Category Archives: NSA Spying

Trump Makes Official a Cyber Command

Posted on by

In a statement, Trump said the unit would be ranked at the level of Unified Combatant Command focused on cyberspace operations. Cyber Command’s elevation reflects a push to strengthen U.S. capabilities to interfere with the military programs of adversaries such as North Korea’s nuclear and missile development and Islamic State’s ability to recruit, inspire and direct attacks, three U.S. intelligence officials said this month, speaking on the condition of anonymity. The Pentagon did not specify how long the elevation process would take.

Current and former officials said a leading candidate to head U.S. Cyber Command was Army Lt. Gen. William Mayville, currently director of the Pentagon’s Joint Staff. More here.

There has not only been resistance to this, but it appears one or more agencies are launching their own cyber departments.

The State Department quietly established a new office earlier this year within its Diplomatic Security Service to safeguard against and respond to cybersecurity threats.

The State Department officially launched the new office, called the Cyber and Technology Security (CTS) directorate, on May 28, a department official confirmed. The establishment of the directorate was first reported by Federal News Radio last week.

However:

 

At the direction of the president, the Defense Department today initiated the process to elevate U.S. Cyber Command to a unified combatant command.

“This new unified combatant command will strengthen our cyberspace operations and create more opportunities to improve our nation’s defense,” President Donald J. Trump said in a written statement.

The elevation of the command demonstrates the increased U.S. resolve against cyberspace threats and will help reassure allies and partners and deter adversaries, the statement said.  The elevation also will help to streamline command and control of time-sensitive cyberspace operations by consolidating them under a single commander with authorities commensurate with the importance of those operations and will ensure that critical cyberspace operations are adequately funded, the statement said.

Defense Secretary Jim Mattis is examining the possibility of separating U.S. Cyber Command from the National Security Agency, and is to announce his recommendations at a later date.

Growing Mission

The decision to elevate U.S. Cyber Command is consistent with Mattis’ recommendation and the requirements of the fiscal year 2017 National Defense Authorization Act, Kenneth P. Rapuano, assistant secretary of defense for homeland defense and global security, told reporters at the Pentagon today.

“The decision is a welcome and necessary one that ensures that the nation is best positioned to address the increasing threats in cyberspace,” he added.

Cybercom’s elevation from its previous subunified command status demonstrates the growing centrality of cyberspace to U.S. national security, Rapuano said, adding that the move signals the U.S. resolve to “embrace the changing nature of warfare and maintain U.S. military superiority across all domains and phases of conflict.”

Cybercom was established in 2009 in response to a clear need to match and exceed enemies seeking to use the cyber realm to attack the United States and its allies. The command is based at Fort George G. Meade, Maryland, with the National Security Agency. Navy Adm. Michael S. Rogers is the commander of U.S. Cyber Command and the National Security Agency director. The president has directed Mattis to recommend a commander for U.S. Cyber Command, and Rogers for now remains in the dual-hatted role, Rapuano said.

More Strategic Role

Since its establishment, Cybercom has grown significantly, consistent with DoD’s cyber strategy and reflective of major increases in investments in capabilities and infrastructure, Rapuano said. The command reached full operational capability Oct. 31, 2010, but it is still growing and evolving. The command is concentrating on building its Cyber Mission Force, which should be complete by the end of fiscal year 2018, he said.

The force is expected to consist of almost 6,200 personnel organized into 133 teams. All of the teams have already reached initial operational capability, and many are actively conducting operations. The force incorporates reserve component personnel and leverages key cyber talent from the civilian sector.

“This decision means that Cyber Command will play an even more strategic role in synchronizing cyber forces and training,  conducting and coordinating military cyberspace operations, and advocating for and prioritizing cyber investments within the department,”  Rapuano said.

Cybercom already has been performing many responsibilities of a unified combatant command. The elevation also raises the stature of the commander of Cyber Command to a peer level with the other unified combatant command commanders, allowing the Cybercom commander to report directly to the secretary of defense, Rapuano pointed out.

The new command will be the central point of contact for resources for the department’s operations in the cyber domain and will serve to synchronize cyber forces under a single manager. The commander will also ensure U.S. forces will be interoperable.

“This decision is a significant step in the department’s continued efforts to build its cyber capabilities, enabling Cyber Command to provide real, meaningful capabilities as a command on par with the other geographic and functional combat commands,” Rapuano said.

The New York Channel to North Korea is in Play

Posted on by

His name is Joseph Yun, a U.S. diplomat at the United Nations, one that the North Korean regime has reached out to more than once. Most recently it was over the return of Otto Warmbier and his release.

Under the Obama administration, all talks were terminated where at the time Sweden was the communications envoy of record. With the transfer of power and government to Donald Trump, Pyongyang opened up the back channel via the United Nations to Joseph Yun, who has long diplomatic experience in the region.

While preparations are in place according to President Trump should Kim launch his 4 missiles toward Guam, Pentagon Chief Mattis declares the United States and allies are ready. That still leaves North Korea with nuclear weapons, a condition every expert is omitting in talking points. Secretary of State Tillerson says his work is to get North Korea to stop with the missile program, and that will not likely occur as it is a proxy operation of Iran.

The Kim regime is keeping his estimated 60 nuclear weapons for a bargaining tool and global legitimacy. That is the real problem. Many expert declare that North Korea always backs down in the end when they get food or sanctions relief but we are dealing with a new Kim that is far more unpredictable than his father.

So, what can the U.S. and allies do going forward? Shall we continue to rely on China? They are anything but a friend or a cooperative partner stating in local Chinese news that China will remain neutral should Kim strike first. Further, China declared that if the United States went to a preemptive posture, China would stop us.

China wants total ownership and power in the region and certainly when it comes to navigation, so any U.S. naval activity angers them.

The United States has other options and tools, where not one but a combination of all may also be deployed. That includes forcing a regime change, not always the best solution. Then there is the special forces deployment to covertly enter North Korea and work on a detonation of key command and control sites. Special operations has trained for this kind of operation for more than 20 years.

There is a cyber option, a tool that several experts declare have already been used that Kim’s missile miss targets or fail on re-entry.

Dealing with China to control North Korea is a fool’s errand as Russia and Iran are part of the total equation. There could still be wider consequences when the United States and allies prevail over North Korea on the missile side, again the nuclear inventory remains and is traded to other rogue nations such as Iran or Syria.

There are other allies included in the variables regarding North Korea. They include Australia, Japan and Britain, where Canada, Germany and France remain silent. Japan has just deployed a missile defense system in a defensive mode.

The media continues to declare that any military conflict will lead to millions dying. That is only true if North Korea is successful on a land based conflict hitting Seoul. The U.S. uses only precision guided munitions where collateral damage would not affect other regions of North Korea, hence millions would not escape across the Yalu river into China. China has a standing army at that border preventing such an event.

China and North Korea want the peninsula to be unified and under Chinese control which is much the case to the waterways in dispute along with the contested islands. China fears that the United States is working to unify the peninsula under S. Korean control, which has not been an objective.

In summary, while fear for days has been the media headlines, it cannot be fully dismissed, however, a near term conflict will be likely resolved, leaving North Korea with a viable nuclear weapons and missile program. The coordination between Iran and North Korea will continue in that same realm and Trump is left with the same festering issue of previous president.

Will there be a Chinese naval blockade if the United State and allies go for a preemptive strike? Perhaps that New York Channel to Pyongyang has the burden of finding out. Has someone sent an envoy to Tehran yet with these discussions? Nah….Russia meanwhile is keeping a keen eye on all of it.

 

We Know the Locations of N Korea Nuclear Sites

Posted on by

Within a measure of feet…..

The United States has likely deployed the Global Hawk. An RQ-4 Global Hawk soars through the sky to record intelligence, surveillence and reconnaissance data. Air Force and Navy officials met to discuss joint training with the RQ-4. (Courtesy photo)

Mission 
The RQ-4 Global Hawk is a high-altitude, long-endurance, remotely piloted aircraft with an integrated sensor suite that provides global all-weather, day or night intelligence, surveillance and reconnaissance (ISR) capability. Global Hawk’s mission is to provide a broad spectrum of ISR collection capability to support joint combatant forces in worldwide peacetime, contingency and wartime operations. The Global Hawk provides persistent near-real-time coverage using imagery intelligence (IMINT), signals intelligence (SIGINT) and moving target indicator (MTI) sensors.

Features 
Global Hawk is currently fielded in three distinct blocks. Seven Block 10 aircraft were procured, but were retired from the Air Force inventory in 2011. Block 20s were initially fielded with IMINT-only capabilities, but three Block 20s have been converted to an EQ-4 communication relay configuration, carrying the Battlefield Airborne Communication Node (BACN) payload. Block 30 is a multi-intelligence platform that simultaneously carries electro-optical, infrared, synthetic aperture radar (SAR), and high and low band SIGINT sensors. Block 30 Initial Operating Capability (IOC) was declared in August 2011. Eighteen Block 30s are currently fielded, supporting every geographic combatant command as well as combat missions in Operations Enduring Freedom and Iraqi Freedom/ New Dawn. Block 30s also supported Operation Odyssey Dawn in Libya and humanitarian relief efforts during Operation Tomodachi in Japan. Block 40 carries the Radar Technology Insertion Program (RTIP) active electronically scanned array radar which provides MTI and SAR data. Block 40 Early Operating Capability (EOC) was declared in Sep 2013 and eleven Block 40s are currently fielded, supporting operations in four combatant commands.

Add other resources already in theater including the THAAD systems and we can determine the locations at least within a differential of feet and we can likely predict the location of the next launch. When it comes to cyber activity and the NSA, be assured those systems are in full use as well.

THAAD Terminal High-Altitude Area Defence

Thanks to dedicated scientists in the United States in key locations, they work wonders by reading waves and ripples and testing air.

How earthquake scientists eavesdrop on North Korea’s nuclear blasts

Waves and ripples in the Earth can reveal the location and depth of an explosion

illustration of seismic waves under a mountain

NUCLEAR SHAKEDOWN  Rumblings of seismic waves reveal clues about North Korea’s nuclear weapons tests, detonated in a mountain. Nicolle Rager Fuller

On September 9 of last year, in the middle of the morning, seismometers began lighting up around East Asia. From South Korea to Russia to Japan, geophysical instruments recorded squiggles as seismic waves passed through and shook the ground. It looked as if an earthquake with a magnitude of 5.2 had just happened. But the ground shaking had originated at North Korea’s nuclear weapons test site.

It was the fifth confirmed nuclear test in North Korea, and it opened the latest chapter in a long-running geologic detective story. Like a police examiner scrutinizing skid marks to figure out who was at fault in a car crash, researchers analyze seismic waves to determine if they come from a natural earthquake or an artificial explosion. If the latter, then scientists can also tease out details such as whether the blast was nuclear and how big it was. Test after test, seismologists are improving their understanding of North Korea’s nuclear weapons program.

The work feeds into international efforts to monitor the Comprehensive Nuclear-Test-Ban Treaty, which since 1996 has banned nuclear weapons testing. More than 180 countries have signed the treaty. But 44 countries that hold nuclear technology must both sign and ratify the treaty for it to have the force of law. Eight, including the United States and North Korea, have not.

To track potential violations, the treaty calls for a four-pronged international monitoring system, which is currently about 90 percent complete. Hydroacoustic stations can detect sound waves from underwater explosions. Infrasound stations listen for low-frequency sound waves rumbling through the atmosphere. Radio­nuclide stations sniff the air for the radioactive by-products of an atmospheric test. And seismic stations pick up the ground shaking, which is usually the fastest and most reliable method for confirming an underground explosion.

Seismic waves offer extra information about an explosion, new studies show. One research group is exploring how local topography, like the rugged mountain where the North Korean government conducts its tests, puts its imprint on the seismic signals. Knowing that, scientists can better pinpoint where the explosions are happening within the mountain — thus improving understanding of how deep and powerful the blasts are. A deep explosion is more likely to mask the power of the bomb.

Story continues after map

map of North Korea

EARS TO THE GROUND Using seismic wave data, researchers calculated the likely locations of five nuclear tests in North Korea’s Mount Mantap (satellite image shown).

  S.J. GIBBONS ET AL/GEOPHYS. J. INT. 2017, GOOGLE EARTH

Separately, physicists have conducted an unprecedented set of six explosions at the U.S. nuclear test site in Nevada. The aim was to mimic the physics of a nuclear explosion by detonating chemical explosives and watching how the seismic waves radiate outward. It’s like a miniature, nonnuclear version of a nuclear weapons test. Already, the scientists have made some key discoveries, such as understanding how a deeply buried blast shows up in the seismic detectors.

The more researchers can learn about the seismic calling card of each blast, the more they can understand international developments. That’s particularly true for North Korea, where leaders have been ramping up the pace of military testing since the first nuclear detonation in 2006. On July 4, the country launched its first confirmed ballistic missile — with no nuclear payload — that could reach as far as Alaska.

“There’s this building of knowledge that helps you understand the capabilities of a country like North Korea,” says Delaine Reiter, a geophysicist with Weston Geophysical Corp. in Lexington, Mass. “They’re not shy about broadcasting their testing, but they claim things Western scientists aren’t sure about. Was it as big as they claimed? We’re really interested in understanding that.”

Natural or not

Seismometers detect ground shaking from all sorts of events. In a typical year, anywhere from 1,200 to 2,200 earthquakes of magnitude 5 and greater set off the machines worldwide. On top of that is the unnatural shaking: from quarry blasts, mine collapses and other causes. The art of using seismic waves to tell one type of event from the others is known as forensic seismology.

Forensic seismologists work to distinguish a natural earthquake from what could be a clandestine nuclear test. In March 2003, for instance, seismometers detected a disturbance coming from near Lop Nor, a dried-up lake in western China that the Chinese government, which signed but hasn’t ratified the test ban treaty, has used for nuclear tests. Seismologists needed to figure out immediately what had happened.

One test for telling the difference between an earthquake and an explosion is how deep it is. Anything deeper than about 10 kilometers is almost certain to be natural. In the case of Lop Nor, the source of the waves seemed to be located about six kilometers down — difficult to tunnel to, but not impossible. Researchers also used a second test, which compares the amplitudes of two different kinds of seismic waves.

Earthquakes and explosions generate several types of seismic waves, starting with P, or primary, waves. These waves are the first to arrive at a distant station. Next come S, or secondary, waves, which travel through the ground in a shearing motion, taking longer to arrive. Finally come waves that ripple across the surface, including those called Rayleigh waves.

In an explosion as compared with an earthquake, the amplitudes of Rayleigh waves are smaller than those of the P waves. By looking at those two types of waves, scientists determined the Lop Nor incident was a natural earthquake, not a secretive explosion. (Seismology cannot reveal the entire picture. Had the Lop Nor event actually been an explosion, researchers would have needed data from the radionuclide monitoring network to confirm the blast came from nuclear and not chemical explosives.)

For North Korea, the question is not so much whether the government is setting off nuclear tests, but how powerful and destructive those blasts might be. In 2003, the country withdrew from the Treaty on the Nonproliferation of Nuclear Weapons, an international agreement distinct from the testing ban that aims to prevent the spread of nuclear weapons and related technology. Three years later, North Korea announced it had conducted an underground nuclear test in Mount Mantap at a site called Punggye-ri, in the northeastern part of the country. It was the first nuclear weapons test since India and Pakistan each set one off in 1998.

By analyzing seismic wave data from monitoring stations around the region, seismologists concluded the North Korean blast had come from shallow depths, no more than a few kilometers within the mountain. That supported the North Korean government’s claim of an intentional test. Two weeks later, a radionuclide monitoring station in Yellowknife, Canada, detected increases in radioactive xenon, which presumably had leaked out of the underground test site and drifted eastward. The blast was nuclear.

But the 2006 test raised fresh questions for seismologists. The ratio of amplitudes of the Rayleigh and P waves was not as distinctive as it usually is for an explosion. And other aspects of the seismic signature were also not as clear-cut as scientists had expected.

Researchers got some answers as North Korea’s testing continued. In 2009, 2013 and twice in 2016, the government set off more underground nuclear explosions at Punggye-ri. Each time, researchers outside the country compared the seismic data with the record of past nuclear blasts. Automated computer programs “compare the wiggles you see on the screen ripple for ripple,” says Steven Gibbons, a seismologist with the NORSAR monitoring organization in Kjeller, Norway. When the patterns match, scientists know it is another test. “A seismic signal generated by an explosion is like a fingerprint for that particular region,” he says.

With each test, researchers learned more about North Korea’s capabilities. By analyzing the magnitude of the ground shaking, experts could roughly calculate the power of each test. The 2006 explosion was relatively small, releasing energy equivalent to about 1,000 tons of TNT — a fraction of the 15-kiloton bomb dropped by the United States on Hiroshima, Japan, in 1945. But the yield of North Korea’s nuclear tests crept up each time, and the most recent test, in September 2016, may have exceeded the size of the Hiroshima bomb.

This U.S. atmospheric nuclear test took place in April 1953 in Nevada. No surprise, North Korea’s buried tests are harder to spot.

CTBTO/FLICKR (CC BY 2.0)

Digging deep

For an event of a particular seismic magnitude, the deeper the explosion, the more energetic the blast. A shallow, less energetic test can look a lot like a deeply buried, powerful blast. Scientists need to figure out precisely where each explosion occurred.

Mount Mantap is a rugged granite mountain with geology that complicates the physics of how seismic waves spread. Western experts do not know exactly how the nuclear bombs are placed inside the mountain before being detonated. But satellite imagery shows activity that looks like tunnels being dug into the mountainside. The tunnels could be dug two ways: straight into the granite or spiraled around in a fishhook pattern to collapse and seal the site after a test, Frank Pabian, a nonproliferation expert at Los Alamos National Laboratory in New Mexico, said in April in Denver at a meeting of the Seismological Society of America.

Researchers have been trying to figure out the relative locations of each of the five tests. By comparing the amplitudes of the P, S and Rayleigh waves, and calculating how long each would have taken to travel through the ground, researchers can plot the likely sites of the five blasts. That allows them to better tie the explosions to the infrastructure on the surface, like the tunnels spotted in satellite imagery.

One big puzzle arose after the 2009 test. Analyzing the times that seismic waves arrived at various measuring stations, one group calculated that the test occurred 2.2 kilometers west of the first blast. Another scientist found it only 1.8 kilometers away. The difference may not sound like a lot, Gibbons says, but it “is huge if you’re trying to place these relative locations within the terrain.” Move a couple of hundred meters to the east or west, and the explosion could have happened beneath a valley as opposed to a ridge — radically changing the depth estimates, along with estimates of the blast’s power.

Gibbons and colleagues think they may be able to reconcile these different location estimates. The answer lies in which station the seismic data come from. Studies that rely on data from stations within about 1,500 kilometers of Punggye-ri — as in eastern China — tend to estimate bigger distances between the locations of the five tests when compared with studies that use data from more distant seismic stations in Europe and elsewhere. Seismic waves must be leaving the test site in a more complicated way than scientists had thought, or else all the measurements would agree.

When Gibbons’ team corrected for the varying distances of the seismic data, the scientists came up with a distance of 1.9 kilometers between the 2006 and 2009 blasts. The team also pinpointed the other explosions as well. The September 2016 test turned out to be almost directly beneath the 2,205-meter summit of Mount Mantap, the group reported in January in Geophysical Journal International. That means the blast was, indeed, deeply buried and hence probably at least as powerful as the Hiroshima bomb for it to register as a magnitude 5.2 earthquake.

Other seismologists have been squeezing information out of the seismic data in a different way — not in how far the signals are from the test blast, but what they traveled through before being detected. Reiter and Seung-Hoon Yoo, also of Weston Geophysical, recently analyzed data from two seismic stations, one 370 kilometers to the north in China and the other 306 kilometers to the south in South Korea.

The scientists scrutinized the moments when the seismic waves arrived at the stations, in the first second of the initial P waves, and found slight differences between the wiggles recorded in China and South Korea, Reiter reported at the Denver conference. Those in the north showed a more energetic pulse rising from the wiggles in the first second; the southern seismic records did not. Reiter and Yoo think this pattern represents an imprint of the topography at Mount Mantap.

“One side of the mountain is much steeper,” Reiter explains. “The station in China was sampling the signal coming through the steep side of the mountain, while the southern station was seeing the more shallowly dipping face.” This difference may also help explain why data from seismic stations spanning the breadth of Japan show a slight difference from north to south. Those differences may reflect the changing topography as the seismic waves exited Mount Mantap during the test.

Four ways to verify a nuclear weapons test

Seismic: 170 stations worldwide monitor ground shaking to identify the location, strength and nature of a seismic event.

Hydroacoustic: 11 stations listen in the oceans, where sound waves can propagate far.

Infrasound: 60 stations detect low-frequency sound waves inaudible to humans.

Radionuclide: 80 stations sniff for radioactive particles dispersed in the wind after a test.

Learning from simulations

But there is only so much scientists can do to understand explosions they can’t get near. That’s where the test blasts in Nevada come in.

The tests were part of phase one of the Source Physics Experiment, a $40-million project run by the U.S. Department of Energy’s National Nuclear Security Administration. The goal was to set off a series of chemical explosions of different sizes and at different depths in the same borehole and then record the seismic signals on a battery of instruments. The detonations took place at the nuclear test site in southern Nevada, where between 1951 and 1992 the U.S. government set off 828 underground nuclear tests and 100 atmospheric ones, whose mushroom clouds were seen from Las Vegas, 100 kilometers away.

For the Source Physics Experiment, six chemical explosions were set off between 2011 and 2016, ranging up to 5,000 kilograms of TNT equivalent and down to 87 meters deep. The biggest required high-energy–density explosives packed into a cylinder nearly a meter across and 6.7 meters long, says Beth Dzenitis, an engineer at Lawrence Livermore National Laboratory in California who oversaw part of the field campaign. Yet for all that firepower, the detonation barely registered on anything other than the instruments peppering the ground. “I wish I could tell you all these cool fireworks go off, but you don’t even know it’s happening,” she says.

The explosives were set inside granite rock, a material very similar to the granite at Mount Mantap. So the seismic waves racing outward behaved very much as they might at the North Korean nuclear test site, says William Walter, head of geophysical monitoring at Livermore. The underlying physics, describing how seismic energy travels through the ground, is virtually the same for both chemical and nuclear blasts.

Technicians lower an enormous canister of explosives into the ground in southern Nevada for a chemical explosion — part of the Source Physics Experiment series — to mimic the physics of nuclear blasts.

GARY STRIKER/LAWRENCE LIVERMORE NATIONAL LAB

The results revealed flaws in the models that researchers have been using for decades to describe how seismic waves travel outward from explosions. These models were developed to describe how the P waves compress rock as they propagate from large nuclear blasts like those set off starting in the 1950s by the United States and the Soviet Union. “That worked very well in the days when the tests were large,” Walter says. But for much smaller blasts, like those North Korea has been detonating, “the models didn’t work that well at all.”

Walter and Livermore colleague Sean Ford have started to develop new models that better capture the physics involved in small explosions. Those models should be able to describe the depth and energy release of North Korea’s tests more accurately, Walter reported at the Denver meeting.

A second phase of the Source Physics Experiment is set to begin next year at the test site, in a much more rubbly type of rock called alluvium. Scientists will use that series of tests to see how seismic waves are affected when they travel through fragmented rock as opposed to more coherent granite. That information could be useful if North Korea begins testing in another location, or if another country detonates an atomic bomb in fragmented rock.

For now, the world’s seismologists continue to watch and wait, to see what the North Korean government might do next. Some experts think the next nuclear test will come at a different location within Mount Mantap, to the south of the most recent tests. If so, that will provide a fresh challenge to the researchers waiting to unravel the story the seismic waves will tell.

“It’s a little creepy what we do,” Reiter admits. “We wait for these explosions to happen, and then we race each other to find the location, see how big it was, that kind of thing. But it has really given us a good look as to how [North Korea’s] nuclear program is progressing.” Useful information as the world’s nations decide what to do about North Korea’s rogue testing.

2 Congressmen Watched Voting Machines Being Hacked

Posted on by

Primer

33 states accepted DHS aid to secure elections

The Department of Homeland Security (DHS) provided cybersecurity assistance to 33 state election offices and 36 local election offices leading up to the 2016 presidential election, according to information released by Democratic congressional staff.

During the final weeks of the Obama administration, the DHS announced that it would designate election infrastructure as critical, following revelations about Russian interference in the 2016 election.

Since January, two states and six local governments have requested cyber hygiene scanning from the DHS, according to a memo and DHS correspondence disclosed Wednesday by the Democratic staff of the Senate Homeland Security and Governmental Affairs Committee.

The information is related to the committee’s ongoing oversight of the DHS decision to designate election infrastructure.

The intelligence community said back in January that in addition to directing cyberattacks on the Democratic National Committee and top Democratic officials, Russia also targeted state and local electoral systems not involved in vote tabulating.

In June, DHS officials told senators investigating Russian interference that there was evidence that Russia targeted election-related systems in 21 states, none of them involved in vote tallying.

Officials have previously confirmed breaches in Arizona and Illinois, though it remains unclear whether other systems were successfully breached. Lawmakers such as Sen. Mark Warner (D-Va.) have demanded more information on the specific states targeted.

Homeland Security and Government Affairs ranking member Claire McCaskill (D-Mo.) wrote then-Secretary of Homeland Security John Kelly back in March, asking for more information on his plans for the critical infrastructure designation. The information released Wednesday is drawn from his response on June 13. Kelly has since left his post to serve as President Trump’s chief of staff.

“Prior to the election, DHS offered voluntary, no-cost cybersecurity services and assistance to election officials across all 50 states. By Election Day, 33 state election offices and 36 local election offices requested and received these cyber hygiene assessments of their internet-facing infrastructure,” Kelly wrote.

“In addition, one state election office requested and received a more in-depth risk and vulnerability assessment of their election infrastructure.”

Given the critical infrastructure designation, the DHS is providing cyber hygiene assessments, which include vulnerability scanning of election-related systems excluding voting machines and tallying systems, which the department recommends being disconnected from the internet.

The department also offers risk and vulnerability assessments, which include penetration testing, social engineering, wireless discovery and identification, and database and operating systems scanning. The DHS is also responsible for sharing threat information with owners and operators of critical infrastructure, which now include state and local election officials.

“Following the establishment of election infrastructure as critical infrastructure, several state and local governments requested new or expanded cybersecurity services from DHS,” Kelly disclosed in June, according to the letter. “Specifically, an additional two states and six local governments requested to begin cyber hygiene scanning (one state has, however, ended its service agreement). DHS also received one request for the risk and vulnerability assessment service.”

Many state and local election officials have opposed the designation, saying that the DHS has not offered enough information about what it means. The department has insisted that assistance will be given only to states that request it.

In the letter, Kelly, who has acknowledged objections, said there are “no plans to make any changes to the designation of election infrastructure as a critical infrastructure subsector.”

All of the Democratic members of the Senate Homeland Security and Governmental Affairs Committee have called for a full investigation into Russian election interference. The matter is already under investigation by the House and Senate Intelligence committees. The memo issued by Democratic staff on Wednesday was sent to the full committee.

Background at a Las Vegas Convention:

LAS VEGAS—For the first time in the 25 years of the world’s largest hacker convention, DefCon, two sitting U.S. Congressmen trekked here from Washington, D.C., to discuss their cybersecurity expertise on stage.

Rep. Will Hurd, a Texas Republican, and Rep. Jim Langevin, a Rhode Island Democrat, visited hacking villages investigating vulnerabilities in cars, medical devices, and voting machines; learned about how security researchers plan to defend quantum computers from hacks; and met children learning how to hack for good.

On Sunday, the last day of the conference, Hurd and Langevin delivered their own message: We come in peace. Please help us.

During a fireside chat-style conversation moderated by Joshua Corman, director of the Cyber Statecraft Initiative at the Atlantic Council, Hurd, chairman of the House Subcommittee on Information Technology, and Langevin, co-founder and co-chair of the Congressional Cybersecurity Caucus, called for the more than 2,000 hackers in the audience to “develop a dialogue” with their local representative in Congress.

“Never underestimate the value that you can bring to the table in helping to educate members and staff of what the best policies are, what’s going to work, and what’s not going to work,” Langevin said, pointing to Luta Security CEO and bug bounty expert Katie Moussouris’ ongoing advocacy for changes to the Wassenaar Arrangement, a decades-old international accord on how countries can transport “intrusion software” and other weapons across international borders.

Moussouris and Iain Mulholland of VMware have effectively convinced Wassenaar member countries to delay their adoption of proposed revisions to the agreement, as they’ve pushed for new language to better protect security researchers’ work.

The conversation between hackers and Congress has never been monosyllabic. But it has been frosty for decades, as federal prosecutors have used American antihacking laws such as the Computer Fraud and Abuse Act and Electronic Communication Privacy Act to punish people conducting legitimate security research.

As many security researchers continue to worry about how these laws might affect them, some have begun to use their expertise to influence the laws—and the lawmakers behind them.

Langevin and Hurd’s plea for hacker-legislator collaboration follows calls by hackers at last year’s DefCon for greater government regulation of software security.

“We don’t have voluntary minimum safety standards for cars; we have a mandatory minimum,” Corman told The Parallax at the time. “What tips the equation [for software] is the Internet of Things, because we now have bits and bytes meeting flesh and blood.”

Hurd said security researchers could play an important role in addressing increasingly alarming vulnerabilities in the nation’s voting apparatus. DefCon’s first voting machine-hacking village this weekend hosted a voting machine from Shelby County, Tenn., that unexpectedly contained personal information related to more than 600,000 voters. Village visitors managed to hack the machine, along with 29 others.

“We have to ensure that the American people can trust the vote-tabulating process,” Hurd said, acknowledging that DefCon attendees were able to hack each machine in the village. “The work that has been done out here is important in educating the secretaries of state all around the country, as well as the election administrators,” about secure technologies and practices.

Langevin and Hurd’s comments seemed to strike the right notes with hackers in attendance. Following Edward Snowden’s leaking of NSA documents and Apple’s refusal to create an encryption backdoor for law enforcement to the iPhone, relations between the hacking community and Washington have been strained at best, notes Herb Lin, a computer security policy expert and research fellow at Stanford University’s Center for International Security and Cooperation. But markedly improving the relationship will require more than a plea for collaboration, he warns.

“It’s better than what’s happened in the past, which is both nothing and active hostility,” he says. “One act by itself is not a game changer.”

The chat ended with assurances of more action from both sides. Corman said he’d like to see members of Congress attend more hacker conferences, such as ShmooCon in Washington, and Hurd promised that he wouldn’t let his experiences this past weekend go to waste.

“These conversations are going to lead me to hold hearings on many of these topics in the subcommittee that I chair,” Hurd said.

***  More details that were recorded at the convention:

DEF CON 2017 –  Are voting systems secure? In August 2016, the FBI issued a “flash” alert to election officials across the country confirming that foreign hackers have compromised state election systems in two states.

Although the US largely invested in electronic voting systems their level of security appears still not sufficient against a wide range of cyber attacks.

During an interesting session at the DEF CON hacking conference in Las Vegas, experts set up 30 computer-powered ballot boxes used in American elections simulating the Presidential election.  Welcome in the DEF CON Voting Village!

At the 1st ever Voting Village at , attendees tinker w/ election systems to find vulnerabilities. I’m told they found some new flaws

The organization asked the participant to physically compromise the system and hack into them, and the results were disconcerting.

“We encourage you to do stuff that if you did on election day they would probably arrest you.” John Hopkins computer scientist Matt Blaze said,

Most of the voting machines in the DEF CON Voting Village were purchased via eBay (Diebold, Sequoia and Winvote equipment), others were bought from government auctions.

voting machines hacking

In less than 90 minutes hackers succeeded in compromising the voting machines, one of them was hacker wirelessly.

“Without question, our voting systems are weak and susceptible. Thanks to the contributions of the hacker community today, we’ve uncovered even more about exactly how,” said Jake Braun, cybersecurity lecturer at the University of Chicago.

The analysis of the voting machines revealed that some of them were running outdated OS like Windows XP and Windows CE and flawed software such as unpatched versions of OpenSSL.

Some of them had physical ports open that could be used by attackers to install malicious applications to tamper with votes.

Even if physical attacks are easy to spot and stop, some voting machines were using poorly secured Wi-Fi connectivity.

The experts Carsten Schurmann at the DEF CON Voting Village hacked a WinVote system used in previous county elections via Wi-Fi, he exploited the MS03-026 vulnerability in Windows XP to access the voting machine using RDP.

Greetings from the Defcon voting village where it took 1:40 for Carsten Schurmann to get remote access to this WinVote machine.

Another system could be potentially cracked remotely via OpenSSL bug CVE-2011-4109, it is claimed.

huge cheer just went up in @votingvilllagedc as hackers managed to load Rick Astley video onto a voting machine

The good news is that most of the hacked equipment is no longer used in today’s election.

 

North Korea Kim Jung un, Cyber Theft of Currency

Posted on by

Going back to the 1970’s, North Korea was counterfeiting U.S. currency. In 2006, it was the super note, a perfect $100 dollar bill.

Training for such skills as counterfeiting, illicit drugs, weapons, cyber warfare and bootleg merchandise comes out of Office 39. Clandestine and fraudulent transactions including management operations flowing through Office 39 is estimate in the $6-8 billion range.

In 2014, one defector fleeing to Russia had $5 million of the Office 39 funds money with him.

Those highly selected North Koreans assigned to Office 39 arrive from having received an education in these specialties from elite universities or academies in China and Russia. Other highly selected North Koreans are also required to attend an in country school known as Mirim College. This school was founded by Kim Jong Il in 1986.

According to a defector:

this college has a highly confidential mission—education of world-class IT warriors—its security is so exhaustively kept that individual guard units are dispatched to the college solely for security. The security manual distributed to guards indicates that, “Without the permission of the college commander, no car should be allowed entrance to college grounds except for that of Kim Jong Il.”

Students of the college wear the same uniform as military officials, but on their shoulders they brandish special stars, on which hak (meaning is learning) is printed. A “Kim Il Political Military University” badge is worn on the left side of the chest.

Kim Jung Il lived the high life while his own people suffered to not only beatings but to death by starvation. His son, Kim Jung Un, taking over the country lives much the same yet due to sanctions and isolation by the international community, illicit activities continue.

Counterfeiting of currency is not so much a common practice in North Korea and the country has been dabbling in bitcoin fraud and now through cyber activity, they steal currency.

Just recently, Reuters published an item referring to a report analyzed suspected cyber attacks between 2015 and 2017 on South Korean government and commercial institutions, identified another Lazarus spinoff named Andariel.

“Bluenoroff and Andariel share their common root, but they have different targets and motives,” the report said. “Andariel focuses on attacking South Korean businesses and government agencies using methods tailored for the country.”

Pyongyang has been stepping up its online hacking capabilities as one way of earning hard currency under the chokehold of international sanctions imposed to stop the development of its nuclear weapons program.

North Korea has cooperated with China, Russia and Iran to improve their cyber capabilities. China is especially complicit in that cooperation by providing the communications network inside the DPRK and inside China. Additionally, China has provided hardware, servers, routers. Russia is not without major blame and shares the guilt by dispatching Russian professors from Frunze Military Academy to train North Koreans to be professional hackers.

Additionally, Russia has sold to North Korea GPS jamming equipment in the area of sea navigation and also provides financial aid to North Korea supporting it’s abilities to interfere and disrupt command and control systems.

North Korea operates yet another location known as Office 91. It has four units:

110= Technology Reconnaissance Team for DDoS attacks

35= External Offensive Cyber Operations

121= Strictly assigned for cyber attacks on South Korea

204= Enemy Secret Cyber Psychological Warfare Unit

In total, it is estimated that North Korea has close to 10,000 people assigned the the cyber and hacking operations in country. Additionally, North Korea maintains a force of up to 1000 in China performing cyber warfare.

While it is common for headlines to refer to Kim Jung Un as a nutcase, that is hardly a fitting description for him. While he may be militant and spontaneous, he is well educated. He attended Liebefeld-Steinhölzli Schule, a Swiss state school gaining access to Western culture, but had lousy grades. He has two degrees, one in physics from Kim il Sung University and another as an Army officer obtained from the Kim Il Sung Military University.

He does maintain an asymmetrical military strategy that has astounded the West and countries in the region with his advanced missile systems and launch abilities. All this is funded by cyber theft of currency and information and cooperation with Iran, China and Russia. North Korea does have IP proxy locations for operations that include New Zealand, Malaysia, Indonesia an several others. The ‘darknet’ is full of countries co-opting servers and jump points all doing the same thing.

 

 

 

The Frunze Military Academy Panorama