IS the U.S. Taking Over the 5G Network?

 

 

A 5G network owned by the United States government? It’s not going to happen.

The U.S. government considering its own 5G network is nothing new, frightening, or likely to happen.

Could the Trump White House be pondering a nationalized 5G network? Yes, it’s distinctly possible. But it’s also highly unlikely to happen and the story is being blown dramatically out of proportion.

The latest Twitterverse kerfuffle was kicked up by an Axios report alleging consideration of “an unprecedented federal takeover of a portion of the nation’s mobile network to guard against China”. That’s an alarming claim, no matter what side of the political aisle you’re on. Axios is a relatively new publication, but they’ve made a name for themselves since their 2016 launch with a number high profile exclusives and well-sourced and researched pieces. This 5G report is well-sourced, but also takes a number of alarmist steps that ignore how the U.S. federal government actually functions.

Image result for 5g photo

Here’s what Axios is reporting:

We’ve got our hands on a PowerPoint deck and a memo — both produced by a senior National Security Council official — which were presented recently to senior officials at other agencies in the Trump administration. … The documents say America needs a centralized nationwide 5G network within three years.

Axios goes on to describe two options laid out in the report: that the government builds its own 5G network or that the various competing carriers in the US build their own. It’s worth noting that this is a proposal made by a single NSC member. This is how the government is supposed to work. The NSC is just one of many competing interests in the federal government, and its mandate is to advance strategies to maintain and enhance the security of the United States. It would indeed be in the national defense interests of the U.S. military to have a government-controlled high-speed low-latency nation-wide wireless network — rapid and clear communication is vital for successful military operations, and a 5G network would be enormously useful in that.

But… the NSC is still just one of many loud voices in the United States government. The Departments of State and Commerce and Justice would all have competing opinions on the proposal for a federal network, from international trade implications to pushback from the carriers that spend billions on lobbying. Not to mention the cost of such an endeavor.

Image result for 5gphoto

There is historical precedent for large investments that would support both military operations and civilian needs. The Interstate Highway System was funded by the federal government not just to dramatically improve inter-state travel and commerce — the primary impetus for its creation was the need to be able to quickly deploy military force throughout the United States in the event of a foreign invasion. The constellation of GPS satellites we rely on for navigating the world today is a U.S. Air Force project that was originally built for military purposes (and the government still has a switch to downgrade GPS accuracy for non-U.S. military users if deemed necessary).

Talk of a federally owned communications cellular network has been going on for decades, but it was kicked into high gear after the September 11, 2001 terrorist attacks. The strikes on New York City and the Pentagon didn’t just reveal the unpreparedness of the United States for such an unsophisticated attack — it also exposed weaknesses in the civilian-owned and operated cellular networks of the time. On that day the cellular networks in New York and DC were overwhelmed by the sheer number of users trying to access services — and that was well before today’s high-speed wireless internet services.

The biggest pushback would come from cellular network operators. Every U.S. carrier has already invested heavily in 5G, from research to live regional tests to making preparatory upgrades to their transmission infrastructure to handle the eventual roll-out of 5G-capable transceivers and consumer devices. Billions of dollars have already been laid out with the expectation that there will be much more invested in the networks and billions more reaped in profit. You can be certain that Verizon, AT&T, T-Mobile, and Sprint have already contacted their lobbying firms to communicate their displeasure.

Specialized equipment has long been a part of the military’s inventory. Just this weekend the story of expensive new refrigerators for Air Force One provoked outrage once the context of what the purchase actually consisted of (five bespoke flight-grade walk-in cooling units to store up to 3,000 meals on what is essentially a flying White House). Equipment like tanks and aircraft carriers and grenades is all exclusively manufactured for the military, to its specification. But the military has long also used off-the-shelf civilian hardware when it meets its needs and costs. Walk into the Pentagon and you’ll find government-issued HP and Dell laptops and officers walking around with issued iPhones running on Verizon and AT&T.

The United States has long had an interplay between the needs of the federal government and the civilian population. Sometimes there are things that only the government could effectively fund, organize, and operate, like the interstate system or GPS satellites. The costs behind those become easier to justify when they’re also available to civilian users. Conversely, there are things the civilian market is far better at — AT&T, Verizon, Sprint, and T-Mobile all have enormous expertise in cellular networks, they’ve already made huge investments in their network infrastructure that they’ll be able to leverage in building their 5G networks, and they’re already responsive to the needs of their customers — both civilian and government.

This proposal was dead in the water before it was ever presented. It’s almost amusing, following the Trump administration’s push against Net Neutrality being framed as unleashing the potential of web services and internet providers, to now see a proposal to create a national 5G network that the government would then lease to the carriers.

It’s worth repeating: this is just a proposal from one part of the government. Axios notes that it was already presented to other agencies, where I have no doubt it was met with significant resistance, if not outright derision. After all, the Trump government is supposed to be one that gets out of corporate business (for better or worse), and “we’re going to build a 5G network and you’ll just rent access from us because we’re the federal government” runs 100% counter to that.

There’s much the government could do to promote and accelerate the development and deployment of 5G networks in the United States, though it’d have to come with oversight than the billions of government subsidies paid to Verizon for a fiber network it never built. Grants to ensure deployment into rural areas, subsidies for low income access, regulation clean-up to ease the way for new installations, funding of university and corporate research projects in artificial intelligence and domestic development of these technologies — all of this is already within the wheelhouse of what the federal government can do, and sometimes already does.

Proposals like this are just how the government works. The military side of the equation is going to propose everything they can think of to ensure the most efficient and most effective military they can imagine, while the diplomats will propose their own missions and initiatives to promote their goals, and the economists are going to come with an entirely different set of proposals about trade and monetary policy and financial regulations. These will all be simultaneously complementary and contradictory. This is the nature of government — a dozen departments with competing goals in different arenas jockeying for limited resources. Their proposals are just part of what feeds into the decision-making process of the President and Congress, which are supposed to strike a balance between the needs of the military, business, international partners, civilians, and (of course) politics.

I would be utterly shocked if a government-owned 5G network ever comes to fruition. It’d be massively expensive and inefficient, not to mention well outside the government’s expertise and capability. It’d also see immediate and costly legal challenges, not to mention stand on legally tricky ground when the carriers have already paid billions to the government for the frequency licenses they need to deploy their own 5G networks.

The government would also have to pay for this somehow, and after a $1.5 trillion-dollar tax cut, there’s not a lot of spare cash laying around for GovCell.

Updated 10:33 a.m. Jan. 29: Here’s a statement from FCC Commissioner Ajit Pai, who also says it ain’t gonna happen:

“I oppose any proposal for the federal government to build and operate a nationwide 5G network. The main lesson to draw from the wireless sector’s development over the past three decades—including American leadership in 4G—is that the market, not government, is best positioned to drive innovation and investment. What government can and should do is to push spectrum into the commercial marketplace and set rules that encourage the private sector to develop and deploy next-generation infrastructure. Any federal effort to construct a nationalized 5G network would be a costly and counterproductive distraction from the policies we need to help the United States win the 5G future.”

Anyone Interested in FBI Director Wray’s Cyber Concerns?

New York City, New York
January 9, 2018

Raising Our Game: Cyber Security in an Age of Digital Transformation

Remarks prepared for delivery.

Good morning. It’s great to be here with you, and great to be back here in my hometown. Thank you all for joining us. I want to thank Father McShane and Fordham for continuing to help us bring people together to focus on cyber security.

Let me start by saying how honored I feel to be here representing the men and women of the FBI. The almost 37,000 agents, analysts, and staff I get to work with at Headquarters, in our field offices, and around the world are an extraordinary, dedicated, and quite frankly, inspiring bunch. Not a day goes by that I’m not struck by countless examples of their patriotism, courage, professionalism, and integrity. And I could not be more proud, but also humbled, to stand with them as we face the formidable challenges of today—and tomorrow.

The work of the FBI is complex and hits upon nearly every threat facing our country. Today, I’d like to focus on the cyber threat.

Most of you have been thinking about the challenges in this particular arena for a long time. Before taking this job a few months ago, the last time I had to think seriously about cyber security through a law enforcement or national security lens was 12 years ago. Back then, I was head of the Justice Department’s Criminal Division, which included the Computer Crimes and Intellectual Property Section and handled cyber investigations.

It’s safe to say that no area has evolved more dramatically since then, particularly given the blistering pace of technological change. And I’ve spent much of the past few months getting caught up on all things cyber. So maybe the most useful thing I can do today is to offer the viewpoint of someone who’s looking at this world with fresh eyes. I’d like to talk to you about what the cyber threat picture looks like today; what the FBI is doing about it; and most important of all, what’s the way forward? Where’s the threat going? And where do we need to be to meet that threat? And then if we have time, I hope to answer a few questions.

* * *

The cyber threat has evolved dramatically since I left DOJ in 2005. Back then, social media didn’t really exist as we know it today, and “tweeting” was something only birds did. Now…well, let’s just say it’s something that’s a little more on my radar. Today, we live much of our lives online, and everything that’s important to us lives on the Internet—and that’s a scary thought for a lot of people. What was once a minor threat—people hacking for fun or for bragging rights—has turned into full-blown economic espionage and lucrative cyber crime.

This threat now comes at us from all sides. We’re worried about a range of threat actors, from multi-national cyber syndicates and insider threats to hacktivists. We’re seeing an increase in nation-state sponsored computer intrusions. And we’re also seeing a “blended threat”—nation-states using criminal hackers to carry out their dirty work. We’re also concerned about a wide gamut of methods, from botnets to ransomware.

So what’s the FBI doing about the cyber threat? Realistically, we know we can’t prevent every attack, or punish every hacker. But we can build on our capabilities. We can strengthen our partnerships and our defenses. We can get better at exchanging information to identify the telltale signs that may help us link cyber criminals to their crimes. We can impose a variety of costs on criminals who think they can hide in the shadows of cyber space.

We can do all these things—and we are doing all these things.

We’re improving the way we do business, blending traditional investigative techniques with technical capabilities. We’re now assigning work based on cyber experience and ability, rather than on jurisdiction. We now have Cyber Action Teams of agents and experts who can deploy at a moment’s notice, much like our Counterterrorism Fly Teams. We also now have Cyber Task Forces in every field office—much like our Joint Terrorism Task Forces—that respond to breaches, conduct victim-based investigations, and collect malware signatures and other actionable intelligence.

So we’ve strengthened our investigative capabilities, but we need to do our best to actually lay hands on the culprits and lock them up. And even where we can’t reach them, we’re now using all the tools at our disposal—we’re “naming and shaming” them with indictments, and we’re seeking sanctions from the Treasury Department.

We’re also building on our partnerships. We’re working more closely with our federal partners, because this threat is moving so quickly that there’s no time for turf battles. It doesn’t matter if you call us, or DHS, or any other agency—we all work together, so your information will get where it needs to go and you’ll get the help you need. We care less about who you call than that you call, and that you call as promptly as possible.

We’re also working more closely with our foreign partners. We now have cyber agents embedded with our international counterparts in strategic locations worldwide, helping to build relationships and coordinate investigations.

We’re also trying to work better with our private sector partners. We’re sharing indicators of compromise, tactics cyber criminals are using, and strategic threat information whenever we can. I’m sure you can appreciate there are times when we can’t share as much as we’d like to, but we’re trying to get better and smarter about that.

The good news is, we’ve made progress on a number of important fronts. Just this past summer, we took down AlphaBay—the largest marketplace on the DarkNet. Hundreds of thousands of criminals were anonymously buying and selling drugs, weapons, malware, stolen identities, and all sorts of other illegal goods and services through AlphaBay. We worked with the DEA, the IRS, and Europol, and with partners around the globe, to dismantle the illicit business completely. But we were strategic about the takedown—we didn’t want to rush it and lose these criminals. So, we waited patiently and we watched. When we struck, AlphaBay’s users flocked to another DarkNet marketplace, Hansa Market, in droves—right into the hands of our Dutch law enforcement partners who were there waiting for them, and they shut down that site, too.

So we’re adapting our strategy to be more nimble and effective. But the bad news is, the criminals do that too.

I mentioned the “blended threat” earlier. Recently we had the Yahoo matter, where hackers stole information from more than 500 million Yahoo users. In response, last February we indicted two Russian Federal Security Service officers and two well-known criminal hackers who were working for them. That’s the “blended threat”—you have intelligence operatives from nation-states like Russia now using mercenaries to carry out their crimes.

In March, our partners in the Royal Canadian Mounted Police arrested one of the hackers in Canada. The other three are Russian citizens living in Russia, but we made the judgment that it was worth calling them out, so now they’re also fugitives wanted by the FBI—so their vacation destinations are more limited.

So we’re making strides and we’ve had a number of successes—but the FBI still needs to do more to adapt to meet the cyber challenge.

For example, we want to do more to mitigate emerging threats as they spread. While we may not be able to stop all threats before they begin, we can do more at the beginning to stop threats before they get worse. We can share information, identify signatures, and stop similar attacks from happening elsewhere. But to do that, we need the private sector to work with us. At the FBI, we treat victim companies as victims. So, please: When an intrusion affects critical infrastructure; when there’s a potential for impact to national security, economic security, or public health and safety; when an attack results in a significant loss of data, systems, or control of systems; or when there are indications of unauthorized access to—or malware present on—critical IT systems, call us. Because we want to help you, and our focus will be on doing everything we can to help you.

Another thing driving the FBI’s work is that at some point, we’ll have to stop referring to all technical and digital challenges as “cyber.” Sophisticated intrusions and cyber policy issues are very much at the forefront of the conversation. But we also have to recognize that there’s a technology and digital component to almost every case we have now.

Transnational crime groups, sexual predators, fraudsters, and terrorists are transforming the way they do business as technology evolves. Significant pieces of these crimes—and our investigations of them—have a digital component or occur almost entirely online. And new technical trends are making the investigative environment a lot more complex. The Internet of Things, for example, has led to phenomena like the Mirai botnet—malware that uses all these connected devices to overwhelm websites, like the attacks that took down Netflix and Twitter last year.

The digital environment also presents new challenges that the FBI has to address—all kinds of twists for us in terms of what’s coming down the pike. Advances like artificial intelligence or crypto currencies have implications not only for the commercial sector, but for national security. Encrypted communications are changing the way criminals and terrorists plan their crimes—I’ll have more to say on that in a moment. And the avalanche of data created by our use of technology presents a huge challenge for every organization.

I’m convinced that the FBI—like a lot of other organizations—hasn’t fully gotten our arms around these new technologies and their implications for our national security and cyber security work. On our end, we know we need to be working with the private sector to get a clearer understanding of what’s coming around the bend. We need to put our heads together, in conferences like this and in other ways, so we’re better prepared, not just to face current threats, but the threats that will come at us five, 10, and 15 years from now.

When I was last in government, I saw how the 9/11 attacks spurred the FBI to fundamentally transform itself into a more intelligence-based national security organization. In the same way, I believe the new digital environment demands further fundamental transformation from us.

Over the years, FBI investigators have made huge strides in responding to the investigative challenges posed by the digital realm. We have pockets of excellence and talent that we’ve relied on to tackle our most complex technical challenges. But with the wholesale rise of digital challenges, this model won’t work for us anymore. As a big organization spread across 56 field offices and over 80 international offices, we need a new approach. We’ve got to increase our digital literacy across the board.

Some of our smartest people are looking at these challenges and thinking strategically about how the entire FBI can evolve in this rapidly changing environment. We’re focused on building our digital capabilities. We’re also focusing on our people, making sure we continue to attract the right skills and talent—and develop the right talent internally.

One issue I’m fixated on is whether we’re recruiting, hiring, and training now the kind of tech-savvy people we’ll need in five or 10 years. We know that we need more cyber and digital literacy in every program throughout the Bureau—organized crime, crimes against children, white-collar crime, just to name a few. Raising the average digital proficiency across the organization will allow all of our investigators to counter threats more efficiently and effectively, while freeing our true cyber “black belts” to focus on the most vexing attacks, like nation-state cyber intrusions.

We also need to focus more on innovation, approaching problems in new ways, with new ideas—which isn’t something, to be honest, that always comes naturally in government. We can’t just rely on the way we’ve always done things. And I don’t mean just technological innovation; I mean innovation in how we approach challenges, innovation in partnerships, innovation in who we hire, innovation in how we train, and innovation in how we build our workforce for the future.

So we need more innovation, and more of the right people. But the FBI can’t navigate the digital landscape alone. We also need to build stronger partnerships—with our counterparts in federal agencies, with our international counterparts, with the cyber research community, and with the private sector. And we need to do a better job of focusing our combined resources—trying to get our two together with your two to have it somehow equal more than four; to make it five or six or seven.

Finally, in some cases we may need lawmakers to update our laws to keep pace with technology. In some ways, it’s as if we still had traffic laws that were written for the days of the horse-and-carriage. The digital environment means we don’t simply need improved technical tools; we also need legal clarifications to address gaps.

* * *

I want to wrap up by talking about two challenges connected to the digital revolution. The first is what we call the “Going Dark” problem. This challenge grows larger and more complex every day. Needless to say, we face an enormous and increasing number of cases that rely on electronic evidence. We also face a situation where we’re increasingly unable to access that evidence, despite lawful authority to do so.

Let me give you some numbers to put some meat on the bones of this problem. In fiscal year 2017, we were unable to access the content of 7,775 devices—using appropriate and available technical tools—even though we had the legal authority to do so. Each one of those nearly 7,800 devices is tied to a specific subject, a specific defendant, a specific victim, a specific threat.

I spoke to a group of chief information security officers recently, and someone asked about that number. They basically said, “What’s the big deal? There are millions of devices out there.” But we’re not interested in the millions of devices used by everyday citizens. We’re only interested in those devices that have been used to plan or execute criminal or terrorist activities.

Some have argued that having access to the content of communications isn’t necessary—that we have a great deal of other information available outside of our smart phones and our devices; information including transactional information for calls and text messages, or metadata. While there’s a certain amount we can glean from that, for purposes of prosecuting terrorists and criminals, words can be evidence, while mere association between subjects isn’t evidence.

Being unable to access nearly 7,800 devices is a major public safety issue. That’s more than half of all the devices we attempted to access in that timeframe—and that’s just at the FBI. That’s not even counting a lot of devices sought by other law enforcement agencies—our state, local, and foreign counterparts. It also doesn’t count important situations outside of accessing a specific device, like when terrorists, spies, and criminals use encrypted messaging apps to communicate.

This problem impacts our investigations across the board—human trafficking, counterterrorism, counterintelligence, gangs, organized crime, child exploitation, and cyber. And this issue comes up in almost every conversation I have with leading law enforcement organizations, and with my foreign counterparts from most countries—and typically in the first 30 minutes.

Let me be clear: The FBI supports information security measures, including strong encryption. But information security programs need to be thoughtfully designed so they don’t undermine the lawful tools we need to keep this country safe.

While the FBI and law enforcement happen to be on the front lines of this problem, this is an urgent public safety issue for all of us. Because as horrifying as 7,800 in one year sounds, it’s going to be a lot worse in just a couple of years if we don’t find a responsible solution.

The solution, I’ll admit, isn’t so clear-cut. It will require a thoughtful and sensible approach, and may vary across business models and technologies, but—and I can’t stress this enough—we need to work fast.

We have a whole bunch of folks at FBI Headquarters devoted to explaining this challenge and working with stakeholders to find a way forward. But we need and want the private sector’s help. We need them to respond to lawfully issued court orders, in a way that is consistent with both the rule of law and strong cybersecurity. We need to have both, and can have both.

I recognize this entails varying degrees of innovation by the industry to ensure lawful access is available. But I just don’t buy the claim that it’s impossible.

For one thing, many of us in this room use cloud-based services. You’re able to safely and securely access your e-mail, your files, and your music on your home computer, on your smartphone, or at an Internet café in Tokyo. In fact, if you buy a smartphone today, and a tablet in a year, you’re still able to securely sync them and access your data on either device. That didn’t happen by accident. It’s only possible because tech companies took seriously the real need for both flexible customer access to data and cyber security. We at the Bureau are simply asking that law enforcement’s lawful need to access data be taken just as seriously.

Let me share just one example of how we might strike this balance. Some of you might know about the chat and messaging platform called Symphony, used by a group of major banks. It was marketed as offering “guaranteed data deletion,” among other things. That didn’t sit too well with the regulator for four of these banks, the New York State Department of Financial Services. DFS was concerned that this feature could be used to hamper regulatory investigations on Wall Street.

In response to those concerns, the four banks reached an agreement with the Department to help ensure responsible use of Symphony. They agreed to keep a copy of all e-communications sent to or from them through Symphony for seven years. The banks also agreed to store duplicate copies of the decryption keys for their messages with independent custodians who aren’t controlled by the banks. So the data in Symphony was still secure and encrypted—but also accessible to regulators, so they could do their jobs.

I’m confident that with a similar commitment to working together, we can find solutions to the Going Dark problem. After all, America leads the world in innovation. We have the brightest minds doing and creating fantastic things. If we can develop driverless cars that safely give the blind and disabled the independence to transport themselves; if we can establish entire computer-generated virtual worlds to safely take entertainment and education to the next level, surely we should be able to design devices that both provide data security and permit lawful access with a court order.

We’re not looking for a “back door”—which I understand to mean some type of secret, insecure means of access. What we’re asking for is the ability to access the device once we’ve obtained a warrant from an independent judge, who has said we have probable cause.

We need to work together—the government and the technology sector—to find a way forward, quickly.

In other parts of the world, American industry is encountering requirements for access to data—without any due process—from governments that operate a little differently than ours, to put it diplomatically. It strikes me as odd that American technology providers would grant broad access to user data to foreign governments that may lack all sorts of fundamental process and rule of law protections—while at the same time denying access to specific user data in countries like ours, where law enforcement obtains warrants and court orders signed by independent judges.

I just cannot believe that any of us in this room thinks that paradox is the right way to go. That’s no way to run a railroad, as the old saying goes.

A responsible solution will incorporate the best of two great American traditions—the rule of law and innovation. But for this to work, the private sector needs to recognize that it’s part of the solution. We need them to come to the table with an idea of trying to find a solution, as opposed to trying to find a way to build systems to prevent a solution. I’m open to all kinds of ideas, because I reject this notion that there could be such a place that no matter what kind of lawful authority you have, it’s utterly beyond reach to protect innocent citizens. I also can’t accept that anyone out there reasonably thinks the state of play as it exists now—and the direction it’s going—is acceptable.

Finally, let me briefly mention another issue that has a huge effect on the FBI’s national security work, including cyber—the re-authorization of Section 702 of the Foreign Intelligence Surveillance Act, or FISA.

The speed and scope of the cyber threat demands that we use every lawful, constitutional tool we’ve got to fight it. Section 702 is one of those tools.

I want to stress once again how vital this program is for the FBI’s national security mission. Section 702 is an essential foreign intelligence authority that permits the targeted surveillance of non-U.S. persons overseas. It’s especially valuable to the FBI, because it gives us the agility we need to stay ahead of today’s rapidly changing global threats.

I bring all this up today because unless renewed by Congress, Section 702 is set to expire later this month. Without 702, we would open ourselves up to intelligence gaps that would make it easier for bad cyber actors and terrorists to attack us and our allies—and make it harder for us to detect these threats.

We simply can’t afford for that to happen. So the FBI has spent an enormous amount of time, as have our partners in the intelligence community, working together with Congress to find a way to re-authorize Section 702 while addressing their concerns. My fervent hope is that before the extension expires, Congress will re-authorize Section 702 in a manner that doesn’t significantly affect our operational use of the program, or endanger the security of the American people.

* * *

So that’s a perspective on cyber from the new guy back on the block.

If one thing’s become clear to me after immersing myself again in this world for the past few months, it’s the urgency of the task we all face. High-impact intrusions are becoming more common; the threats are growing more complex; and the stakes are higher than ever.

That requires all of us to raise our game—whether we’re in law enforcement, in government, in the private sector or the tech industry, in the security field, or in academia. We need to work together to stay ahead of the threat and to adapt to changing technologies and their consequences—both expected and unexpected. Because at the end of the day, we all want the same thing: To protect our innovation, our systems, and, above all, our people.

Thank you all for everything you’re doing to make the digital world safer and more secure, and for joining us here in New York. I look forward to working with you in the years to come.

**** Image result for fbi cyber unit operations photo

The FBI’s mission in cybersecurity is to counter the threat by investigating
intrusions to determine criminal, terrorist, and nation-state actor identities, and engaging in activities
to reduce or neutralize these threats. At the same time, the FBI collects and disseminates information significant to those responsible for defending networks, including information regarding threat actor targets and techniques.
The FBI’s jurisdiction is not defined by network boundaries; rather, it includes all territory governed by
U.S. law, whether domestic or overseas, and spans individual citizens, private industry, critical
infrastructure, U.S. government, and other interests alike. Collectively, the FBI and its federal partners
take a whole-of-government approach to help deter future threats and bring closure to current threats
that would otherwise continue to infiltrate and harm our network defenses.
In July 2015, the FBI, in coordination with foreign law enforcement partners, dismantled a computer
hacking forum known as Darkode, which was a one-stop, high-volume shopping venue for some of the
world’s most prolific cyber criminals. This underground, password-protected online forum was a
meeting place for those interested in buying, selling, and trading malware, botnets, stolen personally
identifiable information, and other pieces of data and software that facilitated complex global cyber
crimes. As the result of this multi-year investigation, called Operation Shrouded Horizon, the FBI’s
Cyber Division and international partner agencies took down Darkode through coordinated law
enforcement action.
This international takedown involved Europol and 20 cooperating countries and is
believed to be the largest coordinated law enforcement operation to date against a forum based criminal
enterprise. Operation Shrouded Horizon resulted in charges, arrests, and searches of 70 Darkode
members and associates including indictments in the United States against 12 individuals associated
with the forum including the administrator. As part of the law enforcement action, the FBI seized
Darkode’s domain name and servers. This operation highlighted the FBI Cyber Division’s mission to
identify, pursue, and defeat cyber adversaries targeting global U.S. interests through collaborative
international partnerships. More here.

Iran’s Supreme Leader, the Nuclear Deal, Protests and Boeing

It is the conglomerate that the Supreme Leader, the Ayatollah Khamenei owns exclusively. “Setad Ejraiye Farmane Hazrate Emam,” or Setad.

Image result for Setad Ejraiye Farmane Hazrate Emam

Setad was originally sanctioned by the U.S. Treasury in June 2013. The conglomerate “produces billions of dollars in profits for the Iranian regime each year,” said David Cohen, then the Treasury’s under secretary for terrorism and financial intelligence, at a Senate banking committee hearing that year.

Setad, Cohen said at the time, controls “massive off-the-books investments” hidden from the Iranian people and regulators.

All entities sanctioned for being part of the Iranian government are being taken off the SDN list as part of the nuclear deal, also called the Joint Comprehensive Plan of Action (JCPOA), though U.S. persons and entities will still be banned from dealing with them.

In January of 2017, a review by Reuters noted: But a Reuters review of business accords reached since then shows that the Iranian winners so far are mostly companies owned or controlled by the state, including Iran’s Supreme Leader, Ayatollah Ali Khamenei.

Of nearly 110 agreements worth at least $80 billion that have been struck since the deal was reached in July 2015, 90 have been with companies owned or controlled by Iranian state entities, the Reuters analysis shows.

In December of 2017: Treasury Department officials must publish a report chronicling the financial assets of Iran’s top leaders, under a bill that passed the House on Wednesday.

The legislation, which passed 289-135, must still clear the Senate before President Trump can sign it into law. It’s a potential boon to Iranian dissidents against the regime, who stand to gain insight into corruption by top officials.

Related:

Podcast – Upheaval in Iran: Causes and Consequences

Meanwhile, as the protests continue in Iran against the regime and rightly so, questions arise due to not only Senate votes on sanctions but staying with the Joint Comprehensive Plan of Action, meaning the Iran nuclear deal.

Image result for Setad Ejraiye Farmane Hazrate Emam photo

Why is there even a question based on additional facts surfacing in the last year? Well, the left and those that remain with John Kerry and Barack Obama are adding new pressures to stay in the JCPOA. Further, complications arise from those countries that are also part of the deal. They too want the deal sustained.

In a story titled “U.S. security experts back Iran nuclear deal, as Trump faces deadlines,” Reuters reports that a coalition of national security experts want the president to continue the Iran deal. The report claims, without any context, that all of the people who signed a letter in favor of the deal are “national security experts.” Additionally, these “experts” are from an organization called the “National Coalition to Prevent an Iranian Nuclear Weapon.”

It turns out, however, that some of those listed on the document have severe conflicts of interests, none of which were disclosed in the letter.

It also turns out that the National Coalition to Prevent an Iranian Nuclear Weapon is not an actual organization. A Google search of the group turned up nothing before Monday. The group was created this week with the apparent purpose of garnering support for the nuclear deal. None of this is reported in the Reuters article. It is only revealed through the group’s statement provided on The National Interest website.

The outfit’s title also presumes its members are national security hawks, when this is far from the case.

Members of the “National Coalition” include a who’s who of the prominent organizers of the campaign to rally support for the Obama administration’s nuclear deal with Tehran.

Included on the list is Joseph Cirincione, who served as the money man for President Obama’s Iran “echo chamber.” Cirincione has admitted to paying off a “network of 85 organizations and 200 individuals” who were “decisive in the battle for public opinion” over the Iran deal.

Gary Sick, another signee, was one of the chief organizers of the Iran echo chamber. According to the Washington Free Beacon, Sick created an invite-only listserv to distribute pro-Tehran talking points to Obama-friendly journalists and influential figures.

The coalition also includes Ambassador Thomas Pickering, who is a paid lobbyist for Boeing. The aviation company is attempting to secure a multi-billion-dollar jetliner deal with the Iranian regime. If the Iran deal falls through, so does Boeing’s deal.

Paul Pillar, a disgraced former CIA officer who was also on the letter, once drafted talking points arguing that it’s not a big deal if Iran is able to develop a nuclear weapon. “If Iran develops a nuclear weapon, the United States and the West could live with it, without important compromise to U.S. interests,” he wrote, according to Eli Lake of Bloomberg News.

It remains a mystery what President Trump will decide this time around. He has been troubled by Iran’s violent response to countrywide protests. The president has leveraged social media and several executive departments to raise awareness about the plight of Iranian protesters. He has also mulled enacting further sanctions against the regime.

As an aside, there too is pressure from Boeing, they want to protect the sale agreements of planes to Iran such that they have offered to ‘finance’ the payments, essentially layaway. Iran is looking for a method to make payments of $44B to both Air Bus and Boeing. Humm….but that Supreme leader has a major conglomerate remember?

 

 

Singapore IP Address Hacking the Winter Olympics

BBC: Hackers have attempted to steal sensitive data from groups involved with next month’s Winter Olympics, cyber-security firm McAfee said.

The report found malware-infected emails were sent last month to organisations linked to the Pyeongchang Games.

It did not identify those responsible, but said more attacks tied to the upcoming Olympics were likely.

In similar past attacks, hackers tried to obtain passwords and financial data.

‘Casting net wide’

McAfee said a number of groups associated with the Olympics had received malicious emails – including several affiliated with ice hockey.

“The majority of these organisations had some association with the Olympics, either in providing infrastructure or in a supporting role,” the security firm said.

“The attackers appear to be casting a wide net with this campaign.”

The emails were sent from a Singapore IP address and told readers to open a text document in Korean.

McAfee said the hackers were trying to trick recipients into believing the emails had come from South Korea’s National Counter-Terrorism Center – which at the time was in the process of conducting anti-terror drills in the region.

In some cases the hackers used a technique in known as steganography which hides malware in text and images.

McAfee echoed recent warnings from University of California researchers to expect more cyber-attacks targeting major sporting events.

“With the upcoming Olympics, we expect to see an increase in cyber attacks using Olympics-related themes,” the security firm said.

It comes as Pyongyang prepares to hold official talks with South Korea for the first time in more than two years.

North Korea accepted an offer to attend the meeting on 9 January that will focus on finding a way for its athletes to attend the Games.

***

It uses a previously unseen form of malware designed to hand control of the victim’s machine over to the attackers. Among those sent the messages are individuals associated with the ice hockey tournament at the Games. The attack has been dubbed ‘Operation PowerShell Olympics’ by the researchers at McAfee Labs, who uncovered it taking place in late December.

winter-oympic-phishing.png

The lure document used in the cyber-attacks targeting the South Korea Winter Olympics.

Image: McAfee Labs

During the course of the investigation, researchers discovered a cached Apache server log which showed an IP address from South Korea connecting to the specific URL paths contained in the PowerShell implants, indicating that the intended targets were likely to have been infected.

Further investigation revealed the IP address from the PowerShell implant was connected to an anonymous domain provider based in Costa Rica, with the attacker using this domain to link up to the South Korean Ministry of Agriculture and Forestry, which the attacker has somehow managed to use parts of to carry out the attack.

Researchers are uncertain how many have been infected by the attack, but the campaign is thought to have targeted a wide range of South Korean organisations in the run up to the Winter Olympics. In similar campaigns in the past, victims were targeted for their passwords and financial information.

The phishing document was created on December 22, but rather than containing macros, it uses OLE (Objective Linking and Embedding) streams to carry out the attack. The document has been created by the same author, ‘John’, who created the malicious PowerShell script.

However, despite some evidence about how the attacks took place, researchers haven’t been able to identify the perpetrator — but they do note that whoever is behind the campaign must be fluent in the Korean language and the motive is to gather intelligence about organisations involved in the South Korea-hosted Winter Olympics.

“Technical details alone are often not enough to determine attribution. We are able to ascertain that the attackers have been trained in Korean language to ensure that the targets open the attachment, and the objective seems to be to gather information on the planning, direction and infrastructure related to the Olympics,” said Sherstobitoff.

Researchers warn that in the run up to the Winter Olympics, attackers will continue to use the event as a lure to carry out cyber-attacks.

To avoid falling victim to such attacks — including fileless malware distributed as part of Operation Powershell Olympics — organisations should educate their employees to be mindful of suspicious emails and unexpected attachments. More here from zdnet

The Post Obama Iran Report

 

Former Mossad Chief explains, it is all about the Iran threat. Clearly, the Obama administration including is National Security Council and both Secretaries of State focused more on Israel and accusatory ‘occupier’ status than on Iran.

*** Image result for iran kitten hacking photo

Behzad Mesri, the Iranian national the US has accused of hacking HBO this year, is part of an elite Iranian cyber-espionage unit known in infosec circles as Charming Kitten, according to a report released yesterday by Israeli firm ClearSky Cybersecurity.

Known as an APT (Advanced Persistent Threat), this group has been active since 2013 and is believed to be operating under the protection of the local Iranian government.

The group’s activities have been first exposed in March 2014, when US cyber-security firm FireEye published a report entitled “Operation Saffron Rose.”

Charming Kitten —also tracked under various codenames such as Newscaster, NewsBeef, Flying Kitten, and the Ajax Security Team— was one of the most active Iran-based cyber-espionage units at the time, but once the FireEye report went public, the group dismantled its infrastructure and went dormant.

Subsequent research published by Iran Threats and ClearSky show that parts of the old Charming Kitten infrastructure, such as malware and credential theft resources, have been reused by another Iranian cyber-espionage unit named Rocket Kittens, and possibly more.

Various experts have pointed out that most of these groups are most likely operating under the protection and guidance of Iranian military, hence the reason why some resources are used not by one or two, but multiple APTs.

According to the official indictment, US officials said Mesri worked for the Iranian military, but that he also lived a separate life as a hacker. Evidence shows that Mesri defaced hundreds of websites and most likely carried out the HBO hack outside of his role in the Charming Kittens operations, most of which have targeted Iranian dissidents.

Mesri had connections to other Charming Kitten members

The 59-page ClearSky report released yesterday shows a web of connections between Mesri and other members of the Charming Kitten espionage unit, including connections to a hacktivist group known as the Turk Black Hat Security hacking group, where Mesri operated under the pseudonym of “Skote Vahshat,” together with other persons linked to Iranian APTs.

Besides Charming Kitten and the subsequent Rocket Kitten incarnation, Iran is home to other APT groups such as OilRig [1, 2], CopyKittens, and Magic Hound (Cobalt Gypsy, Timberworm), all very active.

In fact, Iranian actors are some of the most active groups around, albeit far from the most sophisticated. Their usual targets are businesses, human rights groups, individuals, and nearby governments of interest or at odds with the Iranian government — such as Saudi Arabian companies and government agencies, or Israeli military and government targets.

According to multiple reports, the Charming Kittens group of which Mesri is suspected of being a member, operated using mundane spear-phishing and watering hole attacks, and targeted individuals using made-up organizations and people, fake news sites, or by impersonating real companies.

The group was not sophisticated like US, Chinese, or Russian counterparts, but persisted with attacks until they got access to their targets’ email inbox and social media accounts, most likely to gather information on a person’s past or upcoming plans. More details here.

***

Image result for iran kitten hacking photo

Is Iran a cyber threat? Yes and gaining hacking abilities quickly.

Tehran poses an increasing cyber threat to the U.S., in light of the Trump administration’s allegations that Iran is violating United Nations Security Council resolutions tied to the nuclear agreement. Iran-sponsored hackers—dismissively referred to as “kittens” for their original lack of sophistication—are bolstering their cyber warfare capabilities as part of their rivalry with Saudi Arabia. But should President Donald Trump take further steps to scrap the nuclear deal, it could mean an uptick in Iranian state-sponsored cyber intrusions into American and allied systems, with the goals of espionage, subversion, sabotage and possibly coercion.

  • Since 2011, Iran has worked to establish itself as a prominent aggressor in cyberspace, alongside China, Russia and North Korea. Evolving from mere website defacement and crude censorship domestically in the early 2000s, Iran has become a player in sustained cyber espionage campaigns, disruptive denial of service (DDoS) attacks and the probing of networks for critical infrastructure facilities.
  • Iran wasn’t pursuing cyber capabilities with much urgency, experts say, until it was revealed  in 2010 that a joint Israeli-U.S. Stuxnet worm sabotaged nuclear centrifuges at Iran’s facility in Natanz. As the first-known instance of virtual intrusions resulting in physical effects, the operation demonstrated the potential effectiveness of such an attack and has informed much of Iranian cyber operations since.
  • Iran often has conducted disruptive cyber operations loosely in response to actions taken by others. It sees offensive cyber operations as an asymmetric but proportional tool for retaliation. For example, following the Stuxnet attack and the imposition of new sanctions on Iran’s oil and financial sectors in 2011, Tehran was suspected of retaliating in 2012 by releasing the Shamoon disk-wiping malware into the networks of Saudi oil giant Saudi Aramco and Qatar’s natural gas authority, RasGas. It also launched volleys of DDoS attacks against at least 46 major U.S. financial systems.
  • Iran commonly conducts its state-sponsored cyber operations behind a thin veil of hacktivism. From 2011 to 2013, a group calling itself the Qassam Cyber Fighters launched DDoS attacks that flooded the servers of U.S. banks with artificial traffic until they became inaccessible. In March 2016, the Justice Department unsealed indictments of seven individuals—employees of the Iran-based computer companies ITSecTeam and Mersad Company—for conducting the DDoS attacks — and intrusions into a small dam in upstate New York—on behalf of the Islamic Revolutionary Guard Corps (IRGC), the arm of Iran’s military formed in the aftermath of the 1979 Iranian revolution.

While much of Iran’s cyber operations have been attempts at asymmetric disruption against its Gulf rivals, Israel and the United States, it has recalculated since the 2015 negotiation of the Joint Comprehensive Plan of Action (JCPOA), the Iran nuclear deal.

  • Under scrutiny by the international community, Iran has largely reined in disruptive attacks against the U.S., with some operations still deployed against Saudi Arabia. In November 2016, a variant of the disk-wiping malware Shamoon was deployed against Saudi aviation and transportation authorities.

Rather than relying on disruptive attacks against the West, Iran has pursued cyber-enabled information warfare against its regional competitors, namely Saudi Arabia. By utilizing cyber proxies to access and weaponize privileged information, Iran has subtly sought to undermine Saudi Arabia’s political standing in the region and in the eyes of international allies. This kind of grey-zone offensive—an act short of war—is a page right out of the Russian intelligence playbook of active measures in Europe and the U.S.

  • In April 2015, the pro-Saudi newspaper Al Hayat was hacked by a group calling itself the Yemen Cyber Army, which experts say has loose ties to Iran. The attack replaced the media outlet’s front page with threatening messages aimed at dissuading the Saudis from getting involved in the civil unrest bubbling across their southern border. The hack was followed quickly by stories on Iran’s state-run FARS news agency and Russia’s RT network, citing the Yemen Cyber Army for breaching the Saudi foreign ministry and its threats to release personal information on Saudi officials and expose diplomatic correspondence that allegedly suggested Saudi support of Islamist groups in the region. One month later, WikiLeaks published material likely taken from the trove of stolen correspondence.
  • In another example, an Iran-linked Hezbollah hacktivist group known as the Islamic Cyber Resistance leaked sensitive material related to the Saudi army, the Saudi Binladin Group and the Israeli Defense Forces, following the December 2013 assassination of Hezbollah leader Hassan al-Laqis, according to Matthew McInniss, an AEI scholar now working on Iran in the Trump State Department. Ties also have been detected between Iran and the Syrian Electronic Army, the hacking wing of the regime of Bashar al-Assad, according to Cipher Brief expert and former CIA and NSA chief Michael Hayden.
  • The link between Iranian government support and the cyber proxy actors is difficult to prove. But it would follow the pattern of Iranian military assistance given to other types of proxy forces in Lebanon, Syria and Yemen.
  • The governmental structure in Iran that oversees cyber-related activities is the Supreme Council of Cyberspace, established by Ayatollah Ali Khamenei in March 2012. It consists of representatives from various Iranian intelligence and security services. However, the direct command-and-control structure for engaging in cyber operations remains a mystery, particularly when it comes to cyber proxies. While it could be the responsibility of Iran’s Quds Force, the external wing of the IRGC, the lack of a clear command-and-control system could be intentional. Similar to Iran’s “mosaic defense” military structure, cyber operations appear more decentralized and fluid than other countries with advanced cyber capabilities—Russia and China, for example—complicating the tracking and attribution of attacks.

The Iranian nuclear deal may have had some cyber-deterrent value, in that it reined in Iranian disruptive attacks against the West, but this could be short-lived. Rhetoric from the Trump administration is stoking the fire, including recent statements by U.S. Ambassador to the United Nations Nikki Haley that Iran is violating the nuclear agreement.

  • Iran, as a result, is likely to engage in broad-spectrum cyber espionage to alleviate that uncertainty. For example, Operation Cleaver in 2012-14 hit U.S. military targets, as well as systems in critical industries such as energy and utilities, oil and gas, chemicals, airlines and transportation hubs, global telecommunications, healthcare, aerospace, education and the defense industrial base. Earlier this month, reports surfaced of a new Iranian state-sponsored actor—referred to as APT 34—conducting reconnaissance of critical infrastructure in the Middle East.
  • While the probing of such essential systems is alarming, it is expected as a contingency plan, should relations with adversaries escalate. The New York Times reported that the U.S. had similar plans – known as Operation Nitro Zeus – to disrupt Iranian critical services should the nuclear negotiations have gone sideways during the Obama administration. It is likely the Trump administration is devising similar contingency plans. Learn more about the contributors here.