Category Archives: NSA Spying

President’s Day, Was George Washington a Spy?

Posted on by

The Spymaster’s Toolkit

CIA: Long before General William Donovan recruited spies to advance the American war efforts during World War II as Director of the Office of Strategic Services (OSS), predecessor to the CIA, General George Washington mastered the art of intelligence as Commander of the Continental Army during the Revolutionary War.

Washington was a skilled manager of intelligence. He utilized agents behind enemy lines, recruited both Tory and Patriot sources, interrogated travelers for intelligence information, and launched scores of agents on both intelligence and counterintelligence missions. He was adept at deception operations and tradecraft and was a skilled propagandist. He also practiced sound operational security. Washington fully understood the value of accurate intelligence, employing many of the same techniques later used by the OSS and CIA.

As we celebrate the 284th birthday of the first American President, we highlight some of the tradecraft employed to secure our independence from the British and offer insights on its use today. Were it not for the use of secret writing, concealment devises, propaganda, and intercepted communications, there may have been a very different outcome to the War of Independence.

* * * * *

SECRET WRITING

Revolutionary War: American agents serving abroad composed their intelligence reports using invisible ink. George Washington believed this would “not only render his communications less exposed to detection, but relieve the fears of such persons as may be entrusted in its conveyance.”

Communicating via invisible ink required the use of several chemical compositions. One mixture was used to write with disappearing ink, the other mixture was applied to the report to make it legible. Despite their invisible communications, it is estimated that the British intercepted and decrypted over half of America’s secret correspondence during the war.

CIA: The CIA has declassified several documents that provided recipes for making invisible ink. One recipe instructs: “Take a weak solution of starch, tinged with a little tincture of iodine. This bluish writing will soon fade away.” A mixture for exposing secret writing included “iodate of potassium, 5 grams, with 100 grams of water, and 2 grams of tartaric acid added” but warned, “run a hot iron over the surface being careful not to scorch the paper.”

During the Cold War, a major advancement in secret writing technology was the shift from liquid invisible inks to dry systems. The KGB was one of the first foreign intelligence services to employ a dry method. The CIA’s Office of Technical Services in the Directorate of Science and Technology spent considerable time researching Soviet systems and finally succeeded not only in “breaking” them, but in anticipating where its KGB counterpart would go next in the never-ending search for more secure systems. By the end of the Cold War, a kind of tacit convergence had emerged as both sides applied new techniques that used very small, almost undetectable quantities of chemical in secret writing messages. In the words of one CIA chemist, it was like “uniformly spreading a spoonful of sugar over an acre of land.”

CONCEALMENT DEVISES

Revolutionary War: Agents used a variety of modified objects to conceal their secret messages.  One device was a wafer-thin lead container that would sink in water, or melt in fire, thus destroying its contents. The device was small enough that an agent could swallow it if no other means of discarding were available. This was done as a last resort as ingestion was typically followed by a severe bout of lead poisoning. The lead container was eventually replaced by a silver, bullet-shaped container that could be unscrewed to hold a message and which would not poison a courier who might be forced to swallow it.

CIA:  A concealment devise can be any object used to clandestinely hide things. They are typically ordinary, every-day objects that have been hollowed out. The best concealment devises are ones that blend in with their surroundings and call no attention to themselves. They can be used to hide messages, documents, or film. Some examples of concealment devises include hollowed out coins, dead-drop spikes, shaving brushes, and makeup compacts.

PROPAGANDA

Revolutionary War: During the American Revolution, the British had a shortage of soldiers so they hired almost 30,000 German Hessian auxiliary forces to fight against the Americans. The Continental Congress devised a propaganda campaign to encourage the Hessian mercenaries to defect to America. The campaign included offering land grants to those mercenaries fighting for the British on American soil. The offers were written in German on leaflets disguised as tobacco packets. A mock-defector ran through the mercenaries’ camps encouraging others to defect as well. As part of the campaign, Benjamin Franklin forged a letter to the commander of the Hessians, “signed” by a German prince. The letter instructed the commander to let the wounded mercenaries die. This dealt a blow to the morale of the Hessians. Between 5,000 and 6,000 Hessian mercenaries deserted from the British, in part because of American propaganda.

CIA: Propaganda campaigns use communication to alter a population’s beliefs and views thus influencing their behavior. There are three types of propaganda: white, black, and grey. White propaganda openly identifies the source and uses gentle persuasion and public relations techniques to achieve a desired outcome. For example, during the Persian Gulf War, the CIA airdropped leaflets before some Allied bombing runs to allow civilians time to evacuate and encourage military units to surrender. Black propaganda, on the other hand, is misinformation that identifies itself with one side of a conflict, but is truly produced by the opposing side – like Franklin sending the letter “from” a German prince. Grey propaganda is the most mysterious of all because the source of the propaganda is never identified.

INTERCEPTED COMMUNICATIONS

Revolutionary War: The Continental Congress regularly received quantities of intercepted British mail. General Washington proposed to “contrive a means of opening them without breaking the seals, take copies of the contents, and then let them go on. By these means we should become masters of the whole plot.”

CIA: Clandestinely opening, reading and resealing envelopes or packages without the recipient’s knowledge requires practice. ‘Flaps and seals’ opening kits were used in the 1960s. A beginner’s kit offered the basic tools for surreptitious opening of letters and packages. Once mastered, an advanced kit with additional tools was used. Many of the tools were handmade of ivory and housed in a travel roll.

* * * * *

Washington employed the use of many other intelligence gathering techniques still in use today to secure our independence and freedom from Great Britain. Not only is he The Father of His Country, but he is heralded as a great spymaster. Upon the conclusion of the Revolutionary War, a defeated British intelligence officer is quoted as saying, “Washington did not really outfight the British. He simply out-spied us.”

It was not a Hardware Issue, it was a Cyber Intrusion, IRS

Posted on by

IRS Confirms It Was a Victim of an Automated Attack

The attack, which occurred in January, targeted the electronic filing PIN application form on the IRS.gov Website. Experts said there are lessons to be learned.

eWeek: The U.S. Internal Revenue Service (IRS) is gearing up for another busy tax season, and it appears that hackers are getting ready, too. On Feb. 9, the IRS confirmed that it was the victim of an automated attack in January that targeted the electronic filing PIN application form on the IRS.gov Website.According to the IRS, attackers made use of personal information, including Social Security numbers, that was stolen from other non-IRS Websites. The attackers then used that information in an attempt to generate fraudulent E-File PIN numbers on IRS.gov. With a PIN number, an attacker could have potentially been able to file a tax return or gain access to other taxpayer information.The IRS investigation has found that 464,000 unique Social Security numbers (SSNs) were used in the attack, with 101,000 being successfully able to access the E-File PIN. The IRS is emphasizing that it has halted the attack and is contacting those who are affected.”No personal taxpayer data was compromised or disclosed by IRS systems,” the agency stated. “The IRS also is taking immediate steps to notify affected taxpayers by mail that their personal information was used in an attempt to access the IRS application.”

In May 2015, the IRS reported that its Get Transcript service was attacked. Get Transcript enables users to get information about their tax account transactions. As is the case with the new attack against the E-File PIN, the Get Transcript service attack involved user information that was stolen from third-party sites. The success rate for the Get Transcript attackers, however, was higher than it was for the E-File PIN attackers, where 100,000 out of 200,000 hack attempts were successful.

Security experts contacted by eWEEK are not surprised that the IRS is once again reporting an attack against its systems. The fact that the IRS.gov site was attacked with SSNs stolen from other third-party sites is, however, somewhat ironic.”One of the most successful ways hackers steal citizens’ Social Security numbers is through fraudulent phishing emails or phone calls that appear to be from the IRS,” Darren Guccione, CEO and co-founder of Keeper Security, told eWEEK.

Hackers know the public is terrified of being identity-theft victims and exploit this fear well, often by telling someone they’ve been a victim already and asking for their Social Security number, Guccione noted.Lance James, chief scientist at Flashpoint, commented that one of the big concerns he sees with the latest IRS attack is the continued reliance on Social Security numbers. “We need to rethink what a Social Security number means these days when it comes to accessing data,” James told eWEEK. “It should not be the administrator password for a person’s life.”Andy Hayter, security evangelist at G DATA Software, also commented on the risks associated with SSN disclosure. Every bit of an individual’s personally identifiable information that is collected via a breach is one more piece of information that can, and someday will, be used against a person, he said.
“As long as information such as Social Security numbers is used as identification, we will have bad actors trying to collect as much information about individuals to do harm, either through theft or worse,” Hayter told eWEEK.Inga Goddijn, executive vice president at Risk Based Security, noted that taxpayers should be concerned that questionable security practices at organizations completely unrelated to the IRS have the potential of affecting their tax returns.

Though the IRS has stated that no personal taxpayer data was compromised or disclosed in the new attack, JP Bourget, CEO of Syncurity, noted that there is still a real risk.”While maybe the IRS can in the end prevent any bad outcomes for taxpayers, I can imagine a few scenarios where a bad guy attempts to file a tax return for a refund that then holds up a valid refund to someone who is owed a refund, and even depending on that refund,” Bourget told eWEEK. “There’s also the angle of now your account is flagged and the uncertainty of how that affects a taxpayer over time and what hidden costs may arise from that.”One potentially positive outcome that could result from the IRS attack is that lessons learned could help prevent the next attack. Goddijn said that it would be helpful if the IRS can share more detail as to how the agency detected the attack and ideas for preventing these types of enumeration attacks in the future. She added that the U.S. government has been pushing for more threat intelligence sharing and improved security practices for all organizations.”Why not take this opportunity to lead the charge and share more about the attack with the security community,” Goddijn said. “That may help stop the next, similar assault on a high-value target.”

In 2015:

USAToday: Criminals hacked into an Internal Revenue Service website and gained access to approximately 100,000 tax accounts, the agency said Tuesday. Another 100,000 attempts were made but were not successful.

The attack appears to have first begun in February, the agency said.

The hackers got in by taking information about taxpayers they’d acquired from other sources and using it to correctly answer several personal identity verification questions in the IRS’ “Get Transcript” application, the IRS said in a statement.

This allowed them to get information about tax accounts through the application. The information stolen included Social Security information, date of birth and street address.

The Get Transcript application allows users to view their tax account transactions, line-by-line tax return information or wage and income reported to the IRS for a specific tax year. It was used to securely retrieve approximately 23 million taxpayer transcripts last year, the IRS said.

The information the hackers used to get in was probably previously stolen by other hackers who then sold it on the open market, said Rob Roy, chief technology officer of HP Enterprise Security Products.

The hackers who bought it “appear to have hired an army of people to submit over 200,000 queries into the IRS site over a period of four months. Not exactly a quick and easy operation,” he said.

“The matter is under review by the Treasury Inspector General for Tax Administration as well as the IRS’ Criminal Investigation unit, and the ‘Get Transcript’ application has been shut down temporarily,” the IRS said.

The agency will provide free credit monitoring services for the approximately 100,000 taxpayers whose accounts were accessed.

The theft was discovered late last week when IRS staff noticed unusual activity on the application. Further investigation showed that attempts were made beginning in February.

The breach does not involve the main IRS computer system that handles tax filing submissions. “That system remains secure,” the IRS said.

“The IRS historically has been very security, it has to be by virtue of the data it collects. But it just goes to show that even the most secure system can be attacked,” said Larry Ponemon of the Ponemon Institute, a data security research group.

ISIS, Islamic State has a Help Desk

Posted on by

The Islamic State in Iraq and Syria (ISIS) uses a 34-page manual to instruct its followers on how to stay invisible on the Internet.

The Arabic document was translated and released this week by analysts at the Combating Terrorism Center, an independent research group at the U.S. Military Academy at West Point. It includes warnings to avoid Instagram because it is owned by Facebook, and Dropbox because former secretary of State Condoleezza Rice sits on its board of investors. Famous government leaker Edward Snowden has also criticized Dropbox over its privacy, the document notes.

Users are also directed to use Apple’s encrypted FaceTime and iMessage features over regular unencrypted text and chat features. More here.

New ISIS ‘help desk’ to aid hiding from authorities

TheHill: The Islamic State in Iraq and Syria (ISIS) has opened up a new technical “help desk” that instructs terrorists on how to hide from Western authorities, according to researchers.

The Electronic Horizon Foundation (EHF) was launched on Jan. 30 as a joint effort of several of the top ISIS cybersecurity experts, the Middle East Media Research Institute (MEMRI) said in a new report.

While researchers have previously uncovered an ISIS “help desk” and 34-page manual that help extremists encrypt their communications, MEMRI said the EHF takes these services to an “alarming” new level.

“Jihadis have long sought technical information, which has been confined in the past to various password-protected jihadi forums,” said the MEMRI report, shared exclusively with The Hill. “However, the freedom and ease by which they can now obtain that information is alarming, especially when such information is shared over private and secure channels.”

The EHF operates on the encrypted messaging platform Telegram but also maintains a Twitter account that disseminates information and directs followers to its secure Telegram channel.

The group’s self-stated goal is clear: “Spreading security and technical awareness among the monotheists.”

According to an announcement celebrating the EHF launch, ISIS has spent a year establishing the group with the goal of “unifying the technical and security efforts, and uniting the ranks of the mujahideen’s supporters.”

It brings together several technical support entities, such as the Information Security channel on Telegram and the “Islamic State Technician,” an ISIS security specialist thought to be behind a leading password-protected technical forum.

The announcement, which the MEMRI translated, was also direct that the EHF had been formed “due to the electronic war and tight surveillance imposed by the Western intelligence apparatuses over Internet users, and their tracking and following of the mujahideen and their supporters, and targeting them based on their data and information, which they share over the Internet.”

EHF pledged to provide resources to help combat this surveillance.

“It is time to face the electronic surveillance, educate the mujahideen about the dangers of the Internet, and support them with the tools, directives and security explanations to protect their electronic security, so that they don’t commit security mistakes that can lead to their bombardment and killing,” the announcement said.

As of early this week, the EHF Telegram account had over 2,200 members.

MEMRI said EHF has not posted much yet, “but it is expected to take the lead nonetheless in content posted as time goes by.”

If the group follows in the footsteps of its creators, its content will be “defensively-oriented,” such as tutorials on mobile phone security, instead of “offensively-oriented,” such as instructions on launching cyberattacks, MEMRI said.

In the wake of the terror attacks in Paris and San Bernardino, Calif., law enforcement officials have cautioned that potential terrorists are increasingly using encryption to hide from investigators, a phenomenon they call “going dark.”

The warnings have led to some calling for legislation that would guarantee government access to encrypted data, although momentum on Capitol Hill for such a bill has cooled in recent months.

“I don’t think we’re any closer to a consensus on that than we were, I think, six months ago,” Rep. Adam Schiff (D-Calif.), the House Intelligence Committee’s top Democrat, said last week. “Or if there is a consensus, it is that a legislative solution, I think, is very unlikely.”

 

IS Encryption Guide by AlyssaBereznak

Hillary Emails Back in the News, Again

Posted on by

  Yoga and wedding arrangements? Not so much..

State Dept: Top Official Didn’t Know About Hillary’s Server, Even Though He Was On Email Discussing It

DailyCaller: A spokesman for the State Department insisted during a press conference on Wednesday that Patrick Kennedy, the Under Secretary of Management at the department, was not aware Hillary Clinton maintained a private server in her home while she was secretary of state.

But that claim — made by spokesman Mark Toner — is a curious one given that emails published by The Daily Caller last month show that Kennedy was involved in an August 2011 email exchange with two of Clinton’s top aides and another State Department official in which Clinton’s private email server was discussed.

Whether Kennedy knew about Clinton’s private server is a key point in the ongoing email kerfuffle. In his role, the 42-year veteran manages all facets of State Department business, including personnel matters, logistics, information technology, and budgetary issues. He is also the official who has served as the State Department’s main point of contact with Clinton, her attorneys, and her aides throughout the ongoing email scandal. He sent the letters requesting that Clinton and her aides hand their emails over to the State Department.

Given his central position at State, it would stand to reason that Kennedy should have known — and should have been informed — that Clinton was using a private email server housed in her New York residence.

As one reporter put it during Wednesday’s press briefing: “How could he not know if he’s responsible for both [Diplomatic Security] and for the people who do the technical and computer stuff at State?”

But Kennedy knowing about the server would also raise questions about why the career diplomat allowed Clinton to use an email system was vulnerable to outside threats. Not to mention the risks posed by Clinton’s sending and receiving of classified information.

Kennedy’s name popped up on Wednesday when Fox News’ Catherine Herridge reported that he was one of the State Department officials who handled 22 “top secret” emails found on Clinton’s server. Clinton and her aides, Jake Sullivan, Huma Abedin, Cheryl Mills, and Philippe Reines all either sent the sensitive emails, received them, forwarded them, or commented on them.

 

The State Department has determined that the emails are so sensitive that they will be withheld from the Clinton records being released in batches at the end of each month since June.

Fox’s Herridge also reported that Kennedy told the House Select Committee on Benghazi during an interview earlier this month that he knew about Clinton’s personal email account from the beginning of her tenure, but that he was not aware of the “scope” of its use for government business.

A spokesperson for the Committee declined to comment on matters involving private interviews.

During Wednesday’s questioning, Toner said three times that Kennedy, who frequently emailed with Clinton about work-related issues, did not know about Clinton’s private server.

“He’s spoken to it before — or we’ve spoken to it before — that he did not have knowledge of the computer server that she set up in her residence,” said Toner, who also stated that Kennedy told the Benghazi Committee that he did not know about the server.

“What his knowledge or what his awareness at the time — other than what he has said already, or what we have said already — which is that he was not aware of her having a private server at her home,” Toner said later in the press briefing.

But an Aug. 30, 2011 email chain obtained by TheDC last month through a FOIA lawsuit shows that Kennedy was involved in a conversation that explicitly mentioned Clinton’s server.

 

In the email, Stephen Mull, then-executive secretary at State, thanked Cheryl Mills for alerting him to problems that Clinton was having sending emails on the personal Blackberry that she used to send and receive work email. The Blackberry was “malfunctioning,” Mull noted, “possibly because of [sic] her personal email server is down.”

Kennedy was copied on that email as well as on a response from Abedin. On top of indicating that Kennedy was made aware of Clinton’s use of a personal server, the emails also show that Abedin, Clinton’s deputy chief of staff and an official on her presidential campaign, vetoed a proposal to set Clinton up with a second Blackberry equipped with a State.gov email address.

“Doesn’t make a whole lot of sense,” Abedin said in response to the proposal. Clinton was never provided a State Department-issued Blackberry. Why Kennedy did not intervene at that time is anybody’s guess.

TheDC reached out to the State Department to find out more about the apparent inconsistency between Toner’s comments on Wednesday and the August 2011 emails. Perhaps Kennedy didn’t see the email? Perhaps he assumed that another email server that was linked to Clinton’s Blackberry was being discussed by Stephen Mull, the executive secretary of State?

But the agency provided few additional details.

“Today the State Department indicated that comments made by Under Secretary Kennedy to the Benghazi Committee were being misconstrued. Beyond that, we are not going to speak to this further,” ‎‎a State Department official told TheDC.

Hat tip Chuck!

 

 

Clapper Breaks with Obama’s Threat Crisis Plank

Posted on by

North Korea has restarted plutonium reactor: US

North Korea has restarted a plutonium reactor that could fuel a nuclear bomb and is seeking missile technology that could threaten the United States, Washington’s top spy said on Tuesday.

Intel Chief Breaks From Obama Narrative On Iran Deal

DailyCaller: The head of U.S. intelligence believes that Iran’s recent actions speak loudly to its intentions, particularly given the country’s recent provocations since the Iran nuclear deal came into effect.

Testifying to the Senate Committee on Armed Services Tuesday, director of national intelligence James Clapper gave a very somber description of what he sees as Iran’s intentions toward the U.S. now that last summer’s nuclear deal has commenced. In particular, his statements offered little assurance that Iran is acting as an honest actor with the U.S. and the other states involved in last year’s negotiations, or that the nuclear deal will stop Iran from obtaining a nuclear weapon.

“Iran probably views JCPOA [Iran deal] as a means to remove sanctions while preserving nuclear capabilities, as well as the option to eventually expand its nuclear infrastructure,” said Clapper, who also noted that, so far, he sees no evidence that Iran is violating the nuclear deal.

Clapper’s statements stand in stark contrast with those made by President Barack Obama, who lauded the nuclear accord last summer, claiming it would not only stop all of Iran’s possible pathways to a nuclear weapon, but that “under its terms, Iran is never allowed to build a nuclear weapon.” More here.

***

Clapper went into all specifics on the threat matrix both at home and globally. He did not leave anything behind, from cyber wars, space wars, weapons systems, human trafficking, terror organizations, economic instability, migrants, disinformation and drug cartels.

 STATEMENT FOR THE RECORD WORLDWIDE THREAT ASSESSMENT of the US INTELLIGENCE COMMUNITY
February 9, 2016
INTRODUCTION
Chairman McCain, Vice Chairman Reed, Members of the Committee, thank you for the invitation to offer
the United States Intelligence Community’s 2016 assessment of threats to US national security. My statement reflects the collective insights of the Intelligence Community’s extraordinary men and women, whom I am privileged and honored to lead. We in the Intelligence Community are committed every day to provide the nuanced, multidisciplinary intelligence that policymakers, warfighters, and domestic law enforcement personnel need to protect American lives and America’s interests anywhere in the world.
 The order of the topics presented in this statement does not necessarily indicate the relative importance or magnitude of the threat in the view of the Intelligence Community. Information available as of February 3, 2016 was used in the preparation of this assessment.
 
TABLE OF CONTENTS
 
GLOBAL THREATS Cyber and Technology Terrorism Weapons of Mass Destruction and Proliferation Space and Counterspace
 
Counterintelligence Transnational Organized Crime
 
Economics and Natural Resources Human Security
 
REGIONAL THREATS East Asia
China Southeast Asia North Korea
Russia and Eurasia
Russia Ukraine, Belarus, and Moldova The Caucasus and Central Asia
Europe
 
Key Partners The Balkans Turkey Middle East and North Africa 
Iraq Syria Libya  Yemen Iran  Lebanon Egypt Tunisia
 
South Asia
Afghanistan Bangladesh Pakistan and India
Sub-Saharan Africa  Central Africa Somalia South Sudan Sudan Nigeria
 
Latin America and Caribbean
 
Central America Cuba Venezuela Brazil