Category Archives: Terror

The Wilful Reckless Handling of Classified Docs in DHS too?

Posted on by

Okay, so we have had the issue at the U.S. State Department and now the Department of Homeland Security, so it begs the question, what other agencies? Further, Iran, Russia, China and North Korea are likely loving this.

Security? Heh….

Homeland Security Is Spilling a Lot of Secrets

By

Bloomberg: The Department of Homeland Security suffered over 100 “spills” of classified information last year, 40 percent of which came from one office, according to a leaked internal document I obtained. Officials and lawmakers told me that until the Department imposes stricter policies and sounder practices to better protect sensitive intelligence, the vulnerabilities there could be exploited. Not only does this raise the threat that hostile actors could get their hands on classified information, but may lead to other U.S. agencies keeping DHS out of the loop on major security issues.

A spill is not the same as an unauthorized disclosure of classified information. A Homeland Security official explained that spills often include “the accidental, inadvertent, or intentional introduction of classified information into an unclassified information technology system, or higher-level classified information into a lower-level classified information technology system, to include non-government systems.”

Examples include: using a copier not approved for the level of classified information copied; failing to properly mark a classified product; transmitting classified information on an unclassified system like Gmail; or sending classified information to someone who, while having the proper level of clearance, is not authorized to read a section of information sent to them, the official said.

There were 119 of these classified spills reported throughout the Homeland Security Department in fiscal year 2015, according to the internal document, which itself is unclassified. The section with the most spills by far was the Office of Intelligence and Analysis, headquartered at building 19 of the Nebraska Avenue Complex in Washington, led by retired General Francis Taylor. This office is composed mostly of intelligence analysts assigned to produce and review classified reports that are often the work of other intelligence agencies, including the Central Intelligence Agency and the Office of the Director of National Intelligence.

One senior Homeland Security official told me that the intelligence and analysis office at DHS suffers from lax enforcement of the established policies and practices to protect classified information. This official said the numbers of classified spills in the internal report only represents those incidents that were officially reported, and the actual number is much higher.

S.Y. Lee, a department spokesman, told me that DHS does not comment on reports of leaked information, but that the department is currently having mandatory employee training sessions on the handling of classified and sensitive information.

“We take any report of mishandling of information very seriously, and when violations are discovered, the Department takes immediate, appropriate actions to address the situation,” he said. “DHS takes the protection of all our assets very seriously, and will continue to evolve our training and remediation efforts to address security needs and accountability to the American public.”

Experts on government secrecy and classified information handling told me that the number of spills alone does not directly prove that there is a larger cultural or policy problem at DHS. But there is a history of carelessness with e-mail at the department, and this new finding combined with anecdotal reports of bad practices indicate that there should be more investigation the intelligence and analysis division in particular.

“At a minimum, this raises a question about what’s going on at this corner of the agency,” said Steven Aftergood, director of the program on government secretary at the Federation of American Scientists. “If it is happening disproportionally in one part of the agency, that may mean that remedial measures are needed there, including security training, better oversight and similar steps.”

Spillages are a normal part of the classification system at the DHS and elsewhere, and there are formal procedures for addressing them because it’s understood that you cannot eliminate human error, he said. But if one intelligence shop is mishandling information from another part of the government, that could cause real problems in the interagency cooperation and intelligence-sharing.

“If they have a reputation as a shop with unreliable security, other agencies are going to think twice about sharing their most valuable information with Homeland Security,” Aftergood said. “It can hurt other agencies and it can rebound on them. It’s bad all around and should be corrected.”

Johannes B. Ullrich, dean of research for the SANS Technology Institute, said that it’s probable most of the classified spills were unintentional and the result of sloppiness more than anything else. But lax enforcement of policies meant to protect sensitive information also presents an opportunity for exploitation by malicious actors.

“If it’s accepted practice that you print documents and scan them in, for example, then it’s much easier for an insider to take advantage of that,” he said. “By reducing the unintentional spillage you make it easier to find the intentional ones.”

The House Homeland Security Committee is currently pushing DHS to implement new systems for monitoring employees who handle classified information. Last November, the House passed the DHS Insider Threat and Mitigation Act, which was sponsored by Representative Peter King, chairman of the Homeland Security Committee’s subcommittee on counterterrorism and intelligence. The bill would require Taylor, among other things, to develop a timeline for deploying workplace monitoring technologies, employee awareness campaigns, and education and training programs related to potential insider threats to the department’s critical assets. The Senate Homeland Security Committee marked up a companion bill earlier this month.

“In recent years, the department has made progress installing limited monitoring technology, but much more needs to be done,” King said in a statement. “Results from the existing systems demonstrate the need for more auditing and education for DHS employees.”

Classified spills are a government-wide problem and there’s no way to know if the incidents at the DHS intelligence shop have been exploited. But unless that office and the government as a whole does a better job of protecting classified information, it’s just a matter of time before real damage is done to U.S. national security

Chilling Details of the Sony Hack, Reported

Posted on by

These Are the Cyberweapons Used to Hack Sony

MotherBoard: In late November 2014, a mysterious group of hackers calling itself “God’sApstls” sent an ominous and jumbled email to a few high-level Sony Pictures executives.

“The compensation for it, monetary compensation we want,” the hackers wrote. “Pay the damage, or Sony Pictures will be bombarded as a whole.”

The executives at the Hollywood studio, which was about to release the controversial James Franco and Seth Rogen’s comedy The Interview, ignored the email. Just three days later, the hackers’ followed through with their threat and breached the studio’s systems, displaying a message on the computer screen of every employee: “Hacked by #GOP [Guardians of Peace].”

The hackers not only defaced employee’s computers, they then wiped their hard disks, crippling Sony Pictures for weeks, and costing the company $35 million in IT damages, according to its own estimate.

Now, more than a year later, several security researchers are still hunting down the hackers behind the attack, which the FBI officially identified as North Korean government-employed hackers. And despite the fact that the group is apparently still alive and well, a coalition of security researchers believes they can now disrupt them by exposing their extensive malware arsenal.

On Wednesday, a group of companies led by Novetta released a report detailing the Sony hackers’ long history of operations, as well as its large stock of malware. It’s perhaps the most detailed and extensive look at the group behind what might be the most infamous cyberattack ever.

Andre Ludwig, the senior technical director at Novetta Research and Interdiction Group, said that the investigation started from four hashes (values that uniquely identify a file) that the Department of Homeland security published after the attack. With those few identifying strings, and after months of sleuthing, the researchers found 2,000 malware samples, both from online malware portal VirusTotal, as well as from antivirus companies. Of those, they manually reviewed and catalogued 1,000, and were able to identify 45 unique malware strains, revealing that the Sony hackers had an arsenal more sophisticated and varied than previously thought.

The researchers hope that by shedding light on the hackers’ toolkit, the group, which the researchers called “Lazarus Group,” will be forced to adapt, spending resources and time, and perhaps even lose capabilities after antivirus companies and potential targets put up new defenses.

“There is no more shadows to hide in for these tools.”

“If all of a sudden you have antivirus signatures that detect and delete all the group’s arsenal, boom!” Jaime Blasco, the chief scientist at AlienVault Labs and one of the researchers who investigated the Sony hackers, told Motherboard. “They lose access to all the victims’ they got before.”

As Ludwig put it, “there is no more shadows to hide in for these tools.”

As it turns out, the hackers’ arsenal contains not only malware capable of wiping and destroying files on a hard disk like the Sony hack, but also Distributed Denial of Service (DDoS) tools, tools that allow for remotely eavesdropping on a victim’s computer, and more, according to the report. The researchers tracked some of this tools in cyberattacks and espionage operations that go as far as back as 2009, perhaps even 2007, showing the hackers that hit Sony have a long history.

While others suspected this before, Blasco said that nobody demonstrated it as conclusively until now.

Novetta researchers and their partners, which include AlienVault and Kaspersky Lab, don’t get into saying who the hackers really are, but they also don’t question the FBI’s controversial claim that North Korea was behind the attack.

The main reason, LaMontagne explained, is that the new data they found discredits the alternative theories that the hackers were actually a disgruntled former employee or just an independent hacktivist group.

A former Sony system administrator is unlikely to have built more than 45 malware tools in the span of more than seven years, LaMontagne told me. And the same time, he added, it’s also unlikely that a previously unheard of hacktivist group would pop up, claim responsibility for such a high-profile attack, and then disappear.

“They’re extremely motivated, regimented, organized, and they can definitely execute.”

“We have no reason to dispute what the US government and other governments have asserted as the threat being North Korean,” Peter LaMontagne, the CEO of Novetta, told me.

And as it turns out, those hackers have been around for longer than anyone thought—wielding sophisticated weapons. This, according to the researchers, shows the group was much more seasoned than anyone believed.

“Their motivation and operational execution, it’s impressive,” Ludwig said. “They’re extremely motivated, regimented, organized, and they can definitely execute.”

Now that their methods and tools are exposed, however, the researchers hope that they won’t be as effective.

The head-scratcher is sanctions are only for the missile test?

US to present UN sanctions resolution on North Korea

United Nations (United States) (AFP) – The United States will on Thursday present a draft UN resolution toughening sanctions on North Korea after reaching agreement with China on a joint response to Pyongyang’s fourth nuclear test and a rocket launch.

The UN Security Council will meet at 2:00 pm (1900 GMT) to discuss the draft text detailing a new package of measures to punish North Korea, but there will be no immediate vote.

US Ambassador Samantha Power “intends to submit for consideration by the Security Council a draft sanctions resolution in response to the DPRK’s recent nuclear test and subsequent proscribed ballistic missile launch,” US spokesman Kurtis Cooper said, using the abbreviation for North Korea’s formal name.

“We look forward to working with the Council on a strong and comprehensive response to the DPRK’s latest series of tests aimed at advancing their nuclear weapons program.”

UN diplomats said a vote was expected as early as Friday.

European Union: 10 Days to Collapse, $1.4 Trillion Euros

Posted on by

EU has 10 days to see progress on migrant crisis or Schengen unravels: EU commissioner

BRUSSELS (Reuters) – European Union has 10 more days to see significantly lower inflows of migrants and refugees from Turkey “or else there is risk the whole system will completely break down”, EU Migration Commissioner Dimitris Avramopoulos said on Thursday.

Avramopoulos was speaking after the bloc’s justice and home affairs ministers met in Brussels on Thursday in an effort to put a European solution to the crisis in place. A growing number of EU states are resorting to unilateral border tightening, unraveling the continent’s free-travel Schengen zone.

The study estimated that under a worst case scenario, in which the reintroduction of controls at EU borders pushed import prices up three percent, the costs to the bloc’s largest economy Germany could be as much as 235 billion euros between 2016 and 2025, and those to France up to 244 billion.

At a minimum, with import prices rising one percent, the study showed that a breakdown of Schengen would cost the EU roughly 470 billion euros over the next decade.

The cost would climb to 1.4 trillion euros, or roughly 10 percent of annual gross domestic product (GDP) in the 28-member EU bloc, under the more dire scenario.

“If border controls are reinstated within Europe, already weak growth will come under additional pressure,” said Aart De Geus, president of Bertelsmann.

Schengen was established over 30 years ago and now counts 26 members, 22 of which are EU members. But the system of passport-free travel has come under severe pressure over the past half year due to a flood of migrants entering Europe, mainly from the Middle East and Africa.

To stem the tide and to ensure they have an overview of who is entering their territory, many countries within Schengen have reintroduced border controls in recent months, leading to fears the whole system could collapse.

Underscoring the urgency of the issue, Germany’s Interior Minister Thomas de Maiziere told public broadcaster ARD on Sunday that EU member states, which have been squabbling for months over how to tackle the migrant crisis, must agree a common approach within two weeks if they wanted to avoid such a fate.

In addition to being a devastating symbolic setback for Europe, a collapse of Schengen would increase the amount of time it takes for goods to be transported across European borders, raising costs for companies and consumers.

The Bertelsmann study, conducted by Prognos AG, estimated that the minimum costs to Germany and France would be 77 billion euros and 80.5 billion euros, respectively, over the period to 2025.

A collapse of Schengen would also increase costs for countries outside the zone, with the combined burden on the United States and China over the next decade estimated at between 91 billion and 280 billion euros, according to the study.

More here.

*** EU’s migration system close to ‘complete breakdown’

EuroNews: The EU’s migration system is on the point of complete breakdown, according to a top European Commission official.

Dimitris Avramopoulos, the European Commissioner for migration, issued the stark warning after a meeting between EU interior ministers on Thursday.

inRead invented by Teads

“In the next ten days, we need tangible and clear results on the ground, otherwise there is a danger, there is a risk that the whole system will completely break down. There is no time for uncoordinated actions,” he told reporters in Brussels.

A number of EU countries have introduced border checks amid disagreements over how to best handle the huge influx of refugees and migrants into Europe.

Austria irked some EU officials by calling a mini summit with Western Balkan nations – without inviting Greece or Germany

The Austrian government has also set a daily cap on how migrants per day are allowed to enter the country, ignoring a warning from European Commission lawyers

“We have to recover our ability to act – and that will only be possible when the European external border is protected,” said Johanna Mikl-Leitner, the Austrian interior minister.

“If Greece stresses over and over again that it is not possible to protect the Greek border…we have to ask the question if it’s possible that the external border of the Schengen area stays in Greece.”

The Schengen area is a passport-free travel zone including 26 countries, of which 22 are EU member states.

But the migration crisis, which saw more than a million people reach Europe last year, has left some observers to question whether the whole system may be at risk.

The influx of migrants has exposed divisions between EU governments, which are trading accusations of blame and resulting beggar-thy-neighbour policies to tighten border controls.

Belgium became the seventh Schengen member on Wednesday to introduce border checks as it became clear that a court in Lille would order the partial demolition of the infamous Calais ‘Jungle’ refugee camp.

 

U.S. Poised to Take on China Aggressions

Posted on by

The Pentagon Readies Backup Island in Case of Chinese Missile Onslaught

Threat prompts the U.S. military to prepare a fallback option

WiB: The United States can no longer count on its Pacific air bases to be safe from missile attack during a war with China. On the contrary, a 2015 paper from the influential RAND Corporation noted that in the worst case scenario, “larger and accurate attacks sustained over time against a less hardened posture could be devastating, causing large losses of aircraft and prolonged airfield closures.”

Kadena Air Base in Okinawa, due to its relative proximity, would be hardest hit. To up the stakes, China in September 2015 publicly revealed its DF-26 ballistic missile, which can strike Andersen Air Force Base in Guam — nearly 3,000 miles away — from the Chinese mainland. Andersen and Kadena are among the U.S. military’s largest and most important overseas bases.

Enter Tinian. The lush, small island near Guam is emerging as one of the Air Force’s backup landing bases. On Feb. 10, the flying branch announced that it selected Tinian as a divert airfield “in the event access to Andersen Air Force Base, Guam, or other western Pacific locations is limited or denied.”

In the Pentagon’s 2017 budget request, it asked for $9 million to buy 17.5 acres of land “in support of divert activities and exercise intiatives,” the Saipan Tribune reported. In peacetime, the expanded Tinian airfield will host “up to 12 tanker aircraft and associated support personnel for divert operations,” according to the Air Force.

7637127318_661f4e4d60_kAbove — Tinian’s West Field in 1945. At top — Tinian seen from the cockpit of a C-130H. U.S. Air Force photo

Tinian is now a sleepy place.

During World War II, the 4th and 2nd Marine Divisions captured the island, which later based the B-29 Superfortresses Enola Gay and Bockscar which took off from Tinian’s North Field and dropped the atomic bombs on Hiroshima and Nagasaki. An arsenal during the war, most of its airstrips are now abandoned and unused. The island’s other former air base, West Field, is a small, neglected international airport.

The Air Force first wanted Saipan for its airfield. Very close to Tinian, Saipan has 15 times the population, a larger airport and a harbor. But this proposal met opposition from local activists due to the effect on “coral, potable water, local transportation and socioeconomic factors on surrounding communities,” Stars and Stripes reported.

The opposition even included the pro-business Saipan Chamber of Commerce, which worried that Tinian’s rusty airport would miss out on the flood of Pentagon spending. Saipan’s airport is also overcrowded — with locals not happy about the prospect of hundreds of airmen flying in for military exercises lasting up to eight weeks ever year.

In a way, its a return to the past. The United States dispersed air bases to varying degrees — and in different parts of the world — during the Cold War, but as the threat of a Soviet missile attack evaporated and post-Persian Gulf War budget cuts hit hard in the 1990s, the trend shifted toward larger mega-bases that operate on economies of scale.

But dispersed bases are more survivable, RAND’s Alan Vick noted in his 2015 paper:

Dispersing aircraft across many bases creates redundancy in operating surfaces and facilities. This enhances basic safety of flight by providing bases for weather or inflight-emergency diverts. It also increases the number of airfields that adversary forces must monitor and can greatly complicate their targeting problem (in part by raising the prospect that friendly forces might move among several bases).

 

At the least, dispersal (because it increases the ratio of runways to aircraft) forces an attacker to devote considerably more resources to runway attacks than would be the case for a concentrated force. It also greatly increases construction and operating costs to spread aircraft across many major bases. To mitigate these costs, dispersal bases tend to have more-modest facilities and, at times, might be nothing more than airstrips.

Terror Incubation in Europe and U.S.

Posted on by

Israel says Iran building terror network in Europe, US

AP ~ NICOSIA, Cyprus (AP) — Israel’s defense minister on Wednesday accused Iran of building an international terror network that includes “sleeper cells” that are stockpiling arms, intelligence and operatives in order to strike on command in places including Europe and the U.S.

Moshe Yaalon said Iran aims to destabilize the Middle East and other parts of the world and is training, funding and arming “emissaries” to spread a revolution. He said Tehran is the anchor of a “dangerous axis” that includes Baghdad, Damascus, Beirut, Sanaa and other cities in the region.

“The Iranian regime through the Iranian Revolutionary Guard corps is building a complex terror infrastructure including sleeping cells that are stockpiling arms, intelligence and operatives and are ready to act on order including in Europe and America,” Yaalon said after talks with his Cypriot counterpart.

Israel considers Iran the biggest threat to the region, citing its support for anti-Israel militant groups like Hezbollah and Hamas, and has been an outspoken critic of the international nuclear deal with Iran.

The Israeli defense minister offered no direct evidence of such sleeper cells existing in the U.S. or Europe, but referred indirectly to the case of a Hezbollah member who was jailed in Cyprus last June following the seizure of nine tons of a chemical compound that can be converted into an explosive.

A Cypriot court sentenced Lebanese Canadian Hussein Bassam Abdallah to six years in prison after prosecutors said he admitted that Hezbollah aimed to mount terrorist attacks against Israeli interests in Cyprus using the ammonium nitrate that he had been ordered to guard at the Larnaca home of another official of the Iranian-backed group.

Yaalon said Cypriot authorities had “defeated attempts by Hezbollah and Iran to establish a terror infrastructure” on the island that aimed to expand “throughout Europe.”

Yaalon said that apart from the refugee crisis, the war in Syria has resulted in “widespread infiltration by murderous, merciless terror organizations” that belong to global jihad and are partly funded by Iran.

He said that requires western nations to counter attempts to carry out “massive terror attacks.”

Yaalon’s trip to Cyprus was the first official visit by an Israeli defense minister to the east Mediterranean island.

***

Up To 5,000 Islamic State Trained Jihadists Could Be At Large In Europe — Says U.K. Head Of Europol –‘ Islamic State, And/Or, Other Religious Terror Groups,’ Actively Planning Mass Casualty Attack/s Somewhere In Europe 

FC: Robin Wainwright, the British head of Europol, Europe’s International Crime Agency, in an interview with Germany’s Neue Osnabrucker Zeitung newspaper warned that “up to 5,000 jihadists could be at large in Europe, after training with the Islamic State in Iraq and Syria.”  

Justin Huggler, reporting in the February 19, 2016 edition of London’s The Telegraph, writing from Berlin, writes that “Europol estimates the number of EU citizens who have slipped back [into Europe] after training in the Middle East, is between 3,000 – 5,000..  “Europe is currently facing the highest terror threat in more than ten years,” according to Mr. Wainwright.  “We can expect the Islamic State, or other religious terror groups to stage an attack somewhere in Europe — with the aim of achieving mass casualties among the civilian population.”