Category Archives: Failed foreign policy

Microsoft Reveals Continued Hacks of Technology Companies

Posted on by

The Russia-linked hackers behind last year’s compromise of a wide swath of the U.S. government and scores of private companies, including SolarWinds Corp. , have stepped up their attacks in recent months, breaking into technology companies in an effort to steal sensitive information, cybersecurity experts said.

In a campaign that dates back to May of this year, the hackers have targeted more than 140 technology companies including those that manage or resell cloud-computing services, according to new research from Microsoft Corp. The attack, which was successful with as many as 14 of these technology companies, involved unsophisticated techniques like phishing or simply guessing user passwords in hopes of gaining access to systems, Microsoft said.

***SolarWinds Hackers Accessed US Justice Department Email ...

Source: In a recent blog post to the company’s website, Microsoft’s corporate vice president of customer security and trust, Tom Burt, wrote that “state actor Nobelium has been attempting to replicate the approach it has used in past attacks by targeting organizations integral to the global IT supply chain.”

Nobelium is “attacking a different part of the supply chain: resellers and other technology service providers that customize, deploy and manage cloud services and other technologies on behalf of their customers,” according to the company.

Burt wrote that 609 Microsoft customers had been informed that they’d been attacked between July and October of this year close to 23,000 times “with a success rate in the low single digits.”

The attacks, according to the executive, were not aimed at a specific flaw in any of the systems, rather, they were “password spray and phishing” attacks, which are aimed at stealing credentials that grant the attackers access to privileged information.

The Russian state-backed hacking group is, according to Burt, “trying to gain long-term, systematic access to a variety of points in the technology supply chain, and establish a mechanism for surveilling – now or in the future – targets of interest to the Russian government.”

***

Over 600 Microsoft customers targeted since July

“Since May, we have notified more than 140 resellers and technology service providers that have been targeted by Nobelium,” said Tom Burt, Corporate Vice President at Microsoft.

“We continue to investigate, but to date we believe as many as 14 of these resellers and service providers have been compromised.”

As Burt added, in all, more than 600 Microsoft customers were attacked thousands of times, although with a very low rate of success between July and October.

“These attacks have been a part of a larger wave of Nobelium activities this summer. In fact, between July 1 and October 19 this year, we informed 609 customers that they had been attacked 22,868 times by Nobelium, with a success rate in the low single digits,” Burt said.

“By comparison, prior to July 1, 2021, we had notified customers about attacks from all nation-state actors 20,500 times over the past three years.”

Nobelium MSP attacks
Nobelium MSP attacks (Microsoft)

This shows that Nobelium is still attempting to launch attacks similar to the one they pulled off after breaching SolarWinds’ systems to gain long-term access to the systems of targets of interest and establish espionage and exfiltration channels.

Microsoft also shared measures MSPs, cloud service providers, and other tech orgs can take to protect their networks and customers from these ongoing Nobelium attacks.

Nobelium’s high profile targets

Nobelium is the hacking division of the Russian Foreign Intelligence Service (SVR), also tracked as APT29, Cozy Bear, and The Dukes.

In April 2021, the U.S. government formally blamed the SVR division for coordinating the SolarWinds “broad-scope cyber espionage campaign” that led to the compromise of multiple U.S. government agencies.

At the end of July, the US Department of Justice was the last US govt entity to disclose that 27 US Attorneys’ offices were breached during the SolarWinds global hacking spree.

In May, the Microsoft Threat Intelligence Center (MSTIC) also reported a phishing campaign targeting government agencies from 24 countries.

Earlier this year, Microsoft detailed three Nobelium malware strains used for maintaining persistence on compromised networks: a command-and-control backdoor dubbed ‘GoldMax,’ an HTTP tracer tool tracked as ‘GoldFinder,’ a persistence tool and malware dropper named ‘Sibot.’

Two months later, they revealed four more malware families Nobelium used in their attacks: a malware downloader known as ‘BoomBox,’ a shellcode downloader and launcher known as ‘VaporRage,’ a malicious HTML attachment dubbed ‘EnvyScout,’ and a loader named ‘NativeZone.’

Supply Chain Crisis and Where is the Defense Production Act?

Posted on by

What is the Defense Production Act?

The Defense Production Act is the primary source of presidential authorities to expedite and expand the supply of materials and services from the U.S. industrial base needed to promote the national defense. DPA authorities are available to support: emergency preparedness activities conducted pursuant to title VI of the Stafford Act; protection or restoration of critical infrastructure; and efforts to prevent, reduce vulnerability to, minimize damage from, and recover from acts of terrorism within the United States. DPA authorities may be used to:

  • Require acceptance and preferential performance of contracts and orders under DPA Title I. (See Federal Priorities and Allocations System (FPAS).)
  • Provide financial incentives and assistance (under DPA Title III) for U.S. industry to expand productive capacity and supply needed for national defense purposes;
  • Provide antitrust protection (through DPA voluntary agreements in DPA Title VII) for businesses to cooperate in planning and operations for national defense purposes, including homeland security.

But national security? Yes. We remain the midst of the Covid 19 pandemic and those affected could and often are our protectors, not only medically but when it comes to legally or militarily.

While we are fretting over shortages and necessities in our daily lives there are two real areas of major concern, they are medicines and micro-chips (semiconductors) used for advanced technology of many varieties.

China Is Getting Ready to Take On the World's Biggest ...

Basic medicines in use either by prescription or over the counter are manufactured in Asia, mostly China that is. It is a fact we learned in the early days of the pandemic. Imagine now that we are faced with a shortage of antibiotics, insulin, aspirin or Lasix and Dyazide. Could we once again face personal protection equipment shortages?

DOD Announces $74.9 Million in Defense Production Act ...

When it comes to semiconductors, the following is important to know:

In part from a senate committee: To mitigate supply chain risks and ensure that semiconductors used in sensitive military systems do not have malware embedded in them, in 2004 the Department of Defense established the “Trusted Foundry Program.” Under this program the government identifies companies deemed secure and trustworthy enough to produce chips exclusively for the military. Two facilities currently operate under this program, one in Vermont and one in New York.

The program only produces a small percentage of the nearly 2 billion semiconductors DOD acquires each year. Some observers have expressed concern that the trusted foundries are falling behind technologically compared to commercial fabrication facilities in East Asia. This could leave the U.S. military at a technological disadvantage to China and other countries that buy superior chips.

In 2017, the Defense Advanced Research Projects Agency launched the Electronics Resurgence Initiative, which seeks to address market and technological trends and challenges in the microelectronics sector.

Sounds shaky right? It is as we need results and we need them now. So where is that order by the Biden administration for the Defense Production Act which would jump start real action in all the various reasons for the log jam at ports around the United States? There is no one single reason for the cargo ships being stacked up in Long Beach, Los Angeles, Port Houston, Savannah to name a few.

The United States can relieve the cargo pressures immediately by deploying the National Guard, signing waivers on regulations and by stopping all the financial payments that encourage people to simply not go to work.


The BBC reports in part: 

The shortages hitting countries around the world

A “perfect storm” in China is hitting shoppers and businesses at home and overseas.

It is affecting everything from paper, food, textiles and toys to iPhone chips, says Dr Michal Meidan from the Oxford Institute for Energy Studies.

She says these items “may end up being in short supply this Christmas”.

Then there is the Department of Transportation and the Secretary has been absent….his involvement in this?

Maritime administration –>

U.S. maritime ports are critical links in the U.S. domestic and international trade supply-chain.  Ports serve as centers of commerce where freight and commodities are transferred between cargo ships, barges, trucks, trains, and pipelines.

The Port Infrastructure Development Program supports the efficient movement of commerce upon which our economy relies through discretionary grant funding that helps strengthen, modernize, and improve our country’s maritime systems and gateway ports. Grants are awarded on a competitive basis and support the Nation’s long-term economic vitality.

Port Infrastructure Development grants provide planning, operational and capital financing, and project management assistance to improve port capacity and operations.

Authorization History

The Port Infrastructure and Development Program was authorized by Congress as part of the National Defense Authorization Act for Fiscal Year 2010 (Public Law 111-84). The legislation states that “The Secretary of Transportation, through the Maritime Administrator, shall establish a port infrastructure development program for the improvement of port facilities.”

The law specifically authorizes the Administrator to:

  1. Receive funds provided for the project from Federal, non-Federal, and private entities that have a specific agreement or contract with the Administrator to further the purposes of this subsection;
  2. Coordinate with other Federal agencies to expedite the process established under the National Environmental Policy Act of 1969 (42 U.S.C. 4321 et seq.) for the improvement of port facilities to improve the efficiency of the transportation system, to increase port security, or to provide greater access to port facilities;
  3. Seek to coordinate all reviews or requirements with appropriate local, State, and Federal agencies; and
  4. Provide such technical assistance and financial assistance, including grants, to port authorities or commissions or their subdivisions and agents as needed for project planning, design, and construction.

The authorizing legislation also established a Port Infrastructure Development Fund for use by the Administrator in carrying out projects under the program. The fund is available for the Administrator to:

  1. Administer and carry out projects under the program;
  2. Receive Federal, non-Federal, and private funds from entities which have specific agreements or contracts with the Administrator; and
  3. Make refunds for projects that will not be completed.

There are also additional legislative provisions for the crediting and transfer of monies into the fund.

 

Mexico Cartels Use Video Games to Recruit Children

Posted on by

Beyond the constant threat of Tik Tok, Facebook and Instagram there are at least 2 video games, World of Warcraft and Second Life. Parents, are you managing this or paying attention…globally?

World of Warcraft: Cataclysm | RPG Site.Second Life Review | Game Rankings & Reviews

Beyond parents…what about State Attorneys General or the Department of Justice? crickets….

In full:

Mexican criminal groups have hit on a new way to recruit vulnerable young people into their ranks: reaching out to them while they play video games.

On October 11, authorities in the southern state of Oaxaca announced they had rescued three children, between the ages of 11 and 14, who had reportedly been convinced to run away from home by a human trafficking ring after being contacted through a video game named Free Fire.

The three were found at a home in the town of Santa Lucia de Camino, where they were being held and were set to be sent to Monterrey in the northern state of Nuevo León. They had left their homes a couple of days earlier after receiving messages from a trafficker, posing as a 13-year-old boy in the game.

Earlier in October, a young girl was also rescued after having been lured by a human trafficking group in the western state of Jalisco.

This was far from the most sophisticated such scheme to be discovered in Mexico this year. In September, Mexican investigative journalist Óscar Balderas revealed how one of the country’s foremost criminal actors is trying to recruit children through the most popular video games in the world.

On September 18, a teenage boy playing Grand Theft Auto V online at 3 a.m. received a message from a gamer purporting to be a young man, wearing a bulletproof vest and a military-style helmet in his profile picture. The boy was invited to an in-game event named “RECLUTAMIENTO ABIERTO CDN-ZETAZ VIEJA ESCUELA-35 BATALLON.” The Northeast Cartel (Cartel del Noreste – CDN) and the Old School Zetas (Zetas Vieja Escuela) are both splinter groups of the Zetas, which have been involved in some of Mexico’s worst violence in recent years.

SEE ALSO: Colombia’s Ongoing Child Recruitment Crisis

This fits a pattern reported by numerous young gamers in Mexico in recent months. According to Balderas, messages are sent in the early hours of the morning, when parents are unlikely to be supervising their children’s online activity, openly inviting young gamers to join criminal groups and selling this as a glamorous lifestyle. Some messages alleged that they were being sent by the Sinaloa Cartel or the Jalisco Cartel New Generation (Cartel Jalisco Nueva Generación – CJNG).

In an interview with InSight Crime, Balderas stated that after contacting young people online, the representatives of criminal groups invite them to in-person meetings where they are abducted and forced to join.

And it seems this tactic is more widespread. Since this story broke in September, around ten families have come forward to tell the journalist about similar experiences with online recruitment.

Criminal groups in Mexico routinely abuse numerous children and teenagers and force them to serve in a range of roles, including as hitmen, drug runners or to work in drug manufacturing facilities.

InSight Crime Analysis

Reaching out to impressionable teenagers through video games is fitting for the times.

“It could seem like a pretty inefficient way of getting one or two more sicarios (hitmen) but it’s a silent way of recruiting. If they go ahead and kidnap kids or teenagers in person, this will draw attention. But this is a way of inviting teenagers of their own free will, of getting their loyalty,” Balderas explained to InSight Crime.

It’s also a very low-risk way of proceeding. It appears the recruiters create profiles located in Mexican cities and then send out invitations to all players currently online in a certain radius. The vast majority will probably ignore such messages as spam but a few curious players will accept and get in touch.

Those contacted in this way state that the recruiters appeal to their sense of adventure, promising them excitement, action, money and possessions.

SEE ALSO: Going Door to Door: Mexico City’s Response To Child Recruitment

Islamic terror groups have used this technique for years, with leaks from former National Security Agency (NSA) operative in 2013 revealing how extremists had turned to video games such as World of Warcraft and Second Life.

And the COVID-19 pandemic has only made this strategy more attractive. With schools closed, children have been forced to study online but access to learning platforms and monitoring of their activities by parents and teachers has ranged widely.

Also in September, a Wall Street Journal investigation unveiled how Facebook leadership knew the CJNG was recruiting “aspiring cartel hitmen” via the social network. Despite warnings from a specialized team, pages advertising the CJNG on Facebook and Instagram remained up for up to five months. When they were taken down, new ones soon popped up.

It hasn’t helped. A search on Instagram, the day before this article was published, immediately turned up multiple accounts showing young children carrying weapons, wearing military-style gear or singing the praises of criminal groups in Mexico.

The Cancelled Hypersonic Development has the U.S. Scrambling until the Space Force

Posted on by

Primer: China is signaling that a stunning new missile test that reportedly surprised U.S. intelligence officials was not designed to accelerate an arms race with the West but rather to grant Beijing a strategic advantage to seize control of the Taiwan Straits and other hotly contested territory in its region.China tests hypersonic missile, surprises US intelligence .... source

The country’s English-language Global Times, considered a mouthpiece for the Chinese Communist Party, did not directly confirm details from a bombshell report in the Financial Times over the weekend that Beijing had successfully tested a nuclear-capable hypersonic missile in August. However, after repeating many of the report’s key details in an op-ed released late Sunday, it added that, if true, they amount to “a new blow to the U.S.’ mentality of strategic superiority over China.”

“China’s military buildup will focus on the Taiwan Straits and the South China Sea,” the op-ed stated, after claiming China does not seek to challenge America’s dominant military position globally. “It is inevitable that China will take an upper hand over the U.S. military strength in these areas thanks to the geographical proximity and the continuous increase of China’s input.” More detail here.

***

Although there were challenges on advanced weapons systems development, it was not until the Trump administration was there direction and funding included too by the establishment of the Space Force.

Lockheed Martin expects to have hypersonics sales of USD1.5 billion in 2021, up 25% from USD1.2 billion in 2020, said Kenneth Possenriede, the US defence contractor’s chief financial officer.

Several Lockheed Martin programmes are poised to achieve key development milestones or ramp up production over the next few years, fuelling revenue increases. Although one programme, the Hypersonic Conventional Strike Weapon (HCSW), was cancelled by the US Air Force last year, the funding has shifted to other Lockheed Martin efforts, said Possenriede.

“We had a couple risk retirements at the end of the year, so our programmes are performing,” he said.

Lockheed Martin is also growing its hypersonics revenue through acquisitions, such as its November 2020 purchase of the Hypersonics portfolio of US-based Integration Innovation Inc (i3). The proposed acquisition of US-based rocket engine maker Aerojet Rocketdyne for USD4.4 billion would also bolster Lockheed Martin’s hypersonics capabilities.

Possenriede made his comments as Lockheed Martin reported that its total net sales rose 7.3% to USD17 billion in the fourth quarter of 2020. All four of the company’s business segments saw strong sales gains. Net earnings totalled USD1.8 billion in the fourth quarter, up 19.6% from the same period in 2019.

Despite operational and supply chain challenges caused by the coronavirus, Lockheed Martin’s net sales for 2020 climbed 9.3% to USD65.4 billion, while its net earnings jumped 9.7% to USD6.8 billion. The company ended the year with a USD147.1 billion backlog, up more than USD3 billion from 2019. source

***Hypersonic Weapons Are Literally Unstoppable (As In ...

RELATED READING: R&D of advanced weapons systems to compete with China

Known as HCSW (pronounced “Hacksaw”) was defunded in order to shift resources to its other program, the Air-launched Rapid Response Weapon (ARRW). Both prototypes are designed by Lockheed Martin Corp.

“Due to budget priorities, the Air Force down-selected to one hypersonic weapon prototyping effort this year,” spokeswoman Ann Stefanek said. Instead, she said, the service will concentrate efforts on ARRW, which is “on track for an early operational capability in fiscal 2022.”U.S. military unveils hypersonic weapon that travels 5 ...

Given the complexity of the threat, and the pace at which potential adversaries are evolving hypersonic weapons, it is by no means surprising that Mozer said Space Force and Air Force Research Laboratory are working closely with the Navy, Defense Advanced Research Projects Agency and Missile Defense Agency to share developmental data and technologies with a mind to maturing interoperable, multi-domain defensive systems able to track and ultimately deter hypersonic attacks.

More and more Havana Syndrome Attacks

Posted on by

Havana syndrome appeared at the US embassy in Colombia U.S. Embassy Bogota, Columbia

Primer in part from the BBC:

A CIA officer who was travelling to India this month with the agency’s director has reported symptoms consistent with so-called Havana syndrome, US media report.

Three unnamed sources told US media that the officer has received medical attention for the mystery illness.

The CIA has not responded to requests for comment by the BBC.

It’s the second reported case in less than a month, as US authorities continue to investigate its cause.

In August, Vice President Kamala Harris’ flight from Singapore to Vietnamese capital Hanoi was briefly delayed after an American official reported symptoms similar to Havana syndrome.

The syndrome first affected people at the US and Canadian embassies in Havana, Cuba, in 2016 and 2017. Dozens of other episodes have since been reported by American officials in the US, China, Russia, Germany and Austria.Havana syndrome reported at United States embassy in ...

Bogota

And now the most recent:

The U.S. Embassy in Bogota, Columbia is host to anti-narcotics operatives, spies, diplomats and aid workers. Just a week before secretary of state Anthony Blinken is scheduled to visit the South American country and after US President Joe Biden last week signed a law that provides increased funding and medical care for US government employees who fall ill with “Havana syndrome”.

He vowed to find “the cause and who is responsible” for the attacks amid reports of US embassy staff in Berlin, Germany, falling ill with symptoms associated with “Havana syndrome”.

At least five American families connected to the bustling U.S. Embassy in Colombia have been afflicted with the mysterious neurological ailment known as Havana Syndrome, in the latest attack against American diplomatic installations, people familiar with the matter said.

In emails to embassy personnel, sent by Ambassador Philip Goldberg and others and reviewed by The Wall Street Journal, the State Department vowed to address the issue “seriously, with objectivity and with sensitivity,” as they work to determine the scope of the afflictions in one of the U.S.’s most important diplomatic outposts.

State Department spokesperson Ned Price declined to comment on the report Tuesday during a department briefing, saying instead the agency is working to ensure all affected personnel get “the prompt care they need in whatever form that takes” and to protect its work force around the world.

Pressed on why the administration wasn’t being more forthcoming, Price said officials had to respect personnel privacy, adding, “It’s certainly not the case that we are ignoring this. We are just not speaking to the press — we’re speaking to our workforce.”

Price also declined to confirm that Blinken is traveling to Colombia. Colombia’s Foreign Ministry announced he would visit for a high-level dialogue on Oct. 20 with Foreign Minister and First Vice President Marta Lucía Ramírez after the two met last week in Paris on the sidelines of the summit of Organization for Economic Cooperation and Development countries. source