Category Archives: Military

AP Blames FBI for Few Warning on Fancy Bear Hacks

Posted on by

While much of the global hacking came to a scandal status in 2015-16, the Russian ‘Fancy Bear’ activity goes back to at least 2008. The FBI is an investigative wing and works in collaboration with foreign intelligence and outside cyber experts. For official warnings to be provided to U.S. government agencies, contractors, media or political operations, the FBI will generally make an official visit to affected entities to gather evidence. The NSA, Cyber Command and the DHS all have cyber experts that track and work to make accurate attributions of the hackers.

Image result for fancy bear apt 28

The Department of Homeland Security is generally the agency to make official warnings. The Associated Press gathered independent cyber experts to perform an independent study and is ready to blame the FBI for not going far enough in warnings.

When it came to the Clinton presidential campaign hack, the FBI made several attempts to officials there and were met with disdain and distrust. The FBI wanted copies of the ‘log-in’ files for evidence and were denied.

In part the AP report states:

“CLOAK-AND-DAGGER”

In the absence of any official warning, some of those contacted by AP brushed off the idea that they were taken in by a foreign power’s intelligence service.

“I don’t open anything I don’t recognize,” said Joseph Barnard, who headed the personnel recovery branch of the Air Force’s Air Combat Command.

That may well be true of Barnard; Secureworks’ data suggests he never clicked the malicious link sent to him in June 2015. But it isn’t true of everyone.

An AP analysis of the data suggests that out of 312 U.S. military and government figures targeted by Fancy Bear, 131 clicked the links sent to them. That could mean that as many as 2 in 5 came perilously close to handing over their passwords.

It’s not clear how many gave up their credentials in the end or what the hackers may have acquired.

Some of those accounts hold emails that go back years, when even many of the retired officials still occupied sensitive posts.

Overwhelmingly, interviewees told AP they kept classified material out of their Gmail inboxes, but intelligence experts said Russian spies could use personal correspondence as a springboard for further hacking, recruitment or even blackmail.

“You start to have information you might be able to leverage against that person,” said Sina Beaghley, a researcher at the RAND Corp. who served on the NSC until 2014.

In the few cases where the FBI did warn targets, they were sometimes left little wiser about what was going on or what to do.

Rob “Butch” Bracknell, a 20-year military veteran who works as a NATO lawyer in Norfolk, Virginia, said an FBI agent visited him about a year ago to examine his emails and warn him that a “foreign actor” was trying to break into his account.

“He was real cloak-and-dagger about it,” Bracknell said. “He came here to my work, wrote in his little notebook and away he went.”

Left to fend for themselves, some targets have been improvising their cybersecurity.

Retired Gen. Roger A. Brady, who was responsible for American nuclear weapons in Europe as part of his past role as commander of the U.S. Air Force there, turned to Apple support this year when he noticed something suspicious on his computer. Hughes, a former DIA head, said he had his hard drive replaced by the “Geek Squad” at a Best Buy in Florida after his machine began behaving strangely. Keller, the former senior spy satellite official, said it was his son who told him his emails had been posted to the web after getting a Google alert in June 2016.

A former U.S. ambassador to Russia, Michael McFaul, who like many others was repeatedly targeted by Fancy Bear but has yet to receive any warning from the FBI, said the lackluster response risked something worse than last year’s parade of leaks.

“Our government needs to be taking greater responsibility to defend its citizens in both the physical and cyber worlds, now, before a cyberattack produces an even more catastrophic outcome than we have already experienced,” McFaul said. Read the full article here.

Image result for fancy bear apt 28 photo

***

Every organization has a Chief Technology Officer, even small business has a ‘go-to’ person for issues. To be in denial there are any vulnerabilities is reckless and dangerous. To assume systems are adequately protected against cyber intrusions is also derelict in duty.

Fancy Bear is listed as APT 28. APT=Advanced Persistent Threat.

APT28 made at least two attempts to compromise Eastern European government organizations:
In a late 2013 incident, a FireEye device
deployed at an Eastern European Ministry of
Foreign Affairs detected APT28 malware in
the client’s network.
More recently, in August 2014 APT28 used a
lure (Figure 3) about hostilities surrounding a
Malaysia Airlines flight downed in Ukraine in
a probable attempt to compromise the Polish
government. A SOURFACE sample employed
in the same Malaysia Airlines lure was
referenced by a Polish computer security
company in a blog post.
The Polish security
company indicated that the sample was “sent
to the government,” presumably the Polish
government, given the company’s locations and visibility.
Additionally:
Other probable APT28 targets that we have
identified:
Norwegian Army (Forsvaret)
Government of Mexico
Chilean Military
Pakistani Navy
U.S. Defense Contractors
European Embassy in Iraq
Special Operations Forces Exhibition (SOFEX)
in Jordan
Defense Attaches in East Asia
Asia-Pacific Economic Cooperation
There is also NATO, the World Bank and military trade shows. Pure and simple, it is industrial espionage.
MALWARE
Evolves and Maintains Tools for Continued, Long-Term Use
Uses malware with flexible and lasting platforms
Constantly evolves malware samples for continued use
Malware is tailored to specific victims’ environments, and is designed to hamper reverse engineering efforts
Development in a formal code development environment
Various Data Theft Techniques
Backdoors using HTTP protocol
Backdoors using victim mail server
Local copying to defeat closed/air gapped networks
TARGETING
Georgia and the Caucasus
Ministry of Internal Affairs
Ministry of Defense
Journalist writing on Caucasus issues
Kavkaz Center
Eastern European Governments & Militaries
Polish Government
Hungarian Government
Ministry of Foreign Affairs in Eastern Europe
Baltic Host exercises
Security-related Organizations
NATO
OSCE
Defense attaches
Defense events and exhibitions
RUSSIAN ATTRIBUTES
Russian Language Indicators
Consistent use of Russian language in malware over a period of six years
Lure to journalist writing on Caucasus issues suggests APT28 understands both Russian and English
Malware Compile Times Correspond to Work Day in Moscow’s Time Zone
Consistent among APT28 samples with compile times from 2007 to 2014
The compile times align with the standard workday in the UTC + 4 time zone which includes major Russian cities such as Moscow and St. Petersburg
FireEye, is a non-government independent cyber agencies that has performed and continues to perform cyber investigations and attributions. There are others that do the same. To blame exclusively the FBI for lack of warnings is unfair.
Hacking conditions were especially common during the Obama administration and countless hearings have been held on The Hill, while still there is no cyber policy, legislation or real consequence. Remember too, it was the Obama administration that chose to do nothing with regard to Russia’s interference until after the election in November and then only in December did Obama expel several Russians part of diplomatic operations and those possibly working under cover including shuttering two dachas and one mission post in San Francisco.

Tillerson: Child Soldiers Conscription Violations

Posted on by

Image result for child soldiers

photo

The United Nations has a list of shame, fine but it is merely a list and a gesture.

Child soldiers are children (under 18) who are used for military purposes.

Some child soldiers are used for fighting – they’re forced to take part in wars and conflicts, forced to kill, and commit other acts of violence. Some are forced to act as suicide bombers. Some join ‘voluntarily’, driven by poverty, sense of duty, or circumstance.

Other children are used as cooks, porters, messengers, informants, spies or anything their commanders want them to do. Child soldiers are sometimes sexually abused.

Afghanistan, Central African Republic, Democratic Republic of Congo, India, Myanmar, the Occupied Palestinian Territory, Thailand, the UK and Yemen all use child soldiers, meaning on person under the age of 18. 

Image result for child soldiers afghanistan photo (attribution for photo removed due to malware alert)

Exclusive – State Dept. revolt: Tillerson accused of violating U.S. law on child soldiers

WASHINGTON (Reuters) – A group of about a dozen U.S. State Department officials have taken the unusual step of formally accusing Secretary of State Rex Tillerson of violating a federal law designed to stop foreign militaries from enlisting child soldiers, according to internal government documents reviewed by Reuters.

A confidential State Department “dissent” memo not previously reported said Tillerson breached the Child Soldiers Prevention Act when he decided in June to exclude Iraq, Myanmar, and Afghanistan from a U.S. list of offenders in the use of child soldiers. This was despite the department publicly acknowledging that children were being conscripted in those countries.[tmsnrt.rs/2jJ7pav]

Keeping the countries off the annual list makes it easier to provide them with U.S. military assistance. Iraq and Afghanistan are close allies in the fight against Islamist militants, while Myanmar is an emerging ally to offset China’s influence in Southeast Asia.

Documents reviewed by Reuters also show Tillerson’s decision was at odds with a unanimous recommendation by the heads of the State Department’s regional bureaus overseeing embassies in the Middle East and Asia, the U.S. envoy on Afghanistan and Pakistan, the department’s human rights office and its own in-house lawyers. [tmsnrt.rs/2Ah6tB4]

“Beyond contravening U.S. law, this decision risks marring the credibility of a broad range of State Department reports and analyses and has weakened one of the U.S. government’s primary diplomatic tools to deter governmental armed forces and government-supported armed groups from recruiting and using children in combat and support roles around the world,” said the July 28 memo.

Reuters reported in June that Tillerson had disregarded internal recommendations on Iraq, Myanmar and Afghanistan. The new documents reveal the scale of the opposition in the State Department, including the rare use of what is known as the “dissent channel,” which allows officials to object to policies without fear of reprisals.

The views expressed by the U.S. officials illustrate ongoing tensions between career diplomats and the former chief of Exxon Mobil Corp appointed by President Donald Trump to pursue an “America First” approach to diplomacy.

INTERPRETING THE LAW

The child soldiers law passed in 2008 states that the U.S. government must be satisfied that no children under the age of 18 “are recruited, conscripted or otherwise compelled to serve as child soldiers” for a country to be removed from the list. It currently includes the Democratic Republic of Congo, Nigeria, Somalia, South Sudan, Mali, Sudan, Syria and Yemen.

”The Secretary thoroughly reviewed all of the information presented to him and made a determination about whether the facts presented justified a listing pursuant to the law,” a State Department spokesperson said when asked about the officials’ allegation that he had violated the law.

In a written response to the dissent memo on Sept. 1, Tillerson adviser Brian Hook acknowledged that the three countries did use child soldiers. He said, however, it was necessary to distinguish between governments “making little or no effort to correct their child soldier violations … and those which are making sincere – if as yet incomplete – efforts.”

Hook made clear that America’s top diplomat used what he sees as his discretion to interpret the law.

‘A POWERFUL MESSAGE’

Foreign militaries on the list are prohibited from receiving aid, training and weapons from Washington unless the White House issues a waiver based on U.S. “national interest.” In 2016, under the Obama administration, both Iraq and Myanmar, as well as others such as Nigeria and Somalia, received waivers.

At times, the human rights community chided President Barack Obama for being too willing to issue waivers and exemptions, especially for governments that had security ties with Washington, instead of sanctioning more of those countries.

“Human Rights Watch frequently criticized President Barack Obama for giving too many countries waivers, but the law has made a real difference,” Jo Becker, advocacy director for the children’s rights division of Human Rights Watch, wrote in June in a critique of Tillerson’s decision.

The dissenting U.S. officials stressed that Tillerson’s decision to exclude Iraq, Afghanistan and Myanmar went a step further than the Obama administration’s waiver policy by contravening the law and effectively easing pressure on the countries to eradicate the use of child soldiers.

The officials acknowledged in the documents reviewed by Reuters that those three countries had made progress. But in their reading of the law, they said that was not enough to be kept off a list that has been used to shame governments into completely eradicating the use of child soldiers.

‘UNCONSCIONABLE ACTIONS’

Ben Cardin, ranking Democrat on the U.S. Senate Foreign Relations Committee, wrote to Tillerson on Friday saying there were “serious concerns that the State Department may not be complying” with the law and that the secretary’s decision “sent a powerful message to these countries that they were receiving a pass on their unconscionable actions.”

The memo was among a series of previously unreported documents sent this month to the Senate Foreign Relations Committee and the State Department’s independent inspector general’s office that relate to allegations that Tillerson violated the child soldiers law.

Legal scholars say that because of the executive branch’s latitude in foreign policy there is little legal recourse to counter Tillerson’s decision.

Herman Schwartz, a constitutional law professor at American University in Washington, said U.S. courts would be unlikely to accept any challenge to Tillerson’s interpretation of the child soldiers law as allowing him to remove a country from the list on his own discretion.

The signatories to the document were largely senior policy experts with years of involvement in the issues, said an official familiar with the matter. Reuters saw a copy of the document that did not include the names of those who signed it.

Tillerson’s decision to remove Iraq and Myanmar, formerly known as Burma, from the list and reject a recommendation by U.S. officials to add Afghanistan was announced in the release of the government’s annual human trafficking report on June 27.

Six days earlier, a previously unreported memo emailed to Tillerson from a range of senior diplomats said the three countries violated the law based on evidence gathered by U.S. officials in 2016 and recommended that he approve them for the new list.

It noted that in Iraq, the United Nations and non-governmental organizations “reported that some Sunni tribal forces … recruited and used persons younger than the age of 18, including instances of children taking a direct part in hostilities.”

Ali Kareem, who heads Iraq’s High Committee for Human Rights, denied the country’s military or state-backed militias use child soldiers. ”We can say today with full confidence that we have a clean slate on child recruitment issues,” he said.

The memo also said “two confirmed cases of child recruitment” by the Myanmar military “were documented during the reporting period.” Human rights advocates have estimated that dozens of children are still conscripted there.

Myanmar government spokesman Zaw Htay challenged accusers to provide details of where and how child soldiers are being used. He noted that in the latest State Department report on human trafficking, “they already recognized (Myanmar) for reducing of child soldiers” – though the report also made clear some children were still conscripted.

The memo said further there was “credible evidence” that a government-supported militia in Afghanistan “recruited and used a child,” meeting the minimum threshold of a single confirmed case that the State Department had previously used as the legal basis for putting a country on the list.

The Afghan defense and interior ministries both denied there were any child soldiers in Afghan national security forces, an assertion that contradicts the State Department’s reports and human rights activists.

A Wide Look at North Korea’s WMD Operations

Posted on by

Image result for north korea defector shot

photo

Primer:

South Korean surgeons operating on a North Korean defector who escaped across the Demilitarized Zone between the two countries under a hail of gunfire on Nov. 13 have found a parasite in the man’s stomach unlike any other they had seen.

The defector, who was shot five times, remained in critical condition after hours in two rounds of surgery, according to an article in the Korea Biomedical Review published on Nov. 15.

North Korean Cyber Operations: Weapons of Mass Disruption

Over the past 10 years, the escapades of various nation-state actors in the cyber realm have exploded onto the pages of top-tier media, and into prime time network news.

Russian espionage against political targets during the 2016 US presidential election, wide reaching Chinese espionage against Western commercial targets, disruptive attacks against the US financial sector associated with Iran, and the destructive attacks against Sony Pictures Entertainment (SPE) are some of the premier examples of mainstream coverage of ‘cyber.’

Behind every single offensive cyber action conducted in the interest of the capable nation-states is a doctrine,[1] and North Korea, like many other nation-states, has incorporated cyber operations within their own broader military doctrine and has conducted numerous offensive operations in the furtherance of their national agenda. What is particularly alarming about DPRK operations is their willingness to initiate escalatory actions, such as their likely connections to the now infamous WannaCry ransomware, and their targeting of the global financial system.

North Korea’s disregard for the consequences of its actions sets them apart from other nation-states, and is particularly dangerous.

North Korean offensive cyber operations have been conducted to collect sensitive political and military intelligence information, to lash out at enemies who threaten their beliefs and interests, and most interestingly, to generate revenue.

This revenue generation aspect of North Korean operations was thrust into the international spotlight when, in early 2016, unauthorized transfers of funds from the Bangladesh Central Bank were issued using the Society for Worldwide Interbank Financial Telecommunication (SWIFT) network for global banking. The attempted transfers amounting to over $950 million USD sought to move funds to entities in locations such as Sri Lanka and the Philippines; ultimately $81 million USD in funds disappeared into the ether.

The subsequent investigation revealed that the perpetrators of the attack used tools to securely delete records from the SWIFT terminals that would alert Bangladesh Central Bank employees of the transfers. Commonly referred to as a “wiper,” this secure deletion tool contained code that was linked by many in the computer security industry to one used in attacks associated with North Korea, notably the attack on SPE through a US Computer Emergency Response Team (USCERT) alert. The revelation that a state would engage in such a flagrant violation of international norms came as a surprise to many in the information security arena. North Korea watchers were, of course, not surprised as the currency generation activities benefiting the Kim family and their isolated nation have been well understood for some time.

The 2016 SWIFT attacks associated with North Korea are part of the broader currency generation operations of DPRK cyber actors and intelligence organizations. Botnets associated with espionage activity targeting South Korea have been used to generate revenue through a variety of schemes for almost 10 years. Recent DPRK activity suggests an interest in obtaining cryptocurrency, such as bitcoin, through extortion and targeting of cryptocurrency exchanges.

In the third quarter of 2017, for instance, malicious emails containing weaponized documents were used to target international financial organizations, as well as bitcoin exchanges. The ultimate goal of these attacks, which were tracked by the information security community under names such as Stardust Chollima and BlueNoroff, is yet unknown, however theft and sabotage are likely.

Bitcoin provides attractive benefits to the isolated nation due to a lack of regulation and the ability to subvert international sanctions. In May 2017, ‘WannaCry’ exploded across the internet, encrypting sensitive material and holding the keys to decrypt the files for a ransom to be paid in bitcoin. This attack, too, had North Korean fingerprints embedded in the code used to execute the attack, as did the tools that were used to develop that code.

Attribution is a particularly sensitive subject in the cyber domain. Technical artifacts from the executable code that was used to conduct the WannaCry attack overlaps with code used in attacks against South Korean nuclear power plants and the SPE attack of 2014. While the technical artifacts can provide some measurable connections between the attacks, they require deep technical understanding to interpret. Other linkages, such as targeting and operational procedures, are the product of intelligence assessments and have been disputed by various parties muddying the water surrounding the assigning of attribution.

North Korea is an exception to the classical understanding of how most nations implement offensive cyber operations in that they incorporate espionage, disruptive/destructive attacks and financially motivated operations using the same computer code and infrastructure.

The value of cyber operations is likely recognized by North Korea’s most senior leadership through the State Affairs Commission (SAC), the General Staff of the Korean People’s Army, and Kim Jong Un himself. Subordinate units, notably the Reconnaissance General Bureau (RGB), Bureau 121, and the Command Automation Bureau (CAB), are likely responsible for executing the specific operations. The individual units may have a charter to self- finance their operations, or to contribute financial gains back to the regime, but it seems clear that various offensive operations are conducted by differing groups with their own approach and missions. For example, one group may have a primary focus on revenue generation, targeting South Korean banks and SWIFT and conducting extortive attacks, while another group might focus on intelligence collection, while a third conducts sabotage and destructive attacks.

Finally, the maturity of North Korean offensive cyber operations has been demonstrated through the integration of destructive attacks by cyber units during military exercises executed in the midst of escalating tension with South Korea. For instance, following the December 2012 launch of the Kwangmyongsong-3 satellite via the Unha-3 satellite launch vehicle, tensions on the Korean peninsula were high. That March, following the passing of UN Security Council Resolution (UNSCR 2087) and B-52 strategic bomber overflights in South Korea, North Korea responded with a particularly aggressive disruptive attack against South Korea.

This massive wiper attack targeted South Korea’s financial and media sectors and coincided with provocations by North Korean military and escalating political rhetoric. This pairing allowed for maximum psychological impact, while demonstrating North Korea’s ability to integrate offensive cyber activities into well-developed military doctrine. During these attacks, the Korea Broadcasting System (KBS), Munhwa Broadcasting Corporation (MBC), Yonhap Television News (YTN) and several Korean financial institutions reported disruptions. With the threat of military escalation on the table, many in South Korea would have depended on the media outlets for breaking news. Disruption of ATM networks and financial institutions would further add to the chaos as word of media disruptions began to spread.

As tensions are once again escalating between North Korea and the international community, more attacks perpetrated by DPRK cyber actors are likely. The recent increase in financial sector targeting associated with these actors may illustrate the potential for disruptive attacks to demonstrate both the capability of the North Korean actors, as well to achieve objectives in line with their broader military doctrine. While North Korea’s isolation may be detrimental to its economy and international relations, it is an effective shield from which to launch offensive cyber operations against a connected and delicate global system.

  1. [1]

    In order to establish some common definitions, we can look to the United States Department of Defense, who established Computer Network Operations (CNO) as a component of the broader Information Operations (Information Warfare) arena. CNO is further categorized into Computer Network Exploitation (CNE), Computer Network Attack (CNA), and Computer Network Defense (CND). Offensive cyber operations conducted by nation-states using this model would be considered CNE and CNA. The use of CNE can be roughly characterized as espionage, whereas CNA would be used to degrade, deny, disrupt, or destroy the network based systems of an adversary. This model can help provide a clear delineation of how various military, intelligence community, and law enforcement agencies with their authorities are able to conduct operations. China, Russia, Iran and virtually every nation-state in the world conduct CNE/CNA operations in accordance with their legal authorities and national interests.

    ***

    There are other weapons few discuss.

    Pyongyang has already achieved partial coverage of US territories. Last June, in a hearing before the US House Armed Services Committee, the head of the US Missile Defense Agency, Vice Admiral James Syring, said: “The advancement and demonstration of technology of ballistic missiles from North Korea in the last six months have caused great concern to me and others. It is incumbent on us to assume that North Korea today can range the US with an ICBM carrying a nuclear warhead.”

    This particular endeavor was likely assisted by Tehran. A February 2016 report by the Congressional Research Service concluded, “Iran has likely exceeded North Korea’s ability to develop, test, and build ballistic missiles.” Tehran might be, and probably is, helpful to Pyongyang with respect to technological aspects of the nuclear sphere as well.

    The nuclear component within the spectrum of North Korea’s weapons of mass destruction (WMDs) is evidently growing. The big question is whether the country’s despot, Kim Jong-un, will be the first person to use nuclear weapons since 1945.

    Quite recently, Kim elected to employ a highly lethal chemical weapon, the nerve agent VX, for a political assassination. This weapon was used last February by two female operatives, one Indonesian and the other Vietnamese, to murder Kim Jong-un’s estranged half-brother, Kim Jong-nam, in Malaysia. The victim died shortly after being assaulted by the two women, who wiped VX on his face as he prepared to board a flight to the Chinese territory of Macau. Traces of VX were revealed on swabs taken from his eyes and face.

    This deadly chemical agent was probably smuggled from North Korea to Malaysia, which in and of itself was an intriguing and risky move. Six of eight potential suspects were from Pyongyang’s Ministries of State Security and Foreign Affairs. The suspects flew from Kuala Lumpur on the day of the assassination, passing through Vladivostok on their way back to Pyongyang. South Korea’s request to detain four of the suspects was rejected by Russian officials on the grounds of lack of evidence.

    It can be assumed that Kim Jong-un was in on the plot from its inception. Symbolically, at least, this political assassination by VX can be regarded as an indication of Pyongyang’s chemical weapons (CW) capabilities. Whether the regime intended it to or not, the assassination signaled the readiness, usability, and deployability of North Korea’s VX, which can be used for guerrilla warfare, chemical terrorism, or wide-scale chemical attack.

    VX is also weaponized within warheads carried by ballistic missiles in Pyongyang’s  vast CW arsenal. The North Korean ballistic program constitutes the principal, though not the only, vehicle for all three WMD programs. The CW and biological weapons (BW) programs are fully matured and have marked operational offensive capabilities. Inadequate attention is being paid to Pyongyang’s large-scale offensive capacities in terms of CW and BW, but the VX political assassination incident was a wake-up call (if unintentional). More here.

Secret Planes, Russia, China and the United States oh My

Posted on by

Primer:

Navigator Holdings Ltd., the shipping firm part-owned by U.S. Commerce Secretary Wilbur Ross, doubled the number of contracts it had with Sibur Holding PJSC just months after the U.S. imposed sanctions on a major shareholder of the Russian petrochemical company in 2014.

Sibur itself wasn’t subject to the restrictions, which the U.S. imposed over the Ukraine crisis, but they led to a broad chill in business ties between the two countries. Sibur’s shareholders have particularly close ties to the Kremlin. Gennady Timchenko, a billionaire energy trader, was cited as a member of the “inner circle” by the U.S. Treasury when it imposed a visa ban and asset freeze on him in March 2014, held a stake of as much as 32 percent by September of that year. Kirill Shamalov, who is married to Russian President Vladimir Putin’s younger daughter isn’t subject to U.S. restrictions, raised his Sibur stake to 21 percent in late 2014. He later sold all but 3.9 percent. More here.

*** photo

Mikhelson is the founder and chairman of natural gas producer Novatek. He is also chairman of gas processing and petrochemical company Sibur; Billionaire Gennady Timchenko is his partner in both; Putin’s reported son-in-law, Kirill Shamalov, is a partner in Sibur. Over 2015 and 2016, Mikhelson sold a 16% stake in Sibur to China’s state-owned Sinopec and China’s Silk Road Fund for $2.1 billion. An avid art collector, he has sponsored museum exhibits in Russia and the U.S. His father headed the largest pipeline construction trust in the Soviet Union, and Mikhelson began his career as foreman for a construction company building a gas pipeline in Russia’s Tyumen region.

*** Related reading: The New Silk Road Will Go Through Syria

China and Syria have already begun discussing post-war infrastructure investment with a ‘Matchmaking Fair for Syria Reconstruction’ held in Beijing

From Utah, Secretive
Help for a Russian
Oligarch and His Jet

Records leaked from an offshore law firm show how
the wealthy elite sidestep prohibitions on foreigners
registering private planes in the United States.

SALT LAKE CITY — Bank of Utah has that all-American feel. Founded in the 1950s by a veteran of both world wars, it offers affordable mortgages and savings accounts, sponsors children’s festivals and collects coats for the poor.

But in addition to its mom-and-pop customers, the bank has a lesser-known clientele that includes Russia’s richest oligarch, Leonid Mikhelson, an ally of the country’s president, Vladimir V. Putin. The bank served as a stand-in so Mr. Mikhelson could secretly register a private jet in the United States, which requires American citizenship or residency.

The work on behalf of Mr. Mikhelson, whose gas company is under United States sanctions, is part of a discreet niche business for Bank of Utah that allows wealthy foreigners to legally obtain American registrations for their aircraft while shielding their identities from public view. The bank does this through trust accounts, in its own name, that take the place of owners on plane registration records.

Bank of Utah manages more than 1,390 aircraft trust accounts, most of them for foreigners, generating millions of dollars in fees and making it the second-largest holder of such accounts in the country. A trove of records leaked from an offshore law firm, Appleby, shows that the services offered by Bank of Utah, Wells Fargo and other American companies were sought after by rich jet owners in Russia, Africa and the Middle East.

 

Hacking Public Schools, 757’s and the Defense Dept

Posted on by

Hack-O-Matic…some good ones and others not so much.

800 Schools

“Unless we have irrefutable evidence to suggest otherwise, we need to assume confidential data has been compromised,” Hamid Karimi, vice president of business development and the security expert at Beyond Security. “That should be a cause for concern. To remedy the situation, all schools and institutions that serve minors must submit to (a) stricter set of cybersecurity rules.”

photo

The breached school websites, which spanned nationwide from New Jersey to Arizona and Virginia to Connecticut, are all powered by a company called SchoolDesk. The company since has handed over its server —  which runs out of Georgia —  to the FBI for investigation and also has hired external security firms to trace the hackers. The Atlanta-based company said after the hack that technicians detected that a small file had been injected into the root of one of its websites.

“The websites were redirected to an iframed YouTube video. No data was lost or altered in any way. Because we’re currently working with the FBI in an active investigation of this incident, as well as forensic team from Microsoft, we cannot yet discuss any technical details or exact methods of access to SchoolDesk’s network or software,” a spokesperson for SchoolDesk told Fox News.

The company has insisted that no personal or student information was exposed, but some security experts say the matter should be closely monitored, especially as minors are involved.

“In most hacks, organizations do not have full visibility into what happened or what information was compromised,” surmised Eric Cole, who served as commissioner on cyber security for President Barack Obama, and was formally a senior vice president at MacAfee and the chief scientist at Lockheed Martin. “In almost every breach, what is initially reported is usually extremely conservative and over the weeks following a breach, it is always worse than what was originally reported.”

The proud culprits of the hack? A shadowy pro-ISIS hacktivist outfit known as “Team System DZ.” Barely reported by Fox News, while other media outlets did nothing about about.

***

Pentagon Hackers for Hire

Just over a year ago, following the success of the pilot, we announced the U.S. Department of Defense was expanding its “Hack the Pentagon,” initiatives. To date, HackerOne and DoD have run bug bounty challenges for Hack the Pentagon, Hack the Army and Hack the Air Force.

The success of these programs has been undeniable and our amazing community of hackers continues to impress even us!

DoD has resolved nearly 500 vulnerabilities in public facing systems with bug bounty challenges and hackers have earned over $300,000 in bounties for their contributions — exceeding expectations and saving the DoD millions of dollars. You can read more in our recent case study “Defending the Federal Government from Cyber Attacks.”

htp

2,837 Bugs Resolved With DoD’s Vulnerability Disclosure Policy

The DoD’s Vulnerability Disclosure Policy (VDP) is another essential, likely less talked about, part of the Hack the Pentagon initiative pioneered by DoD’s Defense Digital Service team.

A VDP is the, “see something say something of the internet”. DoD’s policy, and others like it, provide clear guidance for any hacker anywhere in the world to safely report a potential vulnerability so it can be resolved. Maintaining the security of the DoD’s networks is a top priority and their VDP is another proven way to resolve unknown security issues.

While a bounty or cash incentives are not awarded for vulnerabilities reported through the VDP, that has not stopped hackers eager to do their part to help protect the DoD’s assets. Nearly 650 hackers from more than 50 countries have successfully reported valid vulnerabilities through the VDP.

Thanks to these hackers and the pioneering team at DoD, 2,837 security vulnerabilities have been resolved in nearly 40 DoD components. Of these vulnerabilities, over 100 have been high or critical severity issues, including remote code executions, SQL injections, and ways to bypass authentication.

While the majority of participating hackers have been from United States, the top contributing countries include India, Great Britain, Pakistan, Philippines, Egypt, Russia, France, Australia and Canada. More here, at least this was a positive objective, we think.

*** Related reading: Boeing 757 Testing Shows Airplanes Vulnerable to Hacking, DHS Says

Hacking Through Aircraft Wi-Fi

A Department of Homeland Security official admitted that a team of experts remotely hacked a Boeing 757 parked at an airport.

During a keynote address on Nov. 8 at the 2017 CyberSat Summit, a Department of Homeland Security (DHS) official admitted that he and his team of experts remotely hacked into a Boeing 757.

This hack was not conducted in a laboratory, but on a 757 parked at the airport in Atlantic City, N.J. And the actual hack occurred over a year ago. We are only now hearing about it thanks to a keynote delivered by Robert Hickey, aviation program manager within the Cyber Security Division of the DHS Science and Technology (S&T) Directorate.

“We got the airplane on Sept. 19, 2016. Two days later, I was successful in accomplishing a remote, non-cooperative, penetration,” Hickey said in an article in Avionics Today. “[That] means I didn’t have anybody touching the airplane; I didn’t have an insider threat. I stood off using typical stuff that could get through security, and we were able to establish a presence on the systems of the aircraft.”

While the details of the hack are classified, Hickey admitted that his team of industry experts and academics pulled it off by accessing the 757’s “radio frequency communications.”

We’ve been hearing about how commercial airliners could be hacked for years.

You might remember when a governmental watchdog admitted that the interconnectedness of modern commercial airliners could “potentially provide unauthorized remote access to aircraft avionics systems.” The concern was that a hacker could go through the Wi-Fi passenger network to hijack a plane while it was in flight.

And in a 2015 report by the U.S. Government Accountability Office (pdf), the agency warned, “Internet connectivity in the cabin should be considered a direct link between the aircraft and the outside world, which includes potential malicious actors.”

At the time, U.S. Rep. Peter DeFazio (D-Ore.) said, the “FAA must focus on aircraft certification standards that would prevent a terrorist with a laptop in the cabin or on the ground from taking control of an airplane through the passenger Wi-Fi system.”

The same year, security researcher Chris Roberts ended up in hot water with the feds after tweeting about hacking the United Airlines plane he was traveling on. The FBI claimed Roberts said he took control of the navigation.

A Hack In The Box presentation by Hugo Teso in 2013 suggested that thanks to the lack of authentication features in the protocol Aircraft Communications Addressing and Report System (ACARS), an airliner could be controlled via an Android app. Flight management software companies, as well as the FAA, disputed Teso’s claims.

All of that means that airline pilots have heard of those vulnerabilities before, too. Yet at a technical meeting in March 2017, several shocked airline pilot captains from American Airlines and Delta were briefed on the 2016 Boeing 757 hack. Hickey said, “All seven of them broke their jaw hitting the table when they said, ‘You guys have known about this for years and haven’t bothered to let us know because we depend on this stuff to be absolutely the bible.’”

As CBS News pointed out, Boeing stopped producing 757s in 2004, but that aircraft is still used by major airlines, such as American, Delta and United. President Trump has a 757, and Vice President Pence also uses one. In fact, Avionics Today claimed 90 percent of commercial planes in the sky are legacy aircraft that were not designed with security in mind.

Boeing told CBS that it firmly believes the test “did not identify any cyber vulnerabilities in the 757, or any other Boeing aircraft.”

Furthermore, an unnamed official briefed on the test told CBS the results of the hack on an older aircraft was good information to have, adding, “but I’m not afraid to fly.” (Not feeling good about this aircraft hack at all, dont we have a missing plane or one that crashed where it was suspected there may have been a hack involved?)