Category Archives: NSA Spying

Russian Cyber Attacks on America

Posted on by

Russian cybersecurity intelligence targets critical U.S. infrastructure

By Bill Gertz

U.S. intelligence agencies recently identified a Russian cybersecurity firm, which has expertise in testing the network vulnerabilities of the electrical grid, financial markets and other critical infrastructure, as having close ties to Moscow’s Federal Security Service, the civilian intelligence service.

The relationship between the company and the FSB, as the spy agency is known, has heightened fears among U.S. cyberintelligence officials that Moscow is stepping up covert efforts to infiltrate computer networks that control critical U.S. infrastructure such as oil and gas pipelines and transportation.

The effort appears to be part of FSB and Russian military cyberwarfare reconnaissance targeting, something the Pentagon calls preparation of the battlefield for future cyberattacks. The Russian company is taking steps to open a U.S. branch office as part of the intelligence-gathering, said officials familiar with reports of the effort who spoke on background.

Officials familiar with reports about the company did not identify it by name. However, security officials are quietly alerting government security officials and industry cybersecurity chiefs about the Russian firm and its covert plans for operations in the United States.

The Russian firm is said to have extensive technical experience in security vulnerabilities of supervisory control and data acquisition systems that are used to remotely control critical infrastructure.

These systems are employed by both government and private-sector system controllers for equipment running water treatment and distribution, wastewater collection and treatment, oil and gas pipelines, electrical power grids, wind farms and large communication systems.
In September, Director of National Intelligence James R. Clapper told Congress that Russian hackers have penetrated U.S. industrial control networks operating critical infrastructure. The objective of the hackers is to develop the capability to remotely access the control systems that “might be quickly exploited for disruption if an adversary’s intent became hostile,” Mr. Clapper said.

“Unknown Russian actors successfully compromised the product-supply chains of at least three [industrial control system] vendors so that customers downloaded malicious software designed to facilitate exploitation directly from the vendors’ websites along with legitimate software updates,” Mr. Clapper stated in Sept. 10 testimony to the House Permanent Select Committee on Intelligence.

Russian hackers also were linked to cyberpenetrations of U.S. industrial control networks used for water and energy systems in 2014.

The Russian connection was identified through the use of malware called BlackEnergy that has been linked to Russian government cyberoperations dubbed Sandworm by security researchers.

Mr. Clapper also testified that the Russian Defense Ministry has created a military cybercommand for offensive attacks. Additionally, the Russian military is setting up a specialized branch for computer network attacks.
RUSSIAN GENERAL ISSUES THREAT

Gen. Valery Gerasimov, chief of the General Staff of the Armed Forces of Russia, told foreign military attaches in Moscow on Monday that increased military activities by NATO and the development of global missile defenses were “creating a threat of new conflicts and escalation of existent conflicts,” the official Interfax news agency reported.

“The NATO military policy unfriendly towards Russia is a source of concern,” Gen. Gerasimov said. “The alliance continues to expand its military presence and is stepping up the activity of the bloc’s armed forces along the perimeter of borders of the Russian Federation.”

Because of the deployment of a global missile defense network and the development of new means of armed struggle, including hypersonic weapons, “the problem of upsetting the existent strategic balance of force has been growing,” said the general, referring to high-speed strike weapons.
The Pentagon is developing a conventional rapid-attack capability called “prompt global strike,” which can target any spot on Earth in 30 minutes.

Russia has stepped up nuclear threats against the United States and NATO in response to deployment of missile defenses in Europe.

In recent months, Russian President Vladimir Putin has issued an unprecedented number of threats to use nuclear weapons, most notably after the Russian military annexation of Ukraine’s Crimea last year. On Dec. 11, Mr. Putin said he hoped nuclear weapons would not be needed during operations in Syria.

“Particular attention must be paid to the consolidation of the combat potential of the strategic nuclear forces and the execution of space-based defense programs,” Mr. Putin was quoted as saying at the meeting with his defense chiefs. “We need, as our plans specify, to equip all components of the nuclear triad with new arms.”

Lt. Gen. Ben Hodges, commander of U.S. Army forces in Europe, told reporters last week that Russian nuclear threats are troubling in the current security environment.

“The way that senior Russian officials have talked about Denmark as a nuclear target, Sweden as a nuclear target, Romania as a nuclear target, sort of an irresponsible use of the nuclear word, if you will, you can understand why our allies on the eastern flank of NATO — particularly in the Baltic region — are nervous, are uneasy,” Gen. Hodges said.

Additionally, the Russian military has conducted “large snap exercises without announcement,” which also has increased fears of a Moscow threat, he said.

***

Since the FSB (KGB) company is un-named could it be: (RecordedFuture)

What is SORM?

Russia’s SORM (Система Оперативно-Розыскных Мероприятий, literally “System for Operative Investigative Activities”) is a lawful intercept system operated by the Federal Security Service (or FSB – the Russian successor to the KGB).

Russia SORM Timeline

SORM came to light recently during the Sochi Olympic Games where reports claimed that “all communications” were monitored. SORM differs from the US lawful intercept system, as once the FSB receives approval for access to a target’s communications they are able to unilaterally tap into the system without provider awareness.

Further, SORM is also lawfully used to target opposition parties within Russia. According to the World Policy Institute, on November 12, 2012, Russia’s Supreme Court upheld the right of authorities to eavesdrop on the opposition.

  • SORM-1 intercepts telephone traffic (including both landline (analog) and mobile networks).
  • SORM-2 targets internet traffic (including VoIP calls).
  • SORM-3 has the ability to target all forms of communication providing long-term storage of all information and data on subscribers, including actual recordings and locations.

Former Soviet States (Kazakhstan, Belarus, Uzbekistan and Ukraine) have installed SORM-standard equipment. According to research by Wired Magazine, Ukraine’s SORM is more advanced as the SBU (Ukraine’s Security Service) has the ability to interrupt a target’s communications.

In April 2011, Iskratel – which provides Ukraine’s sole telephone company Ukrtelekom with broadband equipment – announced its SORM device was tested successfully under the new requirements and had been approved by the SBU.

Analyzing SORM manufacturers within Recorded Future identified equipment suppliers including Juniper Networks (US), Cisco Systems (US), Huawei (China) and Alcatel-Lucent (France).

 

The Terror of Hackers

Posted on by

U.S. arrests three men over hacking scheme targeting 60 million people

Cybersecurity researcher Billy Rios points to a computer line reading ''Gods Password,'' a password he was able to uncover by analyzing the software in a Pyxis medical supply dispenser that he says he purchased on Ebay for a few hundred dollars, in Redwood City, California October 10, 2014. REUTERS/Robert Galbraith

Reuters: Three men were arrested on Monday for engaging in a wide-ranging hacking and spamming scheme that targeted personal information of 60 million people including Comcast customers, U.S. prosecutors announced Tuesday.

Timothy Livingston, 30, Tomasz Chmielarz, 32, and Devin McArthur, 27, were named in an indictment filed in federal court in Newark, New Jersey that charged them with conspiracy to commit fraud and related activity among other offenses.

Prosecutors said Livingston, a Boca Raton, Florida, resident, was the leader of a series of computer hacking and illegal spamming schemes that targeted multiple companies and generated illegal profits exceeding $2 million.

The three men were arrested at their respective residences on Tuesday morning, a spokesman for U.S. Attorney Paul Fishman in New Jersey said.

Michael Koribanics, Chmielarz’s lawyer, said his client would plead not guilty at a court hearing on Tuesday. A lawyer for Livingston did not immediately respond to a request for comment, and an attorney for McArthur could not be identified.

Prosecutors said Livingston, who owned a spam company called “A Whole Lot of Nothing LLC,” hired Chmielarz of Rutherford, New Jersey to author hacking tools and other programs that facilitated the hacking and spamming schemes.

Among the companies they targeted was a Pennsylvania-based telecommunications company that employed McArthur, a resident of Ellicott City, Maryland, who installed hacking tools in company networks to gain access to records for 50 million people, prosecutors said.

The company was not identified by name in court papers. But McArthur’s LinkedIn page says he worked at Comcast Corp during the period in question. A Comcast spokeswoman had no immediate comment.

Livingston and Chmielarz also compromised tens of thousands of peoples’ email accounts, including customers of a New York telecommunications company, which they then used to send spam, the indictment said.

Other companies targeted in the schemes included a New York-based technology and consulting company whose website was compromised and a Texas-based credit monitoring firm that was hacked, the indictment said.

In the case of the unnamed credit monitoring firm, the indictment said Livingston paid Chmielarz to write a program to steal a database containing 10 million records.

When law enforcement seized Livingston’s computer in July, they discovered a database with 7 million of that company’s records, the indictment said.

New OPM Cyber Chief Is Bracing for an ISIS Hack

The new cybersecurity adviser hired by the Office of Personnel Management after a Chinese-originated hack says he expects ISIS may ultimately pierce the agency’s systems, too.

The historic data breach exposed the professional and private lives of 21.5 million individuals applying for clearances to handle classified information, plus their families. That kind of information, drawn from background investigations, would be perfect for blackmail attempts.

But Clifton Triplett—named OPM’s first-ever senior cyber and information technology adviser last month—says forthcoming access controls will blunt the severity of any future hack.

I think what I have to do is … assume that, at some point in time, they may be successful,” Triplett said when asked about the ISIS cyber threat during a webcast hosted by Bloomberg Government on Monday.

Going forward, OPM will “make it more of a need-to-know kind of access control,” he said, “so if we do have a compromise, it is far more contained than, for example, our last incident.”

The agency, he explained, will institute the equivalent of tear lines on network data to grant as little information as possible to authorized personnel.

Right now, I think, in some of our situations, the access control is broader than perhaps needs to be,” Triplett said, because OPM computer programs were developed before data security became a governmentwide priority.

So far, ISIS sympathizers have been hacking more for show, than for spying.

In early 2015, the self-described Cyber Caliphate group reportedly took control of the social network accounts of U.S. Central Command.

Then, global television network TV5Monde was disabled for hours in April, when the hacktivists apparently replaced the company’s channels, websites and social media accounts with pro-ISIS messaging.

ISIS’ online propaganda often directs followers to kill U.S. and allied troops and supplies the necessary contact information. But much of the data released has turned out to have already been in the public domain.

Still, America viewed at least one ISIS hacker as enough of a threat to kill him in a targeted attack.

The Justice Department claims Ardit Ferizi breached a server to retrieve identifying details on about 1,350 military and other government personnel. He then allegedly passed the data on to Islamic State member and Cyber Caliphate ringleader Junaid Hussain, a British citizen. Hussain is accused of beckoning adherents to target U.S. personnel, posting links on Twitter to their names, email addresses, passwords, locations and phone numbers. Hussain was reportedly killed in a U.S. drone strike this summer.

But what really frightens Triplett is that OPM’s records sit beside smart toasters and air conditioners in the Internet of Things, he said.

We’re too interconnected. Not enough air gaps in our systems” that physically decouple networks from the Internet, he said. “We are trying to automate and connect one more thing to one more thing.”

Today, background check records are one of those things.

Eventually, Triplett said he fears, “I’ll have a reasonably minor event that will turn into a catastrophic event, and I won’t be able to find out where the root cause was because of the ripple potential.”

Currently, “there’s no way” to cut off the systems from the Internet, OPM’s IT security officer, Jeff Wagner, told Nextgov in October.

Wagner said, “even clearance data” must be online, because the only other option is to exchange paper folders with agency partners like the Social Security Administration.

Adversaries, however, would have to circumvent multiple identity checks and firewalled systems to peer at the personnel records, Wagner said.

 

 

DHS Secret Databases Not Secure, Violations

Posted on by

In part from the report: Recognizing the importance of information security to the economic and national security interests of the United States, the Congress enacted Title III of the E-Government Act of 2002 (Public Law 107-347, Sections 301-305) to improve security within the Federal Government. Information security means protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction. Title III of the E-Government Act, as amended, entitled Federal Information Security Management Act of 2002, provides a comprehensive framework to ensure the effectiveness of security controls over information resources that support Federal operations and assets.

Components are not consistently following DHS’ policies and procedures to update the system inventory and plan of action and milestones in the Department’s enterprise management systems. Further, Components continue to operate systems without the proper authority. We also identified a significant deficiency in the Department’s information security program as the United States Secret Service (USSS) did not provide the Chief Information Security Officer (CISO) with the continuous monitoring data required by the Office of Management and Budget (OMB) during Fiscal Year (FY) 2014. Without this information, CISO was significantly restricted from performing continuous monitoring on the Department’s information systems, managing DHS’ information security program, or ensuring compliance with the President’s cybersecurity priorities. Subsequent to the completion of our fieldwork, USSS established an agreement with the DHS Chief Information Officer (CIO) to provide the required data beginning in FY 2015.

Evaluation of DHS Information Security Program for Fiscal Year 2015 revealed the existence of dozens of top-secret unpatched databases.
SecurityAffairs: The story I’m about to tell you is staggering, the US Department of Homeland Security is running dozens of unpatched and vulnerable databases, a number of them contained information rated as “secret” and even “top secret.”
The discovery emerged from the “Evaluation of DHS’ Information Security Program for Fiscal Year 2015” conducted on the department’s IT infrastructure by the US Government.
The audit of the DHS Information Security found serious security issues in the Government systems, including 136 systems that had expired “authorities to operate,” a circumstance that implies the stop of maintenance activities. The principal problem discovered by the inspectors is that a number of systems, despite are still operative and under maintenance have no up-to-date security patches, leaving them open to cyber attacks.


Of the 136 systems, 17 were containing information classified as “secret” or “top secret.”
Giving a deep look at the report on the DHS Information Security Program, it is possible to note that the Coast Guard runs 26 vulnerable databases, followed by FEMA with 25, Customs and Border Protection with 14, and the DHS’ headquarters with 11.

Although Secret Services have only two vulnerable databases, they have failed other targets.
It implemented proper security checks just for 75 percent of its secret or top secret databases, and just 58 per cent of its non-secret databases. The DHS targets are 100 per cent and 75 per cent respectively. The experts discovered several security issues affecting the majority of assessed systems, including PCs, databases and also browsers.
The assessments conducted to evaluate the DHS Information Security Program, revealed several deficiencies in the systems analyzed, for example, Windows 8.1 and Windows 7 workstations which were missing security patches for the principal software.
“We found additional vulnerabilities regarding Adobe Acrobat, Adobe Reader, and Oracle Java software on the Windows 7 workstations,” the department’s inspector general noted in a 66-page report. “If exploited, these vulnerabilities could allow unauthorized access to DHS data.”
The inspectors have found many other security issues in the DHS Information Security Program, including weak passwords, websites susceptible to cross-site and/or cross-frame vulnerabilities and poor security settings.
The Government environments suffer bureaucratic obstacles in bug fixing and patch management, it could take more than a year to fix a leak from the moment it is reported.


The results of the evaluation confirm that improvements have been made but there are a lot of serious issues that have to be urgently addressed.
“While improvements have been made, the Department must ensure compliance with information security requirements in other areas. For example, DHS does not include its classified system information as part of its monthly information security scorecard or its FISMA submission to OMB. In addition, USCG is not reporting its PIV data to the Department, which is a contradiction to the Under Secretary for Management’s guidance that requires Components to submit this information to the Department.5 In addition, we identified deficiencies with DHS’ enterprise management systems, including inaccurate or incomplete data.”
The report also provides a set of recommendations to solve the security issued emerged after the assessment.
The DHS has 90 days to fix the issues, two of which have been already solved.
Pierluigi Paganini

IAEA Just Gave up on Iran Nuclear Verification

Posted on by

Oh my, Barack Obama lied…..not only in verbal form but in written form. Now other world leaders, Saudi Arabia, United Kingdom, France, Israel and more will indeed have some forceful response to Barack Obama.

Then there is the issue of releasing the billions in frozen funds back to Iran and the further lifting of sanctions. But the biggest questions are still not answered: Exactly where is Iran with their nuclear weapons program, does it continue unimpeded and what with other threatened countries do now?

 this deal provides the best possible defense against Iran’s ability to pursue a nuclear weapon covertly — that is, in secret.  International inspectors will have unprecedented access not only to Iranian nuclear facilities, but to the entire supply chain that supports Iran’s nuclear program — from uranium mills that provide the raw materials, to the centrifuge production and storage facilities that support the program.  If Iran cheats, the world will know it.  If we see something suspicious, we will inspect it.  Iran’s past efforts to weaponize its program will be addressed.  With this deal, Iran will face more inspections than any other country in the world. (the full Barack Obama statement here as posted on the White House website)

President Obama sold his nuclear deal with Iran with promises that the accord would be based on “unprecedented verification,” and this week we were reminded of how much that promise was worth. Witness the latest report on Iran’s nuclear program from the International Atomic Energy Agency.

The IAEA is the U.N. outfit that is supposed to monitor Iran’s compliance with the agreement, which requires Tehran to answer the agency’s questions on its past nuclear work in order to obtain sanctions relief. On Wednesday the agency produced its “final assessment”—the finality here having mostly to do with the U.N. nuclear watchdog giving up hope of ever getting straight answers.

Hence we learn that “Iran did not provide any clarification” regarding experiments the agency believes it conducted on testing components of nuclear components at its military facility at Parchin. “The information available to the Agency, including the results of the sampling analysis and the satellite imagery, does not support Iran’s statements on the purpose of the building,” says the report. “The Agency assesses that the extensive activities undertaken by Iran since February 2012 at the particular location of interest to the Agency seriously undermined the Agency’s ability to conduct effective verification.”

This seems to be A-OK with the Obama Administration, which made clear it’s prepared to accept any amount of Iranian stonewalling in order to move ahead with sanctions relief. “We had not expected a full confession, nor did we need one,” an unnamed senior Administration official told the Journal. One wonders why they even bothered with the charade.

Still, the report is illuminating on several points, above all its conclusion that Tehran continued to work on nuclear weapons research until 2009. That further discredits the 2007 National Intelligence Estimate, which claimed Iran’s weapons program had ceased in 2003, and which effectively ended any chance that the Bush Administration would use military force against Iran’s nuclear sites.

It should also inspire some humility about the quality of Western intelligence regarding closed and hostile regimes such as Iran’s. A 2014 report from the Pentagon’s Defense Science Board noted that at “levels associated with small or nascent [nuclear] programs, key observables are easily masked.” Yet the Administration keeps insisting that Iran’s nondisclosures don’t matter because the U.S. has “perfect knowledge” of what the mullahs are up to, as John Kerry claimed last summer.

The larger point is that the nuclear deal has already become a case of Iran pretending not to cheat while the West pretends not to notice. That may succeed in bringing the agreement into force, but it offers no confidence that Iran won’t eventually build its weapon.

ISIS in America, Retweets to Raqqa

Posted on by

ISIS in America    Read the full study here.

IT IS APPARENT that the U.S. is home to a small but active cadre of individuals infatuated with ISIS’s ideology, some of whom have decided to mobilize in its furtherance.

This section attempts to provide an overview of this demographic by drawing on research that attempted to reconstruct the lives—both real and virtual—of U.S.-based ISIS supporters. The research effort was based on legal documents, media reports, social media monitoring, and interviews with a variety of individuals, though there were at times limitations to both the amount and reliability of publicly available information.

 

The 71 individuals charged for ISIS-related activities (as of November 12, 2015)

 

ƒ.WHILE NOT AS LARGE as in many other Western countries, ISIS-related mobilization in the United States has been unprecedented. As of the fall of 2015, U.S. authorities speak of some 250 Americans who have traveled or attempted to travel to Syria/Iraq to join the Islamic State in Iraq and Syria (ISIS) and 900 active investigations against ISIS sympathizers in all 50 states.

ƒ. Seventy-one individuals have been charged with ISIS-related activities since March 2014. Fifty-six have been arrested in 2015 alone, a record number of terrorism-related arrests for any year since 9/11. Of those charged:

. The average age is 26.

. 86% are male.

. Their activities were located in 21 states.

. 51% traveled or attempted to travel abroad.

. 27% were involved in plots to carry out attacks on U.S. soil.

. 55% were arrested in an operation involving an informant and/or an undercover agent.

ƒ. A small number of Americans have been killed in ISIS-related activities: three inside the U.S., at least a dozen abroad.

ƒ. The profiles of individuals involved in ISIS-related activities in the U.S. differ widely in race, age, social class, education, and family background. Their motivations are equally diverse and defy easy analysis.

ƒ. Social media plays a crucial role in the radicalization and, at times, mobilization of U.S.-based ISIS sympathizers.

The Program on Extremism has identified some 300 American and/or U.S.-based ISIS sympathizers active on social media, spreading propaganda, and interacting with like-minded individuals. Some members of this online echo chamber eventually make the leap from keyboard warriors to actual militancy.

ƒ. American ISIS sympathizers are particularly active on Twitter, where they spasmodically create accounts that often get suspended in a never-ending cat-and-mouse game. Some accounts (the “nodes”) are the generators of primary content, some (the “amplifiers”) just retweet material, others (the “shout-outs”) promote newly created accounts of suspended users.

ƒ. ISIS-related radicalization is by no means limited to social media. While instances of purely web-driven, individual radicalization are numerous, in several cases U.S.-based individuals initially cultivated and later strengthened their interest in ISIS’s narrative through face-to-face relationships. In most cases online and offline dynamics complement one another.

ƒ. The spectrum of U.S.-based sympathizers’ actual involvement with ISIS varies significantly, ranging from those who are merely inspired by its message to those few who reached mid-level leadership positions within the group.