The Department of Homeland Security (DHS), Federal Bureau of Investigation (FBI), and the United Kingdom’s (UK) National Cyber Security Centre (NCSC) released a joint Technical Alert (TA) about malicious cyber activity carried out by the Russian Government. The U.S. Government refers to malicious cyber activity by the Russian government as GRIZZLY STEPPE.
NCCIC encourages users and administrators to review the GRIZZLY STEPPE – Russian Malicious Cyber Activity page, which links to TA18-106A – Russian State-Sponsored Cyber Actors Targeting Network Infrastructure Devices, for more information.
***
photo
Senator Tom Cotton: Our nation’s communications networks benefit us in ways unimaginable at the start of the digital age. But a potential danger lurks: hidden “backdoors” in network equipment. A hostile foreign power could use these backdoors to spy on Americans or attack our critical infrastructure by injecting viruses or launching denial-of-service attacks. These backdoors can be designed into routers, switches, and virtually any other type of telecommunications equipment that, together, make up our networks.
This highlights the importance of our networks’ supply chain—that is, the process by which telecommunications equipment is manufactured, sold, distributed, and installed. Whether the threat involves hacking into our nation’s communications networks or conducting industrial or political espionage at the behest of a foreign government, the integrity of the supply chain has worried U.S. government officials for years.
In 2012, the House Permanent Select Committee on Intelligence released a bipartisan report on the national security threats posed by certain foreign manufacturers. This past year, Congress barred the Department of Defense from buying certain equipment and services from Chinese companies Huawei and ZTE on account of concerns about those companies’ connections to that country’s government. And Congress recently banned all federal agencies from using products or services made by Kaspersky Lab, a company with alleged ties to the Russian government.
We’re committed to protecting our national security, and this proposal is a prudent step to accomplish that goal.
But the supply-chain threat persists. Just this February, FBI Director Christopher Wray testified about “the risks of allowing any company or entity that is beholden to foreign governments that don’t share our values to gain positions of power inside our telecommunications networks.” These risks include the ability to “maliciously modify or steal information” and “conduct undetected espionage.” As the supply chain for our networks increasingly stretches beyond U.S. borders, this danger has become all too real.
Given the national security risks, we believe it’s time for more concerted federal action. Among other things, that means making sure that our government doesn’t make the problem worse by spending the American people’s money on products and services from any company that poses a national security threat to our communications networks.
The Federal Communications Commission is a good place to start. It regulates America’s communications networks. And it administers the Universal Service Fund, an almost $9 billion-per-year program designed to ensure that all Americans have access to phone and broadband services. The money in the Fund comes from fees paid by the American people on their phone bills. About $4.7 billion annually is spent expanding high-speed Internet access in rural communities; $2.7 billion helps connect schools and libraries to the Internet; $1.3 billion assists in making phone and broadband services more affordable to low-income Americans; and about $300 million supports communications services for rural health-care facilities. These are important programs. But there’s no reason one dime of this funding should go to suppliers that raise national security concerns. There are plenty of other providers we can use to help bridge the digital divide.
That’s why the FCC will vote on April 17 on Chairman Pai’s recent proposal to bar the use of universal service funding to buy equipment or services from any company that poses a national security threat to the integrity of our communications networks or the communications supply chain. If approved, the proposal would also seek public input on how we should identify suspect firms and which types of telecommunications equipment or services should fall within the prohibition. Everyone concerned about this issue will have a chance to weigh in.
Bottom line: We’re committed to protecting our national security, and this proposal is a prudent step to accomplish that goal. The FCC, Congress, and all government agencies must work together to safeguard the integrity of our communications supply chain. We strongly urge the full Commission to approve this proposal and for other agencies to follow the lead.
Category Archives: Whistleblower
Russia Blames the White Helmets for the Chemical Attacks
Really Moscow? Exactly how much aid and assistance has the Russian forces provided to the dying innocent Syrians? None. Who are the White Helmets?
Then there are those that believe Assad and Putin when they say that had nothing to do with the chemical attacks….hummm What is the real issue here? Diplomatic relationships….Exactly how many rebel groups have barrel bombs, helicopters and full protection of laboratories to manufacture chlorine and nerve agent gasses? It is called Agent 15 or 3-Quinuclidinyl benzilate. For a detailed timeline, go here.
*** 
photo
After a Syrian photographer found parts made by German company the Krempel Group in the remains of Iranian-produced chemical rockets that gassed Syrian civilians in January and February, the firm rejected on Wednesday new US warnings about the dangers of conducting business with the Islamic Republic.
“There continue to be ongoing risks with doing business there, because the Iranians have not reformed their system,” Sigal Mandelker, the US under secretary of the Treasury for terrorism and financial intelligence, said on Tuesday.
Mandelker, speaking in London, said Tehran was financing Hezbollah, Hamas and Syrian President Bashar Assad.
There is no transparency in the Iranian banking system, she said. “The onus of responsibility lies in Iran and we’re going to continue to highlight the risks of doing business there, because they haven’t taken the actions that they have promised they would take,” she said.
When asked whether it had ignored US warnings, Krempel told The Jerusalem Post on Wednesday it has continued business deals with Iran, but “Krempel GmbH complies strictly with legal guidelines. In unclear situations, we seek legal advice and apply corresponding measures in order to remain in compliance.”
Krempel added that it now “delivers a different pressspan (also not a dual-use good) exclusively to a manufacturer (OEM) [Original Equipment Manufacturer] in Iran because we can know the end usage.”
A presspan is an insulating material with a cellulose base that can be used in motors. Dual-use goods can be used for both military and civilian purposes, and what items come under this rubric is subject to dispute.
Green Party politician Volker Beck told the Post that “Germany has apparently in the past allowed the delivery of dual-use goods to Iran. That is completely unacceptable. One cannot stress the ‘special relationship’ with Israel and at the same time deliver material for Iranian rockets that threaten Israel’s existence.
“The victims of the Assad regime are paying the price for this mistake,” Beck added.
The Krempel Group, located near the southern city of Stuttgart, sold electronic press boards to Iranian companies that were used in the production of Iranian rockets. The press boards are frequently inserted in motors.
Assad regime forces fired the Iranian missiles containing Krempel material, resulting in the severe gassing of 21 adults and children.
Krempel added in its statement to the Post that the company halted business relations with the two buyers in Tehran, who were involved in delivering the Krempel material for the chemical weapons attacks in Syria. The firm said it terminated business with the two men who operate companies in Tehran’s Grand Bazaar because it cannot influence the use of its products in that market.
The two former Krempel business partners are Reza Moghaddam Panah and Mahmood Hasan Darvish Commerce. Krempel had $184,000 in annual sales to the Iranian companies.
The German firm operates a distribution center called Krempel Insulation Technologies, LP, in Deerfield, Michigan.
KREMPEL’S DECISION to continue business with Iran prompted criticism from Julie Lenarz, a senior fellow at the Israel Project.
She told the Post that “on Saturday, harrowing footage of children foaming at the mouth, dying in agony from exposure to chemical weapons, flashed across our television screens again. If our politicians want to move beyond empty mantras of condemnation, they can start by punishing the protectors of the murderous Assad regime.
“Since the nuclear accord was signed with Iran in 2015, European countries and companies have flocked to Tehran for lucrative business deals. The consequences have been grim. Material sold by Krempel was caught in Iranian chemical rockets deployed against Syrians civilians. And yet the company refuses to stop trading with Iran, hiding behind smug legal truisms,” Lenarz said.
She added that “no company with a robust ethical code, nor any country with a moral compass intact, could possibly regard Iran as a legitimate business partner. The Islamic Republic is the No. 1 state sponsor of terror. The greatest threat to stability in the Middle East. A brutal occupier abroad, and a repressive theocracy at home.”
The Krempel Group describes itself on its website as “an independent manufacturer of high quality semi-finished products and a leading global system supplier of modern materials. Our electrical insulations, composites, solar and electronic materials, as well as special laminates, enjoy an excellent reputation worldwide and we are global market leaders in many of these sectors.”
When asked about Krempel and German companies conducting dual-use business with Iran, Christiane Fuckerer, a spokeswoman for Federal Office for Economic Affairs and Export Control – BAFA, said she could not provide such information by press time.
Beate Baron, a spokeswoman for Germany’s Federal Ministry for Economic Affairs and Energy, which oversees BAFA, declined to answer a Post media query.
BAFA said in February that Krempel’s Presss pan PSP 3040, the material used in Iranian chemical rockets, is not classified as dual-use merchandise.
German exports to Iran increased in 2017 by 19%, with a total value of just under €2.4 billion. The Post reported in 2017 that numerous German intelligence agencies reported that Iran sought chemical and biological weapon technology in the Federal Republic.
German Chancellor Angela Merkel said she was “shocked’ about Saturday’s chemical attack in Syria and the repeated use of poison gas in the country.
*** Anyone remember the report of North Korea assisting Assad with chemical weapons?
In part: North Korea has been sending equipment to Syria that could be used in the manufacturing of chemical weapons, according to a New York Times report citing United Nations experts.
The UN spokesman also said that shelling between rebels and Government forces in Syria had not stopped, despite a UN-ordered ceasefire, and it was not safe for relief crews to get humanitarian and medical aid into Eastern Ghouta and other parts of war-ravaged Syria.
Syrian President Bashar al-Assad agreed to destroy his country’s chemical weapons in 2013.
However, United States officials reportedly believe Mr Assad has secretly kept part of the chemical weapons stockpile and might have continued evolving Syria’s arsenal.
Myanmar also receiving arms, reports say
The news of North Korea’s possible assistance with Syria’s chemical weapons program comes after reports that Myanmar had been receiving ballistic missile technology and weapons from North Korea.
Myanmar’s Government has denied having any military ties with North Korea.
But earlier this month another confidential UN report, sighted by Reuters, suggested one unnamed country reported it had evidence that Myanmar received ballistic missile systems from North Korea, along with conventional weapons, including multiple rocket launchers and surface-to-air missiles.
Myanmar’s UN ambassador Hau Do Suan responded to the claims, stating the Myanmar Government “has no ongoing arms relationship, whatsoever, with North Korea” and is abiding by the UN Security Council resolutions.
It is believed that North Korea earned upwards of $200 million from banned exports in 2017 alone.
The Fiery Security Council Speeches on Syria Chemical Weapons
President Trump said the United States would respond within 24-48 hours. Secretary of Defense Mattis said nothing was off the table, so there goes the USS Donald Cook.
The Arleigh Burke-class guided-missile destroyer USS Donald Cook (DDG 75) departed Larnaca, Cyprus, April 9, 2018, after completing a scheduled port visit. The ship’s presence in the Mediterranean is a demonstration of our continued commitment to regional security. U.S. 6th Fleet, headquartered in Naples, Italy, conducts the full spectrum of joint and naval operations, often in concert with allied and interagency partners, in order to advance U.S. national interests and security and stability in Europe and Africa.
The US and Russia have traded barbs at a UN Security Council meeting on the alleged chemical attack in Syria.
Russian envoy Vassily Nebenzia said the incident in Douma was staged and that US military action in response could have “grave repercussions”.
US Ambassador Nikki Haley said Russia had the “blood of Syrian children” on its hands.
Earlier, the UN human rights chief said world powers were treating chemical weapons use with a “collective shrug”.
US President Donald Trump has said “major decisions” on Syria will be made in the next two days.
Ms Haley said that if the UN Security Council acts or not, “either way, the United States will respond”.
Washington has not ruled out military strikes. In April last year, the US fired cruise missiles at a Syrian airbase after a Sarin attack on the opposition-held town of Khan Sheikhoun killed more than 80 people. More here.
***
The information, based on data from seven sources, shows that the Syrian government is responsible for the majority of 85 confirmed chemical weapon attacks. The data also show that the Syrian government has been largely undeterred by the efforts of the United Nations Security Council, the international Organisation for the Prohibition of Chemical Weapons (OPCW), and unilateral action by individual countries to enforce the prohibition on Syria’s use of chemical weapons.
“In Syria, the government is using chemical weapons that are banned the world over without paying any price,” said Lama Fakih, deputy Middle East director at Human Rights Watch. “One year after the horrific sarin attack on Khan Sheikhoun, neither the UN Security Council nor the Organisation for the Prohibition of Chemical Weapons has acted to uphold the prohibition against chemical weapon attacks.”
U.S. military planners have drawn up more than one option for possible military action against Syria, including a strike similar to last year’s attack in which 59 sea-launched cruise missiles inflicted heavy damage on a Syrian Air Force airfield in Homs.
Pentagon officials, speaking on condition of anonymity, said the options now are similar to those presented to President Trump after last year’s chemical attack in northern Syria that killed and injured hundreds of civilians, including women and children.
But officials said the president could decide to choose a more robust option this time, given that Syrian President Bashar Assad didn’t seem to get the message last time.
“While the process of drawing up and presenting the options are similar to last year, I wouldn’t look at this through a soda straw,” said one official familiar with the planning. “It’s up to the president to decide how to respond. It’s up to us to provide the options.”
A Navy source said the U.S. has a number of ships armed with Tomahawk cruise missiles in the region, including the USS Donald Cook, a guided-missile destroyer that has just completed a port call in Cyprus, and got underway in the eastern Mediterranean within range of Syria Monday. More here.
What the Heck? Dept of Interior has Rookie IT People or What?
Is this a joke? Those computers had/have malware installed that was never detected even after that major OPM hack that forced the mainframes to communicate with Russia…..yes RUSSIA. So, here comes that Inspector General audit report. We are bleeding data, even classified data….So we have tech companies and social media operations that are not protecting or safeguarding our data, now for sure we have government that cant do it either…..
There was a hearing though…..ahem
In part from the audit report: This memorandum transmits the findings of our evaluation of the U.S . Departmentof the Interior’ s incident response program. We found that the Office of the ChiefInformation Officer had not fully implemented the capabilities recommended byNational Institute for Standards and Technology (NIST) in its incident detectionand response program.We make 23 recommendations to help the Department improve its incident responseprogram , so it can promptly detect and full y contain cyber threats to maintain theavailability, confidentiality, and integrity of Department and bureau computersystems and data.In response to our draft report, the Department concurred with all recommendationsand provided target dates and officials responsible for implementation.We consider all 23 recommendations resolved but not implemented.We will forward the recommendations to the Office of Policy, Management andBudget for tracking and implementation. We understand that some of these recommendations may require significant investment in cyber security infrastructureas well as the recruitment of additional staff, but the intended timeframe to implementthese recommendations remains a concern.Five recommendations will not be addressed for more than 5 years, and four recommendations will not be addressed for more than 3 years.In the interim, the Department should consider additional temporary or partial solutions.
Specifically, we found that the Department:
• Was not fully prepared to respond to incidents
• Did not promptly detect or fully analyze security incidents
• Did not fully contain or completely eradicate active cyber threats
• Did not continuously improve its incident response capabilities by
learning from prior incidents
Three years after Chinese hackers stole security clearance files and other sensitive personal information of some 22 million U.S. federal employees, cyber-defenses at the Department of Interior, which hosted White House Office of Personnel Management (OPM) servers targeted in the theft, were still unable to detect “some of the most basic threats” inside Interior’s computer networks — including malware actively trying to make contact with Russia.
In a 16-month examination of Interior’s ability to detect and respond to cyber-threats, evaluators from the department’s Office of Inspector General (OIG) also discovered that Interior’s technicians simply did not implement a sweeping array of mandatory, government-wide defensive measures ordered up after the disastrous OPM hack, didn’t investigate blocked intrusion attempts, and left “multiple” compromised computers on their network “for months at a time,” according to a redacted OIG report issued in March.
Ultra-sensitive security clearance files have since been moved to the Defense Department, but, among other things, the OIG report noted that:
● sensitive data at Interior could be taken out of the department’s networks “without detection.”
● network logs showed that a computer at the U.S. Geological Survey, an Interior bureau, was regularly trying to communicate with computers in Russia. The messages were blocked, but “the USGS facilities staff did not analyze the alerts.”
● dangerous or inappropriate behavior by network users — including the downloading of pornography and watching pirated videos on Russian and Ukrainian websites — was not investigated.
● computers discovered to be infected with malware were scrubbed as soon as possible and put back into use—meaning little or no effort went into examining the scope and nature of any such threats to the broader network. This happened, the OIG team noted, with one intruder they discovered themselves.
● simulated intrusions or ransomware attacks created by the examiners were carried out with increasing blatancy without a response—in the case of ransomware, for nearly a month
● After the devastating OPM hack, which was discovered in April 2015, the department didn’t even publish a lessons-learned plan for its staffers based on the disaster. The OIG inspectors reported that Interior started to draft an “incident response plan” that month to deal with future intrusions, but “did not publish it until August 2017”— two months after the OIG team had finished their lengthy fieldwork.
● Distressingly, the report also notes that the department’s cybersecurity operations team was not privy to a list of Interior’s so-called “high-value IT assets” prepared by the Chief Information Officer, “due to its sensitive nature.” More here.
Go Facebook Go and Take Android with You
Primer: Amendment IV
The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized. Does this only apply to the Federal government or State government?
Humm read on….
The Mark Zuckerberg apology tour continues. There was the 87 million compromised accounts where privacy was ignored. Then there was the fact that Facebook employees track communications in the private message feature. But why would Facebook contact hospitals asking for patient information? Sheesh, really?
Facebook asked hospitals for anonymized data about their patients for a proposed research project, CNBC reported on Thursday.
The social media platform reportedly intended to compare the data, which included prescription information and illnesses, with its own data that it collected from users, in order to flag users that may need hospital care.
The proposal was paused after Facebook revealed that Cambridge Analytica improperly took data from 50 million of its users’ profiles, and reportedly never made it beyond initial planning stages.
“This work has not progressed past the planning phase, and we have not received, shared, or analyzed anyone’s data,” a Facebook spokesperson told CNBC.
The social media company discussed its plan with organizations including Stanford Medical School and American College of Cardiology.
The data the company would have collected would have been completely anonymous and only available for medical research, according to the report.
Cathleen Gates, the interim CEO of the American College of Cardiology, said in a statement provided to CNBC that Facebook’s proposed data project could help medical research.
“As part of its mission to transform cardiovascular care and improve heart health, the American College of Cardiology has been engaged in discussions with Facebook around the use of anonymized Facebook data, coupled with anonymized ACC data, to further scientific research on the ways social media can aid in the prevention and treatment of heart disease—the #1 cause of death in the world,” she said.
News of the proposed medical data collection comes amid scrutiny over how a British research firm hired by the Trump campaign, Cambridge Analytica, improperly took user data through Facebook.
Controversy over matter has sparked an outcry about Facebook’s data collection and privacy practices.
Lawmakers have been particularly vocal on the issue. Facebook CEO Mark Zuckerberg is set to testify before them on Capitol Hill in hearing on Tuesday and Wednesday during Senate and House hearings about data privacy.
*** Gonna be some interesting hearings on The Hill right? Perhaps Android should be included….
A software developer — who didn’t want to be identified — told News.com.au the social media giant should be the least of our worries, saying Android apps available on Google Play are often “saturated by spyware.”
“Google has given apps a wide open ‘side-door’ to collect personal info to all apps if users simply download and accept the listed permissions,” he said. “Of course, if you notice, the permissions are actually hard to find and Google downplays what they can do.”
He pointed to third-party keyboards as an example.
“Third-party keyboards not only have access to all dangerous permissions, but they also have access to all keystrokes — including account names and passwords,” he said.
We’ve already seen evidence of this blowing up in recent months.
In December, the popular virtual keyboard app AI.type leaked the personal data of over 31 million customers online.
Security researchers at the Kromtech Security Center said the server wasn’t password-protected, allowing anyone to access the company’s massive database.
The app stated that any text entered on its keyboard stays “encrypted and private.”
But researchers found users must allow “Full Access” to all of their data stored on the iPhone, including all keyboard data.
This meant the app would theoretically have access to all your secure usernames and passwords.
“If you look at all the top Android keyboards and look at their requested permissions, it is alarming,” the developer said. “They often can run at start-up, prevent the device from sleeping, and have access to an extensive amount of a user’s personal data.
“They can send encrypted data anywhere in the world without scrutiny.”
A ZDNet investigation into AI.type found the company kept complete records on the device’s IMSI and IMEI number, the device’s make and model, its screen resolution, and the device’s specific Android version.
It also included the user’s phone number, the name of their mobile phone provider, and in some cases their IP address and internet provider.
As the app developer said, third-party keyboards can access the highest level of Android permissions, including personal data like passwords and credit card numbers.
According to ZDNet, one table contained more than 8.6 million entries of text that had been entered using the keyboard, which included phone numbers, email addresses and corresponding passwords, and web search terms.
It found that — for apps that contained a paid and free version, the latter was more concerning; a free version would be more likely to collect data than the paid, which the company would use to monetize with advertising.
“Other keyboards have also been found to have been collecting unsettling data, while none have been removed from Google Play,” he said.
Both the free and paid versions of AI.type are still available on Google Play.
“What is most disturbing to me is that Google apparently blindly ignores this problem, and has built in this open ‘side door’ to facilitate their won apps that collect lots of data on us. If they shut this down, they would shut down their own intrusive apps.”
‘Trading privacy for profits’
Cybersecurity expert, professor Nigel Phair, from the University of Canberra in Australia, shared several of these concerns.
He said it’s surprisingly difficult to log out of a Google service, which explains how they can store your data consecutively over many years.
“What concerns me most is that we’re not making informed decisions,” he told News.com.au. “We get free email, free apps, free directions … but people aren’t consciously making informed consent. It’s not just Google. Apple [does] the same thing.”
But he said Android users were particularly at risk. “If you go into the Facebook app on your Android device and look at the permissions, it’s broader than that of Apple devices, and can include text messages and phone calls. Android is a completely uncurated, open-sourced platform.”
This explains why Android phones were the subject of Facebook’s recent phone-scraping scandal.
So how is it that apps logging your keyboard entries and other data haven’t been shut down yet?
Phair stressed that it comes down to the open permissions laid out in the terms and conditions — which, let’s face it, very few people read. The sheer impracticality of doing so may well be the apps’ strategy.
“There’s nothing illegal about collecting data,” said Phair. “Take Facebook. By signing up, you’re basically agreeing to the terms and conditions, which are basically ‘we can do whatever we want with your data.’ That’s the get-out-of-jail-free card. If you’re going to use our servers, we’re going to collect and sell your data to third-party affiliates.”
In a recent interview, Facebook chief executive Mark Zuckerberg said Facebook’s current problems were partly because the company was so focused on connecting people during its first decade and that it didn’t pay enough attention to potential consequences around privacy.
Last week, technical consultant and web developer Dylan Curran posted a thread on Google and Facebook’s data storing that quickly went viral.
Curran posted photos of the personal data collected by Google (which users are able to download). The file was 5.5 gigabytes — the equivalent of about three million Word documents.
He said it included “every email I’ve ever sent, that’s been sent to me, including the ones I deleted or were categorized as spam.”
“Every image I’ve ever searched for and saved, every location I’ve searched for or clicked on, every news article I’ve ever searched for or read, and EVERY SINGLE Google search I’ve made since 2009.”
He found Google was storing his location every time he turned on his phone, his search history (even if he deleted this), every app and extension he used, his YouTube history, calendar, hangout sessions and the music he listened to.
Spooky stuff.
INDEED!
