Category Archives: NSA Spying

Approval Process for Cyberwarfare Challenged

Posted on by

Cyber is a real battlefield and yet it gets almost zero ink in the media. The reason is due in part to exposing vulnerabilities, forced ransoms and stolen data.

NotPetya could be the beginnings of a new kind of ... photo

Just a couple of years ago: Chet Nagle, a former CIA agent and current vice president of M-CAM, penned an article in the Daily Caller, stating, “At FBI headquarters in July, the head of FBI counterintelligence, Randall Coleman, said there has been a 53% increase in the theft of American trade secrets, thefts that have cost hundreds of billions of dollars in the past year. In an FBI survey of 165 private companies, half of them said they were victims of economic espionage or theft of trade secrets — 95% of those cases involved individuals associated with the Chinese government.”

The threats all appear to have a foreign genesis and the United States does not have a real cyber policy due in part to debates over whether cyber attacks are acts of war. Can the United States fight back with her own cyber weapons? Not really, kinda, maybe.

Tracking the theft is left to the FBI, while responding is left to the U.S. Cyber Command. Army Lt. Gen. Paul Nakasone is the head of Cyber Command facing strategic threats from Russia, China, North Korea and Iran. During his confirmation hearings, Nakasone was grilled on how he would position the agencies to confront mounting Russian aggression in cyberspace, whether through attempted interference in U.S. elections or targeting the electric grid and other critical industrial systems.

Members of the White House’s National Security Council are pushing to rescind Presidential Policy Directive 20, an important policy memorandum that currently guides the approval process for government-backed cyberattacks, three current U.S. officials familiar with the matter tell CyberScoop.

The effort is driven in part by a desire from some NSC staff to create a more streamlined channel for military leaders to get their offensive cyber operations greenlit, insiders familiar with the matter said. The sources spoke under the condition of anonymity to freely discuss sensitive national security matters.

The move comes as lawmakers openly question whether U.S. Cyber Command, the nation’s premier cyber warfare unit, is hamstrung from responding to Russian meddling due to bureaucratic red tape. CyberScoop previously reported that multiple congressional committees are considering policies that could empower the military’s cyber mission.

But the push for change faces resistance from the intelligence community and several other federal agencies involved in cybersecurity.

Senior U.S. intelligence officials have expressed concerns over what rescinding the directive will mean for their own active computer spying missions. These covert operations, which are typically pursued by intelligence agencies like the CIA or NSA, could be exposed by the launch of “louder” disruptive-style attacks from the military. The presence of multiple hacking teams simultaneously targeting a single network often makes it easier for them all to be discovered by the victim.

Prior reporting by CyberScoop has shown that a long-running turf war exists between different federal agencies regarding the proper use of hacking tools in order to protect the homeland.

Even before Trump came to office though, the framework in question was considered a source of frustration inside the Pentagon.

Signed by President Barack Obama in 2012, the directive’s critics say that it was written in a confusing manner that leaves open-ended questions. In addition, critics tell CyberScoop that too many federal agencies are allowed to weigh in on proposed cyber operations, causing “even reasonable” plans to be delayed or outright rejected.

Insiders who are resistant to eliminating the directive admit that PPD-20 is flawed, but fear change because they’ve not seen a replacement plan.

“Better the devil you know, or something like that,” a former U.S. official said. “This is such a crucial decision because whatever comes next will dictate how arguments are settled inside government … you have the military on one side and the IC on the other.”

The NSC, CIA and Office of the Director of National Intelligence declined to comment. The NSA referred CyberScoop to U.S. Cyber Command, who in turn did not respond to a request for comment.

Currently, PPD-20 requires U.S. government agencies to run approvals for offensive operations through a chain of command that stretches across the federal government. The process is largely focused on controlling those operations that go beyond the confines of everyday digital espionage, or computer exploitation, to simply collect information.

According to PPD-20, if an operation is considered “of significant consequence,” it requires the direct blessing of the president in addition to the interagency group. Hacking operations that, for example, shut down a power grid or cause equipment to explode would fit into such a description. But experts say it also includes less flashy tactics like deleting data or corrupting software in a destructive manner.

“This directive pertains to cyber operations, including those that support or enable kinetic, information, or other types of operations,” PPD-20 reads. “The United States has an abiding interest in developing and maintaining use of cyberspace as an integral part of U.S. national capabilities to collect intelligence and to deter, deny, or defeat any adversary.”

After coming under scrutiny last month, outgoing NSA Director Adm. Michael Rogers told lawmakers that there’s an “ongoing policy discussion” about redrawing the regulations looming over military cyber operations. Unlike conventional military activities, the internet makes it difficult for policymakers to draw clear cut boundaries. This challenges also runs up against longstanding laws that underpin, and therefore divide, the work of soldiers and spies.

Historically, intelligence agencies — empowered by Title 50 of the U.S. Code — have led the way on U.S.-backed hacking that occur in countries like Iran or China; where armed conflict is absent. Military operations fall under the purview of Title 10 of the U.S. Code.

It’s not clear whether giving military leaders more leeway to conduct hacking operations will ultimately make those units more effective at their missions. The details surrounding these activities are always classified, which inhibits the public from having a substantive policy debate.

Ultimately, the decision to eliminate PPD-20 falls solely to the executive branch. Sources tell CyberScoop no final decision has been made.

What makes PPD-20 difficult to analyze is the fact that it remains a classified document, despite it being leaked by NSA whistleblower Edward Snowden. The classification means current officials are barred from publicly commenting on it.

Thomas Rid, a professor of strategic studies at Johns Hopkins University, said that Snowden’s PPD-20 leak was notable because it revealed the U.S. government’s thought process behind “the rise of unwanted norms caused by escalatory cyberattacks.”

“Reading between the lines, the framework acknowledges the negative effect on global cyber norms that events like Stuxnet can cause because of escalation,” said Rid.

Rid also believes the directive was “naïvely constructed,” relying too much on the idea that cyberattacks only impact other machines, and not people.

“When you look at what’s happened in 2016, and really since then, it makes the people who wrote PPD-20 seem like they don’t understand the current threat environment where Russia, and to some degree Iran, are combining active measures with cyber to change public perception,” he told CyberScoop. “Russia is basically kicking the U.S.’ ass.”

N Korea Shut Down Nuclear site Because it Collapsed

Posted on by

And not because of some talks going on with South Korea. Much has been televised and written with regard to the talks going on with North Korea, the nuclear and missile program, normalizing relations with the South and introducing a peace agreement. Further, as we learned Mike Pompeo, the CIA Director met with the North Korean regime over Easter in an effort to determine some real truths and to gauge Kim Jung un with just how real all the reports are.

So, while we are told that missile tests and nuclear tests have been suspended, perhaps we know the reason why. Nuclear fallout.

About 200 people are feared dead in North Korea after underground tunnels at a nuclear test site that was feared to be unstable reportedly collapsed, crushing 100 people in the initial cave-in and 100 others when the tunnels again gave way on top of rescuers.

The collapse at the Punggye-ri test site on Oct. 10 occurred while people were doing construction on the underground tunnel, Japan’s Asahi TV reported, citing a source in North Korea. The television station also said North Korea’s sixth nuclear test on Sept. 3 most likely caused the tunnel to crumble and created serious damage in the region.

Mike Pompeo is a master with his poker face and his classified report on the meeting must be a doozy.

North Korea’s mountain nuclear test site has collapsed, putting China and other nearby nations at unprecedented risk of radioactive exposure, two separate groups of Chinese scientists studying the issue have confirmed.

The collapse after five nuclear blasts may be why North Korean leader Kim Jong-un declared on Friday that he would freeze the hermit state’s nuclear and missile tests and shut down the site, one researcher said.

The last five of Pyongyang’s six nuclear tests have all been carried out under Mount Mantap at the Punggye-ri nuclear test site in North Korea’s northwest.

Chinese scientists warn North Korea about disaster threat at nuclear test site

One group of researchers found that the most recent blast tore open a hole in the mountain, which then collapsed upon itself. A second group concluded that the breakdown created a “chimney” that could allow radioactive fallout from the blast zone below to rise into the air.

A research team led by Wen Lianxing, a geologist with the University of Science and Technology of China in Hefei, concluded that the collapse occurred following the detonation last autumn of North Korea’s most powerful thermal nuclear warhead in a tunnel about 700 metres (2,296 feet) below the mountain’s peak.

The test turned the mountain into fragile fragments, the researchers found.

The mountain’s collapse, and the prospect of radioactive exposure in the aftermath, confirms a series of exclusive reports by the South China Morning Post on China’s fears that Pyongyang’s latest nuclear test had caused a fallout leak.

Radioactive dust could escape through holes or cracks in the damaged mountain, the scientists said.

“It is necessary to continue monitoring possible leaks of radioactive materials caused by the collapse incident,” Wen’s team said in the statement.

The findings will be published on the website of the peer-reviewed journal, Geophysical Research Letters, likely next month.

North Korea saw the mountain as an ideal location for underground nuclear experiments because of its elevation – it stood more than 2,100 metres (6,888 feet) above sea level – and its terrain of thick, gentle slopes that seemed capable of resisting structural damage.

North Korea suspends nuclear and missile tests

The mountain’s surface had shown no visible damage after four underground nuclear tests before 2017.

But the 100-kilotonne bomb that went off on September 3 vaporised surrounding rocks with unprecedented heat and opened a space that was up to 200 metres (656 feet) in diameter, according to a statement posted on the Wen team’s website on Monday.

As shock waves tore through and loosened more rocks, a large section of the mountain’s ridge, less than half a kilometre (0.3 mile) from the peak, slipped down into the empty pocket created by the blast, leaving a scar visible in satellite images.

Wen concluded that the mountain had collapsed after analysing data collected from nearly 2,000 seismic stations.

Three small earthquakes that hit nearby regions in the wake of the collapse added credence to his conclusion, suggesting the test site had lost its geological stability.

Another research team led by Liu Junqing at the Jilin Earthquake Agency with the China Earthquake Administration in Changchun reached similar conclusions to the Wen team.

The “rock collapse … was for the first time documented in North Korea’s test site,” Liu’s team wrote in a paper published last month in Geophysical Research Letters.

The breakdown not only took off part of the mountain’s summit but also created a “chimney” that could allow fallout to rise from the blast centre into the air, they said.

North Korea nuclear test site has signs of ‘Tired Mountain Syndrome’ after five blasts

Zhao Lianfeng, a researcher with the Institute of Earth Science at the Chinese Academy of Sciences in Beijing, said the two studies supported a consensus among scientists that “the site was wrecked” beyond repair.

“Their findings are in agreement to our observations,” he said.

“Different teams using different data have come up with similar conclusions,” Zhao said. “The only difference was in some technical details. This is the best guess that can be made by the world outside.”

Speculation grew that North Korea’s site was in trouble when Lee Doh-sik, the top North Korean geologist, visited Zhao’s institute about two weeks after the test and met privately with senior Chinese government geologists.

US reveals how its forces would secure North Korea’s nuclear sites

Although the purpose of Lee’s visit was not disclosed, two days later Pyongyang announced it would no longer conduct land-based nuclear tests.

Hu Xingdou, a Beijing-based scholar who follows North Korea’s nuclear programme, said it was highly likely that Pyongyang had received a stark warning from Beijing.

Are North Korean quakes signs of instability at nuclear test site?

“The test was not only destabilising the site but increasing the risk of eruption of the Changbai Mountain,” a large, active volcano at China-Korean border, said Hu, who asked that his university affiliation not be disclosed for this article because of the topic’s sensitivity.

The mountain’s collapse has likely dealt a huge blow to North Korea’s nuclear programme, Hu said.

Hit by crippling international economic sanctions over its nuclear ambitions, the country might lack sufficient resources to soon resume testing at a new site, he said.

North Korea told its people Kim Jong-un visited China, but didn’t mention denuclearisation

“But there are other sites suitable for testing,” Hu said. “They must be closely monitored.”

Guo Qiuju, a Peking University professor who has belonged to a panel that has advised the Chinese government on emergency responses to radioactive hazards, said that if fallout escaped through cracks, it could be carried by wind over the Chinese border.

“So far we have not detected an abnormal increase of radioactivity levels,” Guo said. “But we will continue to monitor the surrounding region with a large [amount] of highly sensitive equipment and analyse the data in state-of-the-art laboratories.” More details here.

 

End of the Castro Era, yet Communism Prevails Under new Leader

Posted on by

In February of 2013, the 600 members of the National Assembly of People’s Power and the 1600 provincial government representatives voted for Miguel Diaz Canal to be vice president. As of April 2018, Miguel Diaz Canal will reign supreme over Cuba as Raul Castro steps down.

While the Cuban military runs most of the operations in Cuba including all tourism, it is predicted under Miguel Diaz Canal, the junta will expand in Cuba. Cuba remains on the U.S. State Department Tier 2 Watchlist because of human trafficking.

For a historic slide show on Cuba, go here.

El ALBA: Trece años de "una poderosa esperanza" | Cubadebate photo

Cuba remains in an economic crisis and has been patching this crisis with oil agreements with Venezuela, attempting to increase agriculture production and applying some reforms. Meanwhile Cuba has asked Australia, Austria, Belgium, Canada, Denmark, Finland, Italy, Japan, the Netherlands, Spain, Sweden, Switzerland and the United Kingdom for debt forgiveness which in total is estimated in the $11 billion range. Russia wrote off $32 billion in Soviet era debt of Cuba in 2014.

As a continued threat to the United States, Russia re-opened a signals intelligence facility at Lourdes and two Russian oil companies, Gazprom and Zarubezhneft have continued offshore oil drilling exploration operations. In 2014, President Xi of China visited Cuba to sign 29 trade agreements along with debt and  credit cooperation concessions.

Putin in Cuba, hopes for more trade with Latin America ... photo

In 2013, a weapons shipment on board a North Korea ship that left Cuba bound for the return to North Korea was discovered raising additional concerns for sanctions violations of both countries. The ship’s cargo was discovered in Panama due to suspicions of carrying illicit narcotics.

In 2009, the Obama administration began a significant shift in policy toward Cuba launching a new beginning which led to the reopening of the U.S. embassy in Havana. Yet nothing in Cuba changed with regard to human rights violations but some dissident prisoners were released and there were some Cuba spies released from the United States back to Cuba. U.S. citizen Alan Gross was also released from prison by Cuba and returned to the United States. In at least four rounds of talks with Cuba to reestablish diplomatic relations with the United States, Barack Obama sent a resolution to Congress to removed Cuba from the designation of a State Sponsor of International Terrorism. There were no objections by Congress and the rescission of this designation was removed.

Further, under Barack Obama many other initiatives were launched including law enforcement cooperation, smuggling prevention, technical exchanges, environmental, banking, maritime issues, counter-narcotics, trade, travel and cyber-crime. Continued health cooperation, direct mail services and oil spill preparedness were all part of the Obama new era policies.

The Trump administration has made statements indicating a reversal to some of the policy changes made during the Obama administration. This also includes operations at Guantanamo Bay.Meanwhile, Cuba still protects fugitives from justice including Assata Shakur also known as Joanne Chesimard that killed a New Jersey State police officer when she was a member of the Black Liberation Army. Another fugitive is William Guillermo Morales, a member of FALN that a domestic terror group convicted in New York for bomb production and weapons charges in cases going back to 1978.

There are continued property claims totaling 5911 where private property and that of U.S. corporations were confiscated by the Cuban government. The value of these claims is in the $10.9 billion and no resolution is in sight.

So, as Raul Castro passe power to a younger groomed and mentored communist, there is no reason to consider that relations and conditions will improve or move closer to a democratic process in Cuba. Not to be overlooked, the matter of a still unclear health attack of U.S. and Canadian diplomats assigned to the embassy in Havana has not been resolved. Both the United States and Canada have removed personnel as a result of debilitating health issues where Cuba has not protected or mitigated these acoustic attacks in and around the homes of diplomatic housing quarters.

Miguel Diaz Canal will continue to carry on the Castro regime and communist party platform. In fact, it is said that Miguel Diaz Canal will in fact be much more of a hardliner than that of the previous Castro regime.

In a videotaped private meeting with Communist Party members, Cuban Vice President Miguel Díaz-Canel — often portrayed as a moderate politician with a quiet disposition — took on an all too familiar hardline tone that offered a rare glimpse into his ideology.

In the video, which has quickly spread across social media platforms, Díaz-Canel lashed out against Cuban dissidents, independent media and embassies of several European countries, accusing them all of supporting subversive projects.

For the United States, he had this message: Cuba will not make any concessions.

“The U.S. government… invaded Cuba, put the blockade [embargo] in place, imposed restrictive measures. Cuba did not do any of that, so in return for nothing they have to solve those asymmetries if they want relations and if they want normalization of the relations,” Díaz-Canel said in the February meeting captured on video and published by Cuban dissident Antonio Rodiles on YouTube this week.

Russia’s Response to the West, Cyber War

Posted on by

The Department of Homeland Security (DHS), Federal Bureau of Investigation (FBI), and the United Kingdom’s (UK) National Cyber Security Centre (NCSC) released a joint Technical Alert (TA) about malicious cyber activity carried out by the Russian Government. The U.S. Government refers to malicious cyber activity by the Russian government as GRIZZLY STEPPE.

NCCIC encourages users and administrators to review the GRIZZLY STEPPE – Russian Malicious Cyber Activity page, which links to TA18-106A – Russian State-Sponsored Cyber Actors Targeting Network Infrastructure Devices, for more information.

*** GRIZZLY STEPPE – Russian Malicious Cyber Activity ... photo

Senator Tom Cotton: Our nation’s communications networks benefit us in ways unimaginable at the start of the digital age.  But a potential danger lurks: hidden “backdoors” in network equipment.  A hostile foreign power could use these backdoors to spy on Americans or attack our critical infrastructure by injecting viruses or launching denial-of-service attacks.  These backdoors can be designed into routers, switches, and virtually any other type of telecommunications equipment that, together, make up our networks.

This highlights the importance of our networks’ supply chain—that is, the process by which telecommunications equipment is manufactured, sold, distributed, and installed.  Whether the threat involves hacking into our nation’s communications networks or conducting industrial or political espionage at the behest of a foreign government, the integrity of the supply chain has worried U.S. government officials for years.

In 2012, the House Permanent Select Committee on Intelligence released a bipartisan report on the national security threats posed by certain foreign manufacturers.  This past year, Congress barred the Department of Defense from buying certain equipment and services from Chinese companies Huawei and ZTE on account of concerns about those companies’ connections to that country’s government.  And Congress recently banned all federal agencies from using products or services made by Kaspersky Lab, a company with alleged ties to the Russian government.

We’re committed to protecting our national security, and this proposal is a prudent step to accomplish that goal.

But the supply-chain threat persists.  Just this February, FBI Director Christopher Wray testified about “the risks of allowing any company or entity that is beholden to foreign governments that don’t share our values to gain positions of power inside our telecommunications networks.”  These risks include the ability to “maliciously modify or steal information” and “conduct undetected espionage.”  As the supply chain for our networks increasingly stretches beyond U.S. borders, this danger has become all too real.

Given the national security risks, we believe it’s time for more concerted federal action.  Among other things, that means making sure that our government doesn’t make the problem worse by spending the American people’s money on products and services from any company that poses a national security threat to our communications networks.

The Federal Communications Commission is a good place to start.  It regulates America’s communications networks.  And it administers the Universal Service Fund, an almost $9 billion-per-year program designed to ensure that all Americans have access to phone and broadband services.  The money in the Fund comes from fees paid by the American people on their phone bills.  About $4.7 billion annually is spent expanding high-speed Internet access in rural communities; $2.7 billion helps connect schools and libraries to the Internet; $1.3 billion assists in making phone and broadband services more affordable to low-income Americans; and about $300 million supports communications services for rural health-care facilities.  These are important programs.  But there’s no reason one dime of this funding should go to suppliers that raise national security concerns.  There are plenty of other providers we can use to help bridge the digital divide.

That’s why the FCC will vote on April 17 on Chairman Pai’s recent proposal to bar the use of universal service funding to buy equipment or services from any company that poses a national security threat to the integrity of our communications networks or the communications supply chain.  If approved, the proposal would also seek public input on how we should identify suspect firms and which types of telecommunications equipment or services should fall within the prohibition.  Everyone concerned about this issue will have a chance to weigh in.

Bottom line:  We’re committed to protecting our national security, and this proposal is a prudent step to accomplish that goal.  The FCC, Congress, and all government agencies must work together to safeguard the integrity of our communications supply chain.  We strongly urge the full Commission to approve this proposal and for other agencies to follow the lead.

What the Heck? Dept of Interior has Rookie IT People or What?

Posted on by

Is this a joke? Those computers had/have malware installed that was never detected even after that major OPM hack that forced the mainframes to communicate with Russia…..yes RUSSIA. So, here comes that Inspector General audit report. We are bleeding data, even classified data….So we have tech companies and social media operations that are not protecting or safeguarding our data, now for sure we have government that cant do it either…..

There was a hearing though…..ahem

Federal Data Breach Reveals Weaknesses Of U.S ... photo

 

In part from the audit report: This memorandum transmits the findings of our evaluation of the U.S . Department
of the Interior’ s incident response program. We found that the Office of the Chief
Information Officer had not fully implemented the capabilities recommended by
National Institute for Standards and Technology (NIST) in its incident detection
and response program.
We make 23 recommendations to help the Department improve its incident response
program , so it can promptly detect and full y contain cyber threats to maintain the
availability, confidentiality, and integrity of Department and bureau computer
systems and data.
In response to our draft report, the Department concurred with all recommendations
and provided target dates and officials responsible for implementation.
We consider all 23 recommendations resolved but not implemented.
We will forward the recommendations to the Office of Policy, Management and
Budget for tracking and implementation. We understand that some of these recommendations may require significant investment in cyber security infrastructure
as well as the recruitment of additional staff, but the intended timeframe to implement
these recommendations remains a concern.
Five recommendations will not be addressed for more than 5 years, and four recommendations will not be addressed for more than 3 years.
In the interim, the Department should consider additional temporary or partial solutions.
Specifically, we found that the Department:
• Was not fully prepared to respond to incidents
• Did not promptly detect or fully analyze security incidents
• Did not fully contain or completely eradicate active cyber threats
• Did not continuously improve its incident response capabilities by
learning from prior incidents

Three years after Chinese hackers stole security clearance files and other sensitive personal information of some 22 million U.S. federal employees, cyber-defenses at the Department of Interior, which hosted White House Office of Personnel Management (OPM) servers targeted in the theft, were still unable to detect “some of the most basic threats” inside Interior’s computer networks — including malware actively trying to make contact with Russia.

In a 16-month examination of Interior’s ability to detect and respond to cyber-threats, evaluators from the department’s Office of Inspector General (OIG) also discovered that Interior’s technicians simply did not implement a sweeping array of mandatory, government-wide defensive measures ordered up after the disastrous OPM hack, didn’t investigate blocked intrusion attempts, and left “multiple” compromised computers on their network “for months at a time,” according to a redacted OIG report issued in March.

Ultra-sensitive security clearance files have since been moved to the Defense Department, but, among other things, the OIG report noted that:

● sensitive data at Interior could be taken out of the department’s networks “without detection.”

● network logs showed that a computer at the U.S. Geological Survey, an Interior bureau, was regularly trying to communicate with computers in Russia. The messages were blocked, but “the USGS facilities staff did not analyze the alerts.”

● dangerous or inappropriate behavior by network users — including  the downloading of pornography and watching pirated videos on Russian and Ukrainian websites — was not investigated.

● computers discovered to be infected with malware were scrubbed as soon as possible and put back into use—meaning little or no effort went into examining the scope and nature of any such threats to the broader network. This happened, the OIG team noted, with one intruder they discovered themselves.

● simulated intrusions or ransomware attacks created by the examiners were carried out with increasing blatancy without a response—in the case of ransomware, for nearly a month

● After the devastating OPM hack, which was discovered in April 2015, the department didn’t even publish a lessons-learned plan for its staffers based on the disaster. The OIG inspectors reported that Interior started to draft an “incident response plan” that month to deal with future intrusions, but “did not publish it until August 2017”— two months after the OIG team had finished their lengthy fieldwork.

● Distressingly, the report also notes that the department’s cybersecurity operations team was not privy to a list of Interior’s so-called “high-value IT assets” prepared by the Chief Information Officer, “due to its sensitive nature.” More here.