critical infrastructure.

***

Cant Sleep, You are at Risk

In part from Wired: If you want to keep yourself up at night, spend some time reading about the latest developments in cybersecurity. Airplanes hacked, cars hacked, vulnerabilities in a breathtaking range of sensitive equipment from TSA locks to voting booths to medical devices.

The big picture is even scarier. Former NSA Director Mike McConnell suspects China has hacked “every major corporation” in the US. Edward Snowden’s NSA leaks revealed the US government has its own national and international hacking to account for. And the Ponemon Institute says 110 million Americans saw their identities compromised in 2014. That’s one in two American adults.

The system is broken. It isn’t keeping us, our companies, or our government safe. Worse yet, no one seems to know how to fix it.

How Did We Get Here?

One deceptive truth seems to drive much of the cybersecurity industry down a rabbit hole: If you keep bad actors and bad software out of your system, you have nothing to worry about.

Malicious actors target “endpoints”—any device or sensor connected to a network—to break into that network. Network security seeks to protect those endpoints with firewalls, certificates, passwords, and the like, creating a secure perimeter to keep the whole system safe.

This wasn’t difficult in the early days of the Internet and online threats. But today, most private networks have far too many endpoints to properly secure. In an age of “Bring Your Own Device,” the cloud, remote access, and the Internet of Things, there are too many vulnerabilities hackers can exploit. As Ajay Arora, CEO of file security company Vera, notes, there is no perimeter anymore. It’s a dream of the past.

But the security paradigm remains focused on perimeter defense because, frankly, no one knows what else to do. To address threats, security experts should assume compromise – that hackers and malware already have breached their defenses, or soon will – and instead classify and mitigate threats.

The CIA Triad

The information security community has a model to assess and respond to threats, at least as a starting point. It breaks information security into three essential components: confidentiality, integrity, and availability.

Confidentiality means protecting and keeping your secrets. Espionage and data theft are threats to confidentiality.

Availability means keeping your services running, and giving administrators access to key networks and controls. Denial of service and data deletion attacks threaten availability.

Integrity means assessing whether the software and critical data within your networks and systems are compromised with malicious or unauthorized code or bugs. Viruses and malware compromise the integrity of the systems they infect.

The Biggest Threat

Of these, integrity is the least understood and most nebulous. And what many people don’t realize is it’s the greatest threat to businesses and governments today.

Meanwhile, the cybersecurity industry remains overwhelmingly focused on confidentiality. Its mantra is “encrypt everything.” This is noble, and essential to good security. But without integrity protection, the keys that protect encrypted data are themselves vulnerable to malicious alteration. This is true even of authenticated encryption algorithms like AES-GCM.

In the bigger picture, as cybercrime evolves, it will become clear that loss of integrity is a bigger danger than loss of confidentiality. One merely has to compare different kinds of breaches to see the truth of this:

A confidentiality breach in your car means someone learns your driving habits. An integrity breach means they could take over your brakes. In a power grid, a confidentiality breach exposes system operating information. An integrity breach would compromise critical systems, risking failure or shutdown. And a confidentiality breach in the military would mean hackers could obtain data about sensitive systems. If they made an integrity beach, they could gain control over these weapons systems. Full details and actions you can take to protect yourself, go here.

Juniper Hacked, Several Govt Agencies at Risk

Posted on by

Backdoor Code Found in Firewall

Engadget: One of the reasons corporate users and the privacy-minded rely on VPNs is to control access to their networks and (hopefully) not expose secrets over insecure connections. Today Juniper Networks revealed that some of its products may not have been living up to that standard, after discovering “unauthorized code” in the software that runs on its NetScreen firewalls during a code review. Pointed out by security researcher “The Grugq,” the backdoor has been present since late 2012 and can only be fixed by upgrading to a new version of software just released today.

Telnet / ssh exposes a backdoor added by attackers to ScreenOS source code. This has been there since August 2012. Noted code here.

The pair of issues that created the backdoor would allow anyone who knows about it to remotely log in to the firewall as an administrator, decrypt and spy on supposedly secure traffic, and then remove any trace of their activity. Obviously this is a Very Bad Thing, although Juniper claims it has not heard of any exploitation in the wild (which would be difficult, since no one knew it existed and attackers could hide their traces) so far.

Beyond sending IT people sprinting to patch and test their setups, now we can all speculate about which friendly group of state-sponsored attackers is responsible. US government officials have recently been pushing for mandated backdoor access to secure networks and services, but the Edward Snowden saga made clear that even our own country’s personnel aren’t always going to ask permission before snooping on any information they want to check out. I contacted Juniper Networks regarding the issue, but have not received a response at this time.

Update: A Juniper Networks spokesperson told us:

During a recent internal code review, Juniper discovered unauthorized code in ScreenOS® that could allow a knowledgeable attacker to gain administrative access and if they could monitor VPN traffic to decrypt that traffic. Once we identified these vulnerabilities, we launched an investigation and worked to develop and issue patched releases for the impacted devices. We also reached out to affected customers, strongly recommending that they update their systems and apply the patched releases with the highest priority.

The patched releases also address an SSH bug in ScreenOS that could allow an attacker to conduct DoS attacks against ScreenOS devices. These two issues are independent of each other.

Newly discovered hack has U.S. fearing foreign infiltration

Washington (CNN) A major breach at computer network company Juniper Networks has U.S. officials worried that hackers working for a foreign government were able to spy on the encrypted communications of the U.S. government and private companies for the past three years.

The FBI is investigating the breach, which involved hackers installing a back door on computer equipment, U.S. officials told CNN. Juniper disclosed the issue Thursday along with an emergency security patch that it urged customers to use to update their systems “with the highest priority.”

The concern, U.S. officials said, is that sophisticated hackers who compromised the equipment could use their access to get into any company or government agency that used it.

One U.S. official described it as akin to “stealing a master key to get into any government building.”

The breach is believed to be the work of a foreign government, U.S. officials said, because of the sophistication involved. The U.S. officials said they are certain U.S. spy agencies themselves aren’t behind the back door. China and Russia are among the top suspected governments, though officials cautioned the investigation hasn’t reached conclusions.

It’s not yet clear what if any classified information could be affected, but U.S. officials said the Juniper Networks equipment is so widely used that it may take some time to determine what damage was done.

A senior administration official told CNN, “We are aware of the vulnerabilities recently announced by Juniper. The Department of Homeland Security has been and remains in close touch with the company. The administration remains committed to enhancing our national cybersecurity by raising our cyber defenses, disrupting adversary activity, and effectively responding to incidents when they occur.”

Juniper Networks’ security fix is intended to seal a back door that hackers created in order to remotely log into commonly used VPN networks to spy on communications that were supposed to be among the most secure. A free trial vpn has been helpful for those new to the VPN world to decide if it is right for them.

Juniper said that someone managed to get into its systems and write “unauthorized code” that “could allow a knowledgeable attacker to gain administrative access.”

Such access would allow the hacker to monitor encrypted traffic on the computer network and decrypt communications.

Juniper sells computer network equipment and routers to big companies and to U.S. government clients such as the Defense Department, Justice Department, FBI and Treasury Department. On its website, the company boasts of providing networks that “US intelligence agencies require.”

Its routers and network equipment are widely used by corporations, including for secure communications. Homeland Security officials are now trying to determine how many such systems are in use for U.S. government networks.

Juniper said in its security alert that it wasn’t aware of any “malicious exploitation of these vulnerabilities.” However, the alert also said that attackers would leave behind no trace of their activity by removing security logs that would show a breach.

“Note that a skilled attacker would likely remove these entries from the log file, thus effectively eliminating any reliable signature that the device had been compromised,” the Juniper security alert said. If encrypted communications were being monitored, “There is no way to detect that this vulnerability was exploited,” according to the Juniper security alert.

According to a Juniper Networks spokeswoman’s statement, “Once we identified these vulnerabilities, we launched an investigation and worked to develop and issue patched releases for the impacted devices. We also reached out to affected customers, strongly recommending that they update their systems.”

U.S. officials said it’s not clear how the Juniper source code was altered, whether from an outside attack or someone inside.

The work to alter millions of lines of source code is sophisticated. The system was compromised for three years before Juniper uncovered it in a routine review in recent weeks.

Juniper said it was also issuing a security fix for a separate bug that could allow a hacker to launch denial-of-service attacks on networks.

21st Century Genocide, Syria

Posted on by

On regime change in Syria, the White House capitulates to Russia

WashingtonPost Editorial Board: RUSSIAN PLANES are still bombing Western-backed forces in Syria every day and targeting hospitals, bakeries and humanitarian corridors. Moscow is still insisting that blood-drenched dictator Bashar al-Assad remain in power indefinitely while trying to exclude opposition groups from proposed peace negotiations by claiming they are terrorists.

Nevertheless, Secretary of State John F. Kerry insisted Tuesday after meeting with Vladi­mir Putin that the Russian ruler and the Obama administration see Syria “in fundamentally the same way.” Unfortunately, that increasingly appears to be the case — and not because Mr. Putin has altered his position.

For four years, President Obama demanded the departure of Mr. Assad, who has killed hundreds of thousands of his own people with chemical weapons, “barrel bombs,” torture and other hideous acts. Yet in its zeal to come to terms with Mr. Putin, the Obama administration has been slowly retreating from that position. On Tuesday in Moscow, Mr. Kerry took another big step backward: “The United States and our partners are not seeking so-called regime change,” he said. He added that a demand by a broad opposition front that Mr. Assad step down immediately was a “non-starting position” — because the United States already agreed that Mr. Assad could stay at least for the first few months of a “transition process.”

Mr. Kerry’s rhetorical capitulation was coupled with the observation that the administration doesn’t “believe that Assad himself has the ability to be able to lead the future Syria.” But he now agrees with Mr. Putin that the country’s future leadership must be left to Syrians to work out. That’s a likely recipe for an impasse — especially as Mr. Assad is still saying he won’t even negotiate with any opponents who are armed or backed by foreign governments. At the same time, the administration’s forswearing of “regime change” sends a message to Mr. Putin and his Iranian allies: The power structure in Damascus that has granted Russia a naval base and served as a conduit for Iranian weapons to the Hezbollah militia in Lebanon can remain. (complete editorial here)

“If the Dead Could Speak” reveals some of the human stories behind the more than 28,000 photos of deaths in government custody that were smuggled out of Syria and first came to public attention in January 2014.

The report lays out new evidence regarding the authenticity of what are known as the Caesar photographs, identifies a number of the victims, and highlights some of the key causes of death. Human Rights Watch located and interviewed 33 relatives and friends of 27 victims whose cases researchers verified; 37 former detainees who saw people die in detention; and four defectors who worked in Syrian government detention centers or the military hospitals where most of the photographs were taken. Using satellite imagery and geolocation techniques, Human Rights Watch confirmed that some of the photographs of the dead were taken in the courtyard of the 601 Military Hospital in Mezze.

If you can stomach more truth, torture and genocide click here.

Why is this an important story? It is a holocaust at the hands of the Syrian leader, Bashir al Assad, a deadly tyrannical leader who is fully supported by Vladimir Putin of Russia and the rogue regime of Iran. Further questions are required, where is the United Nations? Where is the International Criminal Court, why no modern day Nuremberg trial? Why have Western leaders including John Kerry, Barack Obama, David Cameron even the Middle East Gulf States come to accept this?

Many across America say that Syria is not our problem. While there is some truth to that, when the United States is taking in hundreds of thousands refugees without vetting and Europe is being crushed by migrants, it does become a problem for at least America.

The full Human Rights Watch report is here. In full disclosure, multi-billionaire George Soros gave $100 million to HRW in 2010, but it seems there is selective attention, attitudes and investigations by Human Rights Watch as noted with regard to Iran.

Full Story on San Bernardino Accomplice, Marquez

Posted on by

Marquez-Complaint-Charging-Document-12-17En­rique Mar­quez, the friend of ter­ror­ist Syed Rizwan Farook, was ar­res­ted Dec. 17 and charged with con­spir­ing to give ma­ter­i­al sup­port to a ter­ror­ist plot, ac­cord­ing to a char­ging state­ment re­leased by fed­er­al of­fi­cials.

Marquez-Complaint-Charging-Document-12-17 https://assets.documentcloud.org/documents/2648603/Marquez-Complaint-Charging-Document-12-17.pdf

SAN BERNARDINO, Calif. — Enrique Marquez, who bought the assault rifles used in a deadly attack here, was charged Thursday with conspiring to provide material support to terrorists, federal officials said.

Marquez, 24, was also charged in federal court with making a false statement in connection with the acquisition of firearms used in the attack, the Justice Department announced.

These charges are the first to stem from what became a sprawling global investigation into the Dec. 2 massacre at an office holiday gathering, a probe that has remained focused on the man who once lived next door to one of the attackers.

Syed Rizwan Farook and Tashfeen Malik, a married couple with a young baby, killed 14 people and wounded 21 others in what authorities said was a terrorist attack. The couple died in a shootout with police hours later.

Officials say that Marquez and Farook, former neighbors, had discussed mounting a attack in 2012, a year before the FBI says Farook and his future wife began corresponding online about waging violent jihad.

The FBI arrested Marquez on Thursday and he is expected to make his first court appearance in Riverside, Calif., later in the day.

“While there currently is no evidence that Mr. Marquez participated in the Dec. 2, 2015 attack or had advance knowledge of it, his prior purchase of the firearms and ongoing failure to warn authorities about Farook’s intent to commit mass murder had fatal consequences,” U.S. Attorney Eileen M. Decker of the Central District of California said in a statement.

Authorities also said Thursday that in addition to buying the guns used by the husband-and-wife attackers, Marquez had bought explosive material used to construct the pipe bomb authorities found at the Inland Regional Center after the shooting attack.

Marquez and Farook were friends who fixed up cars together and were also connected through marriage. Last year, Marquez married Mariya Chernykh, and her sister Tatiana is married to Farook’s brother, a Navy veteran named Syed Raheel Farook. A co-worker of Marquez said the marriage to Chernykh was arranged and described it as strained.

Marquez has also told the FBI that he and Farook talked about mounting some kind of attack in 2012, according to senior U.S. law enforcement officials. But he said said they were scared off after a terrorism investigation in Riverside, Calif., that year ended with four local men arrested for plotting to kill Americans in Afghanistan. The men were convicted and sentenced to prison.

Authorities say Marquez legally purchased two assault rifles in 2011 and 2012 that were eventually used in the massacre this month at the Inland Regional Center. California law states that transferring gun ownership from one person to another must be done by a registered dealer. Exemptions include transfers from a parent to an adult child or transfers between spouses.

Some Democratic lawmakers responded immediately with vows to push legislation to tighten gun trafficking laws.

“We must do everything we can to ensure that deadly weapons – like the rifles used in the San Bernardino shootings – do not fall into the hands of terrorists, violent criminals, and drug traffickers,” Sen. Patrick Leahy (D-Vt.), ranking member of the Judiciary Committee, said in a statement. “Law enforcement officials have complained for years that they lack effective tools necessary to investigate and deter straw purchasers and gun traffickers.  Today’s arrest of the individual who provided the rifles for the San Bernardino shooters is a reminder that we need to strengthen our laws to give law enforcement agents and prosecutors the tools they need to fight terrorism and violent crime.”

Leahy said he would reintroduce legislation to make straw purchasing a federal crime and establish tough penalties for those who traffic guns to terrorists and criminals.

Law enforcement authorities searched Marquez’s home three days after the shooting. At the time, Marquez was not charged with a crime, and officials said he was cooperating with the investigation. He had checked himself into a mental-health facility in the aftermath of the shooting, but has cooperated with the FBI after he was tracked down.

Two days before his Riverside home was raided, Marquez had posted a garbled message on Facebook: “I’m. Very sorry sguys. It was a pleasure.” When he didn’t show up for work the next day as a doorman at a pirate-themed neighborhood bar, his co-workers began to worry that he may have become suicidal. Much more detail here.

 

48 More Approved to Leave Gitmo

Posted on by

The White House itself admits that around 10 percent of those released from Guantanamo have resumed fighting for Islamic extremist organizations, but says it is more important to shutter a facility that has become a recruiting tool for militants.

Obama’s comments come as Sudanese militant Ibrahim al-Qosi — who was released in 2012 — seemingly appeared in a recent video by Al Qaeda in the Arabian Peninsula.

“The judgment that we’re continually making is, are there individuals who are significantly more dangerous than the people who are already out there who are fighting?” Obama said.

“What do they add? Do they have special skills? Do they have special knowledge that ends up making a significant threat to the United States?”

“And so the bottom line is that the strategic gains we make by closing Guantanamo will outweigh, you know, those low-level individuals who, you know, have been released so far.”

The Republican-controlled Congress has thwarted Obama’s repeated efforts to close Guantanamo.

Obama came to office in 2009 vowing to shutter the facility, which opened under his predecessor George W. Bush to hold terror suspects after the September 11, 2001 attacks and became known for harsh interrogation techniques that some have said were tantamount to torture.

Obama is soon expected to put forward a new plan that would speed the release of inmates and transfer the most dangerous ones to US soil.

The plan is likely to accelerate the release of low-level detainees to foreign countries and move the most dangerous prisoners to a specialized facility in the United States.

Because of a congressional ban on funding US transfers, Obama has suggested he may have to resort to an executive order to close the prison. This would ignite a political and legal firestorm.

Obama also told Yahoo News that he “very much” hopes to travel to Cuba before leaving office a little over a year from now.

The United States and Cuba restored diplomatic ties this summer, ending a half-century of enmity stemming from the Cold War era.

Obama reiterated previous White House comments that some progress would need to be seen on human rights before any presidential trip.

Obama said he would go when aides could determine “now would be a good time to shine a light on progress that’s been made, but also maybe (go) there to nudge the Cuban government in a new direction.”

The periodic review list of detainees is here.

Transfers Could Reduce Guantánamo Detainees to 90

NYT’s: WASHINGTON — The Obama administration appears to be on the cusp of the largest round of transfers of Guantánamo Bay detainees in a single month since 2007, a move that could reduce the detainee population there to as low as 90 by mid- to late January, according to officials familiar with internal deliberations.

Defense Secretary Ashton B. Carter has notified Congress in recent days that he has approved 17 proposed transfers of lower-level detainees, said the officials, who spoke on the condition of anonymity to discuss matters that have not yet been made public. Congress has required Mr. Carter to certify that security standards have been met at least 30 days before any transfers.

President Obama wants to close the Guantánamo prison in Cuba before he leaves office in a little over a year. His administration has stepped up efforts to find countries to take 48 detainees on a transfer list and moved to speed up the work of a parole-like board that might approve the release of others who are currently recommended for indefinite detention.

The Republican-led Congress, however, has shown little interest in lifting a ban on bringing any detainees to a prison inside the United States, which is Mr. Obama’s plan for those who are either facing trial or are deemed too dangerous to release.

But even as the administration seems to be trying to speed up its fitful effort to winnow down the Guantánamo population, the military is taking steps that will curtail journalists’ access to the wartime prison.

The commander who oversees the military base, Gen. John F. Kelly, has created new rules that will limit reporters to four “media day” trips a year in which large groups will come and depart the same day. Reporters will generally no longer be permitted to go inside the prison camp’s walls.

In a telephone interview, General Kelly connected his decision “to tighten things up a little bit, particularly on the scheduling” for news media visits, in part to what he described as a sharp rise in visits by delegations from foreign governments that are considering resettling detainees.

The operational strains of handling such visitors, he said, formed the backdrop to an episode in October that focused his attention on rules for visits. He said that a journalist, whom he would not identify, was “extremely impolite” during an interaction with a service member who worked at a detainee library.

All that, he said, prompted him to fix what he saw as a problem before his designated successor, Vice Adm. Kurt Tidd, who is awaiting a Senate confirmation vote, takes over.

Until now, the military has generally permitted small numbers of reporters to visit the prison throughout the year if no military commission hearing is going on. The reporters have flown to the base on a Monday and flown out the following Thursday.

Reporters have spent that time on a tour that included walking through the two camps that hold lower-level detainees. While reporters have never been permitted to speak to the detainees, they have seen them from afar, talked to the officers in charge of each camp, interviewed the senior medical officer in the detainee clinic and interviewed lower-ranking guards.

General Kelly said he decided it would be easier for everyone if groups of reporters came to the base only during quarterly “media days,” in which they could talk to a handful of officials like the joint task force commander and the military’s cultural adviser, and then leave that same day.

The general said he no longer wanted reporters to talk to lower-level guards because it was not their role to opine about detention operations, or to go inside the prison because that could cause disruptions. However, he said, depending on what else is going on, exceptions might be made to let first-time visitors inside.

“The camps have not changed since the last time you’ve been there,” he told a reporter for The New York Times who has visited the prison several times, most recently in August 2014. “We still do the same things.”

Several news media outlets, including The Times, have asked the military to reconsider. Dave Wilson, a senior editor at The Miami Herald who oversees its coverage of Guantánamo, said he had told the military that it was important for experienced beat reporters to keep going inside the prison.

“A first-timer doesn’t know what they are seeing because they are seeing it for the first time,” Mr. Wilson said. “They don’t know if something has changed. They don’t know if it’s better or worse.”

General Kelly previously decided in September 2013 to stop telling reporters how many detainees were participating in a hunger strike each day.