Category Archives: NSA Spying

The Terror of Hackers

Posted on by

U.S. arrests three men over hacking scheme targeting 60 million people

Cybersecurity researcher Billy Rios points to a computer line reading ''Gods Password,'' a password he was able to uncover by analyzing the software in a Pyxis medical supply dispenser that he says he purchased on Ebay for a few hundred dollars, in Redwood City, California October 10, 2014. REUTERS/Robert Galbraith

Reuters: Three men were arrested on Monday for engaging in a wide-ranging hacking and spamming scheme that targeted personal information of 60 million people including Comcast customers, U.S. prosecutors announced Tuesday.

Timothy Livingston, 30, Tomasz Chmielarz, 32, and Devin McArthur, 27, were named in an indictment filed in federal court in Newark, New Jersey that charged them with conspiracy to commit fraud and related activity among other offenses.

Prosecutors said Livingston, a Boca Raton, Florida, resident, was the leader of a series of computer hacking and illegal spamming schemes that targeted multiple companies and generated illegal profits exceeding $2 million.

The three men were arrested at their respective residences on Tuesday morning, a spokesman for U.S. Attorney Paul Fishman in New Jersey said.

Michael Koribanics, Chmielarz’s lawyer, said his client would plead not guilty at a court hearing on Tuesday. A lawyer for Livingston did not immediately respond to a request for comment, and an attorney for McArthur could not be identified.

Prosecutors said Livingston, who owned a spam company called “A Whole Lot of Nothing LLC,” hired Chmielarz of Rutherford, New Jersey to author hacking tools and other programs that facilitated the hacking and spamming schemes.

Among the companies they targeted was a Pennsylvania-based telecommunications company that employed McArthur, a resident of Ellicott City, Maryland, who installed hacking tools in company networks to gain access to records for 50 million people, prosecutors said.

The company was not identified by name in court papers. But McArthur’s LinkedIn page says he worked at Comcast Corp during the period in question. A Comcast spokeswoman had no immediate comment.

Livingston and Chmielarz also compromised tens of thousands of peoples’ email accounts, including customers of a New York telecommunications company, which they then used to send spam, the indictment said.

Other companies targeted in the schemes included a New York-based technology and consulting company whose website was compromised and a Texas-based credit monitoring firm that was hacked, the indictment said.

In the case of the unnamed credit monitoring firm, the indictment said Livingston paid Chmielarz to write a program to steal a database containing 10 million records.

When law enforcement seized Livingston’s computer in July, they discovered a database with 7 million of that company’s records, the indictment said.

New OPM Cyber Chief Is Bracing for an ISIS Hack

The new cybersecurity adviser hired by the Office of Personnel Management after a Chinese-originated hack says he expects ISIS may ultimately pierce the agency’s systems, too.

The historic data breach exposed the professional and private lives of 21.5 million individuals applying for clearances to handle classified information, plus their families. That kind of information, drawn from background investigations, would be perfect for blackmail attempts.

But Clifton Triplett—named OPM’s first-ever senior cyber and information technology adviser last month—says forthcoming access controls will blunt the severity of any future hack.

I think what I have to do is … assume that, at some point in time, they may be successful,” Triplett said when asked about the ISIS cyber threat during a webcast hosted by Bloomberg Government on Monday.

Going forward, OPM will “make it more of a need-to-know kind of access control,” he said, “so if we do have a compromise, it is far more contained than, for example, our last incident.”

The agency, he explained, will institute the equivalent of tear lines on network data to grant as little information as possible to authorized personnel.

Right now, I think, in some of our situations, the access control is broader than perhaps needs to be,” Triplett said, because OPM computer programs were developed before data security became a governmentwide priority.

So far, ISIS sympathizers have been hacking more for show, than for spying.

In early 2015, the self-described Cyber Caliphate group reportedly took control of the social network accounts of U.S. Central Command.

Then, global television network TV5Monde was disabled for hours in April, when the hacktivists apparently replaced the company’s channels, websites and social media accounts with pro-ISIS messaging.

ISIS’ online propaganda often directs followers to kill U.S. and allied troops and supplies the necessary contact information. But much of the data released has turned out to have already been in the public domain.

Still, America viewed at least one ISIS hacker as enough of a threat to kill him in a targeted attack.

The Justice Department claims Ardit Ferizi breached a server to retrieve identifying details on about 1,350 military and other government personnel. He then allegedly passed the data on to Islamic State member and Cyber Caliphate ringleader Junaid Hussain, a British citizen. Hussain is accused of beckoning adherents to target U.S. personnel, posting links on Twitter to their names, email addresses, passwords, locations and phone numbers. Hussain was reportedly killed in a U.S. drone strike this summer.

But what really frightens Triplett is that OPM’s records sit beside smart toasters and air conditioners in the Internet of Things, he said.

We’re too interconnected. Not enough air gaps in our systems” that physically decouple networks from the Internet, he said. “We are trying to automate and connect one more thing to one more thing.”

Today, background check records are one of those things.

Eventually, Triplett said he fears, “I’ll have a reasonably minor event that will turn into a catastrophic event, and I won’t be able to find out where the root cause was because of the ripple potential.”

Currently, “there’s no way” to cut off the systems from the Internet, OPM’s IT security officer, Jeff Wagner, told Nextgov in October.

Wagner said, “even clearance data” must be online, because the only other option is to exchange paper folders with agency partners like the Social Security Administration.

Adversaries, however, would have to circumvent multiple identity checks and firewalled systems to peer at the personnel records, Wagner said.

 

 

DHS Secret Databases Not Secure, Violations

Posted on by

In part from the report: Recognizing the importance of information security to the economic and national security interests of the United States, the Congress enacted Title III of the E-Government Act of 2002 (Public Law 107-347, Sections 301-305) to improve security within the Federal Government. Information security means protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction. Title III of the E-Government Act, as amended, entitled Federal Information Security Management Act of 2002, provides a comprehensive framework to ensure the effectiveness of security controls over information resources that support Federal operations and assets.

Components are not consistently following DHS’ policies and procedures to update the system inventory and plan of action and milestones in the Department’s enterprise management systems. Further, Components continue to operate systems without the proper authority. We also identified a significant deficiency in the Department’s information security program as the United States Secret Service (USSS) did not provide the Chief Information Security Officer (CISO) with the continuous monitoring data required by the Office of Management and Budget (OMB) during Fiscal Year (FY) 2014. Without this information, CISO was significantly restricted from performing continuous monitoring on the Department’s information systems, managing DHS’ information security program, or ensuring compliance with the President’s cybersecurity priorities. Subsequent to the completion of our fieldwork, USSS established an agreement with the DHS Chief Information Officer (CIO) to provide the required data beginning in FY 2015.

Evaluation of DHS Information Security Program for Fiscal Year 2015 revealed the existence of dozens of top-secret unpatched databases.
SecurityAffairs: The story I’m about to tell you is staggering, the US Department of Homeland Security is running dozens of unpatched and vulnerable databases, a number of them contained information rated as “secret” and even “top secret.”
The discovery emerged from the “Evaluation of DHS’ Information Security Program for Fiscal Year 2015” conducted on the department’s IT infrastructure by the US Government.
The audit of the DHS Information Security found serious security issues in the Government systems, including 136 systems that had expired “authorities to operate,” a circumstance that implies the stop of maintenance activities. The principal problem discovered by the inspectors is that a number of systems, despite are still operative and under maintenance have no up-to-date security patches, leaving them open to cyber attacks.


Of the 136 systems, 17 were containing information classified as “secret” or “top secret.”
Giving a deep look at the report on the DHS Information Security Program, it is possible to note that the Coast Guard runs 26 vulnerable databases, followed by FEMA with 25, Customs and Border Protection with 14, and the DHS’ headquarters with 11.

Although Secret Services have only two vulnerable databases, they have failed other targets.
It implemented proper security checks just for 75 percent of its secret or top secret databases, and just 58 per cent of its non-secret databases. The DHS targets are 100 per cent and 75 per cent respectively. The experts discovered several security issues affecting the majority of assessed systems, including PCs, databases and also browsers.
The assessments conducted to evaluate the DHS Information Security Program, revealed several deficiencies in the systems analyzed, for example, Windows 8.1 and Windows 7 workstations which were missing security patches for the principal software.
“We found additional vulnerabilities regarding Adobe Acrobat, Adobe Reader, and Oracle Java software on the Windows 7 workstations,” the department’s inspector general noted in a 66-page report. “If exploited, these vulnerabilities could allow unauthorized access to DHS data.”
The inspectors have found many other security issues in the DHS Information Security Program, including weak passwords, websites susceptible to cross-site and/or cross-frame vulnerabilities and poor security settings.
The Government environments suffer bureaucratic obstacles in bug fixing and patch management, it could take more than a year to fix a leak from the moment it is reported.


The results of the evaluation confirm that improvements have been made but there are a lot of serious issues that have to be urgently addressed.
“While improvements have been made, the Department must ensure compliance with information security requirements in other areas. For example, DHS does not include its classified system information as part of its monthly information security scorecard or its FISMA submission to OMB. In addition, USCG is not reporting its PIV data to the Department, which is a contradiction to the Under Secretary for Management’s guidance that requires Components to submit this information to the Department.5 In addition, we identified deficiencies with DHS’ enterprise management systems, including inaccurate or incomplete data.”
The report also provides a set of recommendations to solve the security issued emerged after the assessment.
The DHS has 90 days to fix the issues, two of which have been already solved.
Pierluigi Paganini

IAEA Just Gave up on Iran Nuclear Verification

Posted on by

Oh my, Barack Obama lied…..not only in verbal form but in written form. Now other world leaders, Saudi Arabia, United Kingdom, France, Israel and more will indeed have some forceful response to Barack Obama.

Then there is the issue of releasing the billions in frozen funds back to Iran and the further lifting of sanctions. But the biggest questions are still not answered: Exactly where is Iran with their nuclear weapons program, does it continue unimpeded and what with other threatened countries do now?

 this deal provides the best possible defense against Iran’s ability to pursue a nuclear weapon covertly — that is, in secret.  International inspectors will have unprecedented access not only to Iranian nuclear facilities, but to the entire supply chain that supports Iran’s nuclear program — from uranium mills that provide the raw materials, to the centrifuge production and storage facilities that support the program.  If Iran cheats, the world will know it.  If we see something suspicious, we will inspect it.  Iran’s past efforts to weaponize its program will be addressed.  With this deal, Iran will face more inspections than any other country in the world. (the full Barack Obama statement here as posted on the White House website)

President Obama sold his nuclear deal with Iran with promises that the accord would be based on “unprecedented verification,” and this week we were reminded of how much that promise was worth. Witness the latest report on Iran’s nuclear program from the International Atomic Energy Agency.

The IAEA is the U.N. outfit that is supposed to monitor Iran’s compliance with the agreement, which requires Tehran to answer the agency’s questions on its past nuclear work in order to obtain sanctions relief. On Wednesday the agency produced its “final assessment”—the finality here having mostly to do with the U.N. nuclear watchdog giving up hope of ever getting straight answers.

Hence we learn that “Iran did not provide any clarification” regarding experiments the agency believes it conducted on testing components of nuclear components at its military facility at Parchin. “The information available to the Agency, including the results of the sampling analysis and the satellite imagery, does not support Iran’s statements on the purpose of the building,” says the report. “The Agency assesses that the extensive activities undertaken by Iran since February 2012 at the particular location of interest to the Agency seriously undermined the Agency’s ability to conduct effective verification.”

This seems to be A-OK with the Obama Administration, which made clear it’s prepared to accept any amount of Iranian stonewalling in order to move ahead with sanctions relief. “We had not expected a full confession, nor did we need one,” an unnamed senior Administration official told the Journal. One wonders why they even bothered with the charade.

Still, the report is illuminating on several points, above all its conclusion that Tehran continued to work on nuclear weapons research until 2009. That further discredits the 2007 National Intelligence Estimate, which claimed Iran’s weapons program had ceased in 2003, and which effectively ended any chance that the Bush Administration would use military force against Iran’s nuclear sites.

It should also inspire some humility about the quality of Western intelligence regarding closed and hostile regimes such as Iran’s. A 2014 report from the Pentagon’s Defense Science Board noted that at “levels associated with small or nascent [nuclear] programs, key observables are easily masked.” Yet the Administration keeps insisting that Iran’s nondisclosures don’t matter because the U.S. has “perfect knowledge” of what the mullahs are up to, as John Kerry claimed last summer.

The larger point is that the nuclear deal has already become a case of Iran pretending not to cheat while the West pretends not to notice. That may succeed in bringing the agreement into force, but it offers no confidence that Iran won’t eventually build its weapon.

ISIS in America, Retweets to Raqqa

Posted on by

ISIS in America    Read the full study here.

IT IS APPARENT that the U.S. is home to a small but active cadre of individuals infatuated with ISIS’s ideology, some of whom have decided to mobilize in its furtherance.

This section attempts to provide an overview of this demographic by drawing on research that attempted to reconstruct the lives—both real and virtual—of U.S.-based ISIS supporters. The research effort was based on legal documents, media reports, social media monitoring, and interviews with a variety of individuals, though there were at times limitations to both the amount and reliability of publicly available information.

 

The 71 individuals charged for ISIS-related activities (as of November 12, 2015)

 

ƒ.WHILE NOT AS LARGE as in many other Western countries, ISIS-related mobilization in the United States has been unprecedented. As of the fall of 2015, U.S. authorities speak of some 250 Americans who have traveled or attempted to travel to Syria/Iraq to join the Islamic State in Iraq and Syria (ISIS) and 900 active investigations against ISIS sympathizers in all 50 states.

ƒ. Seventy-one individuals have been charged with ISIS-related activities since March 2014. Fifty-six have been arrested in 2015 alone, a record number of terrorism-related arrests for any year since 9/11. Of those charged:

. The average age is 26.

. 86% are male.

. Their activities were located in 21 states.

. 51% traveled or attempted to travel abroad.

. 27% were involved in plots to carry out attacks on U.S. soil.

. 55% were arrested in an operation involving an informant and/or an undercover agent.

ƒ. A small number of Americans have been killed in ISIS-related activities: three inside the U.S., at least a dozen abroad.

ƒ. The profiles of individuals involved in ISIS-related activities in the U.S. differ widely in race, age, social class, education, and family background. Their motivations are equally diverse and defy easy analysis.

ƒ. Social media plays a crucial role in the radicalization and, at times, mobilization of U.S.-based ISIS sympathizers.

The Program on Extremism has identified some 300 American and/or U.S.-based ISIS sympathizers active on social media, spreading propaganda, and interacting with like-minded individuals. Some members of this online echo chamber eventually make the leap from keyboard warriors to actual militancy.

ƒ. American ISIS sympathizers are particularly active on Twitter, where they spasmodically create accounts that often get suspended in a never-ending cat-and-mouse game. Some accounts (the “nodes”) are the generators of primary content, some (the “amplifiers”) just retweet material, others (the “shout-outs”) promote newly created accounts of suspended users.

ƒ. ISIS-related radicalization is by no means limited to social media. While instances of purely web-driven, individual radicalization are numerous, in several cases U.S.-based individuals initially cultivated and later strengthened their interest in ISIS’s narrative through face-to-face relationships. In most cases online and offline dynamics complement one another.

ƒ. The spectrum of U.S.-based sympathizers’ actual involvement with ISIS varies significantly, ranging from those who are merely inspired by its message to those few who reached mid-level leadership positions within the group.

 

Russian Threats Mount, Include Propaganda Machine

Posted on by

‘Nothing is real, anything is possible’: Inside Putin’s propaganda machine

 

State Official: Russian Nuclear-Armed Drone Sub Threatens US

Moscow questioned on secret drone program

FreeBeacon: Russia’s development of a nuclear-armed drone submarine capable of inflicting widespread damage on U.S. coasts poses a serious threat, a senior State Department official testified on Tuesday.

Rose Gottemoeller, undersecretary of state for arms control and international security, told a House hearing that she has raised the issue with the Russians.

“I know we are concerned about it; of course we are concerned about it as threat to the United States,” Gottemoeller said under questioning from Rep. Mike Turner.

The undersecretary, who is the key policymaker for arms control issues, said the system would be a greater threat if “widely put into operation.”

The comment prompted Turner to reply: “One would probably be sufficiently troubling.”

“I think it is a troubling system, sir,” Gottemoeller said. Much more here.

***

Putin’s False Narrative

ISW: President Vladimir Putin is actively misinforming his domestic audience and the international community about Russia’s first military intervention outside the former Soviet Union since Afghanistan. Putin has created a false narrative about the Islamic State of Iraq and al-Sham (ISIS) to disguise the true objectives behind Russia’s intervention Syria and is using this narrative to manipulate the international community. Putin encapsulated this false narrative in his UN speech calling for an alternate international coalition against ISIS on September 28, two days before the start of Russia’s air campaign in Syria.  Russia intervened in Syria on September 30 not to defeat ISIS, but rather to curb U.S. influence in the Middle East and to project Russian military power into the region to a historically unprecedented degree.
Russia’s air campaign is focused on targeting Syrian armed opposition groups fighting against Syrian President Bashar al-Assad rather than ISIS. Russia has grounded the rhetoric surrounding its military intervention in Syria in the immediate domestic terror threat posed by ISIS. ISIS includes an estimated 7,000 foreign fighters from the former Soviet Union and declared its own governorate in Russia’s restive North Caucasus region. Moscow does view ISIS as a legitimate security concern, but the dissonance between Russia’s claimed objectives and its actual behavior reveals that Russia uses anti-ISIS rhetoric as a pretext to pursue its larger strategic objectives. Russia seeks to preserve the Syrian regime and diminish the influence wielded by the U.S. and its regional allies, which support the Syrian opposition. Regime preservation in Damascus is a core Russian objective that enables Russia to cement its foothold in the Middle East and the eastern Mediterranean Sea while simultaneously expanding its influence through partnerships with Iran and the Iranian network of regional proxies. Putin is leveraging disinformation in order to obfuscate his true objectives in Syria and thereby manipulate the U.S. and regional actors into inadvertently helping Russia achieve its goals.