Category Archives: NSA Spying

The Cyber Panic Begins: FBI, DHS and Defense

Posted on by

Update:  On his last press conference of the year, Barack Obama said that Sony made a mistake by surrendering to the threats posed by the hacks and Barack said he wished that the leadership of Sony has spoken to him personally. Well the truth is, Sony DID call the White House and explained the matter in detail to Obama’s senior staff. Obama lied.

FBI Director James Comey gave an intense interview about cyber war and the risks to America. The single most important job of government is to keep the homeland safe and to ensure national defense and national security. You can bet that real events and the depth of the cyber damage to America is not being told. So how bad could it be? That answer is left up to us. Yet the FBI did publish a statement on the Sony investigation.

FBI Beefs Up Amid Explosion of Cybercrime

Cybercrime is one of the priorities for the FBI, which has 13,260 special agents across the country, according to the agency.

Comey said he sees a “tremendous amount of cyberespionage going on — the Chinese being prominent among them, looking to steal our intellectual property.”

“I see a whole lot of hacktivists, I see a whole lot of international criminal gangs, very sophisticated thieves,” he said. “I see people hurting kids, tons of pedophiles, an explosion of child pornography.”

Cybercrime is one of the priorities for the FBI, which has 13,260 special agents across the country, including on Oahu, Maui and Hawaii island, according to the agency. The FBI had an $8.3 billion budget in fiscal 2014.

Forget the Sony Hack, This Could Be the Biggest Cyber Attack of 2015

By Patrick Tucker

On Friday, the FBI officially named North Korea as the party responsible for a cyber attack and email theft against Sony Pictures. The Sony hack saw many studio executives’ sensitive and embarrassing emails leaked online. The hackers threatened to attack theaters on the opening day of the offending film, “The Interview,” and Sony pulled the plug on the movie, effectively censoring a major Hollywood studio.

The end of “The Interview” is not the end of the world. Technology journalists were quick to point out that, even though the cyber attack could be attributable to a nation state actor, it wasn’t particularly sophisticated. Ars Technica’s Sean Gallagher likened it to a “software pipe bomb.” The fallout, of course, was limited. And while President Barack Obama vowed to respond to the attack, he also said it was a mistake for Sony to back down.

“I think all of us have to anticipate occasionally there are going to be breaches like this. They’re going to be costly. They’re going to be serious. We take them with the utmost seriousness. But we can’t start changing our patterns of behavior any more than we stop going to a football game because there might be the possibility of a terrorist attack; any more than Boston didn’t run its marathon this year because of the possibility that somebody might try to cause harm. So, let’s not get into that — that way of doing business,” he said at a White House briefing on Friday.

But according to cyber-security professionals, the Sony hack may be a prelude to a cyber attack on United States infrastructure that could occur in 2015, as a result of a very different, self-inflicted document dump from the Department of Homeland Security in July.

Important training video.  

2015: The Year of Aurora?

Here’s the background: On July 3, DHS, which plays “key role” in responding to cyber-attacks on the nation, replied to a Freedom of Information Act (FOIA) request on a malware attack on Google called “Operation Aurora.”

Unfortunately, as Threatpost writer Dennis Fisher reports, DHS officials made a grave error in their response. DHS released more than 800 pages of documents related not to Operation Aurora but rather the Aurora Project, a 2007 research effort led by Idaho National Laboratory demonstrating how easy it was to hack elements in power and water systems.

Oops.

The Aurora Project exposed a vulnerability common to many electrical generators, water pumps and other pieces of infrastructure, wherein an attacker remotely opens and closes key circuit breakers, throwing the machine’s rotating parts out of synchronization causing parts of the system to break down.

In 2007, in an effort to caste light on the vulnerability that was common to many electrical components, researchers from Idaho National Lab staged an Aurora attack live on CNN. The video is below.

How widespread is the Aurora vulnerability? In this 2013 article for Power Magazine:

“The Aurora vulnerability affects much more than rotating equipment inside power plants. It affects nearly every electricity system worldwide and potentially any rotating equipment—whether it generates power or is essential to an industrial or commercial facility.”

The article was written by Michael Swearingen, then manager for regulatory policy for Tri-County Electric Cooperative (now retired), Steven Brunasso, a technology operations manager for a municipal electric utility, Booz Allen Hamilton critical infrastructure specialist Dennis Huber and Joe Weiss, a managing partner for Applied Control Solutions.

Weiss today is a Defense Department subcontractor working with the Navy’s Mission Assurance Division. His specific focus is fixing Aurora vulnerabilities. He calls DHS’s error “breathtaking.”

The vast majority of the 800 or so pages are of no consequence, says Weiss, but a small number contain information that could be extremely useful to someone looking to perpetrate an attack. “Three of their slides constitute a hit list of critical infrastructure. They tell you by name which [Pacific Gas and Electric] substations you could use to destroy parts of grid. They give the name of all the large pumping stations in California.”

The publicly available documents that DHS released do indeed contain the names and physical locations of specific Pacific Gas and Electric Substations that may be vulnerable to attack.

Defense One shared the documents with Jeffrey Carr, CEO of the cyber-security firm Taia Global and the author of Inside Cyber Warfare: Mapping the Cyber Underworld. “I’d agree…This release certainly didn’t help make our critical infrastructure any safer and for certain types of attackers, this information could save them some time in their pre-attack planning,” he said.

Perpetrating an Aurora attack is not easy, but it becomes much easier the more knowledge a would-be attacker has on the specific equipment they may want to target.

How easy is it to launch an Aurora attack?

In this 2011 paper for the Protective Relay Engineers’ 64th Annual Conference, Mark Zeller, a service provider with Schweitzer Engineering Laborites lays out—broadly—the information an attacker would have to have to execute a successful Aurora attack. “The perpetrator must have knowledge of the local power system, know and understand the power system interconnections, initiate the attack under vulnerable system load and impedance conditions and select a breaker capable of opening and closing quickly enough to operate within the vulnerability window.”

“Assuming the attack is initiated via remote electronic access, the perpetrator needs to understand and violate the electronic media, find a communications link that is not encrypted or is unknown to the operator, ensure no access alarm is sent to the operators, know all passwords, or enter a system that has no authentication.”

That sounds like a lot of hurdles to jump over. But utilities commonly rely on publicly available equipment and common communication protocols (DNP, Modbus, IEC 60870-5-103, IEC 61850, Telnet, QUIC4/QUIN, and Cooper 2179) to handle links between different parts their systems. It makes equipment easier to run, maintain, repair and replace. But in that convenience lies vulnerability.

In their Power Magazine article, the authors point out that “compromising any of these protocols would allow the malicious party to control these systems outside utility operations.”

Defense One reached out to DHS to ask them if they saw any risk in the accidental document dump. A DHS official wrote back with this response: “As part of a recent Freedom of Information Act (FOIA) request related to Operation Aurora, the Department of Homeland Security (DHS) National Programs and Protection Directorate provided several previously released documents to the requestor. It appears that those documents may not have been specifically what the requestor was seeking; however, the documents were thoroughly reviewed for sensitive or classified information prior to their release to ensure that critical infrastructure security would not be compromised.”

Weiss calls the response “nonsense.”

The risk posed by DHS accidental document release may be large, as Weiss argues, or nonexistent, as DHS would have you believe. But even if it’s the latter, Aurora vulnerabilities remain a key concern.

Perry Pederson, who was the director of Control Systems Security Program at DHS in 2007 when the Aurora vulnerability was first exposed, said as much in a blog post in July after the vulnerability was discovered. He doesn’t lay blame at the feet of DHS. But his words echo those of Weiss in their urgency.

“Fast forward to 2014. What have we learned about the protection of critical cyber-physical assets? Based on various open source media reports in just the first half of 2014, we don’t seem to be learning how to defend at the same rate as others are learning to breach.”

Aurora vs. the Sony Hack

In many ways the Aurora vulnerability is a much harder problem to defend against than the Sony hack, simply because there is no obvious incentive for any utility operator to take any of the relatively simple costs necessary to defend against it. And they are simple. Weiss says that a commonly available device installed on vulnerable equipment could effectively solve the problem, making it impossible to make the moving parts spin out of synchronization. There are two devices on the market iGR-933 rotating equipment isolation device (REID) and an SEL 751A, that purport to shield equipment from “out-of-phase” states.

To his knowledge, Weiss says, Pacific Gas and Electric has not installed any of them anywhere, even though the Defense Department will actually give them away to utility companies that want them, simply because DOD has an interest in making sure that bases don’t have to rely on backup power and water in the event of a blackout. “DOD bought several of the iGR-933, they bought them to give them away to utilities with critical substations,” Weiss said. “Even though DOD was trying to give them away, they couldn’t give them to any of the utilities because any facility they put them in would become a ‘critical facility’ and the facility would be open to NERCCIP audits.”

Aurora is not a zero-day vulnerability, an attack that exploits an entirely new vector giving the victim “zero days” to figure out a patch. The problem is that there is no way to know that they are being implemented until someone, North Korea or someone else, chooses to exploit them.

Can North Korea pull of an Aurora vulnerability? Weiss says yes. “North Korea and Iran and are capable of doing things like this.”

Would such an attack constitute an act of cyber war? The answer is maybe. Speaking to reporters at the Pentagon on Friday, Pentagon Press Secretary Rear Adm. John Kirby said “I’m also not able to lay out in any specificity for you what would be or wouldn’t be an act of war in the cyber domain. It’s not like there’s a demarcation line that exists in some sort of fixed space on what is or isn’t. The cyber domain remains challenging, it remains very fluid. Part of the reason why it’s such a challenging domain for us is because there aren’t internationally accepted norms and protocols. And that’s something that we here in the Defense Department have been arguing for.”

Peter Singer, in conversation with Jason Koebler at Motherboard, says that the bar for actual military engagement against North Korea is a lot higher than hacking a major Hollywood movie studio.

“We didn’t go to war with North Korea when they murdered American soldiers in the 1970s with axes. We didn’t go to war with North Korea when they fired missiles over our allies. We didn’t go to war with North Korea when one of their ships torpedoed an alliance partner and killed some of their sailors. You’re going to tell me we’re now going to go to war because a Sony exec described Angelina Jolie as a diva? It’s not happening.”

Obama said Friday that there would be some sort of response to the hack, but declined to say what. “We have been working up a range of options. They will be presented to me. I will make a decision on those based on what I believe is proportional and appropriate to the nature of this crime,” he said.

Would infrastructure vandalism causing blackouts and water shutdowns constitute an act of war? The question may be moot. Before the United States can consider what sort of response is appropriate to cyber attacks, it must first be able to attribute them.

The FBI was able to finger North Korea for the hack after looking at the malware in the same way a forensics team looks for signs of a perpetrator at the scene of the crime. “Technical analysis of the data deletion malware used in this attack revealed links to other malware that the FBI knows North Korean actors previously developed. For example, there were similarities in specific lines of code, encryption algorithms, data deletion methods, and compromised networks,” according to the FBI statement.

An Aurora vulnerability attack, conversely, leaves no fingerprints except perhaps a single IP address. Unlike the Sony hack, it doesn’t require specially written malware to be uploaded into a system, Malware that could indicate the identity of the attacker, or at least his or her affiliation. Exploiting an Aurora attack is simply a matter of gaining access, remotely, possibly because equipment is still running on factory-installed passwords, and then turning off and on a switch.

“You’re using the substations against whatever’s connected to them. Aurora uses the substations as the attack vector. This is the electric grid being the attack vector,” said Weiss, who calls it “a very, very insidious” attack.

The degree to which we are safe from that eventuality depends entirely on how well utility companies have put in place safeguards. We may know the answer to that question in 2015.

 

U.S. Schools Courtesy of Gulen

Posted on by

Anyone remember the Barack Obama famous Cairo speech? In April of 2009, Barack delivered a long message siding with Islam and opening the door for radicals to launch their agendas and local schools in America were included.

But setting the table for what is below is this: He is in the United States.

Turkey issues arrest warrant for cleric Gulen – state media

(Frank J.Gaffney Jr. The Wash.Times:11 Dec.2012)

It is a commonplace saying, but one that most of us ignore: If something sounds too good to be true, it probably is. This applies in spades to a proposal under active consideration by the school board in Virginia’s Loudoun County. It would use taxpayer funds to create a charter school to equip the children of that Washington exurb with enhanced skills in science, technology, engineering and mathematics disciplines. Ostensibly, they will thus be equipped to compete successfully in the fields expected to be at the cutting edge of tomorrow’s workplace.

What makes this initiative, dubbed the Loudoun Math and IT Academy, too good to be true? Let’s start with what is acknowledged about the proposed school.

The academy’s board is made up of a group of male Turkish expatriates. One of them, Fatih Kandil, was formerly the principal of the Chesapeake Science Point Public Charter School in Anne Arundel County, Md. Another is Ali Bicak, the board president of the Chesapeake Lighthouse Foundation, which owns Chesapeake Science Point and two other charter schools in Maryland. The Loudoun Math and IT Academy applicants expressly claim that Chesapeake Science Point will be the model for their school.

The taxpayers of Loudoun County and the school board elected to represent them should want no part of a school that seeks to emulate Chesapeake Science Point, let alone be run by the same people responsible for that publicly funded charter school. For one thing, Chesapeake Science Point has not proved to be the resounding academic success the applicants claim. It does not appear anywhere in the acclaimed U.S. News & World Report lists of high-performing schools in Maryland, let alone nationwide — even in the subsets of mathematics or charter schools.

What is more, according to public documents chronicling Anne Arundel County Public Schools’ dismal experience with Chesapeake Science Point, there is significant evidence of chronic violations of federal, state and local policies and regulations throughout its six years of operations, with little or inconsistent improvement, reflecting deficiencies in fiscal responsibility and organizational viability.

Why, one might ask, would applicants for a new charter school cite so deeply problematic an example as their proposed institution? This brings us to aspects of this proposal that are not acknowledged.

Chesapeake Science Point is just one of five controversial schools with which Mr. Kandil has been associated. He was previously the director at the Horizon Science Academy in Dayton, Ohio; the principal at the Wisconsin Career Academy in Milwaukee and at the Baltimore Information Technology Academy in Maryland; and one of the applicants in a failed bid to establish the First State Math and Science Academy in Delaware.

These schools have something in common besides their ties to the peripatetic Fatih Kandil. They have all been “inspired” by and in other ways are associated with Fethullah Gulen, a Turkish supremacist and imam with a cultlike following of up to 6 million Muslims in Turkey and elsewhere around the world. More to the point, Imam Gulen is the reclusive and highly autocratic leader of a global media, business, “interfaith dialogue” and education empire said to be worth many billions that is run from a compound in the Poconos.

This empire — including its roughly 135 charter schools in this country and another 1,000 abroad — and its adherents have come to be known as the Gulen Movement. Those associated with it, in this country at least, are assiduously secretive about their connections to Imam Gulen and his enterprise. For example, the Loudoun Math and IT Academy applicants, their spokeswoman and other apologists have repeatedly misled the Loudoun school board, claiming that these Turkish gentlemen and their proposed school have nothing to do with Imam Gulen.

There are several possible reasons for such professions. For one, the Gulen schools are reported to be under investigation by the FBI. A growing number of them — including Chesapeake Science Point — have also come under critical scrutiny from school boards and staff around the country. In some cases, they have actually lost their charters for, among other reasons, chronic financial and other mismanagement and outsourcing U.S. teachers’ jobs to Turks.

The decisive reason for the Gulenist lack of transparency, however, may be due to their movement’s goals and modus operandi. These appear aligned with those of another secretive international organization that also adheres to the Islamic doctrine known as Shariah and seeks to impose it worldwide — the Muslim Brotherhood. Both seek to accomplish this objective by stealth in what the Brotherhood calls “civilization jihad” and Imam Gulen’s movement describes as “jihad of the word.”

This practice enabled the Gulenists to help transform Turkey from a reliable, secular Muslim NATO ally to an Islamist state deeply hostile to the United States — one aligned with other Islamic supremacists, from Iran to the Muslim Brotherhood to Hamas to al Qaeda. Fethullah Gulen’s followers clearly don’t want us aware of the obvious dangers posed by their penetration of our educational system and influence over our kids.

The good news is that members of the Loudoun County school board have a code of conduct that reads in part: “I have a moral and civic obligation to the nation which can remain strong and free only so long as public schools in the United States of America are kept free and strong.” If the board members adhere to this duty, they will reject a seductive Loudoun Math and IT Academy proposal that is way too “good” to be true.

So what has happened since the launch of these schools around the country?

FBI raids Concept Schools in Illinois, 2 other states

The FBI and two other federal agencies conducted raids in Illinois and two other states at charter schools run by Des Plaines-based Concept Schools, FBI officials said Tuesday.

Search warrants were executed at 19 Concept schools in connection with an “ongoing white-collar crime matter,” said Vicki Anderson, a special agent in the Cleveland FBI office that’s leading the probe.

The U.S. Department of Education and the Federal Communications Commission also were involved in the June 4 raids, but officials said the warrants remain under seal, and they wouldn’t give any details about the investigation. 

The raids targeted Concept schools in Illinois — where Concept has three schools in Chicago and one in Peoria — as well as in Indiana and Ohio.

FBI RAIDS TURKISH GULEN CHARTER SCHOOL IN LA

Dec 14, 2013 by

fbi_raid“Finally FBI Raids Turkish Gulen Charter School in Louisiana”

by Donna Garner 12.13.13   

12.12.13 — To view the FBI raid of the Gulen charter school in East Baton Rouge, please go to the following link on WBRZ.com. The Gulen charter schools are tied to Fethullah Gulen who is an Islamist imam.  Kenilworth Science and Technology School is connected to the Pelican Foundation, Cosmos Foundation in Texas, Atlas Texas Construction and Trading (a Houston-based contractor), Harmony Charters in Texas, and to other Gulen/Turkish entities around the United States and Turkey:  http://www.wbrz.com/videos/fbi-raid-another-scandal-for-charter-school-company/   

===========  

12.11.13 — To read the full story about the FBI raid on the Gulen charter school, please read further: “FBI Raid Another Scandal for Gulen Charter School Company”

http://www.wbrz.com/news/fbi-raid-another-scandal-for-charter-school-company/   

EXCERPTS FROM THIS ARTICLE:

BATON ROUGE- Wednesday evening’s FBI raid on a charter school in East Baton Rouge is the latest item in a list of scandals involving the organization that holds the charter for the Kenilworth Science and Technology School.

Pelican Educational Foundation runs the school [and also Abramson] and has ties to a family from Turkey. The organization lost its school in New Orleans amid allegations of sexual misconduct among students that prompted a state investigation on campuses in the Crescent City and in Baton Rouge. It has also faced lawsuits and allegations from teachers about bad learning environments.

“It was an atmosphere where there was a double standard,” one former teacher told WBRZ News 2 in an investigation into the school in EBR. Former teachers were not happy with how things were handled when they spoke with a station reporter two years ago.

No one was ever charged in the sex allegations a school spokesperson pointed out Wednesday as federal investigators moved through the campus collecting items, putting them in boxes and then loading them into a van.

The school receives about $5,000,000 in local, state, and federal tax money. In 2012, the Pelican group was accused of improperly handling money by the Legislative Auditor. A report found about $8600 was improperly used to buy gifts for students who scored high on LEAP tests.

About the same time as allegations and lawsuits began dealing with Pelican charter schools, a BESE member took an improper trip on behalf of another Turkish organization. Linda Johnson, who is no longer on BESE, was fined for breaking the law by the ethics board. She got an all expenses paid trip to Turkey.

Kenilworth Science and Technology School will be open Thursday.

 

CyberWar on America Costs Close to a $Trillion

Posted on by

It is not just North Korea, the cyber warriors are also in Ukraine, China, Syria, Russian and Iran. America has some defenses, but normal users and the business industry has few robust and intolerant choices against cyber attacks.

We need to challenge Congress to declare cyber attacks as an act of war given the heavy costs to theft, risk and attacks on harden targets including the power grid systems, transportation, food, banks, water, yet most of all intelligence and military secrets.

The most recent attack on Sony intranet system is pointing to North Korea as having the cyber-soldiers and that brigade is called Unit 121.

Defense News: Military planners and security experts have intensified their shouts of concern about the development of cyber weapons and the distinct possibility of a cyber war. Cyber warfare is not new. It has been in modern military doctrine for the past decade not to mention the number of terrorist groups who have threatened the use of cyber weapons against the west. However, what has changed is the number of countries that posess these capabilities today.
The North Korean military created a new unit that focuses solely on cyber warfare. The unit, dubbed Unit 121, was first created in 1998 and has steadily grown in size and capability since then. Interest in establishing cyber war forces shouldn’t come as a surprise to anyone, but North Koreas intense effort stands out among the top ten nations developing cyber weapons.
Unit 121 Capabilities Assessment:
Force Size: Originally 1,000 — Current Estimate:17,000
Budget: Total military budget $6 billion USD. Cyber Budget $70+ million. North Koreas military budget is estimated to be the 25th largest in the world.
Goal: To increase their military standing by advancing their asymmetric and cyber warfare.
Ambition: To dominate their enemys information infrastructure, create social unrest and inflict monetary damage.
Strategy: Integrate their cyber forces into an overall battle strategy as part of a combined arms campaign. Additionally they wish to use cyber weapons as a limited non-war time method to project their power and influence.
Experience: Hacked into the South Korea and caused substantial damage; hacked into the U.S. Defense Department Systems.
Threat Rating: North Korea is ranked 8th on the Spy-Ops cyber capabilities threat matrix developed in August of 2007.
Capabilities
Cyber Intelligence/Espionage: Basic to moderately advanced
weapons with significant ongoing development into cyber intelligence.
Offensive Cyber Weapons: Moderately advanced distributed
denial of service (DDoS) capabilities with moderate virus and malicious code capabilities.
North Korea now has the technical capability to construct and deploy an array of cyber weapons as well as battery-driven EMP (electro magnetic pulse) devices that could disrupt electronics and computers at a limited range.
In the late spring of 2007, North Korea conducted another test of one of the cyber weapons in their current arsenal. In October, the North Koreans tested its first logic bomb. A logic bomb is a computer program that contains a piece of malicious code that is designed to execute or be triggered should certain events occur or at a predetermined point of time. Once triggered, the logic bomb can take the computer down, delete data of trigger a denial of service attack by generating bogus transactions.
For example, a programmer might write some software for his employer that includes a logic bomb to disable the software if his contract is terminated.
The N Korean test led to a UN Security Council resolution banning sales of mainframe computers and laptop PCs to the East Asian nation. The action of the United Nations has had little impact and has not deterred the North Korean military for continuing their cyber weapons development program.
Keeping dangerous cyber weapons out of the hands of terrorists or outlaw regimes is next to impossible. As far back as 2002, White House technology adviser Richard Clarke told a congressional panel that North Korea, Iraq and Iran were training people for internet warfare. Most information security experts believe that it is just a matter of time before the world sees a significant cyber attack targeted at one specific country. Many suggest the danger posed by cyber weapons rank along side of nuclear weapons, but without the physical damage. The signs are there. We need to take action and prepare for the impact of a cyber war.

North Korea’s Elite Hackers Who Live Like Stars In Luxury Hotel 

Unit 121 is known to have two distinct functions: to carry out disruptive attacks against systems primarily in the United States and South Korea, both for purposes of sabotage and intelligence gathering, and to defend North Korea from incoming cyber attacks.

North Korea, however, has very little internet infrastructure, which analysts say actually gives the country an advantage. While North Korea can launch massive attacks against the West — the Sony attack being just the latest — outside nations can do little to damage North Korea’s own internal digital systems because they largely don’t exist.

Inside North Korea, use of the internet is strictly limited to government approved personnel. Ordinary citizens may utilize only an intranet run by Kim Jong Un regime, which allows access to government approved sites and state-operated media, but no access to what the rest of the world knows as the internet and the World Wide Web.

Instead, according to a report prepared in 2009 by a U.S. military intelligence analyst, Steve Sin, the Unit 121 hackers operate mostly from the luxurious Chilbosan in Shenyang, China, pictured below, a facility with amenities that would be unknown to all but the top level government elites inside North Korea, an impoverished country racked by famine.

The hotel is located in a military-controlled region of China just three hours from the border with North Korea. The central headquarters of Unit 121 is located in Pyongyang, in a district called Moonshin-dong, near the Taedong River

In fact, by North Korean standards, the cyber hackers of Unit 121 (also referred to as “Bureau 121″) are treated like superstars, afforded high-class lifestyles inconceivable to the vast majority of North Korean citizens.

In addition to Sin’s report, the Hewlett-Packard corporation conducted its own investigation into the threat posed by Unit 121 — which was created in 1998 and operates with a budget of more than $6 billion. Much of the information known about the highly-secretive unit comes from those reports, and from North Korean defectors who have passed information to U.S. and South Korean intelligence.

According to those accounts, the hackers who comprise the unit are the cream of North Korea’s academic crop in math and computer science, hand-picked from high schools around the country, who are then sent to study at Keumseong, the top high school in the North Korea capital of Pyongyang.

From there, the candidates who pass a rigorous series of tests and trials are sent to study at top universities — and then sent to Russia and China for an additional year of specialized training in computer hacking and cyberwar techniques.

Unit 121 is believed responsible for an attack on 30,000 computers inside South Korean banks and media companies in 2013, an attack that security experts say bore strong similarities to the Sony hack.

Against South Korea, North Korea allegedly has already carried out a series of disruptive and destructive operations in the past few years. Discounting previous distributed denial-of-service (DDoS) attacks on websites, the first major cyber-attack attributed to North Korea was on April 12, 2011, which paralyzed online banking and credit card services of Nonghyup Agricultural Bank for its 30 million customers. This is the first instance where North Korea used a disc wiping tool. While its ATMs were fixed within a couple days, some of the online services had taken more than two weeks to return to normal operating status, with 273 out of 587 servers destroyed. The second incident occurred in March 20, 2013, which used similar but improved tactics from April 2011. It was timed to simultaneously target multiple banks and broadcasting agencies with disc wiping tools and was preceded by an extensive advanced persistent threat campaign. The scale of the March 20 attack demonstrated that North Korea has at least one dedicated, permanent cyber unit directed against carefully selected targets and that they have the means to penetrate, exploit, and disrupt target systems and networks with sufficient secrecy.

Congress Blind-Sided on Cuba Shift is False

Posted on by

First the White House said no to Cuba and the prisoner swap.  Alan Gross was a top asset sent to Cuba to investigate and impede the Cuba/Russian spy network designed to infiltrate United States Southern Command. There was some great success is the Cuban spies providing intelligence back to the island and then far beyond.

The White House going back to 2009 has announced a series of policy changes regarding Cuba. These objectives were in cadence with the State Department, the U.S. Treasury and the Commerce Secretary as well as the U.S. Chamber of Commerce. Several congressional committees were well aware of the epic shift of appeasement to the Communist country. Congress was hardly blind-sided including a prisoner swap as this has been a tactic of the White House.

It seems to grow the economy and to increase trade, the White House policy wonks think it is a prudent move to open diplomacy with a communist country after-all it works with China.

U.S. Policy
Congress has played an active role in shaping policy toward Cuba, including the enactment of legislation strengthening and at times easing various U.S. economic sanctions. While U.S. policy has consisted largely of isolating Cuba through economic sanctions, a second policy component has consisted of support measures for the Cuban people, including U.S. government-sponsored broadcasting (Radio and TV Martí) and support for human rights and democracy projects. The Obama Administration has continued this similar dual-track approach. While the Administration has lifted all restrictions on family travel and remittances, eased restrictions on other types of purposeful travel, and moved to reengage Cuba on several bilateral issues, it has also maintained most U.S. economic sanctions in place. On human rights, the Administration welcomed the release of many political prisoners in 2010 and 2011, but it has also criticized Cuba’s continued harsh repression of political dissidents through thousands of short-term detentions and targeted violence. The Administration has continued to call for the release of U.S. government subcontractor Alan Gross, detained in 2009 and sentenced to 15 years in prison in 2011, and maintains that Gross’s detention remains an impediment to more constructive relations.
Legislative Activity
Strong interest in Cuba is continuing in the 113th Congress with attention focused on economic and political developments, especially the human rights situation, and U.S. policy toward the island nation, including sanctions. The continued imprisonment of Alan Gross remains a key concern for many Members. In March 2013, Congress completed action on full-year FY2013 appropriations with the approval of H.R. 933 (P.L. 113-6), and in January 2014, it completed action on an FY2014 omnibus appropriations measure, H.R. 3547 (P.L. 113-76)—both of these measures continued funding for Cuba democracy and human rights projects and Cuba broadcasting (Radio and TV Martí). Both the House and Senate versions of the FY2014 Financial Services and General Government appropriations measure, H.R. 2786 and S. 1371, had provisions that would have tightened and eased travel restrictions respectively, but none of these provisions were included in the FY2014 omnibus appropriations measure (P.L. 113-76).
For FY2015, the Administration is requesting $20 million for Cuba democracy projects (the same being provided for FY2014) and $23.130 million for Cuba broadcasting.


Congressional Research Service
Cuba: U.S. Policy and Issues for the 113th Congress FY2014)

The House Appropriation Committee reported out H.R. 5013 (H.Rept. 113-499), the FY2015 State Department, Foreign Operations, and Related Programs Act, on June 27, 2014, which would make available $20 million “to promote democracy and strengthen civil society in Cuba,” and provide not less than $28.266 million for Cuba broadcasting. The Senate Appropriations Committee reported out its version of the appropriations measure, S. 2499 (S.Rept. 113-195), on June 19, 2014, which would provide up to $10 million for Cuba democracy programs and an additional $5 million for programs to provide technical and other assistance to support the development of private businesses in Cuba; the Senate measure would also provide $23.130 million for Cuba broadcasting.
With regard to U.S. sanctions on Cuba, the House version of the FY2015 Financial Services and General Government Appropriation bill, H.R. 5016 (H.Rept. 113-508), approved July 16, 2014, has a provision that would prohibit the use of any funds in the Act “to approve, license, facilitate, authorize or otherwise allow” people-to-people travel.
Several other initiatives on Cuba have been introduced in the 113th Congress. Several would lift or ease U.S. economic sanctions on Cuba: H.R. 214 and H.R. 872 (overall embargo); H.R. 871 (travel); and H.R. 873 (travel and agricultural exports). H.R. 215 would allow Cubans to play organized professional baseball in the United States. H.R. 1917 would lift the embargo and extend nondiscriminatory trade treatment to the products of Cuba after Cuba releases Alan Gross from prison. Identical initiatives, H.R. 778/S. 647 would modify a 1998 trademark sanction; in contrast, H.R. 214, H.R. 872, H.R. 873, and H.R. 1917 each have a provision that would repeal the sanction. H.Res. 121 would honor the work of Cuban blogger Yoani Sánchez. H.Res. 262 would call for the immediate extradition or rendering of all U.S. fugitives from justices in Cuba.

So this begs the question, who really benefits on the Cuban side, when the benefits to America are in the zero category?

From Fox Business: There is a price that the Cuban regime will exact from American companies to do business there if U.S.-Cuba relations are fully normalized, a price that likely won’t benefit the country’s lower classes, but will instead line the pockets of Castro & Co., experts on Cuba warn.

Because of its tight grip, the Castro regime has kept Cuba’s GDP hamstrung. It’s economy is now at a tiny $72.3 billion, less than half that of the state of Iowa, notes Richard J. Peterson, senior director at S&P Capital IQ. In fact, the average worker earns less than $25 a month.

Cuba is in crisis, it needs a bailout. Its crony communism has failed, it is steeped in debt, and its money is running low. Historically, Cuba has enjoyed lifelines in the form of money and oil from Venezuela, which had been generously supplying 100,000 free barrels of oil a day, estimates show, nearly two-thirds of Cuba’s consumption needs.

But Venezuela is on the brink of financial collapse as oil continues to plunge toward $60 a barrel, according to sources there, and it cannot supply Cuba the oil it needs. Plus Venezuela is now enduring three health epidemics: Malaria, dengue fever and chikungunya. Russia has also subsidized Cuba’s economy, but it, too, faces a severe economic contraction as oil nosedives.

Cuba needs tourism dollars, it needs trade and bank credits to save itself from bankruptcy. But it wants all that even while it keeps its failed government model in place. But it wants all that even while it keeps its failed government model in place. Cuba is run by a Soviet-style nomenklatura filled with party elites who call the shots behind the scenes, and who have gotten spectacularly wealthy in the process, all while abusing its people and business partners. Critics of the government, perceived enemies of the state, even those calling for basic human rights continue to be arbitrarily imprisoned without charge or due process, many beaten, even killed.

The Cuban power elite are the Castro brothers and their families, their party chieftains and army leaders. The Cuban economy has changed little since the collapse of the Soviet Union. Unchecked by a probing, independent media or Congress, the Cuban power elite enjoy rich salaries, vacations overseas, yachts, Internet access, beach compounds and satellite dishes to see U.S. movies, notes Cuban émigré and lawyer Nelson Carbonell, author of “And the Russians Stayed: The Sovietization of Cuba” (William Morrow & Co., 1989). The communists in Cuba routinely expropriate the assets of foreign investors, and have seized and control everything of value, including hotels, car distributors, banks, the sugar industry, resorts.

Just as Friedrich Engel, co-author of the Communist Manifesto, once said holds true of Cuba today, that “once in the saddle,” a new ruling class “has never failed to consolidate its rule at the expense of the working class and to transform social leadership into exploitation.”

If relations are fully normalized, American tourist dollars would pour into companies owned by the Castro regime, since tourism is controlled by both the military and General Raul Castro, warns the Cuba Transition Project (CTP).

That means rum, tobacco, hotels and resorts are all owned and operated by the regime and its security forces. Cuba’s dominant company is the Grupo Gaesa, founded by Raul Castro in the nineties and controlled and operated by the Cuban military, which oversees all investments. Cuba’s Gaviota, run by the Cuban military, operates Cuba’s tourism trade, its hotels, resorts, car rentals, nightclubs, retail stores and restaurants. Gaesa is run by Raul’s son-in-law, Colonel Luis Alberto Rodriguez Lopez-Callejas.

The number of foreign companies doing business in Cuba have been cut by more than half since the 1990s, to 190 from some 400. Reasons include: Being forced to partner with army-controlled groups; hire workers through state agencies; and the freezing of bank deposits. Complaints have poured in from former senior executives at Dow Chemical, General Mills, Bristol-Myers Squibb, Colgate-Palmolive, Bacardi, American Express Bank, PepsiCo, Warner Communications, Martin Marietta Aluminum and Amex Nickel Corporation. Iberia, Spain’s national airline which at one time accounted for 10% of foreign commerce with Cuba, killed its Havana routes because they were unprofitable.

If U.S.-Cuba relations are normalized, fresh, new American dollars will only enrich the elite, “dollars will trickle down to the Cuban poor in only small quantities, while state and foreign enterprises will benefit most,” warns CTP, adding U.S. travelers to Cuba could still be “subject to harassment and imprisonment.” Over the decades, tourists visiting Cuba from Canada, Europe and Latin America and spending money there have only strengthened Cuba’s totalitarian state, it notes. There is a chance the free-flow of information from free trade could spark change long-term, but that could trigger an immediate, violent crackdown from the Cuban government, much like what occurred during the Arab spring.

Another significant factor: Corruption is rampant in Cuba, it has no independent, transparent, legal system, Cuba appoints its judges and licenses lawyers, and it repeatedly arrests peaceful pro-democracy activists.

Plus it is a debtor nation with a long history of defaulting on its loans. U.S. businesses risk having their operations confiscated by the government, and/or never seeing their loans repaid.

Cuba exports nickel, but that is largely controlled by Canadian interests, and its sugar industry is on the ropes. About 600 European suppliers have had over $1 billion arbitrarily frozen by the government since 2009, “and several investments have been confiscated,” CTP says.

In fact, Cuban law lets the government confiscate foreign assets for “public utility” or “social interest,” CTP says. Three CEOs of companies doing hundreds of millions of dollars’ worth of business in Cuba were arrested and stuck in jail without charges or due process: Cy Tokmakjian of the Tokmakjian Group, Sarkis Yacoubian of Tri-Star Caribbean, from Canada, and Amado Fakhre of Coral Capital of Great Britain.

All of this is why Cuba is ranked 176th out of 177 countries on the index of economic freedom put out by the Heritage Foundation, beating North Korea at dead last, but ranking worse than Iran and Zimbabwe.

America Loses to DPRK on the CyberWar

Posted on by

Sony Cancels Release of ‘The Interview’

Studio Scraps Dec. 25 Debut After Terrorist Threats Prompted Movie Chains to Skip Film

CNN: U.S. Government to Announce North Korea As Responsible for Sony Hack

The cyberterrorists won.

Sony Pictures canceled its planned release of “The Interview” marking the success of a brazen hacking attack against the studio and terrorist threats against theaters that played the film.

The Sony Corp. studio’s 11th-hour decision, unprecedented in the modern movie business, came after the nation’s largest theater chains all said they would not play the raunchy Seth Rogen farce set in North Korea.

Sony executives were considering alternative options, including releasing it only via video-on-demand or on television, said a person at the studio. But even those approaches could entail serious challenges. Given that the film already set off the worst corporate hack in history, chances were high that companies with major VOD businesses would regard the film as too radioactive to touch.

“We are deeply saddened at this brazen effort to suppress the distribution of a movie, and in the process do damage to our company, our employees and the American public,” Sony said in a statement conceding defeat on Wednesday. “We stand by our filmmakers and their right to free expression and are extremely disappointed by this outcome.”

It sounds even more implausible than the plot of the lowbrow comedy itself, in which a pair of hapless television journalists is recruited by the Central Intelligence Agency to assassinate North Korean leader Kim Jong Un. As matters escalated this week, the film was thrust into the center of a nationwide debate over free speech, terrorism, international relations, journalistic ethics and cybersecurity.

The sight of the studio that released “Zero Dark Thirty” and “The Social Network” brought to its knees by hackers apparently affiliated with North Korea, one of the most isolated and impoverished nations on earth, set off alarm bells throughout Hollywood. On Wednesday, the production company New Regency canceled plans for a thriller set in North Korea, in which Steve Carell was to have starred, according to a person familiar with the matter. Production was to have begun in March. The cancellation was first reported by the Hollywood trade website Deadline.

Also in question is the status of several other scripts floating around Hollywood, including rights to the memoirs of North Korean defectors who spent years in the country’s notorious labor camps.

The reverberations will carry far beyond Hollywood, online security experts warned, saying that the episode could set a disturbing precedent. “This is now a case study that is signaling to attackers that you can get all that you want and even more,” said Pete Singer, a cybersecurity strategist and senior fellow at the New America Foundation.

Sony Corp. Chief Executive Kazuo Hirai retains confidence in Sony Entertainment CEO Michael Lynton and Sony Pictures head Amy Pascal, according to people familiar with the matter, and he doesn’t blame them for the attack.

The debacle’s roots stretch back at least to June of this year, when Sony executives deliberated over changes to the movie because of its political sensitivities. Though the studio never planned to release “The Interview” in Asia, Sony Corp. executives in Tokyo were concerned about the film because of Japan’s long and tense history with both North Korea and South Korea.

People claiming to be the hackers escalated their threats on Tuesday, warning of terrorist attacks on theaters that showed the film.

The Department of Homeland Security dismissed the terrorist threat as lacking credibility. But theater operators nonetheless asked Sony on Tuesday to delay the film’s opening, planned for Dec. 25, out of concern that the threats would depress box office sales across the industry during the critical holiday season. When Sony declined, the theaters decided Wednesday morning that they wouldn’t play the movie until the Federal Bureau of Investigation complete its probe of the matter, and maybe not even then.

Distribution executives at other studios worried that screening “The Interview” would depress ticket sales for other movies, and the concerns also threatened to keep business from surrounding stores and restaurants over the holiday season.

Sony executives had long been aware “The Interview” would be controversial and have attempted to make a number of changes to its content and release strategy as a result, according to emails leaked by the hackers.

In June, Sony Pictures President Doug Belgrad sent a message to Sony Entertainment’s Mr. Lynton, saying, “I understand this is a delicate issue and will do whatever I can to help address all of the issues and concerns.” He added that he was only aware of two other movies that depicted the killing of a living international leader: Charlie Chaplin’s “The Great Dictator,” which features a thinly veiled version of Adolf Hitler, and “Team America: World Police,” a 2004 musical comedy in which former North Korean leader Kim Jong Il is depicted as a puppet.

The next week, Mr. Belgrad got Mr. Lynton’s approval to spend $550,000 to digitally remove images of former North Korean leaders Kim Jong Il and Kim Il-sung from pins and murals in more than 500 shots.

By July 1, the studio’s Japanese parent became concerned. An executive at Sony Corp. who dealt with diversity and human rights wrote to Sony Corp. of America President Nicole Seligman, saying he was worried the movie could lead “to a great negative affect [sic] on the relationship between North Korea and Japan.”

To back up the studio’s case for the film, Mr. Lynton already had been in contact with a North Korean expert at think tank Rand Corp.

While Sony did go ahead with the film, executives decided to remove all references to the company from the film and not even host promotional materials on the SonyPictures.com website. The movie was instead branded only with the Sony label Columbia Pictures.

At the same time, Sony Pictures executives reached out to Comcast Corp. ’s Universal Pictures about handling distribution of the movie in all foreign countries save for Asia, where “The Interview” wasn’t ever planned to be released. Such a partnership would have cost Sony about $3.5 million, according to an email from a senior executive.

Sony was looking for a partner to help it back the movie in the case of potential political heat, said a person with knowledge of the talks. Universal passed, citing an already full release slate.

Later in the summer, the studio was in tense discussions with Mr. Rogen and his co-director Evan Goldberg over proposed changes to the scene in which Kim Jong Un is killed by a missile.

“As Amy can attest from Seth’s many emails to her, he’s pretty agitated,” Mr. Belgrad wrote in an email following an August report in the Hollywood Reporter that Sony was making changes to the movie. The comic actor was concerned that critics would focus on “whether or not the film was ‘censored’ rather than simply judging whether or not it’s funny.”

Executives all the way up to Mr. Hirai discussed minute details about the changes, such as how much fire would be in Mr. Kim’s hair, how many embers on his face, and the size of an explosion.

“There is no face melting” in the latest cut, Ms. Pascal assured Mr. Hirai in a September email. He urged her to push Messrs. Rogen and Goldberg to tone down the scene a bit further and remove it entirely from international versions.

It is unclear how many changes the directors ended up making to the final cut of the film that was to be released next week.

U.S. officials haven’t reached a final ruling on who was behind the breach. There are diplomatic concerns if North Korea was involved, U.S. officials and people involved in the investigation said. For instance, some officials worry publicly blaming North Korea for the attack could put Japan, a U.S. ally, in a bind. Tokyo, unlike America, has to deal with North Korea as a neighbor just across the Sea of Japan.

The FBI didn’t immediately respond to a request for comment.

An accusation also creates distinct problems for Washington, these people said. If the U.S. blames North Korea for the attack, it then feels pressured to respond. And the proportional response in this case isn’t clear, as North Korea already is sanctioned and cut off from much of the world.

Nations have yet to agree on what types of cyberattacks are acceptable without escalating tensions. Some experts believe that in cases like the Sony attack, the U.S. needs at least to make a public condemnation.

“We can set the norms by coming out and saying this is just too much,” said Jay Healey, an expert on cybersecurity and diplomacy at the Atlantic Council near Washington.

After hackers entered Sony’s systems more than a month ago, they installed malicious code that would eventually wipe hard drives on many corporate computers. This wiped away many of the digital clues and has made the investigation by the FBI and FireEye Inc., a cybersecurity company, very difficult. As of Wednesday, investigators still can’t say they have removed and blocked the hackers from Sony’s systems, people familiar with the investigation said.

The situation also remains tenuous for Sony Pictures’ parent company in Tokyo. After investigators at FireEye determined North Korea was likely linked to the attack, it proposed a public report that would offer an update on the breach and implicate Pyongyang hackers. Sony’s Japan headquarters nixed the idea, people familiar with the probe said.

Though hardly any North Koreans have access to the Internet, mobile phones or other modern technology, the nation is believed to maintain a robust hacker corps, many of them stationed in China or elsewhere outside the isolated nation.

Kim Kwan-jin, then-defense minister in Seoul, said last year that North Korea runs a dedicated cyberwarfare military unit composed of 3,000 people.

Chang Yong-Seok, a senior researcher at the Institute for Peace and Unification Studies at Seoul National University, said a film like “The Interview” would likely have provided an incentive for North Korean officials to prove their loyalty to the dictator as the film insults the leader’s dignity.

“An extreme response is a way to secure one’s position and professional success,” Mr. Chang said.