Category Archives: NSA Spying

The China Hack of United Airlines, Electronic Insurgency

Posted on by

Warning corporations, industry and government entities is one thing, action and protection and or declaration of a cyber war is yet another.

July 2015:

Aspen Institute: Cyber warfare is one of the most potent security threats the United States faces, National Security Agency Director and Commander of the US Cyber Command General Keith Alexander told the crowd at the Aspen Security Forum in Aspen, discussing in conversation with NBC News Correspondent Pete Williams the nature of the threat and how his department is working to address it.
With the Stuxnet, Duqu, and Flame viruses in the fore of the public consciousness, Alexander took pains to point out that nation-states were not the only potential cyber actors. Citing power and water grids as his chief concerns, he said, “Somebody who finds vulnerability in our infrastructure could cause tremendous problems. They could erase the Input/output of a system so it can’t boot, and would have to be replaced. And these capabilities are not only nation-state-only capabilities.”

Alexander assessed the US’ readiness to confront such an attack as a three on a scale of ten, calling lack of adequately trained cyber defense forces the critical impediment to greater preparedness. “Our issue isn’t [having the tools] to address the threat,” he said. “It’s having the capacity, and building and training cyber forces. We have a big requirement, and a small force that is growing steadily.”

China-Tied Hackers That Hit U.S. Said to Breach United Airlines

Bloomberg:

The hackers who stole data on tens of millions of U.S. insurance holders and government employees in recent months breached another big target at around the same time — United Airlines.

United, the world’s second-largest airline, detected an incursion into its computer systems in May or early June, said several people familiar with the probe. According to three of these people, investigators working with the carrier have linked the attack to a group of China-backed hackers they say are behind several other large heists — including the theft of security-clearance records from the U.S. Office of Personnel Management and medical data from health insurer Anthem Inc.

The previously unreported United breach raises the possibility that the hackers now have data on the movements of millions of Americans, adding airlines to a growing list of strategic U.S. industries and institutions that have been compromised. Among the cache of data stolen from United are manifests — which include information on flights’ passengers, origins and destinations — according to one person familiar with the carrier’s investigation.

 

It’s increasingly clear, security experts say, that China’s intelligence apparatus is amassing a vast database. Files stolen from the federal personnel office by this one China-based group could allow the hackers to identify Americans who work in defense and intelligence, including those on the payrolls of contractors. U.S. officials believe the group has links to the Chinese government, people familiar with the matter have said.

That data could be cross-referenced with stolen medical and financial records, revealing possible avenues for blackmailing or recruiting people who have security clearances. In all, the China-backed team has hacked at least 10 companies and organizations, which include other travel providers and health insurers, says security firm FireEye Inc.

Tracking Travelers

The theft of airline records potentially offers another layer of information that would allow China to chart the travel patterns of specific government or military officials.

United is one of the biggest contractors with the U.S. government among the airlines, making it a rich depository of data on the travel of American officials, military personnel and contractors. The hackers could match international flights by Chinese officials or industrialists with trips taken by U.S. personnel to the same cities at the same time, said James Lewis, a senior fellow in cybersecurity at the Center for Strategic and International Studies in Washington.

“You’re suspicious of some guy; you happen to notice that he flew to Papua New Guinea on June 23 and now you can see that the Americans have flown there on June 22 or 23,” Lewis said. “If you’re China, you’re looking for those things that will give you a better picture of what the other side is up to.”

Computer Glitches

The timing of the United breach also raises questions about whether it’s linked to computer faults that stranded thousands of the airline’s passengers in two incidents over the past couple of months. Two additional people close to the probe, who like the others asked not to be identified when discussing the investigation, say the carrier has found no connection between the hack and a July 8 systems failure that halted flights for two hours. They didn’t rule out a possible, tangential connection to an outage on June 2.

Luke Punzenberger, a spokesman for Chicago-based United, a unit of United Continental Holdings Inc., declined to comment on the breach investigation.

Zhu Haiquan, a spokesman for the Chinese embassy in Washington, said in a statement: “The Chinese government and the personnel in its institutions never engage in any form of cyberattack. We firmly oppose and combat any forms of cyberattacks.”

Embedded Names

United may have gotten help identifying the breach from U.S. investigators working on the OPM hack. The China-backed hackers that cybersecurity experts have linked to that attack have embedded the name of targets in web domains, phishing e-mails and other attack infrastructure, according to one of the people familiar with the investigation.

In May, the OPM investigators began drawing up a list of possible victims in the private sector and provided the companies with digital signatures that would indicate their systems had been breached. United Airlines was on that list.

Safety Concerns

In contrast to the theft of health records or financial data, the breach of airlines raises concerns of schedule disruptions or transportation gridlock. Mistakes by hackers or defenders could bring down sensitive systems that control the movement of millions of passengers annually in the U.S. and internationally.

Even if their main goal was data theft, state-sponsored hackers might seek to preserve access to airline computers for later use in more disruptive attacks, according to security experts. One of the chief tasks of the investigators in the United breach is ensuring that the hackers have no hidden backdoors that could be used to re-enter the carrier’s computer systems later, one of the people familiar with the probe said.

United spokesman Punzenberger said the company remains “vigilant in protecting against unauthorized access” and is focused on protecting its customers’ personal information.

There is evidence the hackers were in the carrier’s network for months. One web domain apparently set up for the attack — UNITED-AIRLINES.NET — was established in April 2014. The domain was registered by a James Rhodes, who provided an address in American Samoa.

James Rhodes is also the alias of the character War Machine in Marvel Comics’ Iron Man. Security companies tracking the OPM hackers say they often use Marvel comic book references as a way to “sign” their attack.

Targeting Pentagon

This isn’t the first time such an attack has been documented. Chinese military hackers have repeatedly targeted the U.S. Transportation Command, the Pentagon agency that coordinates defense logistics and travel.

A report last year from the Senate Armed Services Committee documented at least 50 successful hacks of the command’s contractors from June 2012 through May 2013. Hacks against the agency’s contractors have led to the theft of flight plans, shipping routes and other data from organizations working with the military, according to the report.

“The Chinese have been trying to get flight information from the government; now it looks as if they’re trying to do the same in the commercial sector,” said Tony Lawrence, a former Army sergeant and founder and chief executive officer of VOR Technology, a Columbia, Maryland-based cybersecurity firm.

It’s unclear whether United is considering notifying customers that data may have been compromised. Punzenberger said United “would abide by notification requirements if a situation warranted” it.

The airline is still trying to determine exactly which data was removed from the network, said two of the people familiar with the probe. That assessment took months in the OPM case, which was discovered in April and made public in June.

M&A Strategy

Besides passenger lists and other flight-related data, the hackers may also have taken information related to United’s mergers and acquisitions strategy, one of the people familiar with the investigation said.

Flight manifests usually contain the names and birthdates of passengers, but even if those files were taken, experts say that would be unlikely to trigger disclosure requirements in any of the 47 states with breach-notification laws.

Those disclosure laws are widely seen as outdated. The theft by hackers of corporate secrets usually goes unreported, while the stealing of customer records such as Social Security numbers and credit cards is required in most states.

“In most states, this is not going to trigger a notification,” said Srini Subramanian, state government leader for Deloitte cyber risk services.

IRS, that Operates on DOS, yes DOS is Still Targeting Americans

Posted on by

Then there was instant messaging at the IRS that few talk about.

The letter, the testimony, the documentation is found here along with the signatures from Congress.

From Americans for Tax Reform: The IRS used a “wholly separate” instant messaging system that automatically deleted office communications, according to documentation released by the House Oversight Committee on Monday. The system appears to have been purposefully used by agency officials responsible for the targeting of conservative non-profits, in order to evade public scrutiny.

The system, known as “Office Communication Server” or OCS was used by IRS officials, including many in the Exempt Organizations (EO) Unit, which was headed by Lois Lerner.

As the Oversight Committee report states, the instant messaging system did not archive any communications, so it is not possible to know what employees of the EO unit discussed on it.

However, in an email uncovered by the Committee Lerner warns her colleagues about evading Congressional oversight:

“I was cautioning folks about email and how we have had several occasions where Congress has asked for emails and there has been an electronic search for responsive emails – so we need to be cautious about what we say in emails.”

Lerner then asks whether OCS is automatically archived. When informed it was not, Lerner responded “Perfect.”

While it is possible to set the instant messaging system to automatically archive messages, the IRS chose not to do so, according to one employee interviewed by the Committee. The fact that the agency chose not to archive messages raises questions about the true purpose of OCS and what discussions took place.

Needless to say, the apparent use of OCS to evade Congressional oversight once again shows that the IRS does not want the American people to learn the truth about the Lois Lerner targeting scandal.

 

 

https://oversight.house.gov/wp-content/uploads/2015/07/2015-07-27-JC-to-Obama-WH-Koskinen-Resignation.pdf

 

ISIS Online Propagandists are Russian

Posted on by

Personally, I have investigated the matter of the Islamic State cyber-caliphate and all clues led back to Russia. Now others are investigating the same thing and forming the same conclusions. Fundamentally we are in a new dimension of a Cold War tactic using the internet as the platform. So far the Obama administration ignores this but military generals are sounding the alarms.

Why Are Russian Hackers Posing as ISIS Propagandists?

by: Helle Dale

The multi-front cyberspace information war in which we recently have found ourselves just got a little more complicated.

A group which calls itself Cyber Caliphate, assumed to have ties to the terrorist group ISIS, may in fact be a creation of Russian hackers taking advantage of the havoc wrecked on social media and the Internet by ISIS propagandists.

The complex picture this presents adds to the challenges faced by the U.S. government as it seeks to adjust its counterterrorism communication and cybersecurity measures to deal with rising threats from abroad.

According to a new report, “Who Is Cyber Caliphate? Re-examining the Online ISIL Threat,” produced by the State Department’s Office of Diplomatic Security (DS), a major cyber attack on French television TV5Monde last April by Cyber Caliphate hackers took the station off the air for 20 hours and exposed employee email accounts.

It was more sophisticated than anything previously seen from ISIS hackers.

French and American investigators tracking the electronic footprints of the hackers found they led to a Russian hacker group known as APT28, which usually hack in favor of the Russian government and directs its efforts at NATO.

In fact, they found no electronic tracks leading back to ISIS. Russian information warfare, which has intensified massively over the past several years, is taking ever changing twists and turns, and this one took investigators by surprise.

Russian hackers are greatly more sophisticated than the ISIS variety.

The Diplomatic Security report does, however, also stress the heavy influence of ISIS on Twitter in particular, as it seeks to create radicalized followers among disaffected and alienated Muslim youth in Western societies.

From September to December, 2014 alone, an estimated 46,000 Twitter accounts were associated with ISIS, the group’s most potent method to reach into impressionable minds.

Under the new leadership of Rashad Hussein at the U.S. Center for Strategic Counterterrorism Communication of the State Department (CSCC,) the policy of the U.S. government is to counter terrorism propaganda with a positive message, presenting a more attractive vision in the war of ideas.

This strategy dovetails with the administration’s dubious argument that terrorist acts arise from populations deprived of economic opportunity and have to be dealt with by addressing “root causes,” like poverty.

The new counterterrorism approach is a departure from the work of the Center for Strategic Counterterrorism Communication under the recently departed Ambassador Alberto Fernandez, who took a harder line, attacking ISIS (and Cyber Caliphate) propagandists head on, and exposing graphically the brutality and horrors perpetrated by ISIS terrorists.

For this tough and confrontational approach, Fernandez was heavily criticized in the U.S. media and shunned by the executive branch.

With Russian hackers parading as ISIS propagandists, we now seem to have a perfect storm.

The complexity of cyber conflict certainly suggests that the U.S. government must intensify and improve its own efforts to outsmart our enemies.

***

By Jack Murphy at SofRep in part:

ISIS feeds the West loaded information

There is no proof that Russian intelligence has a hand in ISIS information/propaganda operations. However, considering what we have discussed thus far, this scenario should be taken seriously. ISIS is actively gaming the psychological makeup of Western audiences in order to provoke the United States and allied nations into a full-blown military confrontation with the Islamic State in Syria and Iraq. If the hypothesis about Russian influence agents in ISIS is correct, and if they are participating in ISIS propaganda efforts, then we should ask why Russia would be interested in doing this to begin with.

The answer is fairly straightforward. Keeping America bogged down and preoccupied in the Middle East is of massive benefit to the Russian Federation. By goading America into another war in the Middle East, Russia has more opportunity to engage in military aggression in Ukraine, Dagestan, Chechnya, Georgia, Moldova, Akbazia, Nagorno-Karabakh, Uzbekistan, Tajikistan, Turkmenistan, and on and on throughout Russia’s near abroad. For sure, there would also be some more specific tactical and strategic goals, but in the general sense, the Gulf War III would help keep America off Russia’s back.

ISIS, and perhaps Russian intelligence, understands America’s future rationalizations for war very well. In the past we could justify war as being battles against communism or fascism for the preservation of the American way of life. Before that, more jingoistic narratives about manifest destiny were brought into play. But these justifications for war, racial or nationalistic, will have no place in future liberal Western nations. Instead wars will be justified as fights for gay rights, women’s rights, and other equality issues. One hypothetical example: Americans will be told that we have to invade Iran because gays are stoned to death or beheaded by the Iranian regime.

The Islamic State knows that there is no better way to terrify and incite Americans than to use mass executions, the murder of Christians, the use of sex slaves, the destruction of ancient relics, and the killing of homosexuals. ISIS is at war with Western consciousness, and it is a very deliberate effort.

Read more

Hillary: A Woman’s Right to Choose Reproduction of Emails?

Posted on by

Perhaps Hillary has some confusion in her social engineering thinking. She touts that women have a right to choose on personal reproduction but does that really apply to her emails?

Hillary Clinton turned over emails to the State Department after her term as Secretary of State from her private server. Apparently not being too tech savvy, someone else in her inner circle reviewed and processed tens of thousands of emails, printed them and delivered them to the State Department. The question is who did that and did they have security clearance for such action or access?

The intelligence community inspector generals reviewed the emails and declared that at least so far, 4 emails contained classified information. Read on and learn the basis of those emails.

What’s in those classified Clinton emails?

22 emails already made public were classified after they were sent

They’re different from 4 that were the subject of a New York Times report

It’s possible to figure out at least the general topics

By Corrine Kennedy

 

WASHINGTON

Of the 3,000 Hillary Clinton emails made public June 30, 22 had sections redacted because they contained information pertaining to national security, foreign relations or U.S. actions in a foreign country.

Officials said the redactions were made to prepare the emails for publication and that the information was not classified at the time Clinton sent or received the emails.

 

Many of the classified emails involved North Korea, which was holding two American journalists in detention at the time. These emails, all from 2009, were dated March 30, April 1 and May 16, 22 and 15. Another email, dated May 25, provided background for a call with Japanese, Russian, Chinese and South Korean foreign ministers in the wake of a North Korean nuclear test.

Other popular topics in 2009 were Haiti – three emails dated June 16, July 15 and Oct. 25 – and Sri Lanka, two dated May 16, which was ending a 25-year civil war about the same time the emails were sent. Other emails involved Honduras, which had experienced a coup a few months prior to the Oct. 25, 2009, email, and Egypt, referenced on Nov. 27, 2009. The subject of other emails is hard to ascertain because of the amount redacted.

 

All of the emails except one appear to be sent from or to State Department officials.

The exception is one 2009 email from Sid Blumenthal, on July 26, longtime adviser to the Clinton and her husband, the former president.

Blumenthal forwards Clinton an email from Joe Wilson, diplomat and husband of ex-CIA agent Valerie Plame, and asks her how a recent visit with German Chancellor Angela Merkel in Berlin went.

Clinton responds, “Berlin was terrific. Lots of good exchanges w leaders.” The rest of the message was classified.

Republicans on Friday seized on a New York Times report that said two inspectors general had asked the Justice Department to open a criminal investigation into whether sensitive government information had been mishandled.

Clinton’s presidential campaign said the story was false and asked the newspaper for a correction.

A subsequent statement from I. Charles McCullough III and Steve Linick, the inspectors general, agreed that they had not made a criminal referral. But in their statement they said they had uncovered four emails that have yet to be made public that did contain classified information and that should not have been on a non-government server.

“These emails contained classified information when they were generated, and, according to IC classification officials, that information remains classified today,” the two officials wrote. “This classified information should never have been transmitted via an unclassified personal system.”

Their referral to “security officials within the executive branch” was consistent with laws that require they report “potential compromises of national security information.”

Of course, what’s in those yet-be-released emails is unknown.

 

Abbas Araqchi, Man Behind the IAEA Side Deals with Iran

Posted on by

Araqchi is the top hidden negotiator for Iran’s Supreme leader when it comes to inspections, the IAEA and missiles.

From the Deputy Minister of Iran’s Foreign Affairs: Araqchi underscored that Iran attaches great importance to implementation of the nuclear agreement and the commitment of the other party to the deal.

Touching upon Iran`s relations with its neighboring countries, Azerbaijan in particular, in the post-sanctions era, Araqchi underscored that Iran wants to expand its economic cooperation with the international community.

Iran attaches due attention to expansion of relations with its neighboring countries, Azerbaijan, in particular, he said.

Araqchi said in Tehran on Wednesday that the S-300 air defense system is not subject to Security Council resolution.

Speaking in a press conference, he reiterated that the weapons that their sales to Iran would be subject to the restrictions are seven items and this would not include S-300.

Purchasing the S-300 air defense system is out of the jurisdiction of the Security Council`s recent resolution, he added.

Touching upon the wave of European officials trips to Iran, he said European Union Foreign Policy Chief Federica Mogherini and French Foreign Minister Laurent Fabius are set to visit Iran next week.

Araqchi reiterated that the Vienna agreement has paved the way for economic cooperation of Iran with several countries that were deprived of fostering ties with Islamic Republic due to imposed sanctions.

Pointing to the continuation of trilateral relations between Iran, Russia and China, he stressed that Iran enjoys cordial, positive and constructive ties with Russia and China.

Iranian Deputy Foreign Minister said Wednesday that Iran`s policy on global hegemony has not changed.

***

From the Iran Project: Speaking to Al-Alam News Network, Araqchi said that access to Iran’s military sites has been divided into two areas – one area is about the issues related to the country’s past military activities, wrongly referred to Possible Military Dimensions (PMD), and the other is about Tehran’s future activities.

On Iran’s past military activities, Iran and the agency reached an agreement or roadmap on the day Iran deal was clinched in Vienna by Tehran and the six world powers, Araqchi said.

Araqchi said that there is no need for concern about solving the issues related to Tehran’s past nuclear activities. He said that Iran and the IAEA have agreed upon solving the issues.

To ensure the agency of the future of its nuclear activities, Iran has agreed to implement the Additional Protocol, Araqchi said.

He noted that the Additional Protocol is nothing beyond the international regulations and there is no need for concern in this regard.

The leader of Hezbollah, Hassan Nasrallah received his guarantee of financial support due to the Iran JPOA deal and is spiking the football.

Beirut:

“Did Iran sell its allies down the river during the nuclear talks? No, there was no bargaining” between Iran and the United States, he said in a speech broadcast on a large screen to supporters in Beirut’s southern suburbs, a party stronghold.

Supreme leader “Ayatollah Ali Khamenei reiterated Iran’s position on the resistance movements and its allies, and Hezbollah occupies a special place among them,” Nasrallah added.

“The United States remains the ‘Great Satan’, both before and after the nuclear accord” reached last week after tough negotiations between Iran and permanent UN Security Council members Britain, China, France, Russia and the United States, plus Germany.

On July 18, Khamenei warned that, despite the deal, Iran would continue its policy towards the “arrogant” United States and also its support for its friends in the region.

Founded in the 1980s by Iran’s Guardians of the Revolution and financed and armed by Tehran, Hezbollah has become a powerful armed party advocating armed struggle against Israel.

The party, which the United States classifies as a terrorist organisation, is also fighting alongside President Bashar al-Assad’s forces against rebels in Syria, itself an ally of Iran.

On Friday, Syrian Foreign Minister Walid Muallem also said the nuclear deal would not affect Iranian support for the Damascus government.