4 Days of Food Left…Panic? National Grid Hacked

If there is no transportation, there is no food, medicine or basic supplies….what country is ready to deal with this?

British cities would be uninhabitable within days and the country is only a few meals from anarchy if the National Grid was taken down in a cyber attack or solar storm, disaster and security experts have warned.

Modern life is so reliant on electricity that a prolonged blackout would quickly lead to a loss of water, fuel, banking, transport and communications that would leave the country “in the Stone Age”.

Russia plot to cut off UK with hackers taking down ... photo

The warning comes weeks after the Defence Secretary, Gavin Williamson, said Russia had been spying on the UK’s energy infrastructure and could cause “thousands and thousands and thousands” of deaths if it crippled the power supply.

***

The U.S. government has just released an important cybersecurity alert that confirms Russian government cyberattacks targeting energy and other critical infrastructure sectors in the United States.

While there has recently been a significant rise in cyberattacks in these industries, up to now we’ve only been able to speculate on who the actors are, or what their motives may be. In this case the threat actor and their strategic intent has been clearly confirmed, something the U.S. government rarely does publicly.

In addition, the US-CERT alert provides descriptions of each stage of the attack, detailed indicators of compromise (IOCs), and a long list of detection and prevention measures. Many of the attack tactics are like Dragonfly 2.0, so much so that one might call this an expanded playbook for Dragonfly. The Nozomi Networks solution ships today with an analysis toolkit that identifies the presence of Dragonfly 2.0 IOCs.

This article is intended to help you gain perspective on this recent alert, provide additional guidance on what security measures to take, and describe how the Nozomi Networks solution can help.

Russian-Cyberattacks-on-Infrastructure

U.S. energy facilities, like this one, are one of the critical infrastructure targets of the Russian cyberattacks.

Multi-Stage Campaigns Provide Opportunities for Early Detection

The US-CERT alert characterizes this attack as a multi-stage cyber intrusion campaign where Russian cyber actors conducted spear phishing and gained remote access into targeted industrial networks. After obtaining access, the threat vectors conducted network reconnaissance, moved laterally, and collected information pertaining to Industrial Control Systems (ICS).

This pattern of behavior is typical of APTs (Advanced Persistent Threats). APTs occur over an extended period, meaning there is an opportunity to detect and stop them before damage is done. With the right technology monitoring the industrial network, it is much harder for them to go unobserved before their final attack.

In this case the Russian cyberattacks started by infecting staging targets, which are peripheral organizations, such as trusted third-party suppliers, as pivot points for attacking the final intended targets.

The attackers used a multitude of tactics involving information relevant to industrial control professionals for initial infection of the staging targets. Examples include:

  • Altering trade publication websites
  • Sending emails containing resumes for ICS personnel as infected Microsoft Word attachments
  • Analyzing publicly available photos that inadvertently contained information about industrial systems

The credentials of staging targets’ staff were in turn used to send spear phishing emails to the staff of the intended targets. They received malicious .docx files, which communicated with a command and control (C2) server to steal their credentials.

The SMB (Server Message Block) network protocol was used throughout the spear phishing phases to communicate with external servers, as was described for the Dragonfly 2.0 attacks.This is a distinctive tactic. SMB is usually only used to communicate within LANs, not for outbound communications. Now that this is known, asset owners should ensure their firewalls are locked down for outbound service restrictions.

The credentials of the intended targets were used to access victim’s networks. From there, the malware established multiple local administrator accounts, each with a specific purpose. The goals ranged from creation of additional accounts to cleanup activity. For the report, click here.

***

What Is Known

Forensic analysis shows that the threat actors sought information on network and organizational design and control system capabilities within the organization. In one instance, the report says, the threat actors downloaded a small photo from a publicly accessible human resource page, which, when expanded, was a high-resolution photo that displayed control systems equipment models and status information in the background. The threat actors also compromised third-party suppliers to download source code for several intended targets’ websites. They also attempted to remotely access corporate web-based email and virtual private network (VPN) connections.

Once inside the intended target’s network, the threat actors used privileged credentials to access domain controllers via remote desktop protocols (RDP) and then used the batch scripts to enumerate hosts and users, as well as to capture screenshots of systems across the network.

The threat is inside. US-CERT on March 15 warned that threat actors associated with the Russian government had infiltrated ICS and SCADA systems at power plants using a variety of tactics. This image is a DHS reconstruction of a screenshot fragment of a human machine interface (HMI) that the threat actors accessed. Source: US-CERT

The threat is inside. US-CERT on March 15 warned that threat actors associated with the Russian government had infiltrated ICS and SCADA systems at power plants using a variety of tactics. This image is a DHS reconstruction of a screenshot fragment of a human machine interface (HMI) that the threat actors accessed. Source: US-CERT

Along with publishing an extensive list of indicators of compromise, the DHS and FBI recommended that network administrators review IP addresses, domain names, file hashes, network signatures, and a consolidated set of YARA rules for malware associated with the intrusion authored by the National Cybersecurity and Communications Integration Center. YARA is an open-source and multiplatform tool that provides a mechanism to exploit code similarities between malware samples within a family.

When Biden and Kerry Concocted a Shady Equity Firm

Keep this post in your bookmarks as we enter into the 2020 general election….

Primer:

1. China plants industrial espionage operatives in the U.S. that steal government contract secrets and sell them back to China. FBI caught at least one.

2. Through cyber espionage, China has stolen much of the F-35 technology, more than 50 terabytes.

3. John Kerry and Joe Biden did exactly the same thing as Hillary…sold access for money while exploiting it all as diplomatic missions with the title(s) of bi-lateral agreements.

4. Subpoena former Treasury Secretary Jack Lew and ask him about the CFIUS approvals of Chinese back enterprises. We may surely need to go back to former Treasury Secretary, Tim Geithner, did he set the table for all this with Obama’s approval creating that ‘Asia Pivot‘?

5. What does Congress know about foreign investments and when do they know it? They get reports, but who is asking questions, anyone?

http://commonsensenation.net/wp-content/uploads/2018/03/Biden.jpg photo

NYP: Joe Biden and John Kerry have been pillars of the Washington establishment for more than 30 years. Biden is one of the most popular politicians in our nation’s capital.

His demeanor, sense of humor, and even his friendly gaffes have allowed him to form close relationships with both Democrats and Republicans. His public image is built around his “Lunch Bucket Joe” persona. As he reminds the American people on regular occasions, he has little wealth to show for his career, despite having reached the vice presidency.

One of his closest political allies in Washington is former senator and former Secretary of State John Kerry. “Lunch Bucket Joe” he ain’t; Kerry is more patrician than earthy. But the two men became close while serving for several decades together in the US Senate. The two “often talked on matters of foreign policy,” says Jules Witcover in his Biden biography.

So their sons going into business together in June 2009 was not exactly a bolt out of the blue.

But with whom their sons cut lucrative deals while the elder two were steering the ship of state is more of a surprise.

What Hunter Biden, the son of America’s vice president, and Christopher Heinz, the stepson of the chairman of the Senate Committee on Foreign Relations (later to be secretary of state), were creating was an international private equity firm. It was anchored by the Heinz family alternative investment fund, Rosemont Capital. The new firm would be populated by political loyalists and positioned to strike profitable deals overseas with foreign governments and officials with whom the US government was negotiating.

Hunter Biden, Vice President Joe Biden’s youngest son, had gone through a series of jobs since graduating from Yale Law School in 1996, including the hedge-fund business.

By the summer of 2009, the 39-year-old Hunter joined forces with the son of another powerful figure in American politics, Chris Heinz. Senator John Heinz of Pennsylvania had tragically died in a 1991 airplane crash when Chris was 18. Chris, his brothers, and his mother inherited a large chunk of the family’s vast ketchup fortune, including a network of investment funds and a Pennsylvania estate, among other properties. In May 1995, his mother, Teresa, married Senator John Kerry of Massachusetts. That same year, Chris graduated from Yale, and then went on to get his MBA from Harvard Business School.

Joining them in the Rosemont venture was Devon Archer, a longtime Heinz and Kerry friend.

The three friends established a series of related LLCs. The trunk of the tree was Rosemont Capital, the alternative investment fund of the Heinz Family Office. Rosemont Farm is the name of the Heinz family’s 90-acre estate outside Fox Chapel, Pennsylvania.

The small fund grew quickly. According to an email revealed as part of a Securities and Exchange Commission investigation, Rosemont described themselves as “a $2.4 billion private equity firm co-owned by Hunter Biden and Chris Heinz,” with Devon Archer as “Managing Partner.”

The partners attached several branches to the Rosemont Capital trunk, including Rosemont Seneca Partners, LLC, Rosemont Seneca Technology Partners, and Rosemont Realty.

Of the various deals in which these Rosemont entities were involved, one of the largest and most troubling concerns was Rosemont Seneca Partners.

Rather than set up shop in New York City, the financial capital of the world, Rosemont Seneca leased space in Washington, DC. They occupied an all-brick building on Wisconsin Avenue, the main thoroughfare of exclusive Georgetown. Their offices would be less than a mile from John and Teresa Kerry’s 23-room Georgetown mansion, and just two miles from both Joe Biden’s office in the White House and his residence at the Naval Observatory.

Over the next seven years, as both Joe Biden and John Kerry negotiated sensitive and high-stakes deals with foreign governments, Rosemont entities secured a series of exclusive deals often with those same foreign governments.

Some of the deals they secured may remain hidden. These Rosemont entities are, after all, within a private equity firm and as such are not required to report or disclose their financial dealings publicly.

Some of their transactions are nevertheless traceable by investigating world capital markets. A troubling pattern emerges from this research, showing how profitable deals were struck with foreign governments on the heels of crucial diplomatic missions carried out by their powerful fathers. Often those foreign entities gained favorable policy actions from the United States government just as the sons were securing favorable financial deals from those same entities.

Nowhere is that more true than in their commercial dealings with Chinese government-backed enterprises.

Rosemont Seneca joined forces in doing business in China with another politically connected consultancy called the Thornton Group. The Massachusetts-based firm is headed by James Bulger, the nephew of the notorious mob hitman James “Whitey” Bulger. Whitey was the leader of the Winter Hill Gang, part of the South Boston mafia. Under indictment for 19 murders, he disappeared. He was later arrested, tried, and convicted.

James Bulger’s father, Whitey’s younger brother, Billy Bulger, serves on the board of directors of the Thornton Group. He was the longtime leader of the Massachusetts state Senate and, with their long overlap by state and by party, a political ally of Massachusetts Senator John Kerry.

Less than a year after opening Rosemont Seneca’s doors, Hunter Biden and Devon Archer were in China, having secured access at the highest levels. Thornton Group’s account of the meeting on their Chinese-language website was telling: Chinese executives “extended their warm welcome” to the “Thornton Group, with its US partner Rosemont Seneca chairman Hunter Biden (second son of the now Vice President Joe Biden).”

The purpose of the meetings was to “explore the possibility of commercial cooperation and opportunity.” Curiously, details about the meeting do not appear on their English-language website.

Also, according to the Thornton Group, the three Americans met with the largest and most powerful government fund leaders in China — even though Rosemont was both new and small.

The timing of this meeting was also curious. It occurred just hours before Hunter Biden’s father, the vice president, met with Chinese President Hu in Washington as part of the Nuclear Security Summit.

There was a second known meeting with many of the same Chinese financial titans in Taiwan in May 2011. For a small firm like Rosemont Seneca with no track record, it was an impressive level of access to China’s largest financial players. And it was just two weeks after Joe Biden had opened up the US-China strategic dialogue with Chinese officials in Washington.

On one of the first days of December 2013, Hunter Biden was jetting across the Pacific Ocean aboard Air Force Two with his father and daughter Finnegan. The vice president was heading to Asia on an extended official trip. Tensions in the region were on the rise.

The American delegation was visiting Japan, China, and South Korea. But it was the visit to China that had the most potential to generate conflict and controversy. The Obama administration had instituted the “Asia Pivot” in its international strategy, shifting attention away from Europe and toward Asia, where China was flexing its muscles.

For Hunter Biden, the trip coincided with a major deal that Rosemont Seneca was striking with the state-owned Bank of China. From his perspective, the timing couldn’t have been better.

Vice President Biden, Hunter Biden and Finnegan arrived to a red carpet and a delegation of Chinese officials. Greeted by Chinese children carrying flowers, the delegation was then whisked to a meeting with Vice President Li Yuanchao and talks with President Xi Jinping.

Hunter and Finnegan Biden joined the vice president for tea with US Ambassador Gary Locke at the Liu Xian Guan Teahouse in the Dongcheng District in Beijing. Where Hunter Biden spent the rest of his time on the trip remains largely a mystery. There are actually more reports of his daughter Finnegan’s activities than his.

What was not reported was the deal that Hunter was securing. Rosemont Seneca Partners had been negotiating an exclusive deal with Chinese officials, which they signed approximately 10 days after Hunter visited China with his father. The most powerful financial institution in China, the government’s Bank of China, was setting up a joint venture with Rosemont Seneca.

The Bank of China is an enormously powerful financial institution. But the Bank of China is very different from the Bank of America. The Bank of China is government-owned, which means that its role as a bank blurs into its role as a tool of the government. The Bank of China provides capital for “China’s economic statecraft,” as scholar James Reilly puts it. Bank loans and deals often occur within the context of a government goal.

Rosemont Seneca and the Bank of China created a $1 billion investment fund called Bohai Harvest RST (BHR), a name that reflected who was involved. Bohai (or Bo Hai), the innermost gulf of the Yellow Sea, was a reference to the Chinese stake in the company. The “RS” referred to Rosemont Seneca. The “T” was Thornton.

The fund enjoyed an unusual and special status in China. BHR touted its “unique Sino-US shareholding structure” and “the global resources and network” that allowed it to secure investment “opportunities.” Funds were backed by the Chinese government.

In short, the Chinese government was literally funding a business that it co-owned along with the sons of two of America’s most powerful decision makers.

The partnership between American princelings and the Chinese government was just a beginning. The actual investment deals that this partnership made were even more problematic. Many of them would have serious national security implications for the United States.

In 2015, BHR joined forces with the automotive subsidiary of the Chinese state-owned military aviation contractor Aviation Industry Corporation of China (AVIC) to buy American “dual-use” parts manufacturer Henniges.

AVIC is a major military contractor in China. It operates “under the direct control of the State Council” and produces a wide array of fighter and bomber aircraft, transports, and drones — primarily designed to compete with the United States.

The company also has a long history of stealing Western technology and applying it to military systems. The year before BHR joined with AVIC, the Wall Street Journal reported that the aviation company had stolen technologies related to the US F-35 stealth fighter and incorporated them in their own stealth fighter, the J-31. AVIC has also been accused of stealing US drone systems and using them to produce their own.

In September 2015, when AVIC bought 51 percent of American precision-parts manufacturer Henniges, the other 49 percent was purchased by the Biden-and-Kerry-linked BHR.

Henniges is recognized as a world leader in anti-vibration technologies in the automotive industry and for its precise, state-of-the-art manufacturing capabilities. Anti-vibration technologies are considered “dual-use” because they can have a military application, according to both the State Department and Department of Commerce.

The technology is also on the restricted Commerce Control List used by the federal government to limit the exports of certain technologies. For that reason, the Henniges deal would require the approval of the Committee on Foreign Investment in the United States (CFIUS), which reviews sensitive business transactions that may have a national security implication.

According to BHR internal documents, the Henniges deal included “arduous and often-times challenging negotiations.” The CFIUS review in 2015 included representatives from numerous government agencies including John Kerry’s State Department.

The deal was approved in 2015.

Excerpted with permission from “Secret Empires: How the American Political Class Hides Corruption and Enriches Family and Friends,” by Peter Schweizer, published by Harper Collins. The book goes on sale March 20.

Apple, China and iCloud Data Safety?

Primer: Pegatron, the factory at the corner of Xiu Yan and Shen Jiang roads is one of the most secretive facilities at the heart of iPhone production and covers an area equal to almost 90 football fields. In the center is a plaza with a firehouse, police station and post office. There are shuttle buses, mega-cafeterias, landscaped lawns and koi ponds. The grey and brown-hued concrete buildings are meant to evoke traditional Chinese architecture. The brand-new Shanghai Disneyland, which opens its doors in June, is a 20-minute drive away.

Inside, the factory still hides a secret, according to China Labor Watch. Base pay remains so low that workers need overtime simply to make ends meet, the advocacy group said. It said 1,261 pay stubs from Pegatron’s Shanghai facility from September and October 2015 show evidence of excessive overtime. Pegatron, an Asustek spinoff, is the world’s biggest contract electronics manufacturer after Foxconn, according to Bloomberg Intelligence. More here.

Image result for pegatron china apple photo

Image result for icloud china apple photo

This Wednesday, Apple will be making some significant changes to how data is stored for users of its iCloud service in China – raising major concerns that the Chinese authorities will now be able to freely monitor Apple’s users in China. This may be quite worrying for he population and may remind you of the iCloud breach on 31 August 2014. Ever since then, people have been very sceptical of storing precious information online and have been purchasing services from businesses like http://www.thefinalstep.co.uk/ to protect their data from any hackers.

Apple has a reputation for being a powerful advocate for privacy and security. The company uses strong encryption by default in its services and grabbed headlines when it appealed a US court order that would allow the FBI to get around the phone’s security. Apple CEO Tim Cook even sent all Apple consumers a personal letter explaining the importance of privacy.

With China, however, a different story has emerged. Apple has been criticised for blocking Chinese users’ access to the Apple News app and for removing VPN apps from the App Store in China. The changes being made to iCloud are the latest indication that China’s repressive legal environment is making it difficult for Apple to uphold its commitments to user privacy and security. What do these changes mean and what options do Apple’s customers have to protect themselves?

  1. What is happening to Apple’s iCloud service in China?

On 28 February, Apple will transfer operation of its iCloud service for Chinese users to a Chinese company, Guizhou-Cloud Big Data Industry Development Co., Ltd (“GCBD”). The concept of iCloud and other Cloud computing services can be quite confusing to some, especially if it is something completely new to you. It is very interesting to look into. As many of us use services like this to store our files and photos, it makes sense to know what this is all about. Why not look into a site like https://www.salesforce.com/what-is-cloud-computing/ to stay informed.

The move will affect any photos, documents, contacts, messages and other user data and content that Chinese users store on Apple’s cloud-based servers. New Chinese legislation enacted in 2017 requires cloud services to be operated by Chinese companies, meaning companies like Apple must either lease server space inside China or establish joint ventures with Chinese partners.

  1. How does storing user data in China put individuals at risk?

Domestic law gives the Chinese government virtually unfettered access to user data stored inside China without adequate protection for users’ rights to privacy, freedom of expression or other basic human rights. Chinese police enjoy sweeping discretion and use broad and ambiguously constructed laws and regulations to silence dissent, restrict or censor information and harass and prosecute human rights defenders and others in the name of “national security” and other purported criminal offences. As a result, Chinese Internet users can face arrest and imprisonment for merely expressing, communicating or accessing information and ideas that the authorities don’t like.

Furthermore, China’s Cyber Security Law requires network operators to provide “technical support and assistance” to law enforcement and state security agents. That means that when the authorities come to GCBD requesting information about an iCloud user for the purposes of a criminal investigation, the company has a legal obligation to provide it and few, if any, viable legal avenues to challenge or refuse the request.

  1. Apple says it has control over encryption keys and that it won’t allow backdoors. Won’t that protect users in China?

It all depends on the circumstances under which the company will allow GCBD – and the Chinese authorities – access to intelligible decrypted data on iCloud users. When users accept the terms of service for iCloud in China, they agree to allow their information and content to be turned over to law enforcement “if legally required to do so”. Significantly, from now on Apple will store the encryption keys for Chinese users in China, not in the US – making it all but inevitable that the company will be forced to hand over decrypted data so long as the request complies with Chinese law.

Given that many provisions of Chinese law offer inadequate protection to privacy, freedom of expression and other rights, simply checking whether government information requests comply with Chinese law doesn’t address whether complying with the request might contribute to human rights violations. Apple hasn’t confirmed whether or how it will assess whether government information requests might violate users’ human rights. We won’t really know how Apple will respond until it’s put to the test, and unfortunately that’s probably just a matter of time.

As for “backdoors”, or technical measures that would allow law enforcement or other government agencies to access unencrypted user data without having to ask for it, Apple’s commitment to prevent their use is admirable. But the commitment is meaningless if law enforcement can get the companies to decrypt user information simply by saying that it is for a criminal investigation.

  1. What should iCloud users inside China do to protect themselves?

The best way to protect your personal information from being accessed by the Chinese government is to avoid storing it on servers inside China. Users with a credit card and billing address outside China can use those to register their accounts and keep storing their iCloud data outside China. Otherwise, the only option available to Chinese users is to delete their iCloud accounts and permanently opt out of the service. (Apple has provided instructions for how to do so here.) Individual users should seriously consider the risks involved and come to their own decision, but Apple should protect Chinese users by switching iCloud off by default and giving users very clear warnings about the risks they may face by opting in to the service.

  1. How can ICT companies act responsibly when operating in China?

Companies have a responsibility to respect all human rights wherever they operate in the world. Users of their products and services need to be given clear and specific information about risks they might face to their privacy and freedom of expression in China, and what action the company is taking in response. Companies should carry out regular and verifiable human rights impact assessments and demonstrate publicly that they have oversight, due diligence and accountability measures in place to ensure respect for human rights. Finally, companies should do everything they can to influence the Chinese government to protect and respect human rights and speak up and challenge government actions when they threaten human rights. If a company finds that it is unable to mitigate the high risk of human rights violations, it may be forced to decide not to operate in China.

Apple’s official website declares: “At Apple, we believe privacy is a fundamental human right.” It remains to be seen whether Apple can put its words into action.

Space Warfare, the New Battlefield

Image result for military space warfare photo

Primer: The Pentagon is considering creating a combatant command for space warfare, the latest step by the Defense Department to respond to Chinese and Russian militarization high above Earth.

The move — one of several under consideration — is mentioned in a new Pentagon report sent to Congress last week. Right now, space forces are dispersed throughout the military and intelligence community.

There are two kinds of combatant commands. Geographic cocoms oversee military operations in six regions of the world. Functional ones — like U.S. Strategic Command and U.S.Transportation Command — oversee operations that span multiple geographical commands. U.S. Cyber Command is considered a subunified command under STRATCOM, but is being elevated to a functional command.

The Pentagon is looking into whether space should have its own combatant command or subunified command (like Cyber Command), the report says. Space forces were grouped under U.S. Space Command, a unified combatant command, until 2002.

Image result for u.s. space command

***

The Pentagon is preparing for war should China, Russia, or other adversaries attack vital American satellites and other space systems, a senior Pentagon official told Congress on Wednesday.

The Pentagon has requested $12.5 billion in funding for the fiscal year 2019 that begins Oct. 1 for building up what he termed a “more resilient defendable space architecture.”

The request is $1.1 billion more than funding for last year on military space.

Rood, and Air Force Gen. John Hyten, commander of the Omaha-based Strategic Command, testified on the command’s budget request of $24 billion.

Neither elaborated on what space warfare capabilities are being developed. The Pentagon also has not said how it would deter and defend satellites from attack.

Space defense so far has involved development of intelligence capabilities to identify and assess if an incident in space is an attack, or the result of a malfunction or disruption due to collision with space debris.

Military space “resilience” also calls for the Pentagon to rapidly replace or restore satellites after attacks or other disruptions.

The Pentagon’s Defense Science Board, in a report last year, warned that the vulnerability of U.S. satellites to electronic attack was “a crisis to be dealt with immediately.”

The Joint Staff intelligence directorate warned earlier this year that China and Russia will have fully developed space attack weapons in place by 2020 that will threaten all U.S. satellites in low earth orbit—100 miles to 1,200 miles in space.

“Space is a warfighting domain just like the air, ground, maritime, and cyberspace domains,” Hyten said.

Currently, a defense and intelligence center called the National Space Defense Center, located at Schriever Air Force Base, Colorado, runs 24-hour operations for rapid detection, warning, and defense from space attacks.

War games involving space war also are held regularly with U.S. military forces and allies, including Asian and European allies.

China has conducted at least seven tests of hypersonic vehicles and Russia as well has conducted several hypersonic missile tests.

The hypersonic vehicles are designed to defeat missile defenses. More here.

***

February 2018: The Pentagon put Advanced Extremely High Frequency satellites in orbit to ensure communication in the event of a nuclear attack. But those spacecraft could also play a role in the rapid militarization of space.

  • Advanced Extremely High Frequency (AEHF) satellites will be able to keep the U.S. military in communication even after a nuclear attack.
  • They’re also more resistant to electronic jamming, which is a growing concern as tensions with China and Russia heat up.
  • In the war of the future, nations may try to physically destroy other nations’ satellites to disrupt communications and navigation.

Your phone is not going to work on the day nuclear war starts. But the U.S. President, National Security Council, and combat commanders count on being able to communicate. This doomsday connection relies on what we call Advanced Extremely High Frequency (AEHF) satellites that sit in geostationary orbit.

“We need systems that work on the worst day in the history of the world,” says Todd Harrison, director of the Aerospace Security Project at the Center for Strategic and International Studies.

There are four AEHF sats in orbit today. The proposed 2019 U.S. Air Force budget shows about $29.8 million in funding to complete two more, which would launch in 2019 and 2020. Air Force staffers say more money has been set aside in 2019 to ready the software and databases for the pair of new sats.

The Air Force talks about the AEHF satellites as part of its new focus on modernizing America’s nuclear abilities. “We must concurrently modernize the entire nuclear triad and the command and control systems that enable its effectiveness,” says Air Force Secretary Heather Wilson. The Trump administration has its eye on nuclear weapons, but these satellites also sit at the nexus of another big defense trend: Space warfare.

The Department of Defense is also investing in new jam-resistant GPS satellites. It is pouring money into future satellite programs, including AEHF, to the tune of $677 million for research and development in 2019. As orbital threats grow, new potential users—especially the U.S. Army—are taking interest in what the doomsday spacecraft can do. Preparing for post-apocalyptic communication may be just the beginning. More here.

Do the Russians have the Voting Machines Source Codes?

On February 28th, the Senate asks what NSA and Cyber Command are doing about Russian election interference. Admiral Rogers’s answer, in brief, is that his organizations lack the authorities to do much (that he can openly discuss, that is).

US senator grills CEO over the myth of the hacker-proof voting machine
Nation’s biggest voting machine maker reportedly relies on remote-access software.

WASHINGTON (Reuters) – Two Democratic senators on Wednesday asked major vendors of U.S. voting equipment whether they have allowed Russian entities to scrutinize their software, saying the practice could allow Moscow to hack into American elections infrastructure.

The letter from Senators Amy Klobuchar and Jeanne Shaheen followed a series of Reuters reports saying that several major global technology providers have allowed Russian authorities to hunt for vulnerabilities in software deeply embedded across the U.S. government.

The senators requested that the three largest election equipment vendors – Election Systems & Software, Dominion Voting Systems and Hart Intercivic – answer whether they have shared source code, or inner workings, or other sensitive data about their technology with any Russian entity.

They also asked whether any software on those companies’ products had been shared with Russia and for the vendors to explain what steps they have taken to improve the security of those products against cyber threats to the election.

The vendors could not immediately be reached for comment. It was not immediately clear whether any of the vendors had made sales in Russia, where votes are submitted via written ballots and usually counted by hand.

“According to voting machine testing and certification from the Election Assistance Commission, most voting machines contain software from firms which were alleged to have shared their source code with Russian entities,” the senators wrote. “We are deeply concerned that such reviews may have presented an opportunity for Russian intelligence agents looking to attack or hack the United States’ elections infrastructure.”

U.S. voters in November will go to the polls in midterm elections, which American intelligence officials have warned could be targeted by Russia or others seeking to disrupt the process.

There is intense scrutiny of the security of U.S. election systems after a 2016 presidential race in which Russia interfered, according to American intelligence agencies, to try to help Donald Trump win with presidency. Trump in the past has been publicly skeptical about Russian election meddling, and Russia has denied the allegations.

Twenty-one states experienced probing of their systems by Russian hackers during the 2016 election, according to U.S. officials.

Though a small number of networks were compromised, voting machines were not directly affected and there remains no evidence any vote was altered, according to U.S. officials and security experts.

Related reading:

Top intel official says US hasn’t deterred Russian meddling (Fifth Domain) “I believe that President (Vladimir) Putin has clearly come to the conclusion that there’s little price to pay and that therefore, ‘I can continue this activity,‘” Adm. Mike Rogers, director of both the U.S. Cyber Command and the National Security Agency, told Congress.

Senators: Cyber Command should disrupt Russian influence campaigns (Fifth Domain) Senators pressed Cyber Command on how they can use their national mission force to combat Russian cyber intrusions.

Rogers: CyberCom lacks authority, resources to defend all of cyberspace (FCW) The outgoing NSA and U.S. Cyber Command chief told lawmakers CyberCom is not sitting on its hands when it comes to potential Russian cyber interference, but it lacks the authority to do more absent additional presidential direction.

NSA: Trump’s Lukewarm Response on Russia Will Embolden Putin (Infosecurity Magazine) NSA: Trump’s Lukewarm Response on Russia Will Embolden Putin. Expect more election interference, Cyber Command boss warns

Decoding NSA director Mike Rogers’ comments on countering Russian cyberattacks (Washington Examiner) It’s not as simple as ‘I’m not authorized to do anything.’

*** Footnotes:

Electronic Systems and Software:

1. In 2014, ES&S claimed that “in the past decade alone,” it had installed more than 260,000 voting systems, more than 15,000 electronic poll books, provided services to more than 75,000 elections. The company has installed statewide voting systems in Alabama, Arkansas, Georgia, Idaho, Iowa, Maine, Maryland, Minnesota, Mississippi, Montana, Nebraska, New Mexico, North Carolina, North Dakota, Rhode Island, South Carolina, South Dakota, and West Virginia. ES&S claims a U.S. market share of more than 60 percent in customer voting system installations.

The company maintains 10 facilities in the United States, two field offices in Canada (Pickering, Ontario; and Vancouver, British Columbia) and a warehouse in Jackson, Mississippi.

2. Dominion Voting Systems is a global provider of end-to-end election tabulation solutions and services. The company’s international headquarters are in Toronto, Canada, and its U.S. headquarters are in Denver, Colorado. Dominion Voting also maintains a number of additional offices and facilities in the U.S. and Europe.

Dominion’s technology is currently used in 33 U.S. states, including more than 2,000 customer jurisdictions. The company also has 100+ municipal customers in Canada.

3. Hart InterCivic Inc. is a privately held United States company that provides elections, and print solutions to jurisdictions nationwide. While headquartered in Austin, Texas, Hart products are used by hundreds of jurisdictions nationwide, including counties in Texas, the entire states of Hawaii and Oklahoma, half of Washington and Colorado, and certain counties in Ohio, California, Idaho, Illinois, Indiana, Kentucky, Oregon, Pennsylvania, and Virginia.

Hart entered the elections industry in 1912, printing ballots for Texas counties. (Side note: As Republican and Democratic state legislators hustle to pass a law moving Georgia toward paper ballot voting technology, election integrity advocates said they’re concerned a bill that already cleared the state Senate could lead to a new vulnerability in Georgia’s next voting system, if it becomes law.

One way a new system might work is through a touchscreen computer similar to those currently used in Georgia. It would print a paper ballot with a visual representation of a voter’s choices so they themselves can check for accuracy.

In some systems, counting the votes means scanning an entire image of the ballot that may include a timestamp and precinct information.

In other systems, barcodes or QR codes on a ballot would correspond with the voter’s choices, which can make counting easier and faster for election officials, said Peter Lichtenheld, vice president of operations with Hart Intercivic, one of several election technology companies that hired lobbyists at the statehouse this year.)

*** The text of the letter to the three vendors is below:

The full text of the senators’ letter is below:

Dear Mr. Braithwaite, Mr. Burt, and Mr. Poulos:

Recent reports of U.S. IT and software companies submitting to source code reviews in order to access foreign markets have raised concern in Congress given the sensitivity of the information requested by countries like China and the Russian Federation. As such, we write to inquire about the security of the voting machines you manufacture and whether your company has been asked to share the source code or other sensitive or proprietary details associated with your voting machines with the Russian Federation.

The U.S. intelligence community has confirmed that Russia interfered with the 2016 presidential elections. As a part of a multi-pronged effort, Russian actors attempted to hack a U.S. voting software company and at least 21 states’ election systems. According to the Chicago Board of Elections, information on thousands of American voters was exposed after an attack on their voter registration system.

Foreign access to critical source code information and sensitive data continues to be an often overlooked vulnerability. The U.S. government and Congress have recently taken steps to address some cyber vulnerabilities, including by banning the use Kaspersky Lab, a Moscow-based cybersecurity firm that has maintained a relationship with Russia’s military and intelligence sectors, from all U.S. government computers. Now, we must also ensure the security of our voting machines and associated software.

Recent reports indicate that U.S. based firms operating on U.S. government platforms gave Russian authorities access to their software. In order to sell their software within Russia, these companies allowed Russian authorities to review their source code for flaws that could be exploited. While some companies maintain this practice is necessary to find defects in software code, experts have warned that it could jeopardize the security of U.S. government computers if these reviews are conducted by hostile actors or nations. U.S. tech companies, the Pentagon, former U.S. security officials, and a former U.S. Department of Commerce official with knowledge of the source code review process have expressed concerns with this practice.

In addition, Russia’s requests for source code reviews have increased. According to eight current and former U.S. officials, four company executives, three U.S. trade attorneys, and Russian regulatory documents, between 1996 and 2013 Russia conducted reviews for 13 technology products from Western companies, but has conducted 28 such reviews in the past three years alone.

As the three largest election equipment vendors, your companies provide voting machines and software used by ninety-two percent of the eligible voting population in the U.S. According to voting machine testing and certification from the Election Assistance Commission, most voting machines contain software from firms which were alleged to have shared their source code with Russian entities. We are deeply concerned that such reviews may have presented an opportunity for Russian intelligence agents looking to attack or hack the United States’ elections infrastructure.  Further, if such vulnerabilities are not quickly examined and mitigated, future elections will also remain vulnerable to attack.

In order to help the security and integrity of our systems and to understand the scope of any potential access points into our elections infrastructure, we respectfully request answers to the following questions:

  1. Have you shared your source code or any other sensitive data related to your voting machines or other products with any Russian entity?
  2. To your knowledge, has any of the software that runs on your products been shared with any Russian entity?
  3. What steps have you taken or will you take in order to upgrade existing technologies in light of the increased threat against our elections?

The 2018 election season is upon us. Primaries have already begun and time is of the essence to ensure any security vulnerabilities are addressed before 2018 and 2020.

Thank you for your attention to this matter, and we look forward to working with you to secure our elections.

Sincerely,