Category Archives: NSA Spying

The IAEA’s Big Challenge of Iran’s Nuclear Program

Posted on by

  $150 billion or $50 billion, should take care of the financial shortfall. What say you?

The full GAO report here.

Will IAEA be able to verify Iran’s nuclear program

alMonitor: The UN nuclear agency will face “challenges” verifying Iran’s compliance with last year’s nuclear agreement, the US government watchdog said Feb. 23 in a new report that was immediately used as ammunition by critics of the deal.

The International Atomic Energy Agency (IAEA) faces a budget and staffing shortfall that will require an extra $10 million per year for the next 15 years to monitor the deal, according to the Government Accountability Office (GAO). The report goes on to detail the agency’s dependence on Iranian cooperation to access nuclear sites and the intrinsic difficulty in detecting undeclared activities such as weapons development and centrifuge manufacturing that do not leave a nuclear trace.

Sen. Robert Menendez, D-N.J., said the report raises concerns about “the entity that we are putting all our marbles in.” He commissioned the report with Sen. Mark Kirk, R-Ill., a fellow critic of the deal who also voted against it last year.

“Some of the preliminary findings cause concern for me about what the IAEA is capable of,” Menendez told Secretary of State John Kerry at a hearing on the department’s FY 2017 budget request. “The GAO [report] point[s] directly to future problems with monitoring, verifying and meeting requirements of the [Iran deal].”

Kirk used the report to call on Congress to prepare sanctions that can be imposed if Iran starts to cheat on its nuclear obligations. He and Menendez are pushing for the reauthorization of the Iran Sanctions Act, a decade-old law that expires at the end of the year.

“My biggest takeaway is lawmakers must come together in a bipartisan manner now to create an insurance policy for imposing crippling pressure if and when Iran once again cheats on nuclear inspections as it has so many times in the past,” Kirk said in a statement. “International inspectors, according to the GAO’s interim report, still face an ‘inherent challenge’ in detecting undeclared nuclear activities, including weapons development activities and centrifuge manufacturing. The report also cites concerns the IAEA’s decision to end investigations into Iran’s past nuclear weapons activities ‘could reduce the indicators at the IAEA’s disposal to detect undeclared activity.’ Indeed, GAO also warns the nuclear deal’s mechanism for IAEA inspectors to gain access to Iranian sites suspected of having undeclared nuclear activities remains ‘untested’ and cautions ‘it is too soon to tell whether it will improve access.’”

Among the concerns raised by the GAO report is the sheer amount of manpower the Iran deal will consume. The agency is expected to have to transfer 18 “experienced inspectors” and “nearly twice that number of other staff” to its Iran Task Force, the GAO concludes, raising concerns about proliferation in other countries.

The State Department is proposing a $191 million US contribution to the agency in its FY 2017 budget request, a $5 million increase over the current year, to help the agency meet its new obligations.

*** 

In part by Rubin at WaPo:

Last week the administration warned that a sale of Russian advanced jets to Iran would violate the United Nations ban on such equipment. Sanctions guru Mark Dubowitz tells me, “Congress should draw up a list of Russian and Iranian entities to be sanctioned, give the administration 30 days to impose sanctions on these entities, and, if there’s no action, move ahead with statutory designations of these entities.”

That thinking needs to be applied across the board, taking into account all aspects of Iran’s behavior. Iran acts with impunity because it is convinced (rightly) the administration will do nothing. If the White House won’t, then Congress must act. Full article here.

 

OPM Top Person Donna Seymour Resigns

Posted on by

Chaffetz Responds to Retirement of OPM CIO Donna Seymour

Oversight Committee: WASHINGTON, D.C.—This afternoon, House Oversight and Government Reform Committee Chairman Jason Chaffetz (R-UT) issued the following statement upon learning of the retirement of U.S. Office of Personnel Management (OPM) Chief Information Officer (CIO) Donna Seymour:

“Ms. Seymour’s retirement is good news and an important turning point for OPM. While I am disappointed Ms. Seymour will no longer appear before our Committee this week to answer to the American people, her retirement is necessary and long overdue. On her watch, whether through negligence or incompetence, millions of Americans lost their privacy and personal data. The national security implications of this entirely foreseeable breach are far-reaching and long-lasting. OPM now needs a qualified CIO at the helm to right the ship and restore confidence in the agency.” 

 Background: 

Chairman Chaffetz has publicly expressed the need for Ms. Seymour’s removal on the following occasions:

Chaffetz to OPM: Remove Donna Seymour (12/10/2015)

Chaffetz Responds to Nomination of Beth Cobert as OPM Director (11/10/2015)

Chaffetz Renews Call for Removal of OPM CIO Donna Seymour (08/06/2015)

Chaffetz Statement on Latest OPM Data Breach Revelation (07/09/2015)

GOP Lawmakers to President Obama: Remove OPM Director Archuleta and CIO Donna Seymour (06/26/2015)

Related:

The Breach We Could Have Avoided (09/30/2015)

Fingerprints of Additional 4.5 Million Individuals Stolen in OPM Breach, Chaffetz Responds (09/23/2015)

Chaffetz Statement on OPM Infrastructure Improvement Plan (09/14/2015)

OPM Data Breach: Part II Hearing (06/24/2015)

OPM: Data Breach Hearing (06/16/2015)

*** For reference and background on Office of Personnel Management

Second OPM Hack Revealed: Even Worse Than The First

from the the-federal-government,-ladies-and-gentlemen dept

TechDirt: Oh great. So after we learned late yesterday that the hack of all sorts of data from the federal government’s Office of Personnel Management (OPM) was likely much worse than originally believed — including leaking all Social Security numbers unencrypted — and that the so-called cybersecurity “experts” within the government weren’t even the ones who discovered the hack, things are looking even worse. That’s because, late today, it was revealed that there was likely a separate hack, also by Chinese state actors, accessing even more sensitive information:

The forms authorities believed may have been stolen en masse, known as Standard Form 86, require applicants to fill out deeply personal information about mental illnesses, drug and alcohol use, past arrests and bankruptcies. They also require the listing of contacts and relatives, potentially exposing any foreign relatives of U.S. intelligence employees to coercion. Both the applicant’s Social Security number and that of his or her cohabitant is required.

In a statement, the White House said that on June 8, investigators concluded there was “a high degree of confidence that … systems containing information related to the background investigations of current, former and prospective federal government employees, and those for whom a federal background investigation was conducted, may have been exfiltrated.”

“This tells the Chinese the identities of almost everybody who has got a United States security clearance,” said Joel Brenner, a former top U.S. counterintelligence official. “That makes it very hard for any of those people to function as an intelligence officer. The database also tells the Chinese an enormous amount of information about almost everyone with a security clearance. That’s a gold mine. It helps you approach and recruit spies.”

And yet… this is the same federal government telling us that it wants more access to everyone else’s data to “protect” us from “cybersecurity threats” — and that encryption is bad? Yikes.

38 Text Messages

Posted on by

Protests planned across US to back Apple in battle with FBI

  • SAN FRANCISCO (AP) ” Protesters are preparing to assemble in more than 30 cities to lash out at the FBI for obtaining a court order that requires Apple to make it easier to unlock an encrypted iPhone used by a gunman in December’s mass shootings in Southern California.

This site has posted at least one previous article on the Islamic strain on Tablighi Jamaat, which is at the core of mosques throughout the United Kingdom and the United States.

It also must be noted that while there is an epic debate on the matter of Apple writing code to gain access to the Farook cell phone, the matter goes deeper with regard to the pathway and destination of the data on the phone meaning to iCloud and perhaps even iTunes.

REVEALED: San Bernardino Terrorist’s Mosque Cleric Exchanged ​38​ Texts With Terrorist, Claimed ‘Casual’ Relationship

The mosque at the centre of the San Bernardino terrorist attack is back in the spotlight after one of the organisation’s clerics, Roshan Abbassi, was found to have had repeated contact with terrorist Syed Farook in the months before the deadly attack which left 14 people dead and 24 people injured.

Breitbart: Mr. Abbassi and his fellow teachers at the mosque had previously claimed that they barely knew Mr. Farook, despite his repeat attendance at the Dar al Uloom al Islamiyyah mosque in San Bernardino.

The mosque is now believed to be a haven for Tablighi Jamaat activists – a fundamentalist, proselytising Islamic sect known in some circles as the “Army of Darkness”.

The New York Post reports that the Federal Bureau of Investigation (FBI) has found repeated phone contact between Mr. Abbassi and Mr. Farook, dating back to a two week period in June – coinciding with the terrorist attack on two military sites in Chattanooga.

Mr. Abbassi – when not dodging difficult questions from Breitbart News journalists – emphasised to reporters during a press conference held just two days after attacks that he only knew Mr. Farook very casually.

He said at the time that he only exchanged pleasantries with Mr. Farook when they both attended the mosque.

“Hello, goodbye, how are you… just casual conversation… nothing more than that,” insisted Mr. Abbassi.

But FBI agents are now investigating at least 38 messages that were allegedly exchanged between the pair during a two week span in June 2015.

Mr. Abbassi was unusually hostile with reporters of all stripes when he was quizzed on radical Islam, FBI investigations, and his relationship with Mr. Farook on December 4th. When Breitbart News asked Mr. Abbassi whether he believed in an Islamic Caliphate, he refused to answer on multiple occasions.

***

When asked at the time if the FBI was investigating anyone else at the mosque, he replied, “No comment” before giving reporters a wry smile. He was then asked to clarify, to which he replied, “No comment”. After being pushed a third time, he responded brusquely: “You guys are our guests. If we have no comment, you cannot force us to have a comment thank you very much”.

***

And the stories between Mr. Abbassi and his fellow mosque leaders didn’t stack up either. One claimed that Syed Farook hadn’t attended the Dar al Uloom Islamiyah in a year, whereas Mr. Abbassi later revised this figure down to “a month”.

Mr. Abbassi also tried to blame the terrorist attack on “workplace anger”, stating: “Radicalisation? Never. In Islam there is no such thing as a radical Islam. There’s proof it was workplace anger. Proof. And everyone knows the argument that he got in with one of his people and why don’t they ever tell us what the argument was about”.

It was later reported that the argument between a coworker and Mr. Farook may indeed have been about the State of Israel, and Islam.

Speaking to other local imams, Breitbart News found a real fear of the Tablighi Jamaat sect, with one leader at the Corona-Norco mosque just a few miles away telling Breitbart reporters that the group was “dangerous” – especially for those who don’t know what they are getting involved in when attending such mosques.

“The Tablighi thing could get out of hand,” he said. “[They] sleep in the mosque… they have… the beards,” he dragged his hand further down his chin, widening his eyes.

Now, U.S. government officials think there could be up to 50,000 Tablighi Jamaat members across the United States.

Evidence from the United Kingdom, where the group practices aggressive tactics in their quest to build mega mosques across Britain suggests that security services and journalists may have ignored this ultra-orthodox sect – linked in numerous cases to terrorism – for too long.

Assistant FBI Director Michael Heimbach has said: “We have significant presence of Tablighi Jamaat in the United States,” adding that Al Qaeda has “used them for recruiting.”

Mr. Abbassi, who is of Pakistani origin, denies involvement in the San Bernardino terrorist attack, and has claimed that he was only discussing food donations for the mosque in his text exchanges with Mr. Farook.

Tablighi Jamaat members across the world are encouraged to lead extremely austere lifestyles, with members often sleeping in their mosques, and only eating food that has been donated by other followers.

A U.S. Department of Homeland Security whistleblower – Philip Haney – told Breitbart News Daily that he was involved in an investigation that might have stopped the San Bernardino attack, but was stopped by the Obama administration in the name of political correctness.

Haney said: “Civil Rights and Civil Liberties shut the case down because we were focusing on individuals who belong to Tablighi Jamaat… This case actually took six years to develop… It started in 2006, and it gradually gained momentum over time. By 2008, I was interviewing twenty, thirty people a month sometimes.”

“It was exactly what DHS was created to do… We were doing what we took our oath of office to do. We were well-trained, capable subject matter experts, focused like a laser beam on a trend that was putting our country at threat.”

Earlier this month Breitbart London revealed that a family in Britain who claimed “Islamophobia” after being banned from the United States were too linked to the Tablighi Jamaat mosque in San Bernardino. Britain’s security services have yet to comment on the suspicions surrounding the family.

Apple vs. FBI, Try the iCloud or iTunes

Posted on by

In all fairness, General Michael Hayden, former head of the NSA actually disagrees with FBI Director James Comey and sides with Apple. The reason is fascinating.

Apple’s formal statement is here.

Zetter – Wired:

The news this week that a magistrate ordered Apple to help the FBI hack an iPhone used by one of the San Bernardino shooter suspects has polarized the nation—and also generated some misinformation.

Those who support the government say Apple has cooperated in the past to unlock dozens of phones in other cases—so why can’t it help the FBI unlock this one?

But this isn’t about unlocking a phone; rather, it’s about ordering Apple to create a new software tool to eliminate specific security protections the company built into its phone software to protect customer data. Opponents of the court’s decision say this is no different than the controversial backdoor the FBI has been trying to force Apple and other companies to build into their software—except in this case, it’s an after-market backdoor to be used selectively on phones the government is investigating.

The stakes in the case are high because it draws a target on Apple and other companies embroiled in the ongoing encryption/backdoor debate that has been swirling in Silicon Valley and on Capitol Hill for the last two years. Briefly, the government wants a way to access data on gadgets, even when those devices use secure encryption to keep it private.

Apple specifically introduced security features in 2014 to ensure that it would not be able to unlock customer phones and decrypt the data on them; but it turns out it overlooked a loophole in those security features that the government is now trying to exploit. The loophole is not about Apple unlocking the phone but about making it easier for the FBI to attempt to unlock it on its own. If the controversy over the San Bernardino phone causes Apple to take further steps to close that loophole so that it can’t assist the FBI in this way in the future, it could be seen as excessive obstinance and obstruction by Capitol Hill. And that could be the thing that causes lawmakers to finally step in with federal legislation that prevents Apple and other companies from locking the government out of devices.

If the FBI is successful in forcing Apply to comply with its request, it would also set a precedent for other countries to follow and ask Apple to provide their authorities with the same software tool.

In the interest of clarifying the facts and correcting some misinformation, we’ve pulled together a summary of the issues at hand.

What Kind of Phone Are We Talking About?

The phone in question is an iPhone 5c running the iOS9 version of Apple’s software. The phone is owned by the San Bernardino Department of Public Health, which gave it to Syed Rizwan Farook, the shooter suspect, to use for work.

What Is the Issue?

Farook created a password to lock his phone, and due to security features built into the software on his device, the FBI can’t unlock the phone and access the data on it using the method it wants to use—a bruteforce password-guessing technique wherein they enter different passcodes repeatedly until they guess the right one—without running the risk that the device will lock them out permanently.

How Would It Do That?

Apple’s operating system uses two factors to secure and decrypt data on the phone–the password the user chooses and a unique 256-bit AES secret key that’s embedded in the phone when it’s manufactured. As cryptographer Matthew Green explains in a blog post, the user’s password gets “tangled” with the secret key to create a passcode key that both secures and unlocks data on the device. When the user enters the correct password, the phone performs a calculation that combines these two codes and if the result is the correct passcode, the device and data are unlocked.

To prevent someone from brute-forcing the password, the device has a user-enabled function that limits the number of guesses someone can try before the passcode key gets erased. Although the data remains on the device, it cannot be decrypted and therefore becomes permanently inaccessible. The number of password tries allowed before this happens is unclear. Apple says on its web site that the data becomes inaccessible after six failed password attempts. The government’s motion to the court (.pdf) says it happens after 10 failed guesses.

The government says it does not know for certain if Farook’s device has the auto-erase feature enabled, but notes in its motion that San Bernardino County gave the device to Farook with it enabled, and the most recent backup of data from his phone to iCloud “showed the function turned on.”

A reasonable person might ask why, if the phone was backing data up to iCloud the government can just get everything it needs from iCloud instead of breaking into the phone. The government did obtain some data backed up to iCloud from the phone, but authorities allege in their court document that he may have disabled iCloud backups at some point. They obtained data backed up to iCloud a month before the shootings, but none closer to the date of the shooting when they say he is most likely to have used the phone to coordinate the attack.

Is This Auto-Erase the Only Security Protection Apple Has in Place?

No. In addition to the auto-erase function, there’s another protection against brute force attacks: time delays. Each time a password is entered on the phone, it takes about 80 milliseconds for the system to process that password and determine if it’s correct. This helps prevent someone from quickly entering a new password to try again, because they can only guess a password every 80 milliseconds. This might not seem like a lot of time, but according to Dan Guido, CEO of Trail of Bits, a company that does extensive consulting on iOS security, it can be prohibitively long depending on the length of the password.

“In terms of cracking passwords, you usually want to crack or attempt to crack hundreds or thousands of them per second. And with 80 milliseconds, you really can only crack eight or nine per second. That’s incredibly slow,” he said in a call to reporters this week.

With a four-digit passcode, he says, there are only about 10,000 different combinations a password-cracker has to try. But with a simple six-digit passcode, there are about one million different combinations a password cracker would have to try to guess the correct one—Apple says would take more than five-and-a-half-years to try all combinations of a six-character alpha-numeric password. The iOS9 software, which appears to be the software on the San Bernardino phone, asks you to create a six-digit password by default, though you can change this requirement to four digits if you want a shorter one.

Later models of phones use a different chip than the iPhone 5c and have what’s called a “secure enclave” that adds even more time delays to the password-guessing process. Guido describes the secure enclave as a “separate computer inside the iPhone that brokers access to encryption keys” increasing the security of those keys.

With the secure enclave, after each wrong password guess, the amount of time you have to wait before trying another password grows with each try; by the ninth failed password you have to wait an hour before you can enter a tenth password. The government mentioned this in its motion to the court, as if the San Bernardino phone has this added delay. But the iPhone 5c does not have secure enclave on it, so the delay would really only be the usual 80 milliseconds in this case.

Why None of This Is an Issue With Older iPhones

With older versions of Apple’s phone operating system—that is, phones using software prior to iOS8—Apple has the ability to bypass the user’s passcode to unlock the device. It has done so in dozens of cases over the years, pursuant to a court order. But beginning with iOS8, Apple changed this so that it can no longer bypass the user’s passcode.

According to the motion filed by the government in the San Bernardino case, the phone in question is using a later version of Apple’s operating system—which appears to be iOS9. We’re basing this on a statement in the motion that reads: “While Apple has publicized that it has written the software differently with respect to iPhones such as the SUBJECT DEVICE with operating system (“iOS”)9, Apple yet retains the capacity to provide the assistance sought herein that may enable the government to access the SUBJECT DEVICE pursuant to the search warrant.”

The government is referring to the changes that Apple initially made with iOS8, that exist in iOS9 as well. Apple released iOS9 in September 2015, three months before the San Bernardino attacks occurred, so it’s very possible this is indeed the version installed on the San Bernardino phone.

After today, technology vendors need to consider that they might be the adversary they’re trying to protect their customers from.

What Does the Government Want?

A lot of people have misconstrued the government’s request and believe it asked the court to order Apple to unlock the phone, as Apple has done in many cases before. But as noted, the particular operating system installed on this phone does not allow Apple to bypass the passcode and unlock the phone. So the government wants to try bruteforcing the password without having the system auto-erase the decryption key and without additional time delays. To do this, it wants Apple to create a special version of its operating system, a crippled version of the firmware that essentially eliminates the bruteforcing protections, and install it on the San Bernardino phone. It also wants Apple to make it possible to enter password guesses electronically rather than through the touchscreen so that the FBI can run a password-cracking script that races through the password guesses automatically. It wants Apple to design this crippled software to be loaded into memory instead of on disk so that the data on the phone remains forensically sound and won’t be altered.

Note that even after Apple does all of this, the phone will still be locked, unless the government’s bruteforcing operation works to guess the password. And if Farook kept the iOS9 default requirement for a six-character password, and chose a complex alpha-numeric combination for his password, the FBI might never be able to crack it even with everything it has asked Apple to do.

Apple CEO Tim Cook described the government’s request as “asking Apple to hack our own users and undermine decades of security advancements that protect our customers—including tens of millions of American citizens—from sophisticated hackers and cybercriminals. The same engineers who built strong encryption into the iPhone to protect our users would, ironically, be ordered to weaken those protections and make our users less safe.”

What Exactly Is the Loophole You Said the Government Is Exploiting?

The loophole is the fact that Apple even has the ability to run crippled firmware on a device like this without requiring the user to approve it, the way software updates usually work. If this required user approval, Apple would not be able to do what the government is requesting.

How Doable Is All of This?

Guido says the government’s request is completely doable and reasonable.

“They have to make a couple of modifications. They have to make it so that the operating system boots inside of a RAM disk…[and] they need to delete a bunch of code—there’s a lot of code that protects the passcode that they just need to trash,” he said.

Making it possible for the government to test passwords with a script instead of typing them in would take a little more effort he says. “[T]hat would require a little bit of extra development time, but again totally possible. Apple can load a new kernel driver that allows you to plug something in over the Thunderbolt port… It wouldn’t be trivial but it wouldn’t be massive.”

Could This Same Technique Be Used to Undermine Newer, More Secure Phones?

There has been some debate online about whether Apple would be able to do this for later phones that have newer chips and the secure enclave. It’s an important question because these are the phones that most users will have in the next one or two years as they replace their old phones. Though the secure enclave has additional security features, Guido says that Apple could indeed also write crippled firmware for the secure enclave that achieves exactly what the FBI is asking for in the San Bernardino case.

“It is absolutely within the realm of possibility for Apple themselves to tamper with a lot of the functionality of the secure enclave. They can’t read the secure private keys out of it, but they can eliminate things like the passcode delay,” he said. “That means the solution that they might implement for the 5c would not port over directly to the 5s, the 6 or the 6s, but they could create a separate solution for [these] that includes basically crippled firmware for the secure enclave.”

If Apple eliminates the added time delays that the secure enclave introduces, then such phones would only have the standard 80-millisecond delay that older phones have.

“It requires more work to do so with the secure enclave. You have to develop more software; you have to test it a lot better,” he said. “There may be some other considerations that Apple has to work around. [But] as far as I can tell, if you issue a software update to the secure enclave, you can eliminate the passcode delay and you can eliminate the other device-erase [security feature]. And once both of those are gone, you can query for passcodes as fast as 80 milliseconds per request.”

What Hope Is There for Your Privacy?

You can create a strong alpha-numeric password for your device that would make bruteforcing it essentially infeasible for the FBI or anyone else. “If you have letters and numbers and it’s six, seven or eight digits long, then the potential combinations there are really too large for anyone to bruteforce,” Guido said.

And What Can Apple Do Going Forward?

Guido says Apple could and should make changes to its system so that what the FBI is asking it to do can’t be done in future models. “There are changes that Apple can make to the secure enclave to further secure their phones,” he said. “For instance, they may be able to require some kind of user confirmation, before that firmware gets updated, by entering their PIN code … or they could burn the secure enclave into the chip as read-only memory and lose the ability to update it [entirely].”

These would prevent Apple in the future from having the ability to either upload crippled firmware to the device without the phone owner’s approval or from uploading new firmware to the secure enclave at all.

“There’s a couple of different options that they have; I think all of them, though, are going to require either a new major version of iOS or new chips on the actual phones,” Guido said. “But for the moment, what you have to fall back on is that it takes 80 milliseconds to try every single password guess. And if you have a complex enough password then you’re safe.”

Is the Ability to Upload Crippled Firmware a Vulnerability Apple Should Have Foreseen?

Guido says no.

“It wasn’t until very recently that companies had to consider: What does it look like if we attack our own customers? What does it look like if we strip out and remove the security mitigations we put in specifically to protect customers?”

He adds: “Apple did all the right things to make sure the iPhone is safe from remote intruders, or people trying to break into the iPhone.… But certainly after today, technology vendors need to consider that they might be the adversary they’re trying to protect their customers from. And that’s quite a big shift.” (Great job on this Kim)

 

GW Bush’s Nitro Zeus to Stop Iran, Obama?

Posted on by

Due to the Iran nuclear talks and eventual deal, this whole story while accurate it appears, may be an actual leak for the sake of legitimizing Iran.

 David Sanger and Mark Mazzetti report on the February 16, 2016 New York Times website that “in the early years of the Obama administration, the United States developed an elaborate plan for a cyber attack on Iran, in case the diplomatic effort to limit its nuclear program failed; and, led to a military conflict, according to a upcoming documentary film, and interviews with military and intelligence officials involved in the effort.”

 
     “The plan, code-named NITRO ZEUS, was devised to disable Iran’s air defenses, communications systems; and, crucial parts of the power grid,” the Times noted; but, was shelved when the nuclear deal with Iran was concluded.  The Times adds that “NITRO ZEUS was part of an effort to assure POTUS Obama that he had alternatives, short of a full-scale war — if Iran lashed out at the United States, or its allies in the region.  At its height, officials say, the planning for NITRO ZEUS involved thousands of American military and intelligence personnel, spending tens of millions of dollars; and, placing electronic implants in Iranian computer networks to “prepare the battlefield,” in the parlance of the Pentagon.” 
 
    FC:  The White House was no doubt hoping to dissuade Israel from conducting a pre-emptive military strike against Iran’s nuclear infrastructure, while the nuclear negotiations with Iran were nearing a conclusion.  Left unanswered in the Times article was any mention of Israel’s cooperation and/or participation in the NITRO ZEUS planning and ultimate execution.  Was Israel made aware of the plan?; but, not invited to participate?  Were they a full partner and expected to contribute to the operation if it had occurred?  Or, did the White House attempt to keep Israel out of any knowledge or participation in the effort?
     Mr. Sanger and Mr. Mazzetti note that in addition to NITRO ZEUS, “American intelligence agencies developed a separate, far more narrowly focused cyber plan to disable Iran’s Fordo nuclear enrichment site, which Iran built deep inside a mountain near the [religious] city of Qom.  The attack [on Fordo] would have been a covert operation,” which would have required POTUS approval.
 
 
   “Fordo has long been considered one of the hardest targets in Iran, buried too deep for all but the most powerful bunker-buster [bombs] in the American military arsenal,” Mr. Sanger and Mr. Mazzetti write.  “Thev proposed [covert] intelligence operation called for the insertion of a computer “worm” into the facility — with the aim of frying Fordo’s computer systems — effectively delaying, or destroying the ability of Iranian centrifuges to enrich uranium at the enrichment site.  It was intended as a follow-up to “OLYMPIC GAMES,” the code-name of a cyber attack [never acknowledged] by the United States and Israel that destroyed 1,000 Iranian nuclear centrifuges; and [at least], temporarily disrupt [nuclear fuel] production at Natanz, a far larger; but, less protected enrichment site.”  This operation involved the use of the STUXNET cyber worm; and is considered by many the first military use of a cyber weapon of mass disruption.
 
     Mr. Sanger and Mr. Mazzetti note that “the existence of NITRO ZEUS was uncovered in the course of reporting for “Zero Days,” a documentary that will be shown Wednesday [today] at the Berlin Film Festival.  Directed by Alex Gibney, who is known for other documentaries, including the Oscar-winning, “Taxi To The Dark Side,” about the [alleged] use of torture by American interrogators; and, “We Steal Secrets: The Story Of Wikileaks.”
     “Zero Days,” describes the escalating conflict between Iran and the West, in the years leading up to the agreement, and discovery of the cyber attack on the Natanz enrichment plant; and, the debates inside the Pentagon over whether the United States has [had] a workable [cyber] doctrine for the use of a new form of weaponry — whose ultimate effects are [still] only vaguely understood,” the Times noted.
    “For the seven-year old United States Cyber Command, which is still building its cyber “special forces,” and deploying them throughout the world, the Iran project [which involved infusing electronic implants at key digital ‘choke-points] was perhaps its most challenging program yet,” Mr. Sanger and Mr. Mazzetti write.  “This was enormous, and [an] enormously complex program [operation],” said one participant who requested anonymity because the program is still [highly] classified.  “Before it was developed, the U.S. had never assembled a combined cyber, kinetic attack plan on this scale,” the official added.
     “While U.S. Cyber Command would have executed NITRO ZEUS, the National Security Agency’s (NSA) Tailorerd Access Operations Unit (TAO) was responsible for penetrating the adversary’s [Iran’s] networks, which would have required piercing, and maintaining a presence in a vast number of Iranian networks, including the country’s air defenses and its transportation and command control centers,” The Times noted.
     “It is a tricky business, the war planners say, because their knowledge of how networks are connected in Iran, or any other hard target, is sketchy, and collateral damage is always hard to predict.  It is easier to turn off power grids, for example, than to start them up again.”  And, there is the critical and fundamental issue of restoring trust in the system by the people — something which is often difficult to do — just ask Target.  They have managed; but, it took a while.
     The covert operation to sabotage Fordo was challenging to say the least, since this was a clandestine Iranian nuclear enrichment facility, buried inside a mountain and no doubt heavily guarded and very difficult to breach.  Very difficult, but not impossible.  As The Times noted, some of the stolen NSA documents purloined by fugitive Edward Snowden allegedly demonstrate how computer worms and cyber viruses can be secretly inserted — remotely — into a targeted network — even if disconnected from the Internet.  I commented on article yesterday on how to steal secret keylogger data from a disconnected/stand-alone computer in another room.  Needless to say, Mr. Snowden greatly aided our adversaries and the Islamic State and al Qaeda, others with his reckless and destructive leaks.  CIA Director john Brennan admitted in a CBS 60 Minutes interview on Sunday that the Paris attackers used encrypted communications to plan, orchestrate, and launch their attack, an operational technique that allowed them to ‘remain dark’ thus prevent or undermine our ability to ferret out and hopefully prevent their operations.  In the aftermath of the Snowden leaks, these groups substantially enhanced their encryption software; as evidenced in both Paris and San Bernardino.
     For the life of me, I cannot figure out why some within the U.S. government thought disclosing this alleged operation was in our national security interests and beneficial for everyone to know.  If the report is true, it betrays extremely sensitive tactics, techniques, and procedures.  As the age old saying goes, “one cannot vanquish one’s enemies, by telegraphing one’s punches.”  Okay, nukes aside.  There are those who argue that a deterrent capability only works, if the opponent believes you can actually do what you say you can.  But, the cyber world is vastly different from the kinetic, military weaponry world, as revealing an offensive cyber capability is likely to render the digital weapon useless beyond the initial public disclosure and use.  Hackers, malcontents, others will take pleasure in being the first to reverse engineer the cyber weapon and post their findings on the open net for all to see — and, take appropriate counter-measures.  One also has to assume that North Korea, among others, is now aware of how their own networked nuclear infrastructure could be vulnerable and take pre-emptive steps to remedy their vulnerabilities. More details from the NYT’s here.