Category Archives: NSA Spying

Microsoft Reveals Continued Hacks of Technology Companies

Posted on by

The Russia-linked hackers behind last year’s compromise of a wide swath of the U.S. government and scores of private companies, including SolarWinds Corp. , have stepped up their attacks in recent months, breaking into technology companies in an effort to steal sensitive information, cybersecurity experts said.

In a campaign that dates back to May of this year, the hackers have targeted more than 140 technology companies including those that manage or resell cloud-computing services, according to new research from Microsoft Corp. The attack, which was successful with as many as 14 of these technology companies, involved unsophisticated techniques like phishing or simply guessing user passwords in hopes of gaining access to systems, Microsoft said.

***SolarWinds Hackers Accessed US Justice Department Email ...

Source: In a recent blog post to the company’s website, Microsoft’s corporate vice president of customer security and trust, Tom Burt, wrote that “state actor Nobelium has been attempting to replicate the approach it has used in past attacks by targeting organizations integral to the global IT supply chain.”

Nobelium is “attacking a different part of the supply chain: resellers and other technology service providers that customize, deploy and manage cloud services and other technologies on behalf of their customers,” according to the company.

Burt wrote that 609 Microsoft customers had been informed that they’d been attacked between July and October of this year close to 23,000 times “with a success rate in the low single digits.”

The attacks, according to the executive, were not aimed at a specific flaw in any of the systems, rather, they were “password spray and phishing” attacks, which are aimed at stealing credentials that grant the attackers access to privileged information.

The Russian state-backed hacking group is, according to Burt, “trying to gain long-term, systematic access to a variety of points in the technology supply chain, and establish a mechanism for surveilling – now or in the future – targets of interest to the Russian government.”

***

Over 600 Microsoft customers targeted since July

“Since May, we have notified more than 140 resellers and technology service providers that have been targeted by Nobelium,” said Tom Burt, Corporate Vice President at Microsoft.

“We continue to investigate, but to date we believe as many as 14 of these resellers and service providers have been compromised.”

As Burt added, in all, more than 600 Microsoft customers were attacked thousands of times, although with a very low rate of success between July and October.

“These attacks have been a part of a larger wave of Nobelium activities this summer. In fact, between July 1 and October 19 this year, we informed 609 customers that they had been attacked 22,868 times by Nobelium, with a success rate in the low single digits,” Burt said.

“By comparison, prior to July 1, 2021, we had notified customers about attacks from all nation-state actors 20,500 times over the past three years.”

Nobelium MSP attacks
Nobelium MSP attacks (Microsoft)

This shows that Nobelium is still attempting to launch attacks similar to the one they pulled off after breaching SolarWinds’ systems to gain long-term access to the systems of targets of interest and establish espionage and exfiltration channels.

Microsoft also shared measures MSPs, cloud service providers, and other tech orgs can take to protect their networks and customers from these ongoing Nobelium attacks.

Nobelium’s high profile targets

Nobelium is the hacking division of the Russian Foreign Intelligence Service (SVR), also tracked as APT29, Cozy Bear, and The Dukes.

In April 2021, the U.S. government formally blamed the SVR division for coordinating the SolarWinds “broad-scope cyber espionage campaign” that led to the compromise of multiple U.S. government agencies.

At the end of July, the US Department of Justice was the last US govt entity to disclose that 27 US Attorneys’ offices were breached during the SolarWinds global hacking spree.

In May, the Microsoft Threat Intelligence Center (MSTIC) also reported a phishing campaign targeting government agencies from 24 countries.

Earlier this year, Microsoft detailed three Nobelium malware strains used for maintaining persistence on compromised networks: a command-and-control backdoor dubbed ‘GoldMax,’ an HTTP tracer tool tracked as ‘GoldFinder,’ a persistence tool and malware dropper named ‘Sibot.’

Two months later, they revealed four more malware families Nobelium used in their attacks: a malware downloader known as ‘BoomBox,’ a shellcode downloader and launcher known as ‘VaporRage,’ a malicious HTML attachment dubbed ‘EnvyScout,’ and a loader named ‘NativeZone.’

Factoid: The Biden Admin’s NSA Unmasked Tucker Carlson

Posted on by

So, who exactly ordered the NSA to unmask Tucker Carlson’s emails and leak them is unclear but there is at least one common name that did the same thing against General Flynn…..Susan Rice….ahhh but read on. (Remember former AG Barr called it spying)

Axios:

Tucker Carlson was talking to U.S.-based Kremlin intermediaries about setting up an interview with Vladimir Putin shortly before the Fox News host accused the National Security Agency of spying on him, sources familiar with the conversations tell Axios.

Why it matters: Those sources said U.S. government officials learned about Carlson’s efforts to secure the Putin interview. Carlson learned that the government was aware of his outreach — and that’s the basis of his extraordinary accusation, followed by a rare public denial by the NSA that he had been targeted.

  • Axios has not confirmed whether any communications from Carlson have been intercepted, and if so, why.

The big picture: Carlson’s charges instantly became a cause célèbre on the right, which feasted on the allegation that one of America’s most prominent conservatives might have been monitored by the U.S. intelligence community.

The backstory: Carlson told his roughly 3 million viewers on June 28 that the day before, he had heard “from a whistleblower within the U.S. government who reached out to warn us that the NSA … is monitoring our electronic communications and is planning to leak them in an attempt to take this show off the air.”

  • Carlson said his source, “who is in a position to know, repeated back to us information about a story that we are working on that could have only come directly from my texts and emails.”
  • “It’s illegal for the NSA to spy on American citizens,” Carlson added. “Things like that should not happen in America. But unfortunately, they do happen. And in this case, they did happen.”
  • The NSA said in a tweet the next night, as Carlson’s show went on the air, that his “allegation is untrue.”
  • “Tucker Carlson has never been an intelligence target of the Agency and the NSA has never had any plans to try to take his program off the air,” the statement said.

A Fox News spokesperson gave this response to our reporting: “We support any of our hosts pursuing interviews and stories free of government interference.”

  • And Carlson gave this statement: “As I’ve said repeatedly, because it’s true, the NSA read my emails, and then leaked their contents. That’s an outrage, as well as illegal.”

It is unclear why Carlson, or his source, would think this outreach could be the basis for NSA surveillance or a motive to have his show canceled.

  • Journalists routinely reach out to world leaders — including the leaders of countries that are not allied with the U.S. — to request interviews. And it’s not unusual to first reach out through unofficial intermediaries rather than through the leaders’ official press offices.
  • Numerous American journalists have interviewed Putin in recent years, and none have faced professional repercussions. Quite the contrary: Chris Wallace earned Fox News its first Emmy nomination for his 2018 Putin interview.

On Wednesday, Carlson told Maria Bartiromo on Fox Business that only his executive producer knew about the communications in question and that he didn’t mention it to anybody else, including his wife.

  • But, of course, the recipients of Carlson’s texts and emails also knew about their content. And we don’t know how widely they shared this information.

Between the lines: The NSA’s public statement didn’t directly deny that any Carlson communications had been swept up by the agency.

  • Axios submitted a request for comment to the NSA on Wednesday, asking whether the agency would also be willing to categorically deny that the NSA intercepted any of Carlson’s communications in the context of monitoring somebody he was talking to in his efforts to set up an interview with Putin.
  • An NSA spokesperson declined to comment and referred Axios back to the agency’s earlier, carefully worded, statement. In other words, the NSA is denying the targeting of Carlson but is not denying that his communications were incidentally collected.

What’s next: Experts say there are several plausible scenarios — including legal scenarios — that could apply.

  • The first — and least likely — scenario is that the U.S. government submitted a request to the Foreign Intelligence Surveillance Court to monitor Carlson to protect national security.
  • A more plausible scenario is that one of the people Carlson was talking to as an intermediary to help him get the Putin interview was under surveillance as a foreign agent.
  • In that scenario, Carlson’s emails or text messages could have been incidentally collected as part of monitoring this person, but Carlson’s identity would have been masked in any intelligence reports.
  • In order to know that the texts and emails were Carlson’s, a U.S. government official would likely have to request his identity be unmasked, something that’s only permitted if the unmasking is necessary to understand the intelligence.

In a third scenario, interceptions might not have involved Carlson’s communications. The U.S. government routinely monitors the communications of people in Putin’s orbit, who may have been discussing the details of Carlson’s request for an interview.

  • But under this scenario, too, Carlson’s identity would have been masked in reports as part of his protections as a U.S. citizen, and unmasking would only be permitted if a U.S. government official requested that his identity be unmasked in order to understand the intelligence. And it’s not clear why that would be necessary here.

The intrigue: Two sources familiar with Carlson’s communications said his two Kremlin intermediaries live in the United States, but the sources could not confirm whether both are American citizens or whether both were on U.S. soil at the time they communicated with Carlson.

  • This is relevant because if one of them was a foreign national and on foreign soil during the communications, the U.S. government wouldn’t necessarily have had to seek approval to monitor their communications.

 

Audio Proves John Kerry is a Traitor

Posted on by

Mohammad Javad Zarif, the Iranian Foreign Minister and long time friend of John Kerry, had an interview recording with an economist Saeed Leylaz in March. The call was recorded and leaked to a London based Persian news outlet called Iran International.

Inside the call, Zarif revealed that the Iranian Revolutionary Guard Corps actually runs the country and often is at odds with Zarif. Additionally admitted was the death of Qassim Suleimani, the commander of the Guard’s elite force known as the Quds Force has damaged the country. Suleimani exploited his power in the nuclear deal, the war plans in Syria as well as ground operations.

US senator tells John Kerry to resign from Biden ...

Based on how the New York Times twists the facts and alters the full truth, there are some details spelled out that are interesting, found here.

There are already calls in Washington DC for John Kerry to resign and there is justification for that however not before there is a full hearing in the Senate. Why you ask? Also included in the Zarif interview was the admission that John Kerry often spoke to Zarif and in a particular case shared the highly classified fact(s) that Israel was behind at least 200 airstrikes in Syria. Zarif says he was shocked that Kerry would reveal such protected information and betray Israel.

 


It cannot be understated that John Kerry has split loyalties and his advocacy for Iran continues to be extraordinary. Kerry does in fact maintain security clearance and does sit on the Biden National Security Council as the climate czar. Frankly that position is likely to be just an official cover to continue his foreign policy work with U.S. adversaries including China and Russia.

It is hardly as surprise that the Biden White House refuses to comment, stating they do not respond to leaked tape(s) or the authenticity. Well, hey Biden people, you opened communications channels with Iran to restart the nuclear deal talks, so pick up the phone and call Zarif to gain authenticity. Yeesh.

It should be noted that when one has security clearance, a signature is required that includes a major stipulation that the candidate is subject to Federal prosecution if classified material is divulged and not approved for release. Perhaps it is time to use the FISA court for a real intended purpose and issue subpoenas for John Kerry’s communication(s) records including enlisting the NSA for the validation of emails, phone calls, encrypted text messages or written documents. John Kerry should be suspended from all official government positions and activity until a full hearing is performed.

The next question is what will Israel do in this case? It is interesting that Israel did send an envoy to the U.S. just a few days ago including those from the Mossad for discussion at the Department of Defense. It should also be noted that Secretary of Defense Lloyd Austin visited Israel on April 12/13th for discussions regarding the mysterious Natanz explosion where enriching uranium was advancing as a faster pace. There were likely many other items discussed during this confab, quite possibly the Zarif interview, John Kerry and sanctions.

This is a brewing scandal and the Biden White House needs to come clean.

China Used ‘Mass Surveillance’ on Thousands of Americans’ Phones

Posted on by

Is the Caribbean Smartphone Market Closer to Asia than America? - Droid Island

Newsweek reports: A mobile security expert has accused China of exploiting cellphone networks in the Caribbean to conduct “mass surveillance” on Americans.

China Regional Snapshot: The Caribbean - Committee on Foreign Affairs

Gary Miller, a former vice president of network security at California-based analytics company Mobileum, told The Guardian he had amassed evidence of espionage conducted via “decades-old vulnerabilities” in the global telecommunications system.

While not explicitly mentioned in the report, the claims appear to be centered around Signaling System 7 (SS7), a communications protocol that routes calls and data around the world and has long been known to have inherent security weaknesses.

According to Miller, his analysis of “signals data” from the Caribbean has shown China was using a state-controlled mobile operator to “target, track, and intercept phone communications of U.S. phone subscribers,” The Guardian reported.

Miller claimed China appeared to exploit Caribbean operators to conduct surveillance on Americans as they were traveling, alleging that attacks on cell phones between 2018 to 2020 likely affected “tens of thousands” of U.S. mobile users in the region.

“Once you get into the tens of thousands, the attacks qualify as mass surveillance,” the mobile researcher said, noting the tactic is “primarily for intelligence collection and not necessarily targeting high-profile targets.” Miller continued: “It might be that there are locations of interest, and these occur primarily while people are abroad.”

A previous analysis paper covering 2018-2019, also titled Far From Home, contained a series of similar espionage claims about SS7, alleging that “mass surveillance attacks” in 2018 were most prevalent by China and Caribbean mobile networks. More here.

But hold on…. it does not stop there….we also have the Channel Islands…

Pin on Guernsey Island

Remarkable investigative details here.

The Bureau: Private intelligence companies are using phone networks based in the Channel Islands to enable surveillance operations to be carried out against people around the world, including British and US citizens, the Bureau of Investigative Journalism can reveal following a joint reporting project with the Guardian.

Leaked data, documents and interviews with industry insiders who have access to sensitive information suggest that systemic weaknesses in the global telecoms infrastructure, and a particular vulnerability in Jersey and Guernsey, are being exploited by corporate spy businesses.

These businesses take advantage of some of the ways mobile phone networks across the world interact in order to access private information on targets, such as location information or, in more sophisticated applications, the content of calls and messages or other highly sensitive data.

The spy companies see phone operators in the Channel Islands as an especially soft route into the UK, according to industry experts, who say the attacks emanating from the islands appear to be targeted at individuals rather than cases of “mass” surveillance. The Bureau understands that the targets of this surveillance have been spread across the globe, and included US citizens as well as people in Europe and Africa.

Ron Wyden, the Oregon senator and privacy advocate, described the use of foreign telecom assets to spy on people in the US as a national security threat.

“Access into US telephone networks is a privilege,” he said in response to the Bureau’s findings. “Foreign telecom regulators need to police their domestic industry – if they don’t, they risk their country being cut off from US roaming agreements.”

Markéta Gregorová, the European Parliament’s chief negotiator on trade legislation for surveillance technology, called for “immediate regulatory, financial and diplomatic costs on companies and rogue jurisdictions” that enabled these practices.

“Any commercial or governmental entity, foreign or domestic which enables the facilitation of warrantless cyber-attacks on European citizens deserves the full force of our justice system,” she told the Bureau.

CIA Labs Launches for Advanced Research Projects

Posted on by

This new initiative is to allow the agency to attract and retain scientists and engineers, who are highly sought after by some of America’s top technology firms, like Google and Oracle. MIT’s Technology Review, which wrote about this initiative, referred to it as a “skunkworks”.

The Central Intelligence Agency announced Monday the launch of its first-ever federal lab, a new internal organization that will allow its officers to obtain patents and licenses for intellectual property they create while working at the agency.

The new office, called CIA Labs, will be an in-house research and development office through which the spy agency will develop the future technology it needs for intelligence collection for national security, while also helping U.S. economic security, according to Dawn Meyerriecks, head of CIA’s Directorate of Science and Technology, in an agency press release.

CIA Labs photo

In a speech last week at the Intelligence and National Security Summit, Meyerriecks listed several broad areas where the agency has intellectual property that could “change the conversation” around key emerging technologies. She listed 5G, battery technology, augmented and virtual reality, artificial intelligence and machine learning, computation, geospatial information representation, navigation, and analytics as areas of focus.

“It’s an endless list that we collectively own, but the world desperately needs,” Meyerriecks said. “And if your attitude is ‘I will get this to production and then I will wait for the next procurement opportunity,’ then we are collectively part of the problem, not part of the solution.”

She added that the agency already has two provisional patents, but didn’t go into detail.

The lab is an investment the CIA is making to recognize the entrepreneurs inside the agency, an area not covered by the intelligence community’s other innovation and advanced research hubs, In-Q-Tel and the Intelligence Advanced Research Projects Activity.

The federal lab designation will allow the agency to strengthen its connection to academia, industry and the 300 federal labs across the United States. The CIA press release added that the labs will allow for internship and externships for officers. CIA labs will also provide career incentives at the agency because the investors can receive license revenue from users outside the agency.

“Some phenomenal innovations have come from CIA over the years, and with CIA Labs, we’re now better positioned to optimize developments and further invest in our scientists and technologists. In an evolving threat landscape, CIA Labs will help us maintain our competitive edge and protect our nation,” Meyerriecks said in a statement Monday.

*** CIA Labs to focus on blockchain research among other areas ... photo

Officers who develop new technologies at CIA Labs will be allowed to patent, license, and profit from their work, making 15% of the total income from the new invention with a cap of $150,000 per year. That could double most agency salaries and make the work more competitive with Silicon Valley.

CIA Labs is looking at areas including artificial intelligence, data analytics, biotechnology, advanced materials, and high-performance quantum computing.

One example of an immediate problem Meyerriecks says the agency faces is being overwhelmed by the amount of data it collects. Militaries and intelligence agencies around the world deal in a multitude of sensors like, for instance, the kind of tech found on drones. The CIA’s own sensors suck up incalculable mountains of data per second, she says. Officers badly want to develop massive computational power in a relatively small, low-power sensor so the sorting can be done quickly on the device instead of being sent back to a central system.

Of course, efforts to develop new technology inevitably run into questions about how it will actually be used, especially at an agency that has long been a fundamental instrument of American power. Some inventions have been uncontroversial: during the Cold War, Meyerriecks says, the agency helped develop lithium-ion batteries, an innovative power source now widely used by the public. More recently, however, during the war on terrorism, the agency poured resources into advancing nascent drone technology that has made tech-enabled covert assassination a weapon of choice for every American president since 9/11 despite despite ongoing controversy over its potential illegality.