Category Archives: NSA Spying

U.S. 133 Cyber Teams Under Construction

Posted on by

Is this a change and an approval by Obama from 2012? (Note this is only a defensive strategy)

Presidential Cyberwar Authority

 

In October 2012, President Obama signed the top-secret Presidential Policy Directive 20, which enabled the military to aggressively initiate and thwart cyber­attacks related our nation’s security. While most of the cyber attack targets are network systems or infrastructure-based, an elite Psychological Operations (PsyOps) team has focused its efforts on secretly defacing the public websites of our adversaries. Due to the high visibility and sensitive nature of this activity, only President Obama has the authority to target and launch these types of attacks.

The President authorizes these attacks using the global Cyber Warfare Command and Control System (CWCCS), which is accessible from this web page only from the President’s authorized computer.

****

 

WASHINGTON (AP) — Not long after Defense Secretary Ash Carter prodded his cyber commanders to be more aggressive in the fight against Islamic State, the U.S. ramped up its offensive cyberattacks on the militant group.

According to several U.S. officials, the attacks are targeting the group’s abilities to use social media and the Internet to recruit fighters and inspire followers, U.S. officials told The Associated Press.

U.S. officials confirmed that operations launched out of Fort Meade, Maryland, where the U.S. Cyber Command is based, have focused on disrupting the group’s online activities. The officials said the effort is getting underway as operators try a range of attacks to see what works and what doesn’t. They declined to discuss details, other than to say that the attacks include efforts to prevent the group from distributing propaganda, videos or other types of recruiting and messaging on social media sites such as Twitter, and across the Internet in general.

Other attacks could include attempts to stop insurgents from conducting financial or logistical transactions online.

The surge of computer-based military operations by U.S. Cyber Command began shortly after Carter met with commanders at Fort Meade last month.

Several U.S. officials spoke about the cyber campaign on condition of anonymity because they were not authorized to discuss it publicly. Much of the effort is classified.

Carter mentioned the operations briefly Thursday, telling a House Appropriations subcommittee only that Cyber Command is beginning to conduct operations against the Islamic State group. He declined to say more in a public setting.

The more aggressive attacks come after months of pressure from Carter, who has been frustrated with the belief that the Pentagon — and particularly Cyber Command — was losing the war in the cyber domain.

Late last year Carter told cyber commanders they had 30 days to bring him options for how the military could use its cyberwarfare capabilities against the group’s deadly insurgency across Iraq and Syria, and spreading to Libya and Afghanistan. Officials said he told commanders that beefing up cyberwarfare against the Islamic State group was a test for them, and that they should have both the capability and the will to wage the online war.

 

But the military cyber fight is limited by concerns within the intelligence agencies that blocking the group’s Internet access could hurt intelligence gathering.

Officials said Carter told commanders that he the U.S. to be able to impact Islamic State operations without diminishing the indications or warnings U.S. intelligence officers can glean about what the group is doing. On Jan. 27, Carter and Marine Gen. Joseph Dunford, chairman of the Joint Chiefs of Staff, went to Fort Meade for an update.

Officials familiar with Carter’s meetings said the secretary was frustrated that as Cyber Command has grown and developed over the past several years, it was still focused on the cyberthreats from nations, such as Iran, Russia and China, rather than building a force to block the communications and propaganda campaigns of Internet-savvy insurgents.

 

“He was right to say they could be more forward leaning about what they could possibly do against ISIS,” said James Lewis, a cybersecurity expert at the Center for Strategic and International Studies. “You could disrupt their support networks, their business networks, their propaganda and recruitment networks.” However, Lewis added, the U.S. needs to be careful about disrupting the Internet to insure that attacks don’t also affect civilian networks or systems needed for critical infrastructure and other public necessities. U.S. officials have long been stymied by militants’ ability to use the Internet as a vehicle for inspiring so-called lone wolf attackers in Western nations, radicalized after reading propaganda easily available online.

“Why should they be able to communicate? Why should they be using the Internet?” Carter said during testimony before the defense appropriations subcommittee. “The Internet shouldn’t be used for that purpose.” He added that the U.S. can conduct cyber operations under the legal authorities associated with the ongoing war against the Islamic State group. The U.S. has also struggled to defeat high-tech encryption techniques used by Islamic State and other groups to communicate. Experts have been working to find ways to defeat those programs.

Cyber Command is relatively new. Created in 2009, it did not begin operating until October 2010.

Early on, its key focus was on defending military networks, which are probed and attacked millions of times a day. But defense leaders also argued at length over the emerging issues surrounding cyberwarfare and how it should be incorporated.

 

The Pentagon is building 133 cyber teams by 2018, including 27 that are designed for combat and will work with regional commands to support warfighting operations. There will be 68 teams assigned to defend Defense Department networks and systems, 13 that would respond to major cyberattacks against the U.S. and 25 support teams.

FBI/NSA Versus Encryption, Investigating Plotting Attacks

Posted on by

Perspective only: Paris Attack and operating in a realm before any attack

NSA chief: ‘Paris would not have happened’ without encrypted apps

Michael Isikoff

Chief Investigative Correspondent

National Security Agency Director Adm. Michael Rogers warns that encryption is making it “much more difficult” for the agency to intercept the communications of terrorist groups like the Islamic State, citing November’s Paris attacks as a case where his agency was left in the dark because the perpetrators used new technologies to disguise their communications.

In an exclusive interview with Yahoo News, Rogers confirmed speculation that began right after the attack: that “some of the communications” of the Paris terrorists “were encrypted,” and, as a result, “we did not generate the insights ahead of time. Clearly, had we known, Paris would not have happened.”

Rogers’ comments were made on Friday, just days before the FBI obtained a court order requiring Apple to provide a “backdoor” into the data on the iPhone of one of the shooters in the San Bernardino, Calif., terror attack in December — an order the company is resisting. But his remarks are likely to fuel the debate over encryption that has sorely divided the U.S. intelligence and law enforcement community, on one side, and privacy advocates and U.S. technology companies. (A spokesman for the NSA had no comment today on the court order or on Apple’s response.)

Rogers has at times sought to steer a middle ground in this debate, acknowledging that encryption is “foundational to our future” and even saying recently that arguing about it “is a waste of time.” In the Yahoo News interview, he frankly acknowledged, “I don’t know the answer” to unencrypting devices and applications without addressing the concerns over privacy and competitiveness, calling for a national collaboration among industry and government officials to solve the problem.

But he left little doubt about the impact encryption is having on his agency’s mission.

“Is it harder for us to generate the kind of knowledge that I would like against some of these targets? Yes,” Rogers said. “Is that directly tied in part to changes they are making in their communications? Yes. Does encryption make it much more difficult for us to execute our mission. Yes.”

Rogers also provided new details about his agency’s efforts to implement the USA Freedom Act, a law passed in the wake of the Edward Snowden disclosures, which he said has made it “more expensive” for his agency to access the phone records of terror suspects inside the United States and has resulted in a “slightly slower” retrieval of data from U.S. phone companies.

But Rogers said the delay in retrieving phone records is measured “in hours, not days or weeks,” and he has not yet seen any “significant” problems that have “led to concerns … this is not going to work.”

“When I say more difficult to do the job, it’s certainly a little slower,” he said. “There is no doubt about that. It is not as fast.”

The new law — which has become a contentious issue in the presidential campaign — requires the NSA to get a secret court order to retrieve individual domestic phone records rather than collecting them in bulk and storing them in agency computers, as it had been doing before the Snowden disclosures. Critics, such as Sen. Marco Rubio, charge that the act has weakened the country’s defenses in the face of the mounting threats from the Islamic State and other terror groups.

But Rogers confirmed for the first time that the law was used successfully by the NSA after the San Bernardino terror attack to retrieve the phone records of the two perpetrators, and the agency “didn’t find any direct overseas connections.” Those records provided “metadata” — the time and duration of phone calls — but not the content of emails and text messages that the FBI is seeking by requiring Apple to unlock one of the iPhones. The FBI is continuing its efforts to track down who the two shooters “may have communicated with to plan and carry out” the attack, according to a court filing Tuesday.

Rogers’ comments came during a rare and wide-ranging interview inside the “Battle Bridge,” a special NSA situation room at its headquarters in Fort Meade, Md., equipped with teleconference screens to the White House and secure facilities around the world. It was built after the Osama bin Laden raid for use during international crises.

The former Navy cryptographer described a far-reaching reorganization of the electronic spying agency — dubbed NSA21 — that he is implementing this month to cope with evolving new national security threats. Chief among them: persistent cyberattacks from “nation state actors,” who he said are repeatedly hacking into — and Rogers believes laying the groundwork for manipulation of — the nation’s critical infrastructure systems, such as the electrical grid, the banking system and the energy sector.

Those foreign powers — widely acknowledged to be Russia, China, Iran and North Korea, although he wouldn’t name them — are “penetrating systems, what we think is for the purpose of reconnaissance. To get a sense of how they are structured. Where are their vulnerabilities? What are the control points that someone would want to access?”

While Rogers said he was “not going to get into specifics,” U.S. officials have confirmed that those attacks included an Iranian hack into the computer system of a New York dam that alarmed White House officials in 2013 and a highly sophisticated Russian infiltration of an unclassified Pentagon Joint Staff computer network that prompted the NSA director to shut down the entire network for two weeks last summer.

“This is not episodic or short-term focused,” said Rogers, who also serves as commander of the U.S. Cyber Command. “My sense is you are watching these actors make a long-term commitment. How do we ensure we have the capability to potentially impair [their] ability to actually operate?”

Yahoo News asked Rogers what motivated the attacks.

“I believe they want to have the capability, should they come to a political decision, that they in some way want to interfere with the United States or send a message to us,” he said.

One question Rogers pointedly declined to address is whether any overseas intelligence services had penetrated Hillary Clinton’s unsecured private email server — a scenario that former Defense Secretary Robert Gates recently said was “highly likely.”

“It’s something I’m not going to get into right now,” he said when pressed by Yahoo News as to whether such a penetration had taken place.

Rogers’ answer to the threat of foreign cyberattacks, incorporated into NSA21, is to create a new Directorate of Operations by merging the agency’s Signals Intelligence directorate — its electronic spying arm, which intercepts hundreds of millions of telephone calls, emails and text messages around the globe — with its smaller Information Assurance arm, which works with private industry to defend U.S. computer networks.

The proposal has prompted criticism that it will heighten suspicions of the NSA, making private companies even less willing to cooperate with the agency for fear of being seen as part of its massive global surveillance mission.

“I have to admit, it was something I spent a lot of time, as did the team, thinking about,” Rogers said when asked about the criticism. He added later, “I certainly acknowledge that there are some who would argue, ‘Hey, but you have this perception battle.’ My statement to that would be, ‘We have that perception battle every single day of the year, given the fact that the NSA, we acknowledge, works in both the offensive [signals interception] and defensive [cybersecurity] structures.’”

Dealing with the “perception” of the NSA as an unchecked surveillance colossus has been Rogers’ principal challenge since he took over the agency nearly two years ago during the biggest crisis in its history — the aftermath of the Snowden leaks, described by his predecessor, Gen. Keith Alexander, at the time as “the greatest damage to our combined nation’s intelligence systems that we have ever suffered.”

A congenial career Navy cryptologist who previously was commander of the Navy’s Fleet Cyber Command, Rogers has sought to repair the agency’s image and mend fences with Capitol Hill, striking a noticeably more measured and less combative tone in his public statements than Alexander did.

But when pressed about the lingering impact of the Snowden disclosures and persistent questions among privacy advocates and members of Congress about the NSA’s continued “incidental” collection of U.S. citizens’ communications, Rogers was unyielding and unapologetic.

He twice refused, for example, to shed any light on how many Americans’ emails and phone calls are “incidentally” collected by the NSA in the course of intercepting the communications of foreign targets. “We don’t talk about the specifics of the classified mission we do,” he said. He declined to explain why such information would be classified but insisted that access to those communications by the FBI is governed by legal processes.

Rogers warned that terrorist groups such as the Islamic State are moving to encrypted apps and networks, the so-called dark Web — a trend he asserted was “accelerated” by the Snowden disclosures.

“The trend has happened much faster than we thought,” he said. “And the part that is particularly discouraging to me is when we get groups, actors, specifically discussing the [Snowden] disclosures saying, ‘Hey, you need to make sure you don’t do X, Y or Z, or you don’t use this, because remember we know the Americans are into this.

“You’ve seen al-Qaida expressly, for example, reference the [Snowden] disclosures. You’ve seen groups — ISIL does the same — talk about how they need to change their discipline, need to change their security as a result of their increased knowledge of what we do and how we do it.”

But while many experts have argued that the movement toward encryption is the inevitable result of evolving new technologies, Rogers pointed to Snowden.

“No one should doubt for one minute there has been an impact here,” Rogers said. “I will leave it to others to decide right, wrong, good or bad. But there shouldn’t be any doubt in anybody’s mind that there has been an impact as a result of these disclosures.”

Rogers has strong feelings about what should happen to Snowden, who remains in Moscow, hailed around the world by many civil liberties groups, receiving accolades and awards (and financial compensation for speeches he delivers via Skype) — all while remaining a fugitive from U.S. justice. Rogers has not seen “Citizenfour,” the Oscar-winning documentary by Laura Poitras that presents the former NSA contractor as a courageous whistleblower, and he says he will “probably” not see the upcoming film “Snowden,” due in theaters this May, by Oliver Stone.

Asked about proposals that Snowden should receive some sort of leniency as part of a deal that would bring him home, Rogers talked about the concept of “accountability.” He recalled a conversation he had with his father about the My Lai Massacre when he joined the Naval ROTC in the post-Vietnam era in 1981.

“Dad, what do you do when you get an order that you think is immoral, unethical or illegal?” he said. “And my father, something I’ll always remember, said to me, ‘Michael, you must be willing to stand up and say, “This I will not do.” But Michael, you must also be willing to be held accountable for the decision you have made. And don’t ever forget, son, responsibility and accountability are intertwined. And it ain’t one or the other. It’s about both.’ And that seems to have been forgotten in all of this.”

Lew Alcindor aka Eric Holder….But Its Okay?

Posted on by

While US Attorney General, Eric Holder Used Kareem Abdul-Jabbar’s Birth Name as His Official Email Address

Leopold/Vice:

Former US Attorney General Eric Holder is a huge fan of NBA hall of famer Kareem Abdul-Jabbar.

So much so that Holder used Abdul-Jabbar’s birth name, Lew Alcindor, as an alias for his official Department of Justice (DOJ) email account, raising more questions about the email practices of top Obama administration officials, and about the ability of US government agencies to track down correspondence in response to Freedom of Information Act (FOIA) requests.

The Lew Alcindor revelation was made in a February 16 letter that DOJ sent to VICE News and Ryan Shapiro, a historian and doctoral candidate at the Massachusetts Institute of Technology who specializes in national security research.

“For your information,” the letter said, “e-mails in the enclosed documents which use the account name ‘Lew Alcindor’ denote e-mails to or from former Attorney General Holder.”

The letter was part of about 500 pages of heavily redacted emails and other documents given to VICE News and Shapiro in response to a FOIA lawsuit filed in late 2014. The documents show that Justice Department officials sent emails to Lew Alcindor regarding calls from lawmakers for a federal investigation into claims that CIA personnel spied on Senate staffers while the Senate was drafting a report about the CIA’s torture program. Holder’s name does not appear anywhere in his Lew Alcindor email account.

The responses from Lew Alcindor, notably one about Senator Ron Wyden’s demand that the DOJ “reopen” an investigation into the CIA after the agency’s own internal watchdog upheld the spying allegations, are virtually all redacted. DOJ declined to launch a criminal probe into the matter, claiming there was insufficient evidence. (Earlier this month, Wyden confronted CIA Director John Brennan about the spying incident and tried to get him to acknowledge it was improper and would not happen again.)

Other documents center around messages sent to the DOJ by David Grannis, the former staff director of the Senate Intelligence Committee, about authorizing Senate staffers to return to a secure facility leased by the CIA so they could finish fact-checking and writing the torture report. Grannis brings up the DOJ’s subsequent “odd” request, communicated to Grannis through the CIA, that Senate staffers “receive a security refresher beforehand, highlighting especially the computer system’s audit feature.”

“Can you cast any light on what DOJ personnel meant by this, or why they said it? Seems odd for DOJ to get involved in the security procedures between the Agency and the Committee, so I wanted to make sure we understood DOJ’s recommendation,” Grannis wrote, suggesting that the DOJ gave credence to CIA claims that Senate staffers inappropriately gained access to a coveted internal CIA document that sparked CIA spying.

There are vast swaths of redacting black ink throughout the emails — including DOJ’s response to Grannis.

Last March, a week after the New York Times revealed that Democratic presidential candidate Hillary Clinton exclusively used a private email account to conduct official business while she was Secretary of State, Holder’s chief spokesman, Brian Fallon, disclosed that his boss had used three different aliases — all of which had a usdoj.gov domain — during his tenure as the nation’s top law enforcement official.

‘Will members of the public reviewing the records of Eric Holder’s tenure as attorney general understand emails purporting to be from Lew Alcindor are actually from him?’

Fallon made the disclosure less than a week before he announced that he would serve as lead press secretary for Clinton’s presidential campaign. Fallon identified two of the email accounts Holder previously used, but they weren’t the names of any known living person. Fallon declined to identify Holder’s third email alias other than to say that it was “based” on an athlete. (Before leaving the DOJ in April 2015, Holder had still been using the Lew Alcindor email address.)

Fallon, who exchanged many of the emails in the cache with Lew Alcindor, explained the rationale for the practice: to combat spam and to avoid being inundated with correspondence from the public.

A Justice Department spokesman told VICE News there was nothing improper or legally questionable about Holder using the identity of a living person for his email account. Nor was it in any way an attempt, he said, to thwart FOIA or the Federal Records Act, which requires government agencies to preserve federal records. DOJ officials who handle FOIA requests and congressional inquiries, the spokesman said, knew of Holder’s email aliases.

Yet DOJ and many other federal agencies, the State Department and FBI in particular, have been harshly criticized (including by VICE News) for poorly performing searches meant to capture emails from officials who use their true identities. Experts in FOIA law said Holder’s Lew Alcindor identity calls into question the ability of FOIA staff to locate all emails from an official who uses an alias.

Laura Sheehan, a spokeswoman for the National Archives and Records Administration (NARA), said the email alias practice appears to be fairly common among agency heads in large government departments.

“There is no prohibition against it, so long as they can be linked to the actual name,” Sheehan said.

A few years ago, the former head of the Environmental Protection Agency (EPA), Lisa Jackson, came under fire from conservative lawmakers and open government advocates — and was accused of attempting to thwart open records requests and federal records retention laws — after it was revealed that she used the email alias Richard Windsor when conducting official business. An inspector general review into the practice concluded that EPA lacks “internal controls to ensure the identification and preservation of records when using private and alias email accounts for conducting government business.” The disclosure lead NARA to issue policy guidance to the heads of federal agencies on email management, which say:

Agencies must ensure that the name of an individual employee is linked with each account in order to comply with FOIA, discovery, and the requirement to transfer permanent email records… to NARA. In most cases, this requires the full name or readily identifiable nickname that is maintained on a distribution list.

In a Q&A with the Washington Post shortly thereafter, NARA’s chief records officer, Paul Wester Jr., said that while there is no prohibition against using email aliases, the practice makes it difficult to locate and turn over records in response to FOIA requests, and NARA does not condone it.

“We’ve been pretty clear with agencies it is not a good practice to follow, and we don’t recommend that they authorize the use of personal e-mail accounts or alias accounts to conduct their business,” Wester said. “There’s a higher probability the emails wouldn’t be documented properly with their broader record keeping systems.”

Anne Weismann, the executive director of good government group Campaign for Accountability, and an expert on FOIA, told VICE News that even though the DOJ has acknowledged that Holder used an email alias, and that DOJ’s FOIA staff is aware, “it still raises a question about whether the agency is properly documenting its work and preserving records under the Federal Records Act.”

“Will members of the public reviewing the records of Eric Holder’s tenure as [attorney general] understand emails purporting to be from ‘Lew Alcindor’ are actually from him?” Weismann said. “An investigation clearly is warranted.”

Several years ago, Weismann inquired with the DOJ about the number of email accounts associated with Holder and his deputies. The DOJ responded to her inquiry by saying Holder’s email address does not use his name.

“This protects his privacy and security and allows him to conduct official business efficiently via e-mail,” DOJ attorney Vanessa Brinkman wrote in a September 30, 2013 letter addressed to Weismann. (Brinkmann also signed the February 16 letter turned over to VICE News and Shapiro.)

Holder, who returned to his old law firm Covington after he left the DOJ, did not return a call for comment.

A DOJ spokesman said Attorney General Loretta Lynch uses an official DOJ email address to conduct government business, but “to help guard against security risks, the Attorney General does not use her given name in the handle of her email address.”

Douglas Cox, a law professor with the City University of New York School of Law whose research focuses on the intersection of information policy and national security, said he believes there is a “legitimate problem” with alias emails, “especially in the way agencies appear to be administering them.”

“Agencies are unnecessarily creating risks of undermining FOIA responses, subpoena responses, and discovery disclosures,” Cox said. “I also think alias emails are inconsistent with the letter and spirit of the federal record keeping laws.”

Cox said he understands why Holder would want to avoid being spammed and receiving unsolicited emails from the public, “but I don’t see what the justification would be for not configuring [[email protected]] so [Holder’s] actual name appears in internal emails.”

“Is there some reason why the identity of the sender has to be masked internally? And if so, then they must be tightly controlling who knows the alias, which in turn invites, if not guarantees, FOIA and record keeping problems,” Cox said. “When you consider the possibility, if not likelihood based on what we know, that alias emails are common practice among high-ranking officials across dozens of agencies, the risk of undermining FOIA searches and discovery requests within the various agencies approaches certainty.”

Meanwhile, Abdul-Jabbar, who legally changed his name in 1971, was unaware that Holder used his birth name for his official government email account. A spokeswoman for the former Los Angeles Lakers great declined to comment about the issue. Last year, Abdul-Jabbar interviewed Holder for a documentary he is producing on race. And in an interview with Politico around the same time, Holder said he idolized Abdul-Jabbar growing up and that the basketball legend had become a friend.

 

Lew

Chilling Details of the Sony Hack, Reported

Posted on by

These Are the Cyberweapons Used to Hack Sony

MotherBoard: In late November 2014, a mysterious group of hackers calling itself “God’sApstls” sent an ominous and jumbled email to a few high-level Sony Pictures executives.

“The compensation for it, monetary compensation we want,” the hackers wrote. “Pay the damage, or Sony Pictures will be bombarded as a whole.”

The executives at the Hollywood studio, which was about to release the controversial James Franco and Seth Rogen’s comedy The Interview, ignored the email. Just three days later, the hackers’ followed through with their threat and breached the studio’s systems, displaying a message on the computer screen of every employee: “Hacked by #GOP [Guardians of Peace].”

The hackers not only defaced employee’s computers, they then wiped their hard disks, crippling Sony Pictures for weeks, and costing the company $35 million in IT damages, according to its own estimate.

Now, more than a year later, several security researchers are still hunting down the hackers behind the attack, which the FBI officially identified as North Korean government-employed hackers. And despite the fact that the group is apparently still alive and well, a coalition of security researchers believes they can now disrupt them by exposing their extensive malware arsenal.

On Wednesday, a group of companies led by Novetta released a report detailing the Sony hackers’ long history of operations, as well as its large stock of malware. It’s perhaps the most detailed and extensive look at the group behind what might be the most infamous cyberattack ever.

Andre Ludwig, the senior technical director at Novetta Research and Interdiction Group, said that the investigation started from four hashes (values that uniquely identify a file) that the Department of Homeland security published after the attack. With those few identifying strings, and after months of sleuthing, the researchers found 2,000 malware samples, both from online malware portal VirusTotal, as well as from antivirus companies. Of those, they manually reviewed and catalogued 1,000, and were able to identify 45 unique malware strains, revealing that the Sony hackers had an arsenal more sophisticated and varied than previously thought.

The researchers hope that by shedding light on the hackers’ toolkit, the group, which the researchers called “Lazarus Group,” will be forced to adapt, spending resources and time, and perhaps even lose capabilities after antivirus companies and potential targets put up new defenses.

“There is no more shadows to hide in for these tools.”

“If all of a sudden you have antivirus signatures that detect and delete all the group’s arsenal, boom!” Jaime Blasco, the chief scientist at AlienVault Labs and one of the researchers who investigated the Sony hackers, told Motherboard. “They lose access to all the victims’ they got before.”

As Ludwig put it, “there is no more shadows to hide in for these tools.”

As it turns out, the hackers’ arsenal contains not only malware capable of wiping and destroying files on a hard disk like the Sony hack, but also Distributed Denial of Service (DDoS) tools, tools that allow for remotely eavesdropping on a victim’s computer, and more, according to the report. The researchers tracked some of this tools in cyberattacks and espionage operations that go as far as back as 2009, perhaps even 2007, showing the hackers that hit Sony have a long history.

While others suspected this before, Blasco said that nobody demonstrated it as conclusively until now.

Novetta researchers and their partners, which include AlienVault and Kaspersky Lab, don’t get into saying who the hackers really are, but they also don’t question the FBI’s controversial claim that North Korea was behind the attack.

The main reason, LaMontagne explained, is that the new data they found discredits the alternative theories that the hackers were actually a disgruntled former employee or just an independent hacktivist group.

A former Sony system administrator is unlikely to have built more than 45 malware tools in the span of more than seven years, LaMontagne told me. And the same time, he added, it’s also unlikely that a previously unheard of hacktivist group would pop up, claim responsibility for such a high-profile attack, and then disappear.

“They’re extremely motivated, regimented, organized, and they can definitely execute.”

“We have no reason to dispute what the US government and other governments have asserted as the threat being North Korean,” Peter LaMontagne, the CEO of Novetta, told me.

And as it turns out, those hackers have been around for longer than anyone thought—wielding sophisticated weapons. This, according to the researchers, shows the group was much more seasoned than anyone believed.

“Their motivation and operational execution, it’s impressive,” Ludwig said. “They’re extremely motivated, regimented, organized, and they can definitely execute.”

Now that their methods and tools are exposed, however, the researchers hope that they won’t be as effective.

The head-scratcher is sanctions are only for the missile test?

US to present UN sanctions resolution on North Korea

United Nations (United States) (AFP) – The United States will on Thursday present a draft UN resolution toughening sanctions on North Korea after reaching agreement with China on a joint response to Pyongyang’s fourth nuclear test and a rocket launch.

The UN Security Council will meet at 2:00 pm (1900 GMT) to discuss the draft text detailing a new package of measures to punish North Korea, but there will be no immediate vote.

US Ambassador Samantha Power “intends to submit for consideration by the Security Council a draft sanctions resolution in response to the DPRK’s recent nuclear test and subsequent proscribed ballistic missile launch,” US spokesman Kurtis Cooper said, using the abbreviation for North Korea’s formal name.

“We look forward to working with the Council on a strong and comprehensive response to the DPRK’s latest series of tests aimed at advancing their nuclear weapons program.”

UN diplomats said a vote was expected as early as Friday.

The Core of the Hillary Server Controversy, Revealed

Posted on by

Once a year, those who handle classified information must attend a refresher class on dealing with classified material and the consequences of violating the rules governing classified material. My guess is Hillary and her circle of aides and protectors waived themselves from attending. Obama approved?

I guess there is a good reason it is called ‘Foggy Bottom’.

Spy agencies say Clinton emails closely matched top secret documents: sources

WASHINGTON (Reuters) – U.S. spy agencies have told Congress that Hillary Clinton’s home computer server contained some emails that should have been treated as “top secret” because their wording matched sections of some of the government’s most highly classified documents, four sources familiar with the agency reports said.

    The two reports are the first formal declarations by U.S. spy agencies detailing how they believe Clinton violated government rules when highly classified information in at least 22 email messages passed through her unsecured home server.

    The State Department has already acknowledged that the emails contained top secret intelligence, though it says they were not marked that way. It has not previously been clear if the emails contained full classified documents or only some information from them.

    The agencies did not find any top secret documents that passed through Clinton’s server in their full version, the sources from Congress and the government’s executive branch said.

    However, the agency reports found some emails included passages that closely tracked or mirrored communications marked “top secret,” according to the sources, who all requested anonymity. In some cases, additional classification markings meant access was supposed to be limited to small groups of specially cleared officials.

Under the law and government rules, U.S. officials and contractors may not transmit any classified information – not only documents – outside secure, government-controlled channels. Such information should not be sent even through the government’s .gov email network.

The front-runner for the Democratic nomination for president and former secretary of state has insisted she broke no rules. Clinton’s lawyer, David Kendall, did not respond to a request for comment. Clinton campaign spokespeople did not respond to multiple requests for comment.

Two sources said some of the top secret material was related to the CIA’s campaign of drone strikes against Islamist militants in the Middle East and South Asia.

That campaign has been widely reported by Reuters and other media outlets, but it officially is classified as a “Top Secret/Special Access Program” (SAP), meaning only a limited number of people whose names are on a special list are allowed to learn details about it.

One source said the reports identified some information in messages on Clinton’s server that came from human sources, such as confidential CIA informants, and some from technical systems, such as spy satellites or electronic eavesdropping.

The Clinton campaign criticized the State Department’s decision last month to withhold the 22 emails containing top secret information from the public, blaming it on “bureaucratic infighting” and “over-classification run amok.”

“As we have previously made clear, we are not going to speak to the content of the emails,” a State Department official said on Wednesday when asked about the intelligence agency reports.

Clinton’s use of a private server in her New York home for her government work is being investigated by the Federal Bureau of Investigation, the State Department’s and spy community’s internal watchdogs and several Republican-controlled congressional committees.

Two of the sources told Reuters that one of the reports on the emails came from the CIA. Three sources said the other report came from the National Geospatial Intelligence Agency (NGA), which analyzes U.S. spy satellite intelligence.

A spokesman for NGA did not immediately respond to requests for comment. CIA spokespeople declined to comment.

The two spy agencies’ reports were sent to Congress in the past few weeks by the intelligence community inspector general, an official government watchdog for multiple spy agencies.

The inspector general’s office has confirmed that it requested the reports from two intelligence agencies, but didn’t identify them.

    It was unclear what the congressional committees that received the classified reports, the House and Senate intelligence and foreign relations panels, will do with them. The contents cannot be discussed publicly. The committees requested intelligence reports in connection with their efforts to ensure that government secrets are appropriately protected.

Sidebar:

Everyone who handles Classified Material signs the SF-312 that outlines handling according to EO 13526 that requires an annual refresher course for originators of Classified Materials. Section 1 outlines handling. Section 4 is agreement to punishment if violation is discovered. Text of SF-312 below:

1. Intending to be legally bound, I hereby accept the obligations contained in this Agreement in consideration of my being granted access to classified information. As used in this Agreement, classified information is marked or unmarked classified information, including oral communications, that is classified under the standards of Executive Order 13526, or under any other Executive order or statute that prohibits the unauthorized disclosure of information in the interest of national security; and unclassified information that meets the standards for classification and is in the process of a classification determination as provided in sections 1.1, 1.2, 1.3 and 1.4(e) of Executive Order 13526, or under any other Executive order or statute that requires protection for such information in the interest of national security. I understand and accept that by being granted access to classified information, special confidence and trust shall be placed in me by the United States Government.

4. I have been advised that any breach of this Agreement may result in the termination of any security clearances I hold; removal from any position of special confidence and trust requiring such clearances; or termination of my employment or other relationships with the Departments or Agencies that granted my security clearance or clearances. In addition, I have been advised that any unauthorized disclosure of classified information by me may constitute a violation, or violations, of United States criminal laws, including the provisions of sections 641, 793, 794, 798, *952 and 1924, title 18, United States Code; *the provisions of section 783(b}, title 50, United States Code; and the provisions of the Intelligence Identities Protection Act of 1982. I recognize that nothing in this Agreement constitutes a waiver by the United States of the right to prosecute me for any statutory violation.