Category Archives: NSA Spying

NATO Website Goes Dark During Summit

Posted on by

Those Russians are good, good at hacking…

A suspicious outage was reported and interesting that Obama was there too. The Warsaw Summit hosted by Poland where several distinct events happened. 1. There was an agreement to strengthen the alliance with military presence in the East that includes Estonia, Latvia and Lithuania. 2. The alliances also agreed to operational strength of ballistic missile defense as well as cyber defenses and applying cyberspace as an operational domain. 3. For Afghanistan, a resolution was approved to continue the mission and funding forces through 2020. 4. A comprehensive assistance package for Ukraine passed. 5. The NATO website/domain was likely hacked.

 

So….the chatter at more casual breakout sessions and in formal session did include escalating protections in the cyber realm. Obama got the message. Certainly on the heels of the Hillary emailgate scandal, Barack Obama finally admits there things still to be done to tighten up security.

Obama says U.S. government must improve cyber security

Reuters: U.S. President Barack Obama said on Sunday that the U.S. government has to improve its cyber security practices for the modern age of smart phones and other technology, saying that hackers had targeted the White House.

“I am concerned about it, I don’t think we have it perfect. We have to do better, we have to learn from mistakes,” Obama told a news conference in Madrid. “We know that we have had hackers in the White House,” he added.

Concerns have been raised about the security of government information after the head of the FBI said presidential nominee Hillary Clinton’s email servers may have been accessed by foreign actors when she was Secretary of State.

****

In 2015, Obama held a cyber security summit. Also there was an Executive Order. He wants better coordination between government and the private sector to fight online threats. Companies on board include Apple and Intel. It was a busy year in 2015 as Obama Announces New Cybersecurity Legislative Proposal and Other Cybersecurity Efforts.

Earmarking $19 billion for cyber programs by Obama also included a czar, Howard A. Schmidt. So how smart is Schmidt, or rather how UN-smart is he?

So far, there is no official proof that any country has ever engaged in a cyber attack, although certain malware attacks have been linked to different nations. The Stuxnet worm, which disrupted Iran’s nuclear facilities, has been attributed to the United States and Israel and the recently uncovered cyber espionage operation Red October is rumored to be either a Russian or a Chinese operation.

To avoid a cyber arms-race and an escalation in cyber attacks, Kaspersky has openly advocated for more online regulation, including international treaties limiting the use of malware — just like there are treaties against biological and nuclear weapons.

For Schmidt, that’s not a viable solution because it would be hard to enforce such a treaty. “At some point in the future maybe that will work but right now, number one, we have enough difficulty enforcing treaties of physical things that you can actually count, whether it’s weapon systems or whether it’s export import of these things, it’s extremely difficult,” he said.

Instead of a treaty that will take decades to become reality, Schmidt thinks countries should just respect the rules of engagement that already apply in real warfare. In war “we don’t just arbitrarily start shooting at people, we don’t send planes, we have respect for airspace, we have respect for a lot of the international laws,” he said. “Cyberspace should not be any different.” More here from Mashable.

One more thing to Obama and Mr. Schmidt….don’t forget the Office of Personnel Management, that experienced one of the largest intrusions of data belonging to and managed by the Federal government. Furthermore, that lady, Mrs. Katharine Archuleta who ran OPM never had any security experience with cyber and directly after the hearings on the cyber hack of the agency, well….she quit.

Cyber doom is here and no one talks about it….most of all the media…it is the best kept secret and classified condition inside the beltway.

 

Terror Database Hacked/Leaked

Posted on by

Terror-suspect database used by banks, governments, has been leaked

 

Thomson Reuters has secured the source of the leak

CSOnline: A database described by some as a “terrorism blacklist” has fallen into the hands of a white-hat hacker who may decide to make it accessible to the public online.

The database, called World-Check, belongs to Thomson Reuters and is used by banks, governments and intelligence agencies to screen people for criminal ties and links to terrorism.

Security researcher Chris Vickery claims to have obtained a 2014 copy of the database. He announced the details on Tuesday in a post on Reddit.

“No hacking was involved in my acquisition of this data,” he wrote. “I would call it more of a leak than anything, although not directly from Thomson Reuters.”Vickery declined to share how he obtained the data, but he’s already contacted Thomson Reuters about securing the source of the leak.

In an email, Thomson Reuters said on Wednesday that it was “grateful” to Vickery for the alert. The “third-party” that leaked the database has taken it down, the company added.

Vickery has previously exposed database leaks related to Mexican voters, a Hello Kitty online fan community and medical records.

His copy of the World-Check database contains the names of over 2.2 million people and organizations declared “heightened risks.” Only a small part of the data features a terrorism category. Additional categories include individuals with ties to money laundering, organized crime, corruption and others.

He is asking Reddit users whether he should leak the database to the public. His concern is that innocent people with no criminal ties may have been placed on the list.

The information isn’t really secret either. Users can buy access to the database from Thomson Reuters.

Leaking the database, however, could create risks and tip off “actual bad guys” that they’ve been placed on the list, Vickery said.

Thomson Reuters declined to say how it might respond if Vickery decides to publicize the information. The World-Check database is sourced from the company’s analysts, “industry sources” and government records.

Related reading: Thomson Reuters World-Check KYC, AML, CFT and PEP Due Diligence

*****

 

Much more goes on besides just a terror database:

Truth Technologies’ Sentinel with World-Check lets you quickly and cost-effectively mitigate risks associated with PEPs, money laundering and terrorist financing. Sentinel gives you seamless access to the Data-File to determine whether customers are Politically Exposed Persons (PEPs), terrorists, or financial criminals, and to conduct enhanced due diligence. As a hosted solution for reducing your organization’s risk, there is no software for you to install, maintain or update, allowing you to focus on your core mission.

A comprehensive solution for regulatory compliance, World-Check’s risk intelligence database, contains hundreds of thousands of meticulously structured profiles on individuals and entities known to represent a financial, regulatory or reputation risk to organizations. Coverage includes; money launderers, fraudsters, terrorists, organized crime and sanctioned entities amongst other high risk categories. In addition, World Check tracks Politically Exposed Persons (PEPs) and their relationship networks plus individuals and businesses from other categories. World-Check’s database find direct application in financial compliance, Anti-Money Laundering (AML), Know Your Customer (KYC), PEP screening, Enhanced Due Diligence (EDD), fraud prevention, government intelligence and other identity authentication, background screening and risk prevention practices.

So, That Cyber Caliphate is Not ISIS, it is Russian!

Posted on by

Cyber Caliphate or Kremlin False-Flag?

The so-called Cyber Caliphate, the supposed cyber army of jihadist organization ISIS, has featured prominently in the news in recent years with a string of high profile attacks on significant targets. The Cyber Caliphate defaced US government websites, hacked into Department of Defence databases and released personal information of 1,400 US military affiliates, hijacked several feeds belonging to French TV channel TV5Monde and defacing its websites with the tagline “Je suis ISIS,” and more, much more.

As the Cyber Caliphate threat grew, western intelligence agencies took note and devoted significant resources to exposing and fighting the organisation. These efforts increased with the recent announcement that the various ISIS hackers were merging under a new umbrella organisation, the United Cyber Caliphate, which could constitute a major threat online.

In late February, the Pentagon announced the beginning of a full-scale cyber-war against ISIS, including activity by the US Cyber Command and a drone strike which killed Junaid Hussain, British jihadist of Pakistani origin who was the Caliphate’s best-known hacker.

However, not all is at it seems in the land of jihadi cyber warfare. Following the TV5Monde attack, French intelligence services scrutinised the group’s activity and concluded that the hackers involved had, in fact, no ties to ISIS, but a rather better established organisation famous for its deceptive spying practices. French investigators traced the attacks back to Moscow, and in particular APT 28, a group well-known as the Kremlin’s secret cyber-arm.

 

Similar conclusions were reached following analysis in other countries, too. The US State Department said in a mid-2015 report that although the “Cyber Caliphate declares to support [ISIS], there are no indications—technical or otherwise—that the groups are tied.” According to Der Spiegel, German intelligence also believes the Cyber Caliphate to be a Russian false-flag operation, part of Moscow’s 4,000-strong hacking staff.

To those versed in the practices of the clandestine world of spies, none of this should come as a surprise. The Kremlin has had over 100 years to perfect its false-flag practices, with the only innovation being that these sort of operations now take place in the cyber-world. For Moscow, this is just another tool in their arsenal, but it does indicate that ISIS is not nearly as formidable as it once seemed.

Yes, there is more bad news. If you are going to the Olympics, beware:

Officials warn that U.S. travelers to Rio Olympics face hack risk

USAToday: WASHINGTON — If Zika, political instability and contaminated water weren’t enough, U.S. intelligence officials are warning Americans traveling to the August Olympic Games in Rio and other destinations abroad that proprietary information stored on electronic devices is at high risk for theft by spies and cyber criminals who are increasingly targeting global events as troughs rich in valuable intelligence.

Bill Evanina, the nation’s chief counter-intelligence executive, is urging travelers to carry “clean’’ devices, free of potentially valuable archives that could be tapped for economic advantage, personal data or security information.

Just as the Olympics draw the world’s most talented athletes, Evanina said the games and other international events represent a “great playground’’ for government intelligence services and criminals, if only because of the “sheer number of devices.’’

A little more than a month before the Rio games and in the midst of the summer travel season, the U.S. government is launching a multimedia campaign Wednesday to advise travelers of the increasing threat. The program, “Know the Risk; Raise Your Shield,” warns in part that foreign security services and criminals are tracking visitors’ movements through their mobile phones and are able to control such things as internal microphones remotely, often without the users’ knowledge.

“When you travel abroad, assume that your personal information will be breached,’’ Evanina said.

Though the campaign is aimed at all U.S. travelers abroad, the approaching Olympics, which traditionally draws thousands of U.S. visitors, offer a specific focus of concern for authorities.

As part of the U.S. government’s awareness campaign, Evanina, through the National Counterintelligence and Security Center, is advising Americans traveling abroad, regardless of their destination and purpose, to take a variety of precautions.

Among them:

• Leave unnecessary devices at home.
• Back up data on devices in use and leave those copies in secure locations at home.
• Change passwords at regular intervals during travel and on return.
• Avoid prolonged sessions on local Wi-Fi networks.
• Submit company devices for examination on return for presence of malware.

National security agencies raised similar concerns in advance of the 2008 games in China and the 2014 Winter Olympics in Russia, as both countries represent the U.S.’s most aggressive cyber adversaries. Prior to the 2014 Sochi games, for example, the Department of Homeland Security warned that “all communications and files” stored on personal electronic devices were vulnerable to interception.

Brazil, while not considered such an adversary, nevertheless will likely draw intelligence units from other countries and outside criminal elements all seeking to mine the global event that attracts top government leaders and a constellation of Wall Street and corporate executives, Evanina said.

Ray Mey, a former FBI official who has managed security operations at Olympics in Salt Lake City and Torino, Italy, said that businesses may be more inclined to bolster their cyber defenses in places like China and Russia, even though Rio is expected to be used as an information collection and recruitment opportunity. More from USAToday

 

The Covert Russian Influence, Targets Europe/USA

Posted on by

What if Russia does have Hillary’s emails? When the KGB/FSB hacked into the DNC, the Kremlin does have an army of people cultivating and assessing all American politics moving ahead for the next 4 years. That is a trove of data for political warfare and coupled with Europe, Putin’s sights on global expansion is becoming a simple game of checkers.

Russian intelligence and security services have been waging a campaign of harassment and intimidation against U.S. diplomats, embassy staff and their families in Moscow and several other European capitals that has rattled ambassadors and prompted Secretary of State John F. Kerry to ask Vladimir Putin to put a stop to it.

At a recent meeting of U.S. ambassadors from Russia and Europe in Washington, U.S. ambassadors to several European countries complained that Russian intelligence officials were constantly perpetrating acts of harassment against their diplomatic staff that ranged from the weird to the downright scary. Some of the intimidation has been routine: following diplomats or their family members, showing up at their social events uninvited or paying reporters to write negative stories about them.

But many of the recent acts of intimidation by Russian security services have crossed the line into apparent criminality. In a series of secret memos sent back to Washington, described to me by several current and former U.S. officials who have written or read them, diplomats reported that Russian intruders had broken into their homes late at night, only to rearrange the furniture or turn on all the lights and televisions, and then leave. One diplomat reported that an intruder had defecated on his living room carpet. A real terrifying set of Russian aggressions explained more in detail here. It has been going on for some time, where now diplomats are being trained to handle Russian aggression.  More here from the Washington Post.

Let’s examine some other symptoms and facts:

Primer #1, 1948: Preventive Direct Action in Free Countries.

Purpose: Only in cases of critical necessity, to resort to direct action to prevent vital installations, other material, or personnel from being (1) sabotaged or liquidated or (2) captured intact by Kremlin agents or agencies. 

Description: This covert operation involves, for example, (1) control over anti-sabotage activities in the  Venezuelan oil fields, (2) American sabotage of Near Eastern oil installations on the verge of Soviet capture, and (3) designation of key individuals threatened by the Kremlin who should be protected or removed elsewhere. 

It would seem that the time is now fully ripe for the creation of a covert political warfare operations directorate within the Government. If we are to engage in such operations, they must be under unified direction. One man must be boss. And he must, as those responsible for the overt phases of political warfare, be answerable to the Secretary of State, who directs the whole in coordination. (More from Political Warfare, in the Gray Zone)

Primer #2: (2014)When Central and Eastern Europe threw off the Communist yoke and the Soviet Union collapsed, Europe and the United States transformed their Soviet policy of isolation and containment to one of political and economic integration with the Russian Federation.

This approach had been largely successful over the past 25 years. Russia joined the Group of Eight (G8) in 1998, the World Trade Organization in 2012, and was considered for membership in the Organization for Economic Cooperation and Development (OECD). In the past 10 years alone, the value of Russia’s global trade has nearly quadrupled from $210 billion in 2003 to $802 billion in 2013. Last year, Russia’s trade with the EU represented 48.5 percent of its total. Although U.S.-Russian trade ties remained subdued by comparison, the two former superpowers developed a measurable degree of economic interdependence, as evidenced by the International Space Station and Russian-made titanium for Boeing’s 787 fleet. This transatlantic policy of integration came to an abrupt halt on March 18, 2014. (More here from Heather Conley)

Political warfare is cheap and effective when dupes are willing accomplices.

So, in 2016 we are seeing the following:

 Putin and Ortega

The Russian government is building an electronic intelligence-gathering facility in Nicaragua as part of Moscow’s efforts to increase military and intelligence activities in the Western Hemisphere.

The signals intelligence site is part of a recent deal between Moscow and Managua involving the sale of 50 T-72 Russian tanks, said defense officials familiar with reports of the arrangement.

The tank deal and spy base have raised concerns among some officials in the Pentagon and nations in the region about a military buildup under leftist Nicaraguan leader Daniel Ortega.

Disclosure of the Russia-Nicaraguan spy base comes as three U.S. officials were expelled from Nicaragua last week. The three Department of Homeland Security officials were picked up by Nicaraguan authorities, driven to the airport, and sent to the United States without any belongings.

State Department spokesman John Kirby said the expulsion took place June 14 and was “unwarranted and inconsistent with the positive and constructive agenda that we seek with the government of Nicaragua.”

“Such treatment has the potential to negatively impact U.S. and Nicaraguan bilateral relations, particularly trade,” he said.

The action is an indication that President Obama’s recent diplomatic overture to Cuba has not led to better U.S. ties to leftist governments in the region. More here.  

*****

Silicon Valley’s hostility to U.S. intelligence and law enforcement reached a new low last week when Twitter rejected the Central Intelligence Agency as a customer for data based on its tweets—while continuing to serve an entity controlled by Vladimir Putin.

The Wall Street Journal broke the news that Twitter decided U.S. intelligence services could no longer buy services from Dataminr, which has a unique relationship with Twitter. (More from the WSJ)

Russia accused of clandestine funding of European parties as US conducts major review of Vladimir Putin’s strategy
Exclusive: UK warns of “new Cold War” as Kremlin seeks to divide and rule in Europe

Telegraph: American intelligence agencies are to conduct a major investigation into how the Kremlin is infiltrating political parties in Europe, it can be revealed.

James Clapper, the US Director of National Intelligence, has been instructed by the US Congress to conduct a major review into Russian clandestine funding of European parties over the last decade.

The review reflects mounting concerns in Washington over Moscow’s determination to exploit European disunity in order to undermine Nato, block US missile defence programmes and revoke the punitive economic sanctions regime imposed after the annexation of Crimea.

The US move came as senior British government officials told The Telegraph of growing fears that “a new cold war” was now unfolding in Europe, with Russian meddling taking on a breadth, range and depth far greater than previously thought.

“It really is a new Cold War out there,” the source said, “Right across the EU we are seeing alarming evidence of Russian efforts to unpick the fabric of European unity on a whole range of vital strategic issues.”

A dossier of “Russian influence activity” seen by The Sunday Telegraph identified Russian influence operations running in France, the Netherlands, Hungary as well as Austria and the Czech Republic, which has been identified by Russian agents as an entry-point into the Schengen free movement zone.

The US intelligence review will examine whether Russian security services are funding parties and charities with the intent of “undermining political cohesion”, fostering agitation against the Nato missile defence programme and undermining attempts to find alternatives to Russian energy.

Officials declined to say which parties could come into the probe but it is thought likely to include far-right groups including Jobbik in Hungary, Golden Dawn in Greece, the Northern League in Italy and France’s Front National which received a 9m euro (£6.9m) loan from a Russian bank in 2014.

Other cases of possible Moscow-backed destabilisation being monitored by diplomats includes extensive links in Austria, including a visit by Austrian MPs to Crimea to endorse its annexation, as well as cases of Russian spies discovered using Austrian papers.

 

How Terrorists use Encryption

Posted on by

 

How Terrorists Use Encryption

June 16, 2016

Author(s): Robert Graham

CTC: Abstract: As powerful encryption increasingly becomes embedded in electronic devices and online messaging apps, Islamist terrorists are exploiting the technology to communicate securely and store information. Legislative efforts to help law enforcement agencies wrestle with the phenomenon of “going dark” will never lead to a return to the status quo ante, however. With the code underlying end-to-end encryption now widely available, unbreakable encryption is here to stay. However, the picture is not wholly bleak. While end-to-end encryption itself often cannot be broken, intelligence agencies have been able to hack the software on the ends and take advantage of users’ mistakes.

Counterterrorism officials have grown increasingly concerned about terrorist groups using encryption in order to communicate securely. As encryption increasingly becomes a part of electronic devices and online messaging apps, a range of criminal actors including Islamist terrorists are exploiting the technology to communicate and store information, thus avoiding detection and incrimination, a phenomenon law enforcement officials refer to as “going dark.”

Despite a vociferous public debate on both sides of the Atlantic that has pitted government agencies against tech companies, civil liberties advocates, and even senior figures in the national security establishment who have argued that creation of “backdoors”[1] for law enforcement agencies to retrieve communications would do more harm than good, there remains widespread confusion about how encryption actually works.[a]

Technologists have long understood that regulatory measures stand little chance of rolling back the tide. Besides software being written in other countries (and beyond local laws), what has not been fully understood in the public debate is that the “source code” itself behind end-to-end encryption is now widely available online, which means that short of shutting down the internet, there is nothing that can be done to stop individuals, including terrorists, from creating and customizing their own encryption software.

The first part of this article provides a primer on the various forms of encryption, including end-to-end encryption, full device encryption, anonymization, and various secure communication (operational security or opsec) methods that are used on top of or instead of encryption. Part two then looks at some examples of how terrorist actors are using these methods.

Part 1: Encryption 101 

End-to-End Encryption
A cell phone already uses encryption to talk to the nearest cell tower. This is because hackers could otherwise eavesdrop on radio waves to listen in on phone calls. However, after the cell tower, phone calls are not encrypted as they traverse copper wires and fiber optic cables. It is considered too hard for nefarious actors to dig up these cables and tap into them.

In a similar manner, older chat apps only encrypted messages as far as the servers, using what is known as SSL.[b] That was to defeat hackers who would be able to eavesdrop on internet traffic to the servers going over the Wi-Fi at public places. But once the messages reached the servers, they were stored in an unencrypted format because at that point they were considered “safe” from hackers. Law enforcement could still obtain the messages with a court order.

Newer chat apps, instead of encrypting the messages only as far as the server, encrypt the message all the way to the other end, to the recipient’s phone. Only the recipients, with a private key, are able to decrypt the message. Service providers can still provide the “metadata” to police (who sent messages to whom), but they no longer have access to the content of the messages.

The online messaging app Telegram was one of the earliest systems to support end-to-end encryption, and terrorists groups such as the Islamic State took advantage.[2] These days, the feature has been added to most messaging apps, such as Signal, Wickr, and even Apple’s own iMessage. Recently, Facebook’s WhatsApp[3] and Google[4] announced they will be supporting Signal’s end-to-end encryption protocol.

On personal computers, the software known as PGP,[c] first created in the mid-1990s, reigns supreme for end-to-end encryption. It converts a message (or even entire files) into encrypted text that can be copy/pasted anywhere, such as email messages, Facebook posts, or forum posts. There is no difference between “military grade encryption” and the “consumer encryption” that is seen in PGP. That means individuals can post these encrypted messages publicly and even the NSA is unable to access them. There is a misconception that intelligence agencies like the NSA are able to crack any encryption. This is not true. Most encryption that is done correctly cannot be overcome unless the user makes a mistake.

Such end-to-end encryption relies upon something called public-key cryptography. Two mathematically related keys are created, such that a message encrypted by one key can only be decrypted by the other. This allows one key to be made public so that one’s interlocutor can use it to encrypt messages that the intended recipient can decrypt through the private-key.[d] Al-Qa`ida’s Inspire magazine, for example, publishes its public-key[5] so that anyone using PGP can use it to encrypt a message that only the publishers of the magazine can read.

Full Device Encryption
If an individual loses his iPhone, for example, his data should be safe from criminals.[e] Only governments are likely to have the resources to crack the phone by finding some strange vulnerability. The FBI reportedly paid a private contractor close to $1 million to unlock the iPhone of San Bernardino terrorist Syed Rizwan Farook.[6]

The reason an iPhone is secure from criminals is because of full device encryption, also full disk encryption. Not only is all of the data encrypted, it is done in a way that is combined or entangled[7] with the hardware. Thus, the police cannot clone the encrypted data, then crack it offline using supercomputers to “brute-force” guess all possible combinations of the passcode. Instead, they effectively have to ask the phone to decrypt itself, which it will do but slowly, defeating cracking.[f]

Android phones work in much the same manner. However, most manufacturers put less effort into securing their phones than Apple. Exceptions are companies like Blackphone, which explicitly took extra care to secure their devices.

Full disk encryption is also a feature of personal computers. Microsoft Windows comes with BitLocker, Macintosh comes with FileVault, and Linux comes with LUKS. The well-known disk encryption software TrueCrypt works with all three operating systems as does a variation of PGP called PGPdisk. Some computers come with a chip called a TPM[g] that can protect the password from cracking, but most owners do not use a TPM. This means that unless they use long/complex passwords, adversaries will be able to crack their passwords.