Category Archives: NSA Spying

Obama Spied on Congress/Israel, Contempt/Disdain

Posted on by

U.S. Spy Net on Israel Snares Congress
National Security Agency’s targeting of Israeli leaders also swept up the content of private conversations with U.S. lawmakers

WSJ: President Barack Obama announced two years ago he would curtail eavesdropping on friendly heads of state after the world learned the reach of long-secret U.S. surveillance programs.

But behind the scenes, the White House decided to keep certain allies under close watch, current and former U.S. officials said. Topping the list was Israeli Prime Minister Benjamin Netanyahu.
The U.S., pursuing a nuclear arms agreement with Iran at the time, captured communications between Mr. Netanyahu and his aides that inflamed mistrust between the two countries and planted a political minefield at home when Mr. Netanyahu later took his campaign against the deal to Capitol Hill.

The National Security Agency’s targeting of Israeli leaders and officials also swept up the contents of some of their private conversations with U.S. lawmakers and American-Jewish groups. That raised fears—an “Oh-s— moment,” one senior U.S. official said—that the executive branch would be accused of spying on Congress.

White House officials believed the intercepted information could be valuable to counter Mr. Netanyahu’s campaign. They also recognized that asking for it was politically risky. So, wary of a paper trail stemming from a request, the White House let the NSA decide what to share and what to withhold, officials said. “We didn’t say, ‘Do it,’ ” a senior U.S. official said. “We didn’t say, ‘Don’t do it.’ ”

Stepped-up NSA eavesdropping revealed to the White House how Mr. Netanyahu and his advisers had leaked details of the U.S.-Iran negotiations—learned through Israeli spying operations—to undermine the talks; coordinated talking points with Jewish-American groups against the deal; and asked undecided lawmakers what it would take to win their votes, according to current and former officials familiar with the intercepts.

Before former NSA contractor Edward Snowden exposed much of the agency’s spying operations in 2013, there was little worry in the administration about the monitoring of friendly heads of state because it was such a closely held secret. After the revelations and a White House review, Mr. Obama announced in a January 2014 speech he would curb such eavesdropping.

In closed-door debate, the Obama administration weighed which allied leaders belonged on a so-called protected list, shielding them from NSA snooping. French President François Hollande, German Chancellor Angela Merkel and other North Atlantic Treaty Organization leaders made the list, but the administration permitted the NSA to target the leaders’ top advisers, current and former U.S. officials said. Other allies were excluded from the protected list, including Recep Tayyip Erdogan, president of NATO ally Turkey, which allowed the NSA to spy on their communications at the discretion of top officials.

Privately, Mr. Obama maintained the monitoring of Mr. Netanyahu on the grounds that it served a “compelling national security purpose,” according to current and former U.S. officials. Mr. Obama mentioned the exception in his speech but kept secret the leaders it would apply to.

Israeli, German and French government officials declined to comment on NSA activities. Turkish officials didn’t respond to requests Tuesday for comment. The Office of the Director of National Intelligence and the NSA declined to comment on communications provided to the White House.

This account, stretching over two terms of the Obama administration, is based on interviews with more than two dozen current and former U.S. intelligence and administration officials and reveals for the first time the extent of American spying on the Israeli prime minister.

Taking office
After Mr. Obama’s 2008 presidential election, U.S. intelligence officials gave his national-security team a one-page questionnaire on priorities. Included on the form was a box directing intelligence agencies to focus on “leadership intentions,” a category that relies on electronic spying to monitor world leaders.

The NSA was so proficient at monitoring heads of state that it was common for the agency to deliver a visiting leader’s talking points to the president in advance. “Who’s going to look at that box and say, ‘No, I don’t want to know what world leaders are saying,’ ” a former Obama administration official said.

In early intelligence briefings, Mr. Obama and his top advisers were told what U.S. spy agencies thought of world leaders, including Mr. Netanyahu, who at the time headed the opposition Likud party.

Michael Hayden, who led the NSA and the Central Intelligence Agency during the George W. Bush administration, described the intelligence relationship between the U.S. and Israel as “the most combustible mixture of intimacy and caution that we have.”

The NSA helped Israel expand its electronic spy apparatus—known as signals intelligence—in the late 1970s. The arrangement gave Israel access to the communications of its regional enemies, information shared with the U.S. Israel’s spy chiefs later suspected the NSA was tapping into their systems.

When Mr. Obama took office, the NSA and its Israeli counterpart, Unit 8200, worked together against shared threats, including a campaign to sabotage centrifuges for Iran’s nuclear program. At the same time, the U.S. and Israeli intelligence agencies targeted one another, stoking tensions.

“Intelligence professionals have a saying: There are no friendly intelligence services,” said Mike Rogers, former Republican chairman of the House Intelligence Committee.

Early in the Obama presidency, for example, Unit 8200 gave the NSA a hacking tool the NSA later discovered also told Israel how the Americans used it. It wasn’t the only time the NSA caught Unit 8200 poking around restricted U.S. networks. Israel would say intrusions were accidental, one former U.S. official said, and the NSA would respond, “Don’t worry. We make mistakes, too.”

In 2011 and 2012, the aims of Messrs. Netanyahu and Obama diverged over Iran. Mr. Netanyahu prepared for a possible strike against an Iranian nuclear facility, as Mr. Obama pursued secret talks with Tehran without telling Israel.

Convinced Mr. Netanyahu would attack Iran without warning the White House, U.S. spy agencies ramped up their surveillance, with the assent of Democratic and Republican lawmakers serving on congressional intelligence committees.

By 2013, U.S. intelligence agencies determined Mr. Netanyahu wasn’t going to strike Iran. But they had another reason to keep watch. The White House wanted to know if Israel had learned of the secret negotiations. U.S. officials feared Iran would bolt the talks and pursue an atomic bomb if news leaked.

The NSA had, in some cases, spent decades placing electronic implants in networks around the world to collect phone calls, text messages and emails. Removing them or turning them off in the wake of the Snowden revelations would make it difficult, if not impossible, to re-establish access in the future, U.S. intelligence officials warned the White House.

Instead of removing the implants, Mr. Obama decided to shut off the NSA’s monitoring of phone numbers and email addresses of certain allied leaders—a move that could be reversed by the president or his successor.

There was little debate over Israel. “Going dark on Bibi? Of course we wouldn’t do that,” a senior U.S. official said, using Mr. Netanyahu’s nickname.

One tool was a cyber implant in Israeli networks that gave the NSA access to communications within the Israeli prime minister’s office.

Given the appetite for information about Mr. Netanyahu’s intentions during the U.S.-Iran negotiations, the NSA tried to send updates to U.S. policy makers quickly, often in less than six hours after a notable communication was intercepted, a former official said.

Emerging deal
NSA intercepts convinced the White House last year that Israel was spying on negotiations under way in Europe. Israeli officials later denied targeting U.S. negotiators, saying they had won access to U.S. positions by spying only on the Iranians.

By late 2014, White House officials knew Mr. Netanyahu wanted to block the emerging nuclear deal but didn’t know how.

On Jan. 8, John Boehner, then the Republican House Speaker, and incoming Republican Senate Majority Leader Mitch McConnell agreed on a plan. They would invite Mr. Netanyahu to deliver a speech to a joint session of Congress. A day later, Mr. Boehner called Ron Dermer, the Israeli ambassador, to get Mr. Netanyahu’s agreement.

Despite NSA surveillance, Obama administration officials said they were caught off guard when Mr. Boehner announced the invitation on Jan. 21.

Soon after, Israel’s lobbying campaign against the deal went into full swing on Capitol Hill, and it didn’t take long for administration and intelligence officials to realize the NSA was sweeping up the content of conversations with lawmakers.

The message to the NSA from the White House amounted to: “You decide” what to deliver, a former intelligence official said.

NSA rules governing intercepted communications “to, from or about” Americans date back to the Cold War and require obscuring the identities of U.S. individuals and U.S. corporations. An American is identified only as a “U.S. person” in intelligence reports; a U.S. corporation is identified only as a “U.S. organization.” Senior U.S. officials can ask for names if needed to understand the intelligence information.

The rules were tightened in the early 1990s to require that intelligence agencies inform congressional committees when a lawmaker’s name was revealed to the executive branch in summaries of intercepted communications.

A 2011 NSA directive said direct communications between foreign intelligence targets and members of Congress should be destroyed when they are intercepted. But the NSA director can issue a waiver if he determines the communications contain “significant foreign intelligence.”

The NSA has leeway to collect and disseminate intercepted communications involving U.S. lawmakers if, for example, foreign ambassadors send messages to their foreign ministries that recount their private meetings or phone calls with members of Congress, current and former officials said.

“Either way, we got the same information,” a former official said, citing detailed reports prepared by the Israelis after exchanges with lawmakers.

During Israel’s lobbying campaign in the months before the deal cleared Congress in September, the NSA removed the names of lawmakers from intelligence reports and weeded out personal information. The agency kept out “trash talk,” officials said, such as personal attacks on the executive branch.

Administration and intelligence officials said the White House didn’t ask the NSA to identify any lawmakers during this period.

“From what I can tell, we haven’t had a problem with how incidental collection has been handled concerning lawmakers,” said Rep. Adam Schiff, a California Democrat and the ranking member of the House Permanent Select Committee on Intelligence. He declined to comment on any specific communications between lawmakers and Israel.

The NSA reports allowed administration officials to peer inside Israeli efforts to turn Congress against the deal. Mr. Dermer was described as coaching unnamed U.S. organizations—which officials could tell from the context were Jewish-American groups—on lines of argument to use with lawmakers, and Israeli officials were reported pressing lawmakers to oppose the deal.

“These allegations are total nonsense,” said a spokesman for the Embassy of Israel in Washington.

A U.S. intelligence official familiar with the intercepts said Israel’s pitch to undecided lawmakers often included such questions as: “How can we get your vote? What’s it going to take?”

NSA intelligence reports helped the White House figure out which Israeli government officials had leaked information from confidential U.S. briefings. When confronted by the U.S., Israel denied passing on the briefing materials.

The agency’s goal was “to give us an accurate illustrative picture of what [the Israelis] were doing,” a senior U.S. official said.

Just before Mr. Netanyahu’s address to Congress in March, the NSA swept up Israeli messages that raised alarms at the White House: Mr. Netanyahu’s office wanted details from Israeli intelligence officials about the latest U.S. positions in the Iran talks, U.S. officials said.

A day before the speech, Secretary of State John Kerry made an unusual disclosure. Speaking to reporters in Switzerland, Mr. Kerry said he was concerned Mr. Netanyahu would divulge “selective details of the ongoing negotiations.”

The State Department said Mr. Kerry was responding to Israeli media reports that Mr. Netanyahu wanted to use his speech to make sure U.S. lawmakers knew the terms of the Iran deal.

Intelligence officials said the media reports allowed the U.S. to put Mr. Netanyahu on notice without revealing they already knew his thinking. The prime minister mentioned no secrets during his speech to Congress.

In the final months of the campaign, NSA intercepts yielded few surprises. Officials said the information reaffirmed what they heard directly from lawmakers and Israeli officials opposed to Mr. Netanyahu’s campaign—that the prime minister was focused on building opposition among Democratic lawmakers.

The NSA intercepts, however, revealed one surprise. Mr. Netanyahu and some of his allies voiced confidence they could win enough votes.

***

Enter Speaker Boehner and Senate Majority Leader

The Phone Call that Upended U.S.-Israel Relations

WSJ: It started off as a routine call between then-House Speaker John Boehner and the incoming Senate majority leader, Mitch McConnell, about ways Republicans in Congress could put the brakes on the nuclear pact President Barack Obama was negotiating with Iran.

Then Messrs. Boehner and McConnell had a light-bulb moment: They could undercut Mr. Obama by extending an invitation to Israeli Prime Minister Benjamin Netanyahu to deliver a speech to a joint session of Congress opposing the emerging deal.

The initiative set in motion by Messrs. Boehner and McConnell during the Jan. 8 phone call not only would inflame hostilities between the White House and Republicans in Congress but exacerbate the biggest breakdown in relations between U.S. and Israeli heads of state in decades, as detailed in this Wall Street Journal piece.

Mr. Boehner (R., Ohio) and Mr. McConnell (R., Ky.) knew secrecy was key. If word leaked out, they believed the White House would pressure Mr. Netanyahu to decline. To ensure the invitation would come as a surprise, the leaders decided to tell only their closest aides.

“We knew this would be a poke in the eye,” a person close to the Republican leaders said of the invitation.

The immediate concern was whether Mr. Netanyahu would agree to accept the invitation. Mr. Netanyahu’s relationship with Mr. Obama was already deeply troubled. Initially, the two Republicans weren’t sure the prime minister would be eager to make that situation even worse by entering into a direct political fight with the president in Congress.

When Mr. Boehner called Israeli Ambassador Ron Dermer on Jan. 9, the ambassador said he liked the idea and would sound out the prime minister, according to a person familiar with the call.

From the beginning, Mr. Boehner wasn’t entirely comfortable with what was a clear breach of protocol. Typically, only the White House would extend such an invitation in consultations with Congress. He and Mr. McConnell did not tell the White House about their discussions at any point during the planning, congressional officials said.

(Ironically, the Obama administration had already broken the precedent by inviting the South Korean president to address Congress without first consulting Mr. Boehner.)

Mr. Boehner tapped his chief of staff, Mike Sommers, to serve as the main point of contact for Mr. Dermer in the negotiations. No one else on Mr. Boehner’s staff was told.

This was not the first time Mr. Boehner had invited the Israeli prime minister to address Congress. Early in his tenure as speaker, the Ohio Republican approached the White House about inviting Mr. Netanyahu to speak to a joint session of House and Senate members. The White House dragged its feet before eventually giving Mr. Boehner the green light to extend an invite.

In waiting on the White House, tension developed between Mr. Boehner and his no. 2, former House Majority Leader Eric Cantor (R., Va.). Mr. Cantor, for years the only Jewish Republican in the House, pushed the speaker to demand an answer from the Obama administration, but Mr. Boehner wanted to give the president and his team time to digest the idea.

In the end, Mr. Netanyahu declined the invitation.

The second time, the Republicans knew they would be stirring a partisan hornets’ nest, given the controversy about the Iranian talks.

The Boehner and McConnell teams had decided they would send a formal letter inviting Mr. Netanyahu on Jan. 21, one day after Mr. Obama’s State of the Union address.

On Jan. 20, Secretary of State John Kerry, who led the negotiations with Iran, held a 45-minute meeting with Mr. Dermer, who didn’t say a word about the pending announcement, U.S. officials said.

That afternoon, Mr. Boehner sent final word to Mr. Dermer finalizing plans to made the announcement the next day.

An Israeli official in Washington said the ambassador “felt it would be inappropriate for him to raise the issue with the administration, including in his meeting with the secretary of state, until the speaker notified them.”

In the State of the Union, the president hailed the prospects for a nuclear deal with Iran and warned Congress not to throw obstacles in the way.

“New sanctions passed by this Congress, at this moment in time, will all but guarantee that diplomacy fails, alienating America from its allies, making it harder to maintain sanctions and ensuring that Iran starts up its nuclear program again,” Mr. Obama said.

On Jan. 21, as planned, Mr. Boehner’s office formally sent the invitation to Mr. Netanyahu. A few hours before Mr. Boehner’s office released the invitation letter to the press, Mr. Boehner’s chief of staff, Mr. Sommers, called Katie Fallon, Mr. Obama’s top congressional liaison, to inform her. The initial call was cordial. Mrs. Fallon said she appreciated the heads up. The White House had yet to digest the news.

At the White House National Security Council, then-coordinator for the Middle East, Philip Gordon, reacted with disbelief when told Mr. Netanyahu would address a joint session of Congress on the Iran deal. “No he’s not,” Mr. Gordon said in response. “I talk to Dermer all the time.” In those discussions, Mr. Dermer never mentioned an impending speech, Mr. Gordon said.

An hour after Mr. Sommers told the White House, Mrs. Fallon called Mr. Boehner’s chief of staff back. This time she was not as understanding and scolded Mr. Sommers for going around the Obama administration’s back.

Senior officials demanded answers from their Israeli counterparts. Administration officials thought the idea was cooked up by Messrs. Dermer and Netanyahu, and then proposed to the Republicans in Congress. In fact, it was the other way around, congressional officials said.

Mr. Dermer told his American counterparts it was his impression the speaker’s office would “take care of” informing the White House, according to a former U.S. official.

The National Security Agency was spying on Israeli communications but didn’t pick up on the discussions between Messrs. Boehner and Dermer, nor on the deliberations that followed between Messrs. Dermer and Netanyahu on accepting the invitation.

Every Registered Voter, Personal Data Leaked

Posted on by

191M Records Exposed In Data Leak: Personal Information Of ‘Every Registered U.S. Voter’ Said To Be Freely Available

In 2014, there were 142.2 million people registered to vote in the United States, according to the U.S. Census Bureau. Forbes is reporting that a database containing 191 million voter records, which includes personal data, has been found, available for anyone to access, online by a “whitehat hacker” named Chris Vickery.

It appears that the personal details of “every registered U.S. voter” are publicly available online. When asked to pull up details on random people by Forbes, Vickery was easily and quickly able to retrieve their names, addresses, birth dates, telephone numbers, and party affiliations, with data appearing to date as early as 2000. Reportedly, no financial information or social security numbers are included in the leaked information.

Vickery has reportedly been unable to pinpoint where the data came from and who might have made it available online. Some attributes of the database led Vickery and researchers with DataBreaches.net to pursue NationBuilder, which has been said to produce similar databases in the past. NationBuilder CEO Jim Gilliam has reportedly stated that IP addresses associated with the database were not associated with the group’s customers, but that it is possible that a customer working on a “non-hosted” system could have produced it.

“From what we’ve seen, the voter information included is already publicly available from each state government so no new or private information was released in this database,” Gilliam was quoted.

A long list of potential suspected political groups have denied responsibility for the voter data leak, including NGP VAN, Political Data, L2 Political, Aristotle, and Catalist.

Vickery and DataBreaches.net were reported to have made reports with the FBI in New York. Forbes reported that the FBI recommended making a report with the Secret Service, which was said to offer no response. DataBreaches.net was said to have made reports with the California Attorney General’s office as well, according to CNET.Information contained in voter records is a matter of public record in many states. South Dakota specifies that voter information may not be placed on the Internet for “unrestricted access” or “commercial purpose.” California has some of the strictest laws protecting voter information in the country, where records are private and may only be accessed “under certain circumstances.”

“I deal with criminals every day who know my name. The thought of some vindictive criminal being able to go to this site and get my address makes me uncomfortable,” an anonymous police officer was quoted. “I’m also annoyed that people can get my voting record. Whether I vote Republican or Democratic should be my private business.”

A Twitter user pointed out that an abusive ex-spouse could use the information to locate a previous partner who does not wish to be found. For that matter, with the information available on the Internet, just about anyone can.

The exposed voter records are said not to include who the voter actually voted for, but that party affiliations are available, which may make determining who an individual likely voted for a simple task. It is noted that the information could be particularly useful during an “issues-oriented campaign.”

Just last week, Chris Vickery exposed that the personal information, including e-mail addresses, user names, and password hints of 3.3 million users registered to the website of SanrioTown.com, home to Hello Kitty, was freely available online, according to CNET. Vickery also recently found a hole allowing the personal information, including usernames and e-mail addresses, of 13 million MacKeeper users to be freely accessed online, as reported by CNET. The MacKeeper software, perhaps ironically, is a suite of security programs aimed at making Mac users safe and secure online.

*** What to be concerned with in 2016: Gartner Report

Biggest Cyber Security Threats To Watch For In 2016; Gartner Forecasts 6.8B Devices Connected To Internet Of Things In 2016

    Harriet Taylor, in a December 28, 2015 article on CNBC’s website is the latest in a series of articles on the evolving cyber threat and what may be the top cyber threats next year.  “Headless worms, machine-to-machine attacks, jailbreaking, ghostware, and two-faced malware,” top the list of key cyber threats to prepare for next year.”   In the coming year,”hackers will launch increasingly sophisticated attacks on everything from critical infrastructure, to medical devices,” said Fortinet Global Security Strategist, Derek Manky.  “We are facing an arms race in terms of security.  Every minute we sleep, we are seeing about a half a million [cyber] attack attempts that are happening in cyber space,” he added.

Here’s How The 2016 Cyber Threat Landscape Looks To Some Experts:

The rise of machine-to-machine attacks:  Research company Gartner predicts there will be 6.8B connected devices in use in 2016; a 30 percent increase over 2015.  By 2020, that number will jump to more than 20B connected devices, the company forecasts.  That would mean an average of two to three Internet-connected devices for every human being on the planet.  The sheer number of connected devices, or ‘Internet of Things (IoT), presents an unprecedented opportunity for hackers.  “We’re facing a massive problem moving forward for growing attack surface,” said Manky.

     “That’s a very large playground for attackers, and consumer and corporate information is swimming in that playground,” he said.  In its 2016 Planning Guide for Security and Risk Management, Gartner said:  “The evolution of cloud and mobile technologies, as well as the emergence [maturation?] of the IoT,’ is elevating the importance of security and risk management foundations.”

     “Smartphones present the biggest risk category going forward,” Manky believes.  “They are particularly attractive to cyber thieves because of the sheer number in use, and multiple vectors of attack, including malicious apps and web browsing;

     “We call this drive-by-attacks — websites that will fingerprint your phone when you connect to them; and, understand what that phone is vulnerable to,” Manky said,.  “Apple devices are still the most secure,” he added.  But, he also cautioned that there is no such thing as a totally safe device connected to the IoT.

Are you nurturing a headless worm?:  “The new year will likely bring entirely new [cyber] worms and viruses able to propagate from device-to-device,” predicts Fortinet.  the new year will see the first “headless worms” — malicious code — targeting “headless devices,’ such as smartwatches, smartphones, and medical hardware;”  “These are nasty bits of code that will float through millions, and millions of computers,” Manky warns.  “The largest we’ve seen to date, is about 15 million infected machines, controlled by one network — with an attack surface of 20B devices.  Certainly that number can spike to 50M, or more.  You can suddenly have a massive outage globally, in terms of all these consumer devices just simply dying and going down [dark];”

Jailbreaking the cloud:  “Expect a proliferation of attacks on the cloud, and cloud infrastructure, including so-called virtual machines, which are software-based computers.  There will be malware specifically built to crack these cloud-based systems  “Growing reliance on virtualization; and both private and hybrid clouds — will make these kind of attacks even more fruitful for cyber criminals,” according to Fortinet.  “At the same time, because apps rely on the cloud, mobile devices running compromised apps will provide a way for hackers to remotely attack public and private clouds and gain access to corporate networks.”

Hackers will use Ghostware to conceal attacks:  “As law enforcement boosts its [cyber] forensic capabilities, hackers will adapt to evade surveillance and detection,  [Stealth] malware designed to penetrate networks, steal information, then cover up its tracks will emerge in 2016.  So-called Ghostware, will make it extremely difficult for companies to track exactly how much data has been compromised, and hinder the ability of law enforcement to prosecute cyber criminals.”  

     “The attacker and the adversaries are getting much more intelligent now,” Manky said.

     “Alongside Ghostware, cyber criminals will continue to employ so-called “blastware,” which destroys and disables a system/s when detected.  “Blastware can be used to take out things like critical infrastructure, and it’s much more of a damaging attack,” he added.

     “Because attackers may circumvent preventative controls, detection and response capabilities are becoming increasingly critical,” advises Gartner in its report.

Two-Faced malware:  “Many corporations now test software in a safe environment called a sandbox, before running it on their networks.”  “A sandbox is designed  to do deeper inspection to catch some of these different ways that they’re trying to change their behaviors,” Manky said.  “It’s a very effective way to look at these new threats as we move forward.”

     “That said,” Ms. Taylor writes, “hackers in turn, are creating malevolent software that seems benign under surveillance; but, morphs into malicious code, once it’s no longer under suspicion.  It’s called……two-faced malware.”

WHAT FORTINET DID NOT ADDRESS
 
     Lots to think about with these 2016 predictions in the cyber realm.  Clearly, there is no such thing as a digital Maginot Line; and, even if there were — we all know how that worked out for France.  Stealth malware, malware that goes dormant when under surveillance; and/or changes like a chameleon, infected clouds, deceptive clouds, combat clouds, hijack clouds — one is to some degree only limited by one’s imagination.  It truly is a digital wilderness of mirrors.
     Fortinet did not address encryption and the Dark Web.  What nasty surprises will the Dark Web have for us in 2016?  Will we be able to develop something akin to a router that cleans out our pipes at home — in the digital world?  How will we ever really know if our systems are ‘clean?’  How are stay-behinds, also known as the gifts that keep on giving — likely to evolve?  What about downloading, or stealing information in an encrypted and clandestine mode?  And, one must not forget the widespread practice of denial, and deception.  How will the field of digital forensic attribution evolve?  Will it get ‘easier’ to pin the tail on the donkey?; or, more complicated and difficult?  What about the purposeful; but, sophisticated corruption of data?
    Fortinet did not address the growing threat of ransomware.  Kaspersky Labs, in  its 2016 forecast, “expects to see the success of Ransomweare to spread to new frontiers.”  “Not only does Kaspersky lab expect Ransomware to gain ground on banking trojans; but, Kaspersky also expects it to transition to other platforms; i.e., cross the rubicon — to not only target Macs; but, also charge ‘Mac prices.  Then, in the longer term, there is the likelihood of the IoT ransomware — begging the question, how much would you be willing to regain acces to your TV programming?  Your fridge?  Your car?,” Kaspersky asks.  
     Kaspersky Labs also “expects the trend of cyber ‘guns-for-hire,’ to continue to evolve and grow.”  Will we see white-hat cyber mercenaries — i.e., a different version of Anonymous — or cyber militias for hire to ‘fight’ against the bad guys?  What about black-hat cyber mercenaries, and the potential emergence of a ‘Dr. No’ in the digital world. 
Will we see the emergence of lethal, offensive cyber weapons — where the objective is to cause loss of of life?  Or, will we see the emergence of a cyber weapon of mass disruption?  A Stuxnet on steroids?  
 
    What about cyber ‘bomb damage assessment?  Can we/have we achieved the ability to conduct elegant, targeted, offensive cyber offensive operations, that do not cause excessive digital collateral damage?
 
     Will 2016 finally see a larger-scale cyber attack here in the U.S. and abroad?  
 
     Will the cyber threat to our stand-alone systems become even more profound?  It has already been demonstrated by researchers at Ben Gurion University in 2014 — that stand-alone systems could be breached using the effluent heat coming off the system.
 
     Will the cyber/digital decision tree on when to respond, how, where, why, with what, come to the fore in the strategic realm?
 
     How will cyber tradecraft evolve and mature?
     Will the Islamic State, al Qaeda, other terrorist groups attempt to launch a major cyber attack on the U.S.?
  

CIA Stopped From Having Clandestine Assets in Iraq?

Posted on by

The CIA is well known for having spies, double agents and in some cases triple agents. They are known for having ‘assets’ in all countries deemed to be adversarial to the West. Some assets were of great success while others betrayed the CIA and the West.

When came to Iraq, there were no assets and no chance of creating any with proven worth. After the Clinton administration, the CIA was operating at a profound handicap and today under Barack Obama, the CIA continues to be handicapped. Reliance on technology is no replacement for human intelligence.

Relying on walk-ins or other allied assistance in the world of espionage is not a viable objective, often it falls to scant military personnel or contractors to fill the gaps.

A senior Central Intelligence Agency official, who led the agency as its acting director before retiring in 2013, has said that not having sources in the Iraqi government’s upper echelons led to the intelligence failure of 2003. Michael Morell retired as deputy director of the CIA, after having served twice as its acting director, in 2011 and from 2012 to 2013. A Georgetown University graduate, Morell joined the agency in 1980 and rose through the ranks to lead the Asia, Pacific and Latin America divisions. In May 2015, Morell published his book, The Great War of Our Time: The CIA’s Fight against Terrorism from al Qa’ida to ISIS, which he has been promoting while working as a consultant in the private sector.

Morell spoke at the Aspen Institute earlier this month, and once again offered a public apology to former United States Secretary of State Colin Powell for the CIA’s erroneous estimates on Iraq. He was referring to the Agency’s claims prior to the 2003 US invasion that Iraq maintained an active weapons-of-mass-destruction (WMD) program. The claims formed the basis of Powell’s February 2003 speech during a meeting of the United Nations Security Council, in which he claimed that the regime of Iraqi President Saddam Hussein had “biological weapons and the capability to rapidly produce […] many more.” There was no question, said Morell, that Powell’s reputation “was tarnished” as a result of the speech, and that a public apology was in order. The same apology, said Morell, applied “to every single American.”

The retired intelligence official went on to say that the main cause of the CIA’s erroneous assessment of Iraq’s WMD program was that the Agency had failed to penetrate the highest echelons of the Hussein regime. “We were not able to come up with the right answer [because] we didn’t do our fundamental job of penetrating [Hussein’s] inner circles with a human asset,” said Morell. As a result, there was “no information to give to the [CIA] analyst to say ‘here’s what this guy is up to’,” he added. The author of The Great War of Our Time, went on to suggest that the CIA’s failure to penetrate the inner circle of the Iraqi government prior to 2003 was “quite frankly a national security failure.”

There is a feeble clandestine operation in Syria, with few results. We then must question the espionage efforts in Afghanistan with the Taliban, Daesh and al Qaida. The Taliban and the West once again have a common enemy in country in Islamic State. So are we forced to support the Taliban where they beheaded a handful of Islamic State fighters?

Who is the United States relying on when it comes to Iran? It is reported that Iran has shipped uranium out of country to Russia, but what uranium exactly? The next fight between the White House and Congress on Iran comes in January when Obama returns from his holiday vacation in Hawaii.

Obama removed spies from China in 2010, but why? The United States maintained a clandestine operation in Russia until under Barack Obama we didn’t and a few years ago swapped assets.

The question now, is what is the condition of the CIA’s espionage efforts across the globe today? How many countries need U.S. supported human intelligence and covert operations? The list is long.

Softest Target, Powergrid: Hacked Often

Posted on by

Report: U.S. electrical grid hacked repeatedly over past decade

WashingtonExaminer: State-backed hackers have probed and gained control of networks in parts of the electrical grid at least a dozen times over the last decade, according to officials.

“The grid is a tough target, but a lucrative target,” Keith Alexander, a former director of the National Security Agency, told the Associated Press. “The number of sophisticated attacks is growing. There is a constant, steady upbeat.”

Intrusions have come from China, Russia and Iran. Rather than trying to inflict immediate damage, officials say, the perpetrators have been trying to probe for vulnerabilities and stow away in critical systems.

“If the geopolitical situation changes and Iran wants to target these facilities, if they have this kind of information it will make it a lot easier,” Robert Lee, a former U.S. Air Force cyberwarfare operations officer, told the AP. “It will also help them stay quiet and stealthy inside.”

One specific incident cited by the AP involved Calpine Corp., a power producer with 100 power plants operating in 18 states and Canada. Experts say that information stolen from one of Calpine’s contractors was used to gain access to the company’s systems in 2013, and added that to the best of their knowledge, the perpetrator may still have access to Calpine’s systems today.

Citing another incident, the Wall Street Journal reported on Sunday that Iranian hackers gained control over the operating system of a small dam less than 20 miles from New York City. Officials from the FBI looked into the incident at the Bowman Avenue Dam in Rye, New York, in 2013.

The Department of Homeland Security would not confirm that event, but said in a statement that it was continuing “to coordinate national efforts to strengthen the security and resilience of critical infrastructure” and “working to raise awareness about evolving threats and promote measures to reduce risks.”

Part of the problem is that the technology powering critical infrastructure is often decades old.

“Some of the control systems boot off of floppy disks,” said Patrick Miller, who formerly performed hydroelectric dam cybersecurity for the U.S. Bureau of Reclamation and Army Corps of Engineers. “Some dams have modeling systems that run on something that looks like a washing machine hooked up to tape spools. It looks like the early NASA stuff that went to the moon.”

Intelligence officials have consistently cited the nation’s critical infrastructure as its most significant modern vulnerability in cyberspace. “My No. 1 threat that I see here is the threat to our critical infrastructure,” National Counterintelligence Executive William Evanina told the Washington Examiner in November.

Adm. Mike Rogers, the director of the National Security Agency and head of U.S. Cyber Command, has expressed the same sentiment.

“It is only a matter of ‘when’ that someone uses cyber as a tool to do damage to the critical infrastructure of our nation,” Rogers said in October. “I’m watching nation-states, groups within some of that infrastructure.

“At the moment, it seems to be really focused on reconnaissance and attempting to understand the characteristics of the structure, but it’s only a matter of time I believe until someone actually does something destructive,” Rogers added.

***

How it was found?

SAN JOSE, California (AP) — Security researcher Brian Wallace was on the trail of hackers who had snatched a California university’s housing files when he stumbled into a larger nightmare: Cyberattackers had opened a pathway into the networks running the United States’ power grid.

 

Digital clues pointed to Iranian hackers. And Wallace found that they had already taken passwords, as well as engineering drawings of dozens of power plants, at least one with the title “Mission Critical.” The drawings were so detailed that experts say skilled attackers could have used them, along with other tools and malicious code, to knock out electricity flowing to millions of homes.

Wallace was astonished. But this breach, The Associated Press has found, was not unique.

About a dozen times in the last decade, sophisticated foreign hackers have gained enough remote access to control the operations networks that keep the lights on, according to top experts who spoke only on condition of anonymity due to the sensitive nature of the subject matter.

The public almost never learns the details about these types of attacks — they’re rarer but also more intricate and potentially dangerous than data theft. Information about the government’s response to these hacks is often protected and sometimes classified; many are never even reported to the government.

These intrusions have not caused the kind of cascading blackouts that are feared by the intelligence community. But so many attackers have stowed away in the largely investor-owned systems that run the U.S. electric grid that experts say they likely have the capability to strike at will.

And that’s what worries Wallace and other cybersecurity experts most.

“If the geopolitical situation changes and Iran wants to target these facilities, if they have this kind of information it will make it a lot easier,” said Robert M. Lee, a former U.S. Air Force cyberwarfare operations officer.

In 2012 and 2013, in well-publicized attacks, Russian hackers successfully sent and received encrypted commands to U.S. public utilities and power generators; some private firms concluded this was an effort to position interlopers to act in the event of a political crisis. And the Department of Homeland Security announced about a year ago that a separate hacking campaign, believed by some private firms to have Russian origins, had injected software with malware that allowed the attackers to spy on U.S. energy companies.

“You want to be stealth,” said Lillian Ablon, a cybersecurity expert at the RAND Corporation. “That’s the ultimate power, because when you need to do something you are already in place.”

The hackers have gained access to an aging, outdated power system. Many of the substations and equipment that move power across the U.S. are decrepit and were never built with network security in mind; hooking them up to the Internet over the last decade has given hackers new backdoors in. Distant wind farms, home solar panels, smart meters and other networked devices must be remotely monitored and controlled, which opens up the broader system to fresh points of attack.

View gallery

This image obtained by The Associated Press in September …

This image obtained by The Associated Press in September 2015 shows a portion of a computer networki …

Hundreds of contractors sell software and equipment to energy companies, and attackers have successfully used those outside companies as a way to get inside networks tied to the grid.

Attributing attacks is notoriously tricky. Neither U.S. officials nor cybersecurity experts would or could say if the Islamic Republic of Iran was involved in the attack Wallace discovered involving Calpine Corp., a power producer with 82 plants operating in 18 states and Canada.

Private firms have alleged other recent hacks of networks and machinery tied to the U.S. power grid were carried out by teams from within Russia and China, some with governmental support.

Even the Islamic State group is trying to hack American power companies, a top Homeland Security official told industry executives in October.

The attack involving Calpine is particularly disturbing because the cyberspies grabbed so much, according to previously unreported documents and interviews.

Cybersecurity experts say the breach began at least as far back as August 2013.

Calpine spokesman Brett Kerr said the company’s information was stolen from a contractor that does business with Calpine. He said the stolen diagrams and passwords were old — some diagrams dated to 2002 — and presented no threat, though some outside experts disagree.

Kerr would not say whether the configuration of the power plants’ operations networks — also valuable information — remained the same as when the intrusion occurred, or whether it was possible the attackers still had a foothold.

The hackers stole user names and passwords that could be used to connect remotely to Calpine’s networks, which were being maintained by a data security company. Even if some of the information was outdated, experts say skilled hackers could have found a way to update the passwords and slip past firewalls to get into the operations network. Eventually, they say, the intruders could have shut down generating stations, fouled communications networks and possibly caused a blackout near the plants.

They also took detailed engineering drawings of networks and power stations from New York to California — 71 in all — showing the precise location of devices that communicate with gas turbines, boilers and other crucial equipment attackers would need to hack specific plants.

Cylance researchers said the intruders stored their stolen goods on seven unencrypted FTP servers requiring no authentication to access details about Calpine’s plants. Jumbled in the folders was code that could be used to spread malware to other companies without being traced back to the attackers’ computers, as well as handcrafted software designed to mask that the Internet Protocol addresses they were using were in Iran.

Calpine didn’t know its information had been compromised until it was informed by Cylance, Kerr said.

Iranian U.N. Mission spokesman Hamid Babaei did not return calls or address questions emailed by AP.

Cylance notified the FBI, which warned the U.S. energy sector in an unclassified bulletin last December that a group using Iran-based IP addresses had targeted the industry.

Homeland Security spokesman SY Lee said that his agency is coordinating efforts to strengthen grid cybersecurity nationwide and to raise awareness about evolving threats to the electric sector through industry trainings and risk assessments. As Deputy Secretary Alejandro Mayorkas acknowledged in an interview, however, “we are not where we need to be” on cybersecurity.

That’s partly because the grid is largely privately owned and has entire sections that fall outside federal regulation, which experts argue leaves the sector poorly defended against a growing universe of hackers seeking to access its networks.

As Deputy Energy Secretary Elizabeth Sherwood Randall said in a speech earlier this year, “If we don’t protect the energy sector, we are putting every other sector of the economy in peril.”

 

Iran Swapping Nuclear Material with Russia

Posted on by

Sheesh, what could go wrong and what uranium and why to Russia?

In part from FreeBeacon: Russia and Iran are beginning to trade sensitive nuclear materials, an activity that is at least in part condoned by the Obama administration and permissible under the tenets of the recent nuclear accord, according to U.S. and Iranian officials.

Russian-made yellow cake, a type of uranium powder that helps turn it into a nuclear fuel, “is in Iran and Iran’s enriched uranium cargo will be sent to Russia” within the next several days, according to top Iranian officials quoted this week in the country’s state-run press.

Senior U.S. officials confirmed on Thursday that the Obama administration backs the opening of commercial nuclear trade between Moscow and Tehran.

“Commercial contracts are in place for Iran to ship its enriched uranium stockpiles to Russia,” Stephen Mull, a State Department official who is leading the administration’s charge to implement the nuclear deal, told lawmakers. More details here.

This condition is quite familiar especially with regard to Iran.

Bishkek (AKIpress)nuke plant Russia and Kazakhstan are preparing an intergovernmental agreement on construction of a nuclear power plant, Presidential aide Yuri Ushakov told TASS on Friday.

“An intergovernmental cooperation agreement is being prepared for construction of a Russia-designed nuclear power plant within the territory of Kazakhstan,” he said, adding that the issue may be touched upon on December 21 at the meeting of presidents of Russia and Kazakhstan “on the sidelines” of the CSTO (Collective Security Treaty Organization) and the SEEC (Supreme Eurasian Economic Council) summit.

“The leaders of the two countries are expected to dwell upon the problem of boosting trade and economic cooperation,” Ushakov said.

Then there is India:

BusinessInsider: India is expected to offer Russia land in Andhra Pradesh to set up units five and six of Kudankulam nuclear power plant. This is in line with the ‘Make in India‘ initiative. The decision would be finalised during Prime Minister Narendra Modi‘s visit to Moscow this week.

“We will follow principles of ‘localisation’ as per Make in India initiative for setting up Kudankulam nuclear power plant five and six,” sources told PTI.

Russia is working a deal in Jordan but back to Iran:

Back in 2013-14: WASHINGTON — Russia has agreed to build Iran two additional nuclear power plants, Iran’s state-run Press TV announced on Wednesday.

Russia will construct the new facilities next to Iran’s sole existing nuclear power plant in the city of Bushehr.

That plant was also built with Russian assistance, and was fueled for operation in 2011. The reactor was put under full Iranian control in 2013.

The deal includes two desalination plants and is reportedly in exchange for oil; Russia built first and only reactor at Bushehr.

Iran To Ship Enriched Uranium To Russia

 RFEL: Iranian nuclear officials say Tehran will export most of its enriched uranium stockpile to Russia in the coming days as it implements a nuclear deal to secure relief from international sanctions.

The Iranian news agency IRNA quotes nuclear chief Ali Akbar Salehi as saying on December 19 that “around nine tons of Iran’s enriched uranium will be exported to Russia.”

That is roughly the amount that Iran must export to bring its stockpile down to the required level under the sanctions-relief deal.

Salehi did not give a precise timetable for what he meant by “in the coming days.”

Under the terms of the deal it reached in July with world powers, Iran must reduce its stockpile of enriched uranium to around 300 kilograms. It must also deactivate and store most of its centrifuges, and remove the core of a heavy water reactor in Arak so it cannot be used to produce plutonium.

On December 16, Tehran said it was working to complete the requirements in the next two to three weeks, after the International Atomic Energy Agency (IAEA) closed its investigation of Iran’s past nuclear activities.

The 35-nation governing board of the IAEA passed a resolution on December 15 ending the UN nuclear watchdog agency’s 12-year-long inquiry into suspicions of “possible military dimensions” to Iran’s nuclear work.

IAEA chief Yukiya Amano said afterward that Tehran has taken the necessary steps to cooperate with the agency and that it was “not impossible” that sanctions could be lifted in January.

Iran has shown a strong apparent desire in recent weeks to build on the momentum of the nuclear deal and restore international economic links after years of sanctions.

Iranian Industry Minister Mohammad Reza Nematzadeh said on December 17 that Tehran is prepared to begin negotiations for membership in the World Trade Organization (WTO).

Iran first applied for WTO membership in July 1996, but progress had been minimal since then due to tensions over the Iranian nuclear crisis.