Securing the Elections, FBI Investigating Hacks

Securing the vote.

The states, which under the US system are responsible for conducting elections, remain concerned about the integrity of the ballot. Thirty-six  states have now deployed Albert sensors on their voting infrastructure to allow the Department of Homeland Security to observe state systems that manage either voter information or voting devices (Reuters).

The states also want the Feds to share more threat intelligence. Forty-four states and the District of Columbia took part in a Department of Homeland Security exercise this week  (US Department of Homeland Security). The states appear to have gained enough insight into the value of threat intelligence to decide that they want more of it (Reuters). Some advocate Federal standards for the conduct of elections, perhaps even mandatory standards (Atlantic Council). More here.

Meanwhile:

Then there is the matter the FBI is investigating in California.

The FBI launched investigations after two Southern California Democratic U.S. House candidates were targeted by computer hackers, though it’s unclear whether politics had anything to do with the attacks.

A law enforcement official told The Associated Press the FBI looked into hacks involving David Min in the 45th Congressional District and Hans Keirstead in the adjacent 48th District. Both districts are in Orange County and are seen as potential pickups as the Democratic Party seeks to win control of the Congress in November.

A person with knowledge of the Min investigation told the AP on Monday that two laptops used by senior staffers for the candidate were found infected with malware in March. It’s not clear what, if any, data was stolen, and there is no evidence the breach influenced the contest.

The CEO of a biomedical research company, Keirstead last summer was the victim of a broad “spear-phishing” attack, in which emails that appear to come from a friend or familiar source are designed to help hackers snatch sensitive or confidential information, the law enforcement official said. There is no evidence Keirstead lost valuable information.

The investigations so far have not turned up evidence the two candidates in Orange County were political targets.

The official and the knowledgeable person were not authorized to discuss the cases publicly and spoke only on condition of anonymity.

Keirstead was narrowly defeated in the June primary for the seat held by Republican Rep. Dana Rohrabacher. Min came in third in the contest to unseat Republican Rep. Mimi Walters.

Min’s staff was alerted to a potential cyberattack by a facility manager in the software incubator where his campaign rented space. It was later found the computers were infected with software that records and sends keystrokes, with additional software that concealed it from conventional anti-virus tools used by the campaign.

Hackers also used a broad spear-phishing attack in an attempt to gain access, and FBI investigators are still piecing together additional details, the official said.

The two laptops were replaced, and Min’s computer was not infected. The attack on the computers was first reported by Reuters.

Keirstead campaign officials detected repeated attempts to access the campaign’s website.

Rolling Stone magazine, which first reported that cyberattack, said hackers or bots tried different username-password combinations in a rapid-fire sequence over a two-and-a-half-month period to get inside the campaign’s WordPress-hosted website.

According to the campaign, there were also more than 130,000 so-called brute force attempts over a monthlong period to gain access to the campaign’s server through the cloud-server company that hosted the Keirstead campaign’s website, Rolling Stone said.

Computer security experts say that many attempts to gain access to a site hosted with the popular and free WordPress software is not unusual.

“Every WordPress hosted website sees 130,000 brute force attempts over a monthlong period, regardless whether it’s Bohemian basket weaving, a blog about furry costume construction, or a politician website,” said Robert Graham, a cybersecurity expert who created the BlackICE personal firewall.

“Hackers don’t know or care who you are: they only care that you use WordPress,” Graham said in a text message.

Min finished third behind fellow Democrat Katie Porter, who faces Walters in November. In the 48th District, Rohrabacher will face Democrat Harley Rouda, who snagged the second runoff spot by defeating Keirstead by 125 votes.

Is that Russian Submarine Threat Still out There?

It is not just the U.S. Navy that is on alert. Europe’s top Navy Commander:

NAPLES, Italy — Russia is deploying more submarines to the Mediterranean, the Black Sea and North Atlantic than at any time since the Cold War as part of a growing power game driving the U.S. to revive a decommissioned fleet and NATO to strengthen its naval defenses, the Navy’s top commander in the theater said.

Russia is upgrading its submarine forces and improving their missile capabilities, all while relations between Moscow and NATO remain tense over Russia’s annexation of Ukraine’s Crimean Peninsula in 2014, Adm. James Foggo, commander of U.S. Naval Forces Europe and Africa, said in an interview earlier this month.

“The illegal annexation of Crimea … that certainly has put a strain on our relationship,” Foggo told Stars and Stripes. “It’s their bad behavior, not ours. It’s the things they are doing.”

The Navy is reviving 2nd Fleet, though on a smaller scale than the one deactivated in 2011, to supply more ships in what Foggo described as growing competition between Russia and NATO in the Atlantic Ocean.

The renewed 2nd Fleet will be a Norfolk, Va.-based joint forces command, with many details yet to be worked out, Foggo said, adding that Navy leaders will know more after NATO’s July summit in Brussels. More here.

***

This is not really a new condition, it has been going on for a few years without any real U.S. response that is until the Omnibus was passed where monies were allocated for air-dropped sonobuoys that can detect submarines and transmit data back to motherships. The warnings began with Russia, operating in the Mediterranean where missiles were fired into Syria on several occasions.

The United States and Britain have been playing cat and mouse with Russia in several locations. Under Exercise Dynamic Mongoose, 10 NATO countries have been practicing hunting tactics of stealth submarines off Norway’s coast.

This past April, Lockheed Martin was awarded a $1 billion contract for a hypersonic cruise missile.

The Hypersonic Conventional Strike Weapon program is one of two hypersonic weapon prototyping efforts being pursued by the Air Force, and comes in addition to the Tactical Boost Glide program, which the Air Force is working on with DARPA and Raytheon. The service plans to have a prototype ready by 2023.

The Tactical Boost Glide is designed to operate at 5 times the speed of sound to enhance current military systems.

The United States has 70 nuclear powered submarines and 52 attack submarines along with 4 cruise missile armed submarines and 14 ballistic missile submarines. They all patrol bodies of water across the globe.

Russian Subs Are Reheating a Cold War Chokepoint - Defense One  photo

Adm. John Richardson, Chief of Naval Operations has confirmed increased foreign submarine operations.

According to GlobalFirePower.com, North Korea has the world’s largest submarine fleet by raw numbers with 76, though most of Pyongyang’s fleet consists of shorter-range, electric-diesel coastal patrol craft. China and Russia, both with modern nuclear-powered fleets that rival the U.S. fleet, have 68 subs and 63 subs, respectively.

NATO Secretary-General Jens Stoltenberg, in an interview with the Frankfurt Allgemeine and other news outlets in December, said the Kremlin is investing heavily in its submarine fleet, with 13 delivered since 2013. NATO countries, he said, have let their underwater firepower lag. “We have practiced less and lost skills,” the NATO chief said.

A particular point of concern, said one former high-level U.S. Navy official, is that Moscow may be attempting to tap into or sever some of the 550,000 miles of underwater fiber-optic cables that span the Atlantic and Arctic sea lanes.

“Russians have had a capability … to do things with these cables for the last 20 to 30 years,” said Tom Callender, who once served as head of capabilities for the Navy’s deputy undersecretary office and is now a senior defense fellow at The Heritage Foundation.

“Russians have had a capability … to do things with these cables for the last 20 to 30 years,” said Tom Callender, who once served as head of capabilities for the Navy’s deputy undersecretary office and is now a senior defense fellow at The Heritage Foundation.More than 95 percent of the global internet traffic — military and civilian, classified and unclassified — is transmitted across the network of submerged cables along the ocean floor, according to Washington-based tech firm TeleGeography. The quantity is massive compared with just a decade ago, when just 1 percent of all online traffic went through the cables.

Seabed vulnerability

The majority of the 285 underwater cables in place crisscross beneath heavily trafficked sea lanes of the Atlantic and Arctic regions. According to TeleGeography, the longest single cable stretches 24,000 miles and relays internet traffic and other electronic communications from Europe, Asia and Africa.

The scale and scope of global communications moving through the network of cables — some of which are only 2 inches thick — present a lucrative target that is vulnerable to attack by U.S. adversaries. It also poses a significant challenge to U.S. forces defending the lines. Read more detail here.

 

Trump Admin Seeking Global Cyber Dominance

Finally!

https://archive.org/services/img/2007NSAProceduresUsedToTargetNonUSPersons Archivo:Presidential-policy-directive 20.pdf - Wikipedia ...

President Trump signed an order that reverses the classified rules and cyber processes from the Obama administration, known as IVE PPD 20. It was signed in October 2012, and this directive supersedes National Security Presidential Directive NSPD-38. Integrating cyber tools with those of national security, the directive complements NSPD-54/Homeland Security Presidential Directive HSPD-23.

Per WikiPedia:

After the U.S. Senate failed to pass the Cybersecurity Act of 2012 that August,[12] Presidential Policy Directive 20 (PPD-20) was signed in secret. The Electronic Privacy Information Center (EPIC) filed a Freedom of Information Request to see it, but the NSA would not comply.[13] Some details were reported in November 2012.[14] The Washington Post wrote that PPD-20, “is the most extensive White House effort to date to wrestle with what constitutes an ‘offensive’ and a ‘defensive’ action in the rapidly evolving world of cyberwar and cyberterrorism.”[14] The following January,[15] the Obama administration released a ten-point factsheet.[16]

On June 7, 2013, PPD-20 became public.[15] Released by Edward Snowden and posted by The Guardian,[15] it is part of the 2013 Mass Surveillance Disclosures. While the U.S. factsheet claims PPD-20 acts within the law and is, “consistent with the values that we promote domestically and internationally as we have previously articulated in the International Strategy for Cyberspace”,[16] it doesn’t reveal cyber operations in the directive.[15]

Snowden’s disclosure called attention to passages noting cyberwarfare policy and its possible consequences.[15][17] The directive calls both defensive and offensive measures as Defensive Cyber Effects Operations (DCEO) and Offensive Cyber Effects Operations (OCEO), respectively.

President Trump has taken this action to aid not only the military, but it would work to deter foreign actors, impede election influence and apply new penalties for violations. There have been high worries by officials due to electric utilities and the brute cyber attacks.

***

Some lawmakers have raised questions in recent months about whether U.S. Cyber Command, the chief agency responsible for conducting offensive cyber missions, has been limited in its ability to respond to alleged Russian efforts to interfere in U.S. elections due to layers of bureaucratic hurdles.

The policy applies to the Defense Department as well as other federal agencies, the administration official said, while declining to specify which specific agencies would be affected. John Bolton, Mr. Trump’s national security adviser, began an effort to remove the Obama directive when he arrived at the White House in April, the official said.

As designed, the Obama policy required U.S. agencies to gain approval for offensive operations from an array of stakeholders across the federal government, in part to avoid interfering with existing operations such as digital espionage.

Critics for years have seen Presidential Policy Directive 20 as a particular source of inertia, arguing that it handicaps or prevents important operations by involving too many federal agencies in potential attack plans. But some current and former U.S. officials have expressed concern that removing or replacing the order could sow further uncertainty about what offensive cyber operations are allowed.

One former senior U.S. official who worked on cybersecurity issues said there were also concerns that Mr. Trump’s decision will grant the military new authority “which may allow them to have a domestic mission.”

The Obama directive, which replaced an earlier framework adopted during the George W. Bush administration, was “designed to ensure that all the appropriate equities got considered when you thought about doing an offensive cyber operation,” said Michael Daniel, who served as the White House cybersecurity coordinator during the Obama administration. “The idea that this is a simple problem is a naive one.”  More here from the WSJ.

Bomb Threat Ground Planes in Chile, Peru, Greece and Argentina

Defense Secretary Mattis just happened to be in Chile.

Defense Secretary James N. Mattis highlights a joint agreement he signed on cooperation between the United States and Chile in cyber operations and protection of Chile’s cyber domain during a visit to Santiago, Chile, Aug. 16, 2018.

***

Reported on the 9th: Mattis embarks Sunday, Aug. 12 on his first trip to South America while leading the Department of Defense.

The White House declared 2018 the “Year of the Americas,” and the Secretary’s trip underscores the Department’s strong defense ties with Brazil, Argentina, Chile and Colombia. These relationships are critical to a collaborative, prosperous and secure Western hemisphere.

Secretary Mattis will begin his trip in Brazil, where he will meet with senior officials and defense leaders. He will also speak at the Escola Superior de Guerra, the country’s war college, and visit the national monument to Brazilian service members killed in World War II.

Secretary Mattis will then visit Argentina, where he will meet with senior defense officials to discuss defense issues of mutual interest.

His third stop is Chile to exchange strategic perspectives with senior officials.

Secretary Mattis concludes his trip in Colombia, where he will meet members of the newly elected administration.

***

LIMA (Reuters) – A LATAM Airlines passenger plane that departed Lima for Santiago, Chile, on Thursday was forced to land at an airport in southern Peru due to a bomb threat received by Chilean authorities, Peru’s Transportation Ministry said.

No one was injured on LATAM flight 2369 and a team for deactivating explosives has been notified, the ministry said. “Right now the situation is under control,” it added in a statement on Twitter.

***

On the island of Crete in Greece, a German Condor Airways passenger plane made an emergency landing at Chania airport over an alleged bomb threat on board, local media reported.

The aircraft with more than 270 passengers was en route from Egypt’s Hurghada to Duesseldorf, according to Skai broadcaster.

All passengers and 11 crew members safely left the plane after the landing. The reports of the bomb threat are being checked by the police.

Local military officials say the Boeing 757 jet was escorted to Chania airport by two Greek air force F-16 fighters scrambled after the pilot reported the threat, and landed without incident late Thursday.

The airport had been placed on a state of alert but that has since been lifted.

30,000 ISIS Fighters is Not Defeat

Army Col. Sean Ryan, the spokesman for Operation Inherent Resolve, spoke to Pentagon reporters about progress being made against the Islamic State of Iraq and Syria. He spoke via satellite from Baghdad.

After Losses in Syria and Iraq, ISIS Moves the Goal Posts ... photo

“In Iraq, operations continue to secure areas across the country, as Iraq security forces locate, identify and destroying ISIS remnants,” Ryan said. “Last week alone, … operations across Iraq have resulted in the arrest of more than 50 suspected terrorists and the removal of 500 pounds of improvised explosive devices.”

Progress in Iraq’s Anbar Province

Iraqi forces are moving in Anbar province, in the Hamrin Mountains and Samarra. Reconstruction efforts are ongoing with roads reopening in the north. Iraqi engineers “cleaned the main road between Salahuddin and Samarra of IEDs, making travel safer between the two cities,” he said.

In the Baghdad area, the ISF established central service coordination cells, a program designed to use military resources to enable local communities to restore basic infrastructure and services. “Initial efforts by the coordination cells include trash collection, road openings, maintenance of water facilities,” Ryan said.

Syrian Democratic Forces are preparing for the final assault on ISIS in the Middle Euphrates River Valley. The SDF is reinforcing checkpoints and refining blocking positions ahead of clearance operations in Hajin, Ryan said.

Military Operations, Reconstruction in Syria

In Syria, too, reconstruction efforts go hand in hand with military operations. “In Raqqa, the internal security forces have destroyed more than 30 caches containing 500 pounds of explosives discovered during the clearance operations in the past weeks,” the colonel said.

ISIS remains a concern in both countries, the colonel said. “Make no mistake: The coalition is not talking victory or taking our foot off the gas in working with our partners,” he said.

Defeating ISIS, he said, will require a long-term effort.

“We cannot emphasize enough that the threat of losing the gains we have made is real, especially if we are not able to give the people a viable alternative to the ISIS problem,” Ryan said. “We continue to call on the international community to step up and ensure that conditions that gave rise to ISIS no longer exist in both Syria and Iraq.”

***

(UNITED NATIONS) — The Islamic State extremist group has up to 30,000 members roughly equally distributed between Syria and Iraq and its global network poses a rising threat — as does al-Qaeda, which is much stronger in places, a United Nations report says.

The report by U.N. experts circulated Monday said that despite the defeat of IS in Iraq and most of Syria, it is likely that a reduced “covert version” of the militant group’s “core” will survive in both countries, with significant affiliated supporters in Afghanistan, Libya, Southeast Asia and West Africa.

The experts said al-Qaeda’s global network also “continues to show resilience,” with its affiliates and allies much stronger than IS in some spots, including Somalia, Yemen, South Asia and Africa’s Sahel region.

Al-Qaeda’s leaders in Iran “have grown more prominent” and have been working with the extremist group’s top leader, Ayman al-Zawahri, “projecting his authority more effectively than he could previously” including on events in Syria, the experts said.

The report to the Security Council by experts monitoring sanctions against IS and al-Qaeda said the estimate of the current total IS membership in Iraq and Syria came from governments it did not identify. The estimate of between 20,000 and 30,000 members includes “a significant component of the many thousands of active foreign terrorist fighters,” it said.

While many IS fighters, planners and commanders have been killed in fighting, and many other fighters and supporters have left the immediate conflict zone, the experts said many still remain in the two countries — some engaged militarily “and others hiding out in sympathetic communities and urban areas.”

IS fighters swept into Iraq in the summer of 2014, taking control of nearly a third of the country. At the height of the group’s power its self-proclaimed caliphate stretched from the edges of Aleppo in Syria to just north of the Iraqi capital, Baghdad.

With its physical caliphate largely destroyed, the Islamic State movement is transforming from a “proto-state” to a covert “terrorist” network, “a process that is most advanced in Iraq” because it still controls pockets in Syria, the report said.

The experts said the discipline imposed by IS remains intact and IS leader Abu Bakr al-Baghdadi “remains in authority” despite reports that he was injured.

“It is just more delegated than before, by necessity, to the wider network outside the conflict zone,” the experts said.

The flow of foreign fighters to IS in Syria and Iraq has come to a halt, they said, but “the reverse flow, although slower than expected, remains a serious challenge.”

While the rate of terrorist attacks has fallen in Europe, the experts said some governments “assess that the underlying drivers of terrorism are all present and perhaps more acute than ever before.” This suggests that any reduction in attacks is likely to be temporary until IS recovers and reorganizes and al-Qaeda “increases its international terrorist activity or other organizations emerge in the terrorist arena,” they said.

The experts looked at the threats posed by IS and al-Qaeda by region:

—ARABIAN PENINSULA: Al-Qaida’s leaders recognize Yemen “as a venue for guerrilla-style attacks and a hub for regional operations.” Yemen’s lack of a strong central government “has provided a fertile environment for al-Qaeda in the Arabian Peninsula.” Its strength inside Yemen is estimated at between 6,000 and 7,000, compared with only 250 to 500 IS members in the conflict-wracked country.

—NORTH AFRICA: Despite the loss to IS of the Libyan city of Sirte and continued airstrikes, the extremist group “still has the capacity to launch significant attacks within Libya and across the border, reverting to asymmetric tactics and improvised explosive devises.” Estimates of IS members vary between 3,000 and 4,000, dispersed across Libya. Up to 1,000 fighters in Egypt’s Sinai peninsula have pledged allegiance to IS leader al-Baghdadi. Al-Qaeda is also continuing a resurgence in Libya.

—WEST AFRICA: An al-Qaeda-affiliated coalition has increased attacks on French, U.S., U.N. and other international interests in the Sahel. Al-Qaida in the Islamic Maghreb has urged attacks on French private companies. The Islamic State in the Greater Sahara is active mostly at the Mali-Niger border and has less of a footprint. “Member states assess that terrorists are taking advantage of territorial control and ethnic conflicts to radicalize populations.”

—EAST AFRICA: The al-Shabab extremist group in Somalia, an al-Qaeda affiliate, “remains the dominant terrorist group” in that country, with improvised explosive devices “its weapon of choice.” Despite sustained military action against al-Shabab, “the group has enhanced its capabilities as it retains its influence and appeal.” Member states said IS in Somalia “is fragile and operationally weak,” but “it still presents a threat” because the country remains a focus for possible future operations.

—EUROPE: During the first six months of 2018, “the threat in Europe remained high” but “the tempo of attacks and disrupted plots was lower than during the same period in 2017.” Much activity involved individuals with no prior security records or deemed low risk. IS used the media to urge sympathizers in Europe to conduct attacks in their home countries. Member states expressed concern that returnees could disseminate knowledge and skills related to making drones, explosive devices and car bombs.

—CENTRAL AND SOUTH ASIA: According to an unidentified U.N. member state, IS poses an immediate threat in the region but al-Qaida is the “intellectually stronger group” and poses a longer-term threat. Some leaders of the al-Qaida “core,” including al-Zawahiri and Osama bin Laden’s son, Hamza, are reported to be in Afghanistan-Pakistan border areas. IS continues to relocate some key operatives to Afghanistan. One unidentified government reported newly arrived IS fighters from Algeria, France, Russia, Tunisia and central Asian states.

—SOUTHEAST ASIA: Despite last year’s heavy losses in the Philippines, IS affiliates in the country “are cash rich and growing in membership.” Intermediaries facilitated financial transfers from the IS “core” to Philippines affiliates and arranged bomb-making and firearms training for recruits from Indonesia at camps in the Philippines. Attacks in Indonesia by an IS-linked network using families as suicide bombers could become “a troubling precedent.”