FBI is Investigating a Mysterious Postcard

SolarWinds hackers also breached the US NNSA nuclear ... source

(Reuters) – The FBI is investigating a mysterious postcard sent to the home of cybersecurity firm FireEye’s chief executive days after it found initial evidence of a suspected Russian hacking operation on dozens of U.S. government agencies and private American companies.

U.S. officials familiar with the postcard are investigating whether it was sent by people associated with a Russian intelligence service due its timing and content, which suggests internal knowledge of last year’s hack well before it was publicly disclosed in December.

Moscow has denied involvement in the hack, which U.S. intelligence agencies publicly attributed here to Russian state actors.

The postcard carries FireEye’s logo, is addressed to CEO Kevin Mandia, and calls into question the ability of the Milpitas, California-based firm to accurately attribute cyber operations to the Russian government.

People familiar with Mandia’s postcard summarized its content to Reuters. It shows a cartoon with the text: “Hey look Russians” and “Putin did it!”

The opaque message itself did not help FireEye find the breach, but rather arrived in the early stages of its investigation. This has led people familiar with the matter to believe the sender was attempting to “troll” or push the company off the trail by intimidating a senior executive.

Reuters could not determine who sent the postcard. U.S. law enforcement and intelligence agencies are spearheading the probe into its origin, the sources familiar said.

The FBI did not provide comment. A FireEye representative declined to discuss the postcard.

A disinformation researcher from the Rand Corporation, Todd Helmus, received a similar postcard in 2019, based on an image of it Helmus posted to Twitter. Helmus, who studies digital propaganda, said he received the postcard after testifying to Congress about Russian disinformation tactics.

FireEye discovered the Russian hacking campaign – now known as “Solorigate” for how it leveraged supply chain vulnerabilities in network management firm Solarwinds – because of an anomalous device login from within FireEye’s network. The odd login triggered a security alert and subsequent investigation, which led to the discovery of the operation.

FireEye worked closely with Microsoft to determine that the infiltration at FireEye in fact represented a hacking campaign that struck at least eight federal agencies including the Treasury, State and Commerce Departments.

When the postcard was sent, FireEye had not yet determined who was behind the cyberattack. A person familiar with the postcard investigation said “this is not typically the Russian SVR’s playbook” but “times are rapidly changing.” SVR is an acronym for the Foreign Intelligence Service of Russia.

A former U.S. intelligence official said the postcard reminded him of a now public mission by U.S. Cyber Command where they sent private messages to Russian hackers ahead of the 2018 congressional elections in the United States.

“The message then from the U.S. was ‘watch your back, we see you’ similar to here,” the former official said.

The extent of the damages tied to the U.S. government hack remains unclear. Emails belonging to senior officials were stolen from an unclassified network at the Treasury and Commerce Departments.FBI says 'ongoing' SolarWinds hack was probably the work ...

Related reading: Third malware strain discovered in SolarWinds supply chain attack

Now known in the cyber world, the heck of Solarwinds continues to rock the nation.

Kaspersky reports finding code similarities between the Sunburst backdoor in SolarWinds’ Orion platform and a known backdoor, Kazuar, which Palo Alto Networks in 2017 associated with the Turla threat group. Kaspersky is cautious about attribution, and notes that there are several possibilities:

  • Sunburst and Kazuar are the work of the same threat group.
  • Sunburst’s developers borrowed from Kazuar.
  • Both backdoors derived from a common source.
  • Kazuar’s developers jumped ship to another threat group that produced Kazuar.
  • Whoever developed Sunburst deliberately introduced subtle false flag clues into their code.

Reuters points out that Estonian intelligence services have long attributed Turla activity to Russia’s FSB (which was unavailable to Reuters for comment).

In an updated Solorigate advisory, CISA released detection and mitigation advice for post-compromise activity in the Microsoft 365 (M365) and Azure environment.

The US District Court for the Southern District of Ohio has responded to Solorigate by requiring that court documents be filed on paper, the Columbus Dispatch reports.

***

Related reading: The SolarWinds Hackers Shared Tricks With a Notorious Russian Spy Group

Reuters: Investigators at Moscow-based cybersecurity firm Kaspersky said the “backdoor” used to compromise up to 18,000 customers of U.S. software maker SolarWinds closely resembled malware tied to a hacking group known as “Turla,” which Estonian authorities have said operates on behalf of Russia’s FSB security service.

The findings are the first publicly-available evidence to support assertions by the United States that Russia orchestrated the hack, which compromised a raft of sensitive federal agencies and is among the most ambitious cyber operations ever disclosed.

Moscow has repeatedly denied the allegations. The FSB did not respond to a request for comment.

Costin Raiu, head of global research and analysis at Kaspersky, said there were three distinct similarities between the SolarWinds backdoor and a hacking tool called “Kazuar” which is used by Turla.

The similarities included the way both pieces of malware attempted to obscure their functions from security analysts, how the hackers identified their victims, and the formula used to calculate periods when the viruses lay dormant in an effort to avoid detection.

“One such finding could be dismissed,” Raiu said. “Two things definitely make me raise an eyebrow. Three is more than a coincidence.”

Confidently attributing cyberattacks is extremely difficult and strewn with possible pitfalls. When Russian hackers disrupted the Winter Olympics opening ceremony in 2018, for example, they deliberately imitated a North Korean group to try and deflect the blame.

Raiu said the digital clues uncovered by his team did not directly implicate Turla in the SolarWinds compromise, but did show there was a yet-to-be determined connection between the two hacking tools.

It’s possible they were deployed by the same group, he said, but also that Kazuar inspired the SolarWinds hackers, both tools were purchased from the same spyware developer, or even that the attackers planted “false flags” to mislead investigators.

Security teams in the United States and other countries are still working to determine the full scope of the SolarWinds hack. Investigators have said it could take months to understand the extent of the compromise and even longer to evict the hackers from victim networks.

U.S. intelligence agencies have said the hackers were “likely Russian in origin” and targeted a small number of high-profile victims as part of an intelligence-gathering operation.

 

China’s Military Takes Charge of War Powers

Primer:HONG KONG — Jailed Hong Kong pro-democracy activist Joshua Wong was arrested on a new charge under the national security law on Thursday while an American rights lawyer who was detained in a sweeping crackdown was granted bail. Friends and family of Wong, who is serving a 13 1/2-month prison sentence for organizing and participating in an unauthorized protest in 2019, were informed that he had been arrested on suspicion of violating the national security law and was taken away to give a statement on the new charge, according to a post on his Facebook page.

The post also stated that Wong’s lawyer was unable to meet with him, and that Wong had been transferred back to prison after giving the statement, which was not disclosed.

Separately, John Clancey, an American human rights lawyer who works at law firm Ho Tse Wai & Partners, was granted bail, his associate said. He was one of 53 activists arrested Wednesday under the national security law. He couldn’t be reached for comment.

At least some of the others were released on bail late Thursday from various police stations where they had been held. One, veteran activist and former lawmaker Leung Kwok-hung, unfurled a banner that blasted the national security law as he left.

China has expanded the power of its Central Military Commission
Has China gone into stealth mode with its military-civil fusion plans? |  South China Morning Post
(There is hardly an expectation that the Biden administration will take any aggressive action against China or would maintain existing current China policy under the Trump/Pompeo architecture. At risk especially is Taiwan and Hong Kong.)
Read on as President Xi is asserting more power during the power transition underway in the United States.
(CMC) – headed by President Xi Jinping – to mobilise military and civilian resources in defence of the national interest, both at home and abroad.

Revisions to the National Defence Law, effective from January 1, weaken the role of the State Council – China’s cabinet – in formulating military policy, handing decision-making powers to the CMC.

For the first time, “disruption” and protection of “development interests” have been added to the legislation as grounds for the mobilisation and deployment of troops and reserve forces.The legislation also specifically stresses the need to build a nationwide coordination mechanism for the mobilisation of state-owned and private enterprises to take part in research into new defence technologies covering conventional weapons, as well as the non-traditional domains of cybersecurity, space and electromagnetics.

Military and political analysts said the amendments aimed to strengthen the country’s military leadership under Xi, providing it with the legal grounds to respond to the challenges of accelerating confrontations between China and the US.

Deng Yuwen, a former deputy editor of the Communist Party publication Study Times,said the amendments aimed to legalise and formally apply the “special” nature of China’s political and defence system when dealing with situations that could harm the regime at home and abroad.“China’s political nature is very different from many countries … it’s not surprising for Beijing to enhance the leadership of the CMC when the PLA is going out to defend China’s national interests across the world,” said Deng, who is now an independent political commentator in the US.

China’s success at controlling the Covid-19 pandemic has been seen by Beijing as an endorsement of the Communist Party’s authoritarian rule, particularly as many Western countries are still struggling with rising numbers of infections.

Chen Daoyin, an independent political commentator and former professor at the Shanghai University of Political Science and Law, said the changes showed the regime had gained the confidence to legitimise its long-standing principle that “the party commands the gun” and stamp its “absolute leadership over armed and reserved forces”.

“The move to include ‘development interests’ as a reason for armed mobilisation and war in the law would provide legal grounds for the country to launch war in the legitimate name of defending national development interests,” Chen said.

Zeng Zhiping, a military law expert at Soochow University, said one of the big changes of the law was the downgrading of the State Council’s role in formulating the principles of China’s national defence, and the right to direct and administer the mobilisation of its armed forces.

“The CMC is now formally in charge of making national defence policy and principles, while the State Council becomes a mere implementing agency to provide support to the military,” said Zeng, who is also a retired PLA lieutenant colonel.

“It’s a big contrast when compared with developed countries like Israel, Germany and France, which prefer to put their armed forces under civilian leadership. Even in the US, the civilian-led defence ministry plays a more important role than their military top brass, the Joint Chiefs of Staff.”

Taipei-based military expert Chi Le-yi said the amendments highlighting the use of armed forces to suppress national disruption would be used to target independence-leaning forces in Taiwan, which Beijing regards as part of its territory.

Chi said the ultimate goal of the amended defence law could be seen as Beijing’s latest response to the US policy of comprehensive strategic containment of a rising China.

“The Chinese Communist Party now has strong crisis awareness as it faces various new security challenges, pushing the PLA to come up with a new defence policy soon after completing the establishment of top-down commanding and coordinating systems under Xi’s leadership,” Chi said.

“The law revision is also a symbolic battle call by the party to warn all Chinese people to be combat-ready for a nationwide defence mobilisation, which the party has never done since [it came to power] in 1949.”

The amendments were passed by the National People’s Congress on December 26, after two years of deliberation. Three articles were removed, more than 50 were amended, while there were six additions. In a media conference earlier in December, a spokesperson for the CMC’s legislative affairs bureau said the changes gave the PLA a clear direction in its modernisation and development goals.

 

China Used ‘Mass Surveillance’ on Thousands of Americans’ Phones

Is the Caribbean Smartphone Market Closer to Asia than America? - Droid  Island

Newsweek reports: A mobile security expert has accused China of exploiting cellphone networks in the Caribbean to conduct “mass surveillance” on Americans.

China Regional Snapshot: The Caribbean - Committee on Foreign Affairs

Gary Miller, a former vice president of network security at California-based analytics company Mobileum, told The Guardian he had amassed evidence of espionage conducted via “decades-old vulnerabilities” in the global telecommunications system.

While not explicitly mentioned in the report, the claims appear to be centered around Signaling System 7 (SS7), a communications protocol that routes calls and data around the world and has long been known to have inherent security weaknesses.

According to Miller, his analysis of “signals data” from the Caribbean has shown China was using a state-controlled mobile operator to “target, track, and intercept phone communications of U.S. phone subscribers,” The Guardian reported.

Miller claimed China appeared to exploit Caribbean operators to conduct surveillance on Americans as they were traveling, alleging that attacks on cell phones between 2018 to 2020 likely affected “tens of thousands” of U.S. mobile users in the region.

“Once you get into the tens of thousands, the attacks qualify as mass surveillance,” the mobile researcher said, noting the tactic is “primarily for intelligence collection and not necessarily targeting high-profile targets.” Miller continued: “It might be that there are locations of interest, and these occur primarily while people are abroad.”

A previous analysis paper covering 2018-2019, also titled Far From Home, contained a series of similar espionage claims about SS7, alleging that “mass surveillance attacks” in 2018 were most prevalent by China and Caribbean mobile networks. More here.

But hold on…. it does not stop there….we also have the Channel Islands…

Pin on Guernsey Island

Remarkable investigative details here.

The Bureau: Private intelligence companies are using phone networks based in the Channel Islands to enable surveillance operations to be carried out against people around the world, including British and US citizens, the Bureau of Investigative Journalism can reveal following a joint reporting project with the Guardian.

Leaked data, documents and interviews with industry insiders who have access to sensitive information suggest that systemic weaknesses in the global telecoms infrastructure, and a particular vulnerability in Jersey and Guernsey, are being exploited by corporate spy businesses.

These businesses take advantage of some of the ways mobile phone networks across the world interact in order to access private information on targets, such as location information or, in more sophisticated applications, the content of calls and messages or other highly sensitive data.

The spy companies see phone operators in the Channel Islands as an especially soft route into the UK, according to industry experts, who say the attacks emanating from the islands appear to be targeted at individuals rather than cases of “mass” surveillance. The Bureau understands that the targets of this surveillance have been spread across the globe, and included US citizens as well as people in Europe and Africa.

Ron Wyden, the Oregon senator and privacy advocate, described the use of foreign telecom assets to spy on people in the US as a national security threat.

“Access into US telephone networks is a privilege,” he said in response to the Bureau’s findings. “Foreign telecom regulators need to police their domestic industry – if they don’t, they risk their country being cut off from US roaming agreements.”

Markéta Gregorová, the European Parliament’s chief negotiator on trade legislation for surveillance technology, called for “immediate regulatory, financial and diplomatic costs on companies and rogue jurisdictions” that enabled these practices.

“Any commercial or governmental entity, foreign or domestic which enables the facilitation of warrantless cyber-attacks on European citizens deserves the full force of our justice system,” she told the Bureau.

Pelosi Refusing to Advance China Task Force Legislation Items

Primer: China's Xi Jinping warned Trump could sow 'chaos' after 2016 election -  Business Insider

On September 25, 2015, during CCP General Secretary Xi’s state visit to the United States, President Obama and Xi gave remarks to the press in the White House Rose Garden. The two leaders announced that they had agreed “neither the U.S. or the Chinese government will conduct or knowingly support cyber-enabled theft of intellectual property, including trade secrets or other confidential business information for commercial advantage.” Xi also pledged that “China does not intend to pursue militarization” of the South China Sea. Neither of these promises to the American people were made in good faith. Today, “China is using cyber-enabled theft as part of a global campaign to ‘rob, replicate, and replace’ non-Chinese companies in the global marketplace,” according to Assistant Attorney General John Demers. Meanwhile, the PRC’s military outposts in the South China Sea have been proven “capable of supporting military operations and include advanced weapon systems,” according to the Pentagon.

October 01, 2020 Congressional Record

COUNTERING THREAT OF CHINESE COMMUNIST PARTY The SPEAKER pro tempore. The Chair recognizes the gentleman from Pennsylvania (Mr. Joyce) for 5 minutes. Mr. JOYCE of Pennsylvania. Mr. Speaker, after months of hard work and collaboration, the China Task Force has released our final report, which includes more than 400 solutions to counter the growing threat of the Chinese Communist Party.

This report is the framework for combating the aggressive Chinese Communist regime. After meeting with more than 130 experts, we developed realistic and achievable solutions that take a comprehensive approach to strengthening America’s national security and holding the Chinese Government accountable. We realized that out of our 400 recommendations, 180 are legislative solutions, of which 64 percent are bipartisan and one-third have already passed either the House or the Senate.

Mr. Speaker, these are commonsense solutions that we can vote on today to strengthen our strategic position for tomorrow. As the only physician serving on the China Task Force, it was my privilege to delve into opportunities to strengthen our supply chains and ensure that Americans are never again beholden to the Chinese Government for key medicines or healthcare supplies.

On the Health and Technology Subcommittee, I led efforts to strengthen [[Page H5110]] the supply chains for medicines, semiconductors, and other vital materials. Congress has passed several provisions aimed at advancing research and the manufacturing of critical medical supplies here in the United States. We also created new reporting requirements to help us better understand international supply chains and counter vulnerabilities in the system.

To bolster our technology supply chain, I cosponsored H.R. 7178, the CHIPS Act, to increase domestic production of advanced semiconductors, which will help Americans to develop next-generation telecom technology, fully automated systems, and, importantly, new weapons systems. I also introduced the ORE Act, H.R. 7812, to incentivize the domestic production of rare earth materials, which is key to breaking the Chinese monopoly on critical supply chains. America cannot allow China to win the race to next-generation technology. We want innovative breakthroughs to happen here in this country, and the China Task Force is making progress through the legislative process. As a leader on the competitiveness committee, I focused on issues ranging from combating Chinese Communist-sponsored theft of intellectual property to exposing the influence of the Chinese in U.S. research institutions and countering the importation of illicit fentanyl.

Too often, American companies are being coerced to surrender intellectual property to the Chinese Government in order to gain entry into the Chinese marketplace. In extreme cases, we hear of outright theft by Chinese hackers and agents. The China Task Force has produced recommendations that direct the Federal Government to ramp up investigations of individuals acting as pawns of the Chinese Communist Party and enforce antitheft laws.

Our Nation has also seen wholesale efforts of the Chinese Government to steal research and gain influence at United States universities. In my own backyard, the FBI arrested a former Penn State researcher suspected of espionage. The task force has compiled provisions to increase transparency and accountability in the higher education system, and I introduced legislation to close loopholes and force the disclosure of all foreign money in our research systems. Finally, we must stop illicit fentanyl from reaching our communities and killing our neighbors.

The China Task Force has produced recommendations to stop the importation of these devastating analogues from China. In the House, I cosponsored legislation to hold foreign nations, including China, accountable if they fail to cooperate with U.S. narcotics control efforts and prosecute the production of fentanyl in their countries. I thank Senator Toomey for championing this provision in the Senate.

By implementing these solutions, we can make America safer, stronger, and better equipped to lead in the 21st century. The China Task Force final report is a framework. It is our playbook to make a difference. While our work on this report has finished, our commitment to this cause must and will continue. Phase two starts today.

The 141 page report is found here.

Space Command Alarmed at Russia’s Anti-Satellite Weapons Test

WASHINGTON — Russia conducted its second test this year of a direct ascent anti-satellite missile test, according to a U.S. Space Command, yet again drawing sharp criticism from the U.S.

“Russia has made space a war-fighting domain by testing space-based and ground-based weapons intended to target and destroy satellites. This fact is inconsistent with Moscow’s public claims that Russia seeks to prevent conflict in space,” said Space Command head Gen. James Dickinson in a statement. “Space is critical to all nations. It is a shared interest to create the conditions for a safe, stable and operationally sustainable space environment.”

U.S. SPACECOM nominee Dickinson says countries must be ...

Space Command said the direct-ascent anti-satellite missile tested is a kinetic weapon capable of destroying satellites in low Earth orbit. A similar anti-satellite missile test by India in March 2019 that destroyed the nation’s own satellite on orbit drew criticism from observers, who noted that the debris created from the threat could cause indirect damage to other satellites.

Russia has completed tests of its Nudol ballistic-missile system several times in recent years, including in April of this year. Nudol can be used as an anti-satellite weapon and is capable of destroying satellites in low Earth orbit. According to the CSIS Aerospace Security Project’s “Space Threat Assessment 2020,” Russia conducted its seventh Nudol test in 2018.

Under the Trump administration, the U.S. has used the development and testing of anti-satellite weapons by Russia and China as a justification for creating both Space Command and the U.S. Space Force in 2019.

“The establishment of U.S. Space Command as the nation’s unified combatant command for space and U.S. Space Force as the primary branch of the U.S. Armed Forces that presents space combat and combat support capabilities to U.S. Space Command could not have been timelier. We stand ready and committed to deter aggression and defend our nation and our allies from hostile acts in space,” Dickenson said.

Acting Secretary of Defense Christopher C. Miller made similar comments last week as the White House released a new National Space Policy, which calls for the U.S. to defeat aggression and promote norms of behavior in space

“Our adversaries have made space a war-fighting domain, and we have to adapt our national security organizations, policies, strategies, doctrine, security classification frameworks and capabilities for this new strategic environment. Over the last year we have established the necessary organizations to ensure we can deter hostilities, demonstrate responsible behaviors, defeat aggression and protect the interests of the United States and our allies.”

***

Kilopower  An illustration of a Kilopower nuclear reactor on the moon. Development of surface nuclear power technologies is a key element of the roadmap included in Space Policy Directive 6. Credit: NASA

The White House released a new space policy directive Dec. 16 intended to serve as a strategic roadmap for the development of space nuclear power and propulsion technologies.

Space Policy Directive (SPD) 6, titled “National Strategy for Space Nuclear Power and Propulsion,” discusses responsibilities and areas of cooperation among federal government agencies in the development of capabilities ranging from surface nuclear power systems to nuclear thermal propulsion, collectively known as space nuclear power and propulsion (SNPP).

“This memorandum establishes a national strategy to ensure the development and use of SNPP systems when appropriate to enable and achieve the scientific, exploration, national security, and commercial objectives of the United States,” the 12-page document states.

SPD-6 sets out three principles for the development of space nuclear systems: safety, security and sustainability. It also describes roles and responsibilities for various agencies involved with development, use or oversight of such systems.

Much of the document, though, is a roadmap for the development of nuclear power and propulsion systems. It sets a goal of, by the mid-2020s, developing uranium fuel processing capabilities needed for surface power and in-space propulsion systems. By the mid to late 2020s, NASA would complete the development and testing of a surface nuclear power system for lunar missions that can be scalable for later missions to Mars.

SPD-6 calls for, by the late 2020s, establishing the “technical foundations and capabilities” needed for nuclear thermal propulsion systems. It also sets a goal of developing advanced radioisotope power systems, versions of radioisotope thermoelectric generators (RTGs) long used on NASA missions, by 2030.

Many of the initiatives outlined in SPD-6 are already in progress. NASA has been working with the Department of Energy (DOE) on a project called Kilopower to develop surface nuclear reactors, including efforts to seek proposals to develop a reactor for use on the moon. NASA has also been studying nuclear thermal propulsion, an initiative backed by some in Congress who have set aside funding in NASA’s space technology program for that effort.

“We have these individual initiatives going on — nuclear thermal power, the Kilopower activities — and what we’re trying to do is pull together a common operating picture for Defense, NASA and DOE,” said a senior administration official, speaking on background about SPD-6.

That roadmap and schedule is also intended to prioritize those activities. Surface nuclear power is needed in the nearer term to support lunar missions later in the decade, particularly to handle the two-week lunar night. Nuclear thermal propulsion, as well as alternative nuclear electric propulsion technologies, are less critical since they are primarily intended to support later missions to Mars.

“Those things are important for going to Mars,” the official said of nuclear propulsion, “but first we’re doing the moon and leveraging terrestrial capabilities and technologies to put that foothold on the moon.”

Another issue addressed in SPD-6 is the use of different types of uranium. Tests in 2018 as part of the Kilopower program used highly enriched uranium, or HEU. That project, and discussions by NASA and DOE to use HEU for flight reactors, raised concerns in the nuclear nonproliferation community. They were worried that it could set a precedent for renewed production of HEU, which is also used in nuclear weapons.

SPD-6 restricts, but does not prohibit, the use of HEU in space nuclear systems. “Before selecting HEU or, for fission reactor systems, any nuclear fuel other than low-enriched uranium (LEU), for any given SNPP design or mission, the sponsoring agency shall conduct a thorough technical review to assess the viability of alternative nuclear fuels,” it states.

“We want to keep those proliferation concerns foremost in our minds,” a senior administration official said. “We don’t want to necessarily rule out HEU if that’s the only way to get a mission about, but we want to be very deliberate about it.”

The policy, an official said, “sets an extremely high bar” for non-defense use of HEU on space systems, citing progress on high-assay low enriched uranium, which can provide power levels similar to HEU systems with only a modest mass penalty.

The White House released SPD-6 a week after it issued a new national space policy during a meeting of the National Space Council. That broader policy briefly addressed space nuclear power and propulsion, discussing roles for various agencies, but did not mention the roadmap or other details found in SPD-6.

Many thought the release of the national space policy would conclude the administration’s work on space policy, making SPD-6 something of a surprise. A senior administration official said work on various space policy directives and the national space policy had been slowed down by the coronavirus pandemic, but wouldn’t rule out additional announcements in the remaining five weeks of the Trump administration.