Category Archives: NSA Spying

Hacking Public Schools, 757’s and the Defense Dept

Posted on by

Hack-O-Matic…some good ones and others not so much.

800 Schools

“Unless we have irrefutable evidence to suggest otherwise, we need to assume confidential data has been compromised,” Hamid Karimi, vice president of business development and the security expert at Beyond Security. “That should be a cause for concern. To remedy the situation, all schools and institutions that serve minors must submit to (a) stricter set of cybersecurity rules.”

photo

The breached school websites, which spanned nationwide from New Jersey to Arizona and Virginia to Connecticut, are all powered by a company called SchoolDesk. The company since has handed over its server —  which runs out of Georgia —  to the FBI for investigation and also has hired external security firms to trace the hackers. The Atlanta-based company said after the hack that technicians detected that a small file had been injected into the root of one of its websites.

“The websites were redirected to an iframed YouTube video. No data was lost or altered in any way. Because we’re currently working with the FBI in an active investigation of this incident, as well as forensic team from Microsoft, we cannot yet discuss any technical details or exact methods of access to SchoolDesk’s network or software,” a spokesperson for SchoolDesk told Fox News.

The company has insisted that no personal or student information was exposed, but some security experts say the matter should be closely monitored, especially as minors are involved.

“In most hacks, organizations do not have full visibility into what happened or what information was compromised,” surmised Eric Cole, who served as commissioner on cyber security for President Barack Obama, and was formally a senior vice president at MacAfee and the chief scientist at Lockheed Martin. “In almost every breach, what is initially reported is usually extremely conservative and over the weeks following a breach, it is always worse than what was originally reported.”

The proud culprits of the hack? A shadowy pro-ISIS hacktivist outfit known as “Team System DZ.” Barely reported by Fox News, while other media outlets did nothing about about.

***

Pentagon Hackers for Hire

Just over a year ago, following the success of the pilot, we announced the U.S. Department of Defense was expanding its “Hack the Pentagon,” initiatives. To date, HackerOne and DoD have run bug bounty challenges for Hack the Pentagon, Hack the Army and Hack the Air Force.

The success of these programs has been undeniable and our amazing community of hackers continues to impress even us!

DoD has resolved nearly 500 vulnerabilities in public facing systems with bug bounty challenges and hackers have earned over $300,000 in bounties for their contributions — exceeding expectations and saving the DoD millions of dollars. You can read more in our recent case study “Defending the Federal Government from Cyber Attacks.”

htp

2,837 Bugs Resolved With DoD’s Vulnerability Disclosure Policy

The DoD’s Vulnerability Disclosure Policy (VDP) is another essential, likely less talked about, part of the Hack the Pentagon initiative pioneered by DoD’s Defense Digital Service team.

A VDP is the, “see something say something of the internet”. DoD’s policy, and others like it, provide clear guidance for any hacker anywhere in the world to safely report a potential vulnerability so it can be resolved. Maintaining the security of the DoD’s networks is a top priority and their VDP is another proven way to resolve unknown security issues.

While a bounty or cash incentives are not awarded for vulnerabilities reported through the VDP, that has not stopped hackers eager to do their part to help protect the DoD’s assets. Nearly 650 hackers from more than 50 countries have successfully reported valid vulnerabilities through the VDP.

Thanks to these hackers and the pioneering team at DoD, 2,837 security vulnerabilities have been resolved in nearly 40 DoD components. Of these vulnerabilities, over 100 have been high or critical severity issues, including remote code executions, SQL injections, and ways to bypass authentication.

While the majority of participating hackers have been from United States, the top contributing countries include India, Great Britain, Pakistan, Philippines, Egypt, Russia, France, Australia and Canada. More here, at least this was a positive objective, we think.

*** Related reading: Boeing 757 Testing Shows Airplanes Vulnerable to Hacking, DHS Says

Hacking Through Aircraft Wi-Fi

A Department of Homeland Security official admitted that a team of experts remotely hacked a Boeing 757 parked at an airport.

During a keynote address on Nov. 8 at the 2017 CyberSat Summit, a Department of Homeland Security (DHS) official admitted that he and his team of experts remotely hacked into a Boeing 757.

This hack was not conducted in a laboratory, but on a 757 parked at the airport in Atlantic City, N.J. And the actual hack occurred over a year ago. We are only now hearing about it thanks to a keynote delivered by Robert Hickey, aviation program manager within the Cyber Security Division of the DHS Science and Technology (S&T) Directorate.

“We got the airplane on Sept. 19, 2016. Two days later, I was successful in accomplishing a remote, non-cooperative, penetration,” Hickey said in an article in Avionics Today. “[That] means I didn’t have anybody touching the airplane; I didn’t have an insider threat. I stood off using typical stuff that could get through security, and we were able to establish a presence on the systems of the aircraft.”

While the details of the hack are classified, Hickey admitted that his team of industry experts and academics pulled it off by accessing the 757’s “radio frequency communications.”

We’ve been hearing about how commercial airliners could be hacked for years.

You might remember when a governmental watchdog admitted that the interconnectedness of modern commercial airliners could “potentially provide unauthorized remote access to aircraft avionics systems.” The concern was that a hacker could go through the Wi-Fi passenger network to hijack a plane while it was in flight.

And in a 2015 report by the U.S. Government Accountability Office (pdf), the agency warned, “Internet connectivity in the cabin should be considered a direct link between the aircraft and the outside world, which includes potential malicious actors.”

At the time, U.S. Rep. Peter DeFazio (D-Ore.) said, the “FAA must focus on aircraft certification standards that would prevent a terrorist with a laptop in the cabin or on the ground from taking control of an airplane through the passenger Wi-Fi system.”

The same year, security researcher Chris Roberts ended up in hot water with the feds after tweeting about hacking the United Airlines plane he was traveling on. The FBI claimed Roberts said he took control of the navigation.

A Hack In The Box presentation by Hugo Teso in 2013 suggested that thanks to the lack of authentication features in the protocol Aircraft Communications Addressing and Report System (ACARS), an airliner could be controlled via an Android app. Flight management software companies, as well as the FAA, disputed Teso’s claims.

All of that means that airline pilots have heard of those vulnerabilities before, too. Yet at a technical meeting in March 2017, several shocked airline pilot captains from American Airlines and Delta were briefed on the 2016 Boeing 757 hack. Hickey said, “All seven of them broke their jaw hitting the table when they said, ‘You guys have known about this for years and haven’t bothered to let us know because we depend on this stuff to be absolutely the bible.’”

As CBS News pointed out, Boeing stopped producing 757s in 2004, but that aircraft is still used by major airlines, such as American, Delta and United. President Trump has a 757, and Vice President Pence also uses one. In fact, Avionics Today claimed 90 percent of commercial planes in the sky are legacy aircraft that were not designed with security in mind.

Boeing told CBS that it firmly believes the test “did not identify any cyber vulnerabilities in the 757, or any other Boeing aircraft.”

Furthermore, an unnamed official briefed on the test told CBS the results of the hack on an older aircraft was good information to have, adding, “but I’m not afraid to fly.” (Not feeling good about this aircraft hack at all, dont we have a missing plane or one that crashed where it was suspected there may have been a hack involved?)

Trifecta of Intel Chaos, Shadow Brokers, Wikileaks, NSA

Posted on by

photo

WikiLeaks announces “Vault 8”

Those releases were part of a series of leaks WikiLeaks called Vault 7. Now, WikiLeaks says Hive is just the first of a long string of similar releases, a series WikiLeaks calls Vault 8, which will consist of source code for tools previously released in the Vault 7 series.

The WikiLeaks announcement has sent shivers up the spines of infosec experts everywhere, as it reminded them of April this year when a hacking group named The Shadow Brokers published cyber-weapons allegedly stolen from the NSA.

Some of the tools included in that release have been incorporated in many malware families and have been at the center of all three major ransomware outbreaks that have taken place n 2017 — WannaCry, NotPetya, and Bad Rabbit. More here.

Security Breach and Spilled Secrets Have Shaken the N.S.A. to Its Core

A serial leak of the agency’s cyberweapons has damaged morale, slowed intelligence operations and resulted in hacking attacks on businesses and civilians worldwide

 

WASHINGTON — Jake Williams awoke last April in an Orlando, Fla., hotel where he was leading a training session. Checking Twitter, the cybersecurity expert was dismayed to discover that he had been thrust into the middle of one of the worst security debacles ever to befall American intelligence.

Mr. Williams had written on his company blog about the Shadow Brokers, a mysterious group that had somehow obtained many of the hacking tools the United States used to spy on other countries. Now the group had replied in an angry screed on Twitter. It identified him — correctly — as a former member of the National Security Agency’s hacking group, Tailored Access Operations, or T.A.O., a job he had not publicly disclosed. Then the Shadow Brokers astonished him by dropping technical details that made clear they knew about highly classified hacking operations that he had conducted.

America’s largest and most secretive intelligence agency had been deeply infiltrated.

“They had operational insight that even most of my fellow operators at T.A.O. did not have,” said Mr. Williams, now with Rendition Infosec, a cybersecurity firm he founded. “I felt like I’d been kicked in the gut. Whoever wrote this either was a well-placed insider or had stolen a lot of operational data.”

The jolt to Mr. Williams from the Shadow Brokers’ riposte was part of a much broader earthquake that has shaken the N.S.A. to its core. Current and former agency officials say the Shadow Brokers disclosures, which began in August 2016, have been catastrophic for the N.S.A., calling into question its ability to protect potent cyberweapons and its very value to national security. The agency regarded as the world’s leader in breaking into adversaries’ computer networks failed to protect its own.

“These leaks have been incredibly damaging to our intelligence and cyber capabilities,” said Leon E. Panetta, the former defense secretary and director of the Central Intelligence Agency. “The fundamental purpose of intelligence is to be able to effectively penetrate our adversaries in order to gather vital intelligence. By its very nature, that only works if secrecy is maintained and our codes are protected.”

With a leak of intelligence methods like the N.S.A. tools, Mr. Panetta said, “Every time it happens, you essentially have to start over.”

Fifteen months into a wide-ranging investigation by the agency’s counterintelligence arm, known as Q Group, and the F.B.I., officials still do not know whether the N.S.A. is the victim of a brilliantly executed hack, with Russia as the most likely perpetrator, an insider’s leak, or both. Three employees have been arrested since 2015 for taking classified files, but there is fear that one or more leakers may still be in place. And there is broad agreement that the damage from the Shadow Brokers already far exceeds the harm to American intelligence done by Edward J. Snowden, the former N.S.A. contractor who fled with four laptops of classified material in 2013.

Mr. Snowden’s cascade of disclosures to journalists and his defiant public stance drew far more media coverage than this new breach. But Mr. Snowden released code words, while the Shadow Brokers have released the actual code; if he shared what might be described as battle plans, they have loosed the weapons themselves. Created at huge expense to American taxpayers, those cyberweapons have now been picked up by hackers from North Korea to Russia and shot back at the United States and its allies.

A screenshot taken as ransomware affected systems worldwide last summer. The Ukrainian government posted the picture to its official Facebook page.

Millions of people saw their computers shut down by ransomware, with demands for payments in digital currency to have their access restored. Tens of thousands of employees at Mondelez International, the Oreo cookie maker, had their data completely wiped. FedEx reported that an attack on a European subsidiary had halted deliveries and cost $300 million. Hospitals in Pennsylvania, Britain and Indonesia had to turn away patients. The attacks disrupted production at a car plant in France, an oil company in Brazil and a chocolate factory in Tasmania, among thousands of enterprises affected worldwide.

American officials had to explain to close allies — and to business leaders in the United States — how cyberweapons developed at Fort Meade in Maryland, came to be used against them. Experts believe more attacks using the stolen N.S.A. tools are all but certain.

Inside the agency’s Maryland headquarters and its campuses around the country, N.S.A. employees have been subjected to polygraphs and suspended from their jobs in a hunt for turncoats allied with the Shadow Brokers. Much of the agency’s cyberarsenal is still being replaced, curtailing operations. Morale has plunged, and experienced cyberspecialists are leaving the agency for better-paying jobs — including with firms defending computer networks from intrusions that use the N.S.A.’s leaked tools.

“It’s a disaster on multiple levels,” Mr. Williams said. “It’s embarrassing that the people responsible for this have not been brought to justice.”

In response to detailed questions, an N.S.A. spokesman, Michael T. Halbig, said the agency “cannot comment on Shadow Brokers.” He denied that the episode had hurt morale. “N.S.A. continues to be viewed as a great place to work; we receive more than 140,000 applications each year for our hiring program,” he said.

Compounding the pain for the N.S.A. is the attackers’ regular online public taunts, written in ersatz broken English. Their posts are a peculiar mash-up of immaturity and sophistication, laced with profane jokes but also savvy cultural and political references. They suggest that their author — if not an American — knows the United States well.

“Is NSA chasing shadowses?” the Shadow Brokers asked in a post on Oct. 16, mocking the agency’s inability to understand the leaks and announcing a price cut for subscriptions to its “monthly dump service” of stolen N.S.A. tools. It was a typically wide-ranging screed, touching on George Orwell’s “1984”; the end of the federal government’s fiscal year on Sept. 30; Russia’s creation of bogus accounts on Facebook and Twitter; and the phenomenon of American intelligence officers going to work for contractors who pay higher salaries.

The Shadow Brokers have mocked the N.S.A. in regular online posts and released its stolen hacking tools in a “monthly dump service.”

One passage, possibly hinting at the Shadow Brokers’ identity, underscored the close relationship of Russian intelligence to criminal hackers. “Russian security peoples,” it said, “is becoming Russian hackeres at nights, but only full moons.”

Russia is the prime suspect in a parallel hemorrhage of hacking tools and secret documents from the C.I.A.’s Center for Cyber Intelligence, posted week after week since March to the WikiLeaks website under the names Vault7 and Vault8. That breach, too, is unsolved. Together, the flood of digital secrets from agencies that invest huge resources in preventing such breaches is raising profound questions.

Have hackers and leakers made secrecy obsolete? Has Russian intelligence simply outplayed the United States, penetrating the most closely guarded corners of its government? Can a work force of thousands of young, tech-savvy spies ever be immune to leaks?

Some veteran intelligence officials believe a lopsided focus on offensive cyberweapons and hacking tools has, for years, left American cyberdefense dangerously porous.

“We have had a train wreck coming,” said Mike McConnell, the former N.S.A. director and national intelligence director. “We should have ratcheted up the defense parts significantly.”

America’s Cyber Special Forces

At the heart of the N.S.A. crisis is Tailored Access Operations, the group where Mr. Williams worked, which was absorbed last year into the agency’s new Directorate of Operations.

The N.S.A.’s headquarters at Fort Meade in Maryland. Cybertools the agency developed have been picked up by hackers from North Korea to Russia and shot back at the United States and its allies. Jim Lo Scalzo/European Pressphoto Agency

T.A.O. — the outdated name is still used informally — began years ago as a side project at the agency’s research and engineering building at Fort Meade. It was a cyber Skunk Works, akin to the special units that once built stealth aircraft and drones. As Washington’s need for hacking capabilities grew, T.A.O. expanded into a separate office park in Laurel, Md., with additional teams at facilities in Colorado, Georgia, Hawaii and Texas.

The hacking unit attracts many of the agency’s young stars, who like the thrill of internet break-ins in the name of national security, according to a dozen former government officials who agreed to describe its work on the condition of anonymity. T.A.O. analysts start with a shopping list of desired information and likely sources — say, a Chinese official’s home computer or a Russian oil company’s network. Much of T.A.O.’s work is labeled E.C.I., for “exceptionally controlled information,” material so sensitive it was initially stored only in safes. When the cumulative weight of the safes threatened the integrity of N.S.A.’s engineering building a few years ago, one agency veteran said, the rules were changed to allow locked file cabinets.

The more experienced T.A.O. operators devise ways to break into foreign networks; junior operators take over to extract information. Mr. Williams, 40, a former paramedic who served in military intelligence in the Army before joining the N.S.A., worked in T.A.O. from 2008 to 2013, which he described as an especially long tenure. He called the work “challenging and sometimes exciting.”

T.A.O. operators must constantly renew their arsenal to stay abreast of changing software and hardware, examining every Windows update and new iPhone for vulnerabilities. “The nature of the business is to move with the technology,” a former T.A.O. hacker said.

Long known mainly as an eavesdropping agency, the N.S.A. has embraced hacking as an especially productive way to spy on foreign targets. The intelligence collection is often automated, with malware implants — computer code designed to find material of interest — left sitting on the targeted system for months or even years, sending files back to the N.S.A.

The same implant can be used for many purposes: to steal documents, tap into email, subtly change data or become the launching pad for an attack. T.A.O.’s most public success was an operation against Iran called Olympic Games, in which implants in the network of the Natanz nuclear plant caused centrifuges enriching uranium to self-destruct. The T.A.O. was also critical to attacks on the Islamic State and North Korea.

It was this cyberarsenal that the Shadow Brokers got hold of, and then began to release.

Like cops studying a burglar’s operating style and stash of stolen goods, N.S.A. analysts have tried to figure out what the Shadow Brokers took. None of the leaked files date from later than 2013 — a relief to agency officials assessing the damage. But they include a large share of T.A.O.’s collection, including three so-called “ops disks — T.A.O.’s term for tool kits — containing the software to bypass computer firewalls, penetrate Windows and break into the Linux systems most commonly used on Android phones.

Evidence shows that the Shadow Brokers obtained the entire tool kits intact, suggesting that an insider might have simply pocketed a thumb drive and walked out.

But other files obtained by the Shadow Brokers bore no relation to the ops disks and seem to have been grabbed at different times. Some were designed for a compromise by the N.S.A. of Swift, a global financial messaging system, allowing the agency to track bank transfers. There was a manual for an old system code-named UNITEDRAKE, used to attack Windows. There were PowerPoint presentations and other files not used in hacking, making it unlikely that the Shadow Brokers had simply grabbed tools left on the internet by sloppy N.S.A. hackers.

After 15 months of investigation, officials still do not know what was behind the Shadow Brokers disclosures — a hack, with Russia as the most likely perpetrator, an insider’s leak, or both.

Some officials doubt that the Shadow Brokers got it all by hacking the most secure of American government agencies — hence the search for insiders. But some T.A.O. hackers think that skilled, persistent attackers might have been able to get through the N.S.A.’s defenses — because, as one put it, “I know we’ve done it to other countries.”

The Shadow Brokers have verbally attacked certain cyberexperts, including Mr. Williams. When he concluded from their Twitter hints that they knew about some of his hacks while at the N.S.A., he canceled a business trip to Singapore. The United States had named and criminally charged hackers from the intelligence agencies of China, Iran and Russia. He feared he could be similarly charged by a country he had targeted and arrested on an international warrant.

He has since resumed traveling abroad. But he says no one from the N.S.A. has contacted him about being singled out publicly by the Shadow Brokers.

“That feels like a betrayal,” he said. “I was targeted by the Shadow Brokers because of that work. I do not feel the government has my back.”

The Hunt for an Insider

For decades after its creation in 1952, the N.S.A. — No Such Agency, in the old joke — was seen as all but leakproof. But since Mr. Snowden flew away with hundreds of thousands of documents in 2013, that notion has been shattered.

The Snowden trauma led to the investment of millions of dollars in new technology and tougher rules to counter what the government calls the insider threat. But N.S.A. employees say that with thousands of employees pouring in and out of the gates, and the ability to store a library’s worth of data in a device that can fit on a key ring, it is impossible to prevent people from walking out with secrets.

The agency has active investigations into at least three former N.S.A. employees or contractors. Two had worked for T.A.O.: a still publicly unidentified software developer secretly arrested after taking hacking tools home in 2015, only to have Russian hackers lift them from his home computer; and Harold T. Martin III, a contractor arrested last year when F.B.I. agents found his home, garden shed and car stuffed with sensitive agency documents and storage devices he had taken over many years when a work-at-home habit got out of control, his lawyers say. The third is Reality Winner, a young N.S.A. linguist arrested in June, who is charged with leaking to the news site The Intercept a single classified report on a Russian breach of an American election systems vendor.

Mr. Martin’s gargantuan collection of stolen files included much of what the Shadow Brokers have, and he has been scrutinized by investigators as a possible source for them. Officials say they do not believe he deliberately supplied the material, though they have examined whether he might have been targeted by thieves or hackers.

But according to former N.S.A. employees who are still in touch with active workers, investigators of the Shadow Brokers thefts are clearly worried that one or more leakers may still be inside the agency. Some T.A.O. employees have been asked to turn over their passports, take time off their jobs and submit to questioning. The small number of cyberspecialists who have worked both at T.A.O. and at the C.I.A. have come in for particular attention, out of concern that a single leaker might be responsible for both the Shadow Brokers and the C.I.A.’s Vault7 breaches.

Then there are the Shadow Brokers’ writings, which betray a seeming immersion in American culture. Last April, about the time Mr. Williams was discovering their inside knowledge of T.A.O. operations, the Shadow Brokers posted an appeal to President Trump: “Don’t Forget Your Base.” With the ease of a seasoned pundit, they tossed around details about Stephen K. Bannon, the president’s now departed adviser; the Freedom Caucus in Congress; the “deep state”; the Alien and Sedition Acts; and white privilege.

“TheShadowBrokers is wanting to see you succeed,” the post said, addressing Mr. Trump. “TheShadowBrokers is wanting America to be great again.”

The mole hunt is inevitably creating an atmosphere of suspicion and anxiety, former employees say. While the attraction of the N.S.A. for skilled cyberoperators is unique — nowhere else can they hack without getting into legal trouble — the boom in cybersecurity hiring by private companies gives T.A.O. veterans lucrative exit options.

Got a confidential news tip?

The New York Times would like to hear from readers who want to share messages and materials with our journalists.

Young T.A.O. hackers are lucky to make $80,000 a year, while those who leave routinely find jobs paying well over $100,000, cybersecurity specialists say. For many workers, the appeal of the N.S.A’s mission has been more than enough to make up the difference. But over the past year, former T.A.O. employees say an increasing number of former colleagues have called them looking for private-sector work, including “graybeards” they thought would be N.S.A. lifers.

“Snowden killed morale,” another T.A.O. analyst said. “But at least we knew who he was. Now you have a situation where the agency is questioning people who have been 100 percent mission-oriented, telling them they’re liars.”

Because the N.S.A. hacking unit has grown so rapidly over the past decade, the pool of potential leakers has expanded into the hundreds. Trust has eroded as anyone who had access to the leaked code is regarded as the potential culprit.

Some agency veterans have seen projects they worked on for a decade shut down because implants they relied on were dumped online by the Shadow Brokers. The number of new operations has declined because the malware tools must be rebuilt. And no end is in sight.

“How much longer are the releases going to come?” a former T.A.O. employee asked. “The agency doesn’t know how to stop it — or even what ‘it’ is.”

One N.S.A. official who almost saw his career ended by the Shadow Brokers is at the very top of the organization: Adm. Michael S. Rogers, director of the N.S.A. and commander of its sister military organization, United States Cyber Command. President Barack Obama’s director of national intelligence, James R. Clapper Jr., and defense secretary, Ashton B. Carter, recommended removing Admiral Rogers from his post to create accountability for the breaches.

But Mr. Obama did not act on the advice, in part because Admiral Rogers’ agency was at the center of the investigation into Russia’s interference in the 2016 election. Mr. Trump, who again on Saturday disputed his intelligence agencies’ findings on Russia and the election, extended the admiral’s time in office. Some former intelligence officials say they are flabbergasted that he has been able to hold on to his job.

A Shadow War With Russia?

Lurking in the background of the Shadow Brokers investigation is American officials’ strong belief that it is a Russian operation. The pattern of dribbling out stolen documents over many months, they say, echoes the slow release of Democratic emails purloined by Russian hackers last year.

But there is a more specific back story to the United States-Russia cyber rivalry.

Starting in 2014, American cybersecurity researchers who had been tracking Russia’s state-sponsored hacking groups for years began to expose them in a series of research reports. American firms, including Symantec, CrowdStrike and FireEye, reported that Moscow was behind certain cyberattacks and identified government-sponsored Russian hacking groups.

The Moscow headquarters of Kaspersky Lab, a Russian cybersecurity firm that hunted for N.S.A. malware. Kirill Kudryavtsev/Agence France-Presse — Getty Images

In the meantime, Russia’s most prominent cybersecurity firm, Kaspersky Lab, had started work on a report that would turn the tables on the United States. Kaspersky hunted for the spying malware planted by N.S.A. hackers, guided in part by the keywords and code names in the files taken by Mr. Snowden and published by journalists, officials said.

Kaspersky was, in a sense, simply doing to the N.S.A. what the American companies had just done to Russian intelligence: Expose their operations. And American officials believe Russian intelligence was piggybacking on Kaspersky’s efforts to find and retrieve the N.S.A.’s secrets wherever they could be found. The T.A.O. hackers knew that when Kaspersky updated its popular antivirus software to find and block the N.S.A. malware, it could thwart spying operations around the world.

So T.A.O. personnel rushed to replace implants in many countries with new malware they did not believe the Russian company could detect.

In February 2015, Kaspersky published its report on the Equation Group — the company’s name for T.A.O. hackers — and updated its antivirus software to uproot the N.S.A. malware wherever it had not been replaced. The agency temporarily lost access to a considerable flow of intelligence. By some accounts, however, N.S.A. officials were relieved that the Kaspersky report did not include certain tools they feared the Russian company had found.

As it would turn out, any celebration was premature.

On Aug. 13 last year, a new Twitter account using the Shadow Brokers’ name announced with fanfare an online auction of stolen N.S.A. hacking tools.

“We hack Equation Group,” the Shadow Brokers wrote. “We find many many Equation Group cyber weapons.”

Inside the N.S.A., the declaration was like a bomb exploding. A zip file posted online contained the first free sample of the agency’s hacking tools. It was immediately evident that the Shadow Brokers were not hoaxsters, and that the agency was in trouble.

The leaks have renewed a debate over whether the N.S.A. should be permitted to stockpile vulnerabilities it discovers in commercial software to use for spying — rather than immediately alert software makers so the holes can be plugged. The agency claims it has shared with the industry more than 90 percent of flaws it has found, reserving only the most valuable for its own hackers. But if it can’t keep those from leaking, as the last year has demonstrated, the resulting damage to businesses and ordinary computer users around the world can be colossal. The Trump administration says it will soon announce revisions to the system, making it more transparent.

Mr. Williams said it may be years before the “full fallout” of the Shadow Brokers breach is understood. Even the arrest of whoever is responsible for the leaks may not end them, he said — because the sophisticated perpetrators may have built a “dead man’s switch” to release all remaining files automatically upon their arrest.

“We’re obviously dealing with people who have operational security knowledge,” he said. “They have the whole law enforcement system and intelligence system after them. And they haven’t been caught.”

Hey Harry Reid, Ken Salazar, Kislyak What About Uranium One?

Posted on by

Note the date of this article….

In 2009, Gregory B. Jaczko was appointed to head the Nuclear Regulatory Commission by Barack Obama and his previous position was working for Harry Reid as his appropriations advisor as well as his science advisor.

PHOENIX — 

U.S. officials said Wednesday that they have proposed ending the Obama administration’s ban on new uranium mining leases on public land outside Grand Canyon National Park.

The Forest Service proposed the change in response to President Donald Trump’s executive order for federal agencies to eliminate restrictions on energy production. The Trump administration has moved to unravel former President Barack Obama’s environmental regulations aimed at curbing climate change.

“Adoption of this recommendation could reopen lands to mineral entry pursuant to the United States mining laws facilitating exploration for, and possibly development of, uranium resources,” according to a report last week by the Forest Service’s parent agency, the Department of Agriculture.

The Oct. 25 report also said it’s in the national interest “to promote the clean and safe development of America’s vast energy resources.” Nuclear power plants use uranium as fuel.

Conservationists are decrying the Forest Service’s move, saying that past uranium mining in the region has polluted soils, washes, aquifers and drinking water.

“The Forest Service should be advocating for a permanent mining ban, not for advancing private mining interests that threaten one of the natural wonders of the world,” said Amber Reimondo, energy program director of the Grand Canyon Trust based in Flagstaff.

In 2012, then-Interior Department Secretary Ken Salazar banned new hard rock mining for 20 years on more than 1 million acres of national forest and Bureau of Land Management land near the Grand Canyon. He said he was acting to protect a “priceless American landscape.”

The ban did not affect existing mining claims in the region.

***  photo

TheHill: After the Obama administration approved the sale of a Canadian mining company with significant U.S. uranium reserves to a firm owned by Russia’s government, the Nuclear Regulatory Commission assured Congress and the public the new owners couldn’t export any raw nuclear fuel from America’s shores.

“No uranium produced at either facility may be exported,” the NRC declared in a November 2010 press release that announced that ARMZ, a subsidiary of the Russian state-owned Rosatom, had been approved to take ownership of the Uranium One mining firm and its American assets.

A year later, the nuclear regulator repeated the assurance in a letter to Sen. John Barrasso, a Wyoming Republican in whose state Uranium One operated mines.

“Neither Uranium One Inc. nor AMRZ holds a specific NRC export license. In order to export uranium from the United States, Uranium One Inc. or ARMZ would need to apply for and obtain a specific NRC license authorizing the exports of uranium for use in reactor fuel,” then-NRC Chairman Gregory Jaczko wrote to Barrasso.

The NRC never issued an export license to the Russian firm, a fact so engrained in the narrative of the Uranium One controversy that it showed up in The Washington Post’s official fact-checker site this week. “We have noted repeatedly that extracted uranium could not be exported by Russia without a license, which Rosatom does not have,” the Post reported on Monday, linking to the 2011 Barrasso letter.

Yet NRC memos reviewed by The Hill show that it did approve the shipment of yellowcake uranium — the raw material used to make nuclear fuel and weapons — from the Russian-owned mines in the United States to Canada in 2012 through a third party. Later, the Obama administration approved some of that uranium going all the way to Europe, government documents show.

NRC officials said they could not disclose the total amount of uranium that Uranium One exported because the information is proprietary. They did, however, say that the shipments only lasted from 2012 to 2014 and that they are unaware of any exports since then.

NRC officials told The Hill that Uranium One exports flowed from Wyoming to Canada and on to Europe between 2012 and 2014, and the approval involved a process with multiple agencies.

Rather than give Rosatom a direct export license — which would have raised red flags inside a Congress already suspicious of the deal — the NRC in 2012 authorized an amendment to an existing export license for a Paducah, Ky.-based trucking firm called RSB Logistics Services Inc. to simply add Uranium One to the list of clients whose uranium it could move to Canada.

The license, reviewed by The Hill, is dated March 16, 2012, and it increased the amount of uranium ore concentrate that RSB Logistics could ship to the Cameco Corp. plant in Ontario from 7,500,000 kilograms to 12,000,000 kilograms and added Uranium One to the “other parties to Export.”

The move escaped notice in Congress.

Officials at RSB, Cameco and Rosatom did not return repeated phone calls or emails seeking comment.

Uranium One’s American arm, however, emailed a statement to The Hill on Wednesday evening confirming it did export uranium to Canada through the trucking firm and that 25 percent of that nuclear fuel eventually made its way outside North America to Europe and Asia, stressing all the exports complied with federal law.

“None of the US U308 product produced to date has been sold to non-US customers except for approximately 25% which was sold via book transfer at the conversion facilities to customers from Western Europe and Asia,” executive Donna Wickers said. “Any physical export of the product from conversion facilities to non-US destinations is under the control of such customers and subject to NRC regulation.”

The United States actually imports the majority of the uranium it uses as fuel. In 2016, according to the U.S. Energy Information Administration, 24 percent of the imports came from Kazakhstan and 14 percent came from Russia.

The sale of Uranium One to a Russian state-owned firm, however, has created political waves that have led to multiple congressional investigations. Republicans say they want to learn how the sale could have been approved and whether there was political interference.

“The more that surfaces about this deal, the more questions it raises,” Sen. Chuck Grassley (R-Iowa) said in a statement released after this story was published. Grassley, the chairman of the Senate Judiciary Committee, has launched an investigation into Uranium One.

“It now appears that despite pledges to the contrary, U.S. uranium made its way overseas as a part of the Uranium One deal,” Grassley said in the statement. “What’s more disturbing, those transactions were apparently made possible by various Obama Administration agencies while the Democrat-controlled Congress turned a blind eye.

“Americans deserve assurances that political influence was not a factor in all this. I’m increasingly convinced that a special counsel — someone with no prior involvement in any of these deals — should shine a light on this ordeal and get answers for the American people.”

Government officials told The Hill that the NRC was able to amend the export license affecting Uranium One because of two other decisions previously made by the Obama administration as part of a Russian “reset” in President Obama’s first term.

First, Obama reinstated a U.S.-Russia civilian nuclear energy cooperation agreement. President George W. Bush had signed the agreement in 2008, but withdrew from it before it could take effect after Russia became involved in a military conflict with the former Soviet republic of Georgia, a U.S. ally, and after new concerns surfaced that Moscow was secretly aiding Iran’s nuclear weapons ambitions.

Obama re-submitted the agreement for approval by the Democrat-controlled Congress in May 2010, declaring Russia should be viewed as a friendly partner under Section 123 the Atomic Energy Act of 1954 after agreeing to a new nuclear weapons reduction deal and helping the U.S. with Iran.

“I have concluded: (1) that the situation in Georgia need no longer be considered an obstacle to proceeding with the proposed Agreement; and (2) that the level and scope of U.S.-Russia cooperation on Iran are sufficient to justify resubmitting the proposed agreement to the Congress,” Obama said in a statement sent to Congress.

Congress took no action, which allowed the deal to become effective 90 days later.

The other step that allowed uranium from the Russian-controlled mines in the United States to be exported came in 2011, when the Commerce Department removed Rosatom, Uranium One’s owner, from a list of restricted companies that could not export nuclear or other sensitive materials or technologies without special approval under the Export Administration Regulations.

“This final rule removes the Federal Atomic Power of Russia (Rusatom) now known as the Russian State Corporation of Atomic Energy (Rosatom),” the Commerce Department’s Bureau of Industry and Security declared in a May 24, 2011, notice in the Federal Register that created few waves.

Rosatom had been on the list for a long time, so long in fact that it was still listed in the federal database under its old name, Rusatom. Officials said the effort to remove the Russian nuclear firm was a “policy decision” driven by the State Department, Energy Department, Commerce Department and other agencies with Russia portfolios designed to recognize that bilateral relations between Russia and the United States had improved slightly.

Nine months after Rosatom was removed from the export restrictions list, the NRC issued its license amendment to the trucking firm in March 2012 that cleared the way for Uranium One exports, making it effective for nearly five years, to the end of 2017. But the NRC also stipulated that Uranium One’s uranium should be returned to the United States.

“The uranium authorized for export is to be returned to the United States,” the NRC instructed in the export license amendment.

But that, too, didn’t happen. Officials told The Hill that the Energy Department subsequently gave approval for some of the American fuel to depart Canada and be exported to European enrichment centers, according to a 2015 letter the NRC sent to Rep. Pete Visclosky (D-Ind.).

The NRC explained to Visclosky that it had originally stipulated that after the American uranium was treated in Canada, it had to “then return the uranium to the U.S. for further processing.”

“That license stated that the Canadian Government needed to obtain prior approval before any of the U.S. material could be transferred to any country other than the U.S.,” the letter added. “Subsequently the U.S. Department of Energy granted approval for some re-transfers of U.S. uranium from the Canadian conversion facilities to European enrichment plants.”

The NRC added, however, it did not believe any of the American uranium made its way “directly” to Russia. And it added that the whole supply chain scenario was made possible by the resubmission of Obama’s Section 123 agreement in 2010.

“The transfer of the U.S.-supplied uranium from Canada to Europe noted above also was subject to applicable Section 123 agreements,” the NRC noted. Section 123 is the part of the Atomic Energy Act that allows for the U.S. to share civilian nuclear technology and goods with allies.

The Uranium One deal has been controversial since at least 2015, when The New York Times reported former President Bill Clinton received a $500,000 speech fee from a Russian bank and millions in donations to his charitable foundation from sources interested in the deal around the time the Uranium One sale was being reviewed by Secretary of State Hillary Clinton’s State Department and eight other federal agencies.

Hillary Clinton has said she delegated the approval decision to a deputy on the Committee on Foreign Investment in the United States (CFIUS) and did not apply any pressure. Bill Clinton has said the monies he received had no bearing on his wife’s policymaking decisions.

The 2015 Times article included a single reference to Uranium One officials saying they believed some of its American uranium made its way to Europe and Japan without any reference to how that occurred.

NRC officials said the multiple decisions documented in the memos, including the 2012 amendment of the third-party export license, provide the most complete description to date of how Russian-owned uranium ended up getting exported from the United States.

The entire Uranium One episode is getting a fresh look after The Hill disclosed late last month that the FBI had gathered extensive evidence in 2009 — before the mine sale was approved — that Rosatom’s main executive in the United States was engaged in a racketeering scheme that included bribery, kickbacks, extortion and money laundering.

The probe was enabled by an undercover informant working for the FBI inside the Russian nuclear industry, court records show. But the Justice Department did not make that evidence public until 2014, long after Rosatom benefited from multiple favorable decisions from the Obama administration.

The Senate Judiciary, House Intelligence and House Oversight committees have all announced plans to investigate the new revelation, and the Justice Department has given approval for the undercover informant to testify for the first time about what he witnessed the Russians doing to influence Obama administration decisions favorable to Rosatom between 2009 and 2014.

Hillary Clinton and other Democrats have described the renewed focus on the Uranium One deal as simply a distraction from the current investigation into Russian interference in the 2016 election, in which Donald Trump became the 45th president. She also says that concerns about the Uranium One sale have long ago been “debunked.”

But it’s not just Republicans who have said that the revelation the FBI had evidence that Rosatom was engaged in criminality during the time it was receiving favorable decisions from the U.S. government deserves fresh scrutiny.

Sen. Dianne Feinstein (D-Calif.), a member of both the Senate Intelligence and Judiciary committees, told The Hill she would like to learn more about what the FBI knew.

Rep. Elijah Cummings (D-Md.) has criticized Republicans for investigating Clinton, but said on “Morning Joe” last month he has “no problem looking into” the Uranium One deal.

And Sen. Angus King (I-Maine) said Sunday on CNN that he believed it was appropriate for Congress to investigate the new information.

“One of the House committees has already begun an oversight committee hearing,” King said. “I always think oversight hearings are appropriate. I’ve been trying to understand this deal.”

King also repeated the oft-quoted narrative that the “company changed hands, but the uranium that is mined in the United States cannot leave the United States.” The NRC license now shows now that Uranium One was, in fact, allowed to export American uranium.

A legal expert on the CFIUS process told The Hill that the new revelation that the FBI knew that a Rosatom official was engaged in illegality on U.S. soil before the sale was approved could very well have affected the decision if that evidence had been made public in real time.

“Criminal behavior would be something the committee would take into consideration when evaluating a transaction with a foreign company,” said Stewart Baker, a foreign commerce law expert at the Steptoe Johnson firm. “It is a consideration, but it is not something that would guarantee a particular outcome.”

He said the committee board would need “to consider how serious the criminal behavior is, in the context of this transaction, how likely is it that someone acting against U.S. security interest would take action,” he added.

 

Read letter to Barrasso by kballuck1 on Scribd

 

Read NRC license amendment by kballuck1 on Scribd

Read Visclosky letter by kballuck1 on Scribd

Read Obama Section 123 statement by kballuck1 on Scribd

More here from The Hill

Russia Hacked the World, DoJ Suing Kremlin Operatives?

Posted on by

photo

FNC: The Justice Department reportedly has garnered enough evidence to charge at least six Russian government operatives with hacking the Democratic National Committee’s computers during the 2016 presidential election.

The Wall Street Journal reported Thursday that federal prosecutors could bring charges early next year. The Journal reported that dozens of others may have also played a role in the cyberattack.

Even tech companies are suing Russia.

How Russia hacked the world: Putin’s spies used ‘digital hit list’ to hunt global targets

  • 19,000 malicious links collected by Secureworks after Fancy Bear mistake.

  • 4,700 Gmail users across the globe were targeted by the state hacking team.

  • Alongside Democrats, a handful of Republican targets were also identified.

The hackers who upended the US presidential election had ambitions well beyond Hillary Clinton’s campaign, targeting the emails of Ukrainian officers, Russian opposition figures, US defence contractors and thousands of others of interest to the Kremlin, according to a previously unpublished digital hit list obtained by The Associated Press.

The list provides the most detailed forensic evidence yet of the close alignment between the hackers and the Russian government, exposing an operation that stretched back years and tried to break into the inboxes of 4,700 Gmail users across the globe — from the pope’s representative in Kiev to the punk band Pussy Riot in Moscow.

“It’s a wish list of who you’d want to target to further Russian interests,” said Keir Giles, director of the Conflict Studies Research Centre in Cambridge, England, and one of five outside experts who reviewed the AP’s findings. He said the data was “a master list of individuals whom Russia would like to spy on, embarrass, discredit or silence.”

The AP findings draw on a database of 19,000 malicious links collected by cybersecurity firm Secureworks, dozens of rogue emails, and interviews with more than 100 hacking targets.

Secureworks stumbled upon the data after a hacking group known as Fancy Bear accidentally exposed part of its phishing operation to the internet.

The list revealed a direct line between the hackers and the leaks that rocked the presidential contest in its final stages, most notably the private emails of Clinton campaign chairman John Podesta.

The issue of who hacked the Democrats is back in the national spotlight following the revelation Monday that a Donald Trump campaign official, George Papadopoulos, was briefed early last year that the Russians had “dirt” on Clinton, including “thousands of emails.”

Kremlin spokesman Dmitry Peskov called the notion that Russia interfered “unfounded.” But the list examined by AP provides powerful evidence that the Kremlin did just that.

“This is the Kremlin and the general staff,” said Andras Racz, a specialist in Russian security policy at Pazmany Peter Catholic University in Hungary, as he examined the data. “I have no doubts.”

New evidence

Secureworks’ list covers the period between March 2015 and May 2016. Most of the identified targets were in the United States, Ukraine, Russia, Georgia and Syria.

In the United States, which was Russia’s Cold War rival, Fancy Bear tried to pry open at least 573 inboxes belonging to those in the top echelons of the country’s diplomatic and security services: then-Secretary of State John Kerry, former Secretary of State Colin Powell, then-NATO Supreme Commander, US Air Force Gen. Philip Breedlove, and one of his predecessors, US Army Gen. Wesley Clark.

The list skewed toward workers for defence contractors such as Boeing, Raytheon and Lockheed Martin or senior intelligence figures, prominent Russia watchers and — especially — Democrats. More than 130 party workers, campaign staffers and supporters of the party were targeted, including Podesta and other members of Clinton’s inner circle.

The AP also found a handful of Republican targets.

Podesta, Powell, Breedlove and more than a dozen Democratic targets besides Podesta would soon find their private correspondence dumped to the web. The AP has determined that all had been targeted by Fancy Bear, most of them three to seven months before the leaks.

“They got two years of email,” Powell recently told AP. He said that while he couldn’t know for sure who was responsible, “I always suspected some Russian connection.”

In Ukraine, which is fighting a grinding war against Russia-backed separatists, Fancy Bear attempted to break into at least 545 accounts, including those of President Petro Poroshenko and his son Alexei, half a dozen current and former ministers such as Interior Minister Arsen Avakov and as many as two dozen current and former lawmakers.

The list includes Serhiy Leshchenko, an opposition parliamentarian who helped uncover the off-the-books payments allegedly made to Trump campaign chairman Paul Manafort — whose indictment was unsealed Monday in Washington.

In Russia, Fancy Bear focused on government opponents and dozens of journalists.

Among the targets were oil tycoon-turned-Kremlin foe Mikhail Khodorkovsky, who spent a decade in prison and now lives in exile, and Pussy Riot’s Maria Alekhina. Along with them were 100 more civil society figures, including anti-corruption campaigner Alexei Navalny and his lieutenants.

“Everything on this list fits,” said Vasily Gatov, a Russian media analyst who was himself among the targets. He said Russian authorities would have been particularly interested in Navalny, one of the few opposition leaders with a national following.

Many of the targets have little in common except that they would have been crossing the Kremlin’s radar: an environmental activist in the remote Russian port city of Murmansk; a small political magazine in Armenia; the Vatican’s representative in Kiev; an adult education organisation in Kazakhstan.

“It’s simply hard to see how any other country would be particularly interested in their activities,” said Michael Kofman, an expert on Russian military affairs at the Woodrow Wilson International Centre in Washington.

He was also on the list.

“If you’re not Russia,” he said, “hacking these people is a colossal waste of time.”

Working 9 to 6 (Moscow Time)

Allegations that Fancy Bear works for Russia aren’t new. But raw data has been hard to come by.

Researchers have been documenting the group’s activities for more than a decade and many have accused it of being an extension of Russia’s intelligence services. The “Fancy Bear” nickname is a none-too-subtle reference to Russia’s national symbol.

In the wake of the 2016 election, US intelligence agencies publicly endorsed the consensus view, saying what American spooks had long alleged privately: Fancy Bear is a creature of the Kremlin.

But the US intelligence community provided little proof, and even media-friendly cybersecurity companies typically publish only summaries of their data.

That makes the Secureworks’ database a key piece of public evidence — all the more remarkable because it’s the result of a careless mistake.

Secureworks effectively stumbled across it when a researcher began working backward from a server tied to one of Fancy Bear’s signature pieces of malicious software.

He found a hyperactive Bitly account Fancy Bear was using to sneak thousands of malicious links past Google’s spam filter. Because Fancy Bear forgot to set the account to private, Secureworks spent the next few months hovering over the group’s shoulder, quietly copying down the details of the thousands of emails it was targeting.

The AP obtained the data recently, boiling it down to 4,700 individual email addresses, and then connecting roughly half to account holders.

The AP validated the list by running it against a sample of phishing emails obtained from people targeted and comparing it to similar rosters gathered independently by other cybersecurity companies, such as Tokyo-based Trend Micro and the Slovakian firm ESET.

The Secureworks data allowed reporters to determine that more than 95% of the malicious links were generated during Moscow office hours — between 9 am and 6 pm Monday to Friday.

The AP’s findings also track with a report that first brought Fancy Bear to the attention of American voters. In 2016, a cybersecurity company known as CrowdStrike said the Democratic National Committee had been compromised by Russian hackers, including Fancy Bear.

Secureworks’ roster shows Fancy Bear making aggressive attempts to hack into DNC technical staffers’ emails in early April 2016 — exactly when CrowdStrike says the hackers broke in.

Hacking hands
Fancy Bear have long been linked to the Russian security services iStock

And the raw data enabled the AP to speak directly to the people who were targeted, many of whom pointed the finger at the Kremlin.

“We have no doubts about who is behind these attacks,” said Artem Torchinskiy, a project coordinator with Navalny’s Anti-Corruption Fund who was targeted three times in 2015. “I am sure these are hackers controlled by Russian secret services.”

The myth if the 400-pound man

Even if only a small fraction of the 4,700 Gmail accounts targeted by Fancy Bear were hacked successfully, the data drawn from them could run into terabytes — easily rivalling the biggest known leaks in journalistic history.

For the hackers to have made sense of that mountain of messages — in English, Ukrainian, Russian, Georgian, Arabic and many other languages — they would have needed a substantial team of analysts and translators. Merely identifying and sorting the targets took six AP reporters eight weeks of work.

The AP’s effort offers “a little feel for how much labour went into this,” said Thomas Rid, a professor of strategic studies at Johns Hopkins University’s School of Advanced International Studies.

He said the investigation should put to rest any theories like the one then-candidate Donald Trump floated last year that the hacks could be the work of “someone sitting on their bed that weighs 400 pounds.”

“The notion that it’s just a lone hacker somewhere is utterly absurd,” Rid said.

***

Axios: Marathon congressional hearings on Russian election interference and social media left execs from Facebook, Google and Twitter badly bruised and with a new view of just how mad Washington is about their handling of content aiming to divide Americans.

The big takeaway: Lawmakers’ rebukes went far beyond the companies’ responses to Russia’s interference. They also repeatedly revealed a discomfort with the size, power and limited accountability of the large web platforms.

What we learned 569 words

What else we learned:

  • Washington isn’t buying that Facebook, Google and Twitter aren’t media companies. Both Republicans and Democrats seemed baffled at times by an assumption that has been fundamental to Google, Facebook and Twitter’s growth: that they are neutral platforms for information, not judges of content. Multiple lawmakers questioned that argument: “That may well be a distinction that is lost on most of us, that you’re just a platform for other people to express their views as opposed to being a publisher in their own right of those views,” said Republican Sen. John Cornyn.
  • We now know what the Russian ads look like. Lawmakers released some of the Russian-bought ads, which were focused largely on divisive political issues like civil rights, immigration and religion. According to the metadata released, the ads targeted both Republicans and Democrats and were paid for in rubles. For example, one “Black Matters” ad targeted adults in Georgia, Maryland, Missouri and Virginia and received more than 200,000 impressions and more than 12,000 clicks. It cost 53,425 rubles ($915).
  • Still no backing for a regulatory fix. The only piece of concrete legislation tied to this issue is the Honest Ads Act, which would require disclosure for online political ads. While the companies all committed to improving transparency, and companies indicated that they could work with lawmakers on the bill, they did not endorse it.
  • Lawmakers felt slighted by the CEOs’ absence. “I wish your CEOs were here,” said Democratic Sen. Joe Manchin, one of many lawmakers who voiced that sentiment. “They need to answer for this.”
  • The companies are putting significant resources toward vetting content. During nine hours of hearings, they repeatedly touted how much they were investing in both money and personnel to solve the election interference issue. Facebook is doubling the people working on safety and security issues to 20,000 by the end of 2018, for example.
  • Democrats were the harshest critics. Silicon Valley has long had a strong relationship with the liberal left, but that didn’t stop California Sens. Dianne Feinstein and Kamala Harris, as well as tech ally Sen. Ron Wyden, from lacing into the witnesses. Republicans, while critical of the companies, stopped short of conceding that social media manipulation was a deciding factor in Donald Trump’s win.
  • Congressional investigators are still learning the basics. One lawmaker asked Twitter’s general counsel to explain the difference between a bot and a troll. Several inquired about the definition of “impressions.” This highlights how steep the learning curve is for elected officials to fully grasp the nuances of what went wrong online in 2016.
  • Tech made a huge political miscalculation in not moving faster. Again and again, the companies were chided for how long it took them to deliver the goods to investigators. “I hear all your words,” said Sen. Mark Warner, “but I have more than a little bit of frustration that many of us on this committee have been raising this issue since the beginning of this year, and our claims were frankly blown off by the leaderships of your companies.”
What’s next? All of the companies indicated their investigations are ongoing, so the scale of the Russian disinformation campaign could turn out to be even bigger than we know now.

Go deeper:

U.S Should Follow Europe’s Lead on Cyber

Posted on by

Imagine that….Europe may be more right on this issue than the United States is due to congress where decisions just cannot be made.

Going back to 2011, the Pentagon has concluded that computer sabotage coming from another country can constitute an act of war, a finding that for the first time opens the door for the U.S. to respond using traditional military force.

In 2016, Pentagon leaders are still working to determine when, exactly, a cyber-attack against the U.S. would constitute an act of war, and when, exactly, the Defense Department would respond to a cyber-attack on civilian infrastructure, a senior Defense Department official told lawmakers on Wednesday.

A cyber strike as an act of war “has not been defined,” Acting Assistant Secretary of Defense for Homeland Defense and Global Security Thomas Atkin told the House Armed Services Committee. “We’re still working toward that definition.” More here.

photo

Related reading: North Korea’s Elite Cyber Soldiers Hacked Top Secret Warship Blueprints, Seoul Lawmaker Says

So, is Europe ahead of the United States on this issue?

EU governments to warn cyber attacks can be an act of war

European Union governments will formally state that cyber attacks can be an act of war in a show of strength to countries such as Russia and North Korea.

Diplomats and ambassadors in Brussels have drafted a document, obtained by The Telegraph, that represents an unprecedented deterrent aimed at countries using hackers and cyber espionage against EU members.

The document, set to be agreed by all 28 EU members states, including Britain, in the coming weeks warns that individual member states could respond “in grave instances” to cyber attacks with conventional weapons.

The British government has now said it was all but certain that North Korea was behind the “WannaCry” malware attack that hit NHS IT systems in May. Work on the EU paper began among fears that Russia would attempt to influence this year’s German elections and over hybrid warfare employed in Ukraine. More here.

This could be a pretext for what is a probable threat.

photo

Banks fearing North Korea hacking prepare defenses: cyber experts

WASHINGTON/TORONTO (Reuters) – Global banks are preparing to defend themselves against North Korea potentially intensifying a years-long hacking spree by seeking to cripple financial networks as Pyongyang weighs the threat of U.S. military action over its nuclear program, cyber security experts said.

North Korean hackers have stolen hundreds of millions of dollars from banks during the past three years, including a heist in 2016 at Bangladesh Bank that yielded $81 million, according to Dmitri Alperovitch, chief technology officer at cyber security firm CrowdStrike.

Alperovitch told the Reuters Cyber Security Summit on Tuesday that banks were concerned Pyongyang’s hackers may become more destructive by using the same type of “wiper” viruses they deployed across South Korea and at Sony Corp’s (6758.T) Hollywood studio.

The North Korean government has repeatedly denied accusations by security researchers and the U.S. government that it has carried out cyber attacks.

North Korean hackers could leverage knowledge about financial networks gathered during cyber heists to disrupt bank operations, according to Alperovitch, who said his firm has conducted “war game” exercises for several banks.

“The difference between theft and destruction is often a few keystrokes,” Alperovitch said.

Security teams at major U.S. banks have shared information on the North Korean cyber threat in recent months, said a second cyber security expert familiar with those talks.

“We know they attacked South Korean banks,” said the source, who added that fears have grown that banks in the United States will be targeted next.

Tensions between Washington and Pyongyang have been building after a series of nuclear and missile tests by North Korea and bellicose verbal exchanges between U.S. President Donald Trump and North Korean leader Kim Jong Un.

John Carlin, a former U.S. assistant attorney general, told the Reuters summit that other firms, among them defense contractors, retailers and social media companies, were also concerned.

“They are thinking ‘Are we going to see an escalation in attacks from North Korea?’” said Carlin, chair of Morrison & Foerster international law firm’s global risk and crisis management team.

Jim Lewis, a cyber expert with Washington’s Center for Strategic and International Studies, said it is unlikely that North Korea would launch destructive attacks on American banks because of concerns about U.S. retaliation.

Representatives of the U.S. Federal Reserve and the Office of the Comptroller of the Currency, the top U.S. banking regulators, declined to comment. Both have ramped up cyber security oversight in recent years.

For other Reuters Cyber Summit news click on www.reuters.com/cyberrisk