Sophisticated cyberespionage operation focused on high-profile targets

January 17, 2013 by 3 Comments

Rocra malware programming codeBy JOSEPH FITSANAKIS | intelNews.org |
After Stuxnet and Flame, two computer programs believed to have made cyberespionage history, another super-sophisticated malware has been uncovered, this time targeting classified computer systems of diplomatic missions, energy and nuclear groups. The existence of the malware was publicly announced by Russian-based multi-national computer security firm Kaspersky Lab, which said its researchers had identified it as part of a cyberespionage operation called Rocra, short for Red October in Russian. The company’s report, published on Monday on Securelist, a computer security portal run by Kaspersky Lab, said that the malware has been active for at least six years. During that time, it spread slowly but steadily through infected emails sent to carefully targeted and vetted computer users. The purpose of the virus, which Kaspersky Lab said rivals Flame in complexity, is to extract “geopolitical data which can be used by nation states”. Most of the nearly 300 computers that have so far been found to have been infected belong to government installations, diplomatic missions, research organizations, trade groups, as well as nuclear, energy and aerospace agencies and companies. Interestingly, the majority of these targets appear to be located in Eastern Europe and former Soviet republics in Central Asia. On infected computers located in North America and Western Europe, the Rocra virus specifically targeted Acid Cryptofiler, an encryption program originally developed by the French military, which enjoys widespread use by European Union institutions, as well by executive organs belonging to the North Atlantic Treaty Organization. Read more of this post

About these ads

Filed under A specialized intelligence blog written by experts Tagged with , , , , , , , , ,

Did US spies hack French government computers using Facebook?

November 22, 2012 by 6 Comments

The Palais de l'ÉlyséeBy JOSEPH FITSANAKIS | intelNews.org |
A sophisticated computer virus discovered at the center of the French government’s secure computer network was planted there by the United States, according to unnamed sources inside France’s intelligence community. Paris-based magazine L’Express, France’s version of Time magazine, says in its current issue that the alleged American cyberattack took place shortly before last April’s Presidential elections in France. It resulted in the infection of the entire computer system in the Palais de l’Élysée, which is the official residence of the President of France. The French magazine cites unnamed sources inside the French Network and Information Security Agency (ANSSI), which is responsible for cybersecurity throughout France. The sources claim that the snooping virus allowed its handlers to gain access to the computers of most senior French Presidential aides and advisers during the final weeks of the administration of French President Nicolas Sarkozy, including his Chief of Staff, Xavier Musca. The article claims that the virus used a source code nearly identical to that of Flame, a super-sophisticated version of Stuxnet, the virus unleashed a few years ago against the computer infrastructure of the Iranian nuclear energy program. Many cybersecurity analysts believe that the US and Israel were instrumental in designing both Stuxnet and Flame. IntelNews understands that the alleged virus was initially directed at employees of the Palais de l’Élysée through Facebook. The targets were allegedly befriended by fake Facebook profile accounts handled by the team that operated the virus. The targets were then sent phishing emails that contained links to phony copies of the login page for the Palais de l’Élysée intranet website. Read more of this post

Filed under A specialized intelligence blog written by experts Tagged with , , , , , , , , , , , ,

News you may have missed #771

July 31, 2012 by Leave a comment

Shawn HenryBy IAN ALLEN | intelNews.org |
►►Analysis: Ex FBI official says foreign spies biggest online threat. Former FBI executive assistant director Shawn Henry has warned that the biggest threat online comes not from terrorists or hackers, but from foreign intelligence organizations looking to steal intellectual property. “The threat from computer attack is the most significant threat we face as a society, other than a weapon of mass destruction”, he said in his opening keynote at the Black Hat 2012 conference in Las Vegas. “Everything we do —R&D, intellectual property, and corporate strategies— is stored or transmitted electronically. The DNA of companies is available to bad guys”.
►►Taiwanese officials jailed for espionage. Two Taiwanese former officials have been sent to prison by the Taiwan High Court for leaking state secrets to China. Presidential Office official Wang Ren-bing was jailed for two years after being found guilty of passing confidential information about President Ma Ying-jeou’s May 2008 inauguration to Chinese intelligence operatives. Chen Pin-jen, a former aide of Chinese Nationalist Party (KMT) Legislator Liao Kuo-tung, was sentenced to eight months in prison for delivering the confidential information Wang gave him to China. The two were arrested in 2009.
►►Germany charges suspected Syrian spy. A spokeswoman for federal prosecutors in Germany said Sunday that they have filed charges against suspected Syrian spy Akram O., one of two men arrested on suspicion of having spied on Syrian opposition activists in Germany for several years. The two were arrested in February during a sting operation involving over 70 German counterintelligence operatives, who searched the suspects’ apartments. The spokeswoman said she could not give further details before an official confirmation is issued that the suspect and the defense team have received the indictment.

Filed under A specialized intelligence blog written by experts Tagged with , , , , , , , , , , , , , , , , , , , , ,

News you may have missed #770

July 30, 2012 by Leave a comment

Horn of Africa mapBy TIMOTHY W. COLEMAN | intelNews.org |
►►Kaspersky Lab is ‘thwarting US cyber spies’. According to an article in Wired magazine, Eugene Kaspersky, the CEO of Russia-based Kaspersky Labs has been working to support Russian allies in the Kremlin and the FSB. Kasperksy’s firm first discovered the cyber attack weapon known as Stuxnet. As the profile piece notes, “Kaspersky’s rise is particularly notable —and to some, downright troubling— given his KGB-sponsored training, his tenure as a Soviet intelligence officer, his alliance with Vladimir Putin’s regime, and his deep and ongoing relationship with Russia’s Federal Security Service, or FSB”.
►►Al-Shabaab executes alleged CIA and MI6 assets. Somalia’s largest and most deadly armed Islamist group, al-Shabaab, announced that it had captured and executed at least three informants who were allegedly passing intelligence to the CIA and to MI6. The Associated Press stated that Al-Shabaab’s official Twitter feed stated that the individuals, who were summarily interrogated and then executed by firing squad, “were part of a wide network of spies deployed by the British and American intelligence agencies”.
►►Australian intelligence briefed on Canadian spy. The espionage case against accused Canadian spy, former Sub-Lieutenant Jeffrey Paul Delisle, continues to garner intrigue. As was previously reported on this blog, Delisle, a former navy intelligence officer is accused of spying for Russia. But a report in The National Post states that representatives of Canada’s intelligence service briefed members of Australia’s intelligence services on the Delisle’s case and that information exchanges appear ongoing. The particulars of Australia’s involvement in the case are explained here.

Filed under A specialized intelligence blog written by experts Tagged with , , , , , , , , , , , , , ,

Situation Report: Hacker convention brings out top NSA spy

July 23, 2012 by 2 Comments

DefConBy TIMOTHY W. COLEMAN | intelNews.org |
In less than a week, the 20th annual DefCon Hackers convention will take place in Las Vegas, Nevada. The yearly gathering brings out the good, the bad and the script kiddies alike. Computer security practitioners, cyber-criminals, grey and white hat hackers, law enforcement, and members of both the US intelligence community as well as probably foreign government representatives will be on hand to listen to presentations, see novel techniques, and view new innovative methods for cyber intrusion. DefCon has become a Mecca of sorts for those interested in groundbreaking developments and nefarious possibilities within the computer security and cyber realm. As organizers of the event explain in their call for presentations, “DefCon is all about thinking up cool and new ways to approach everything from the most complex modern technology to hacking grandma’s toaster [...] what attack exploits, defensive techniques, or unique research [have] you have been working on”. The focus is often two-fold “how to break it”, followed by a segment on “how to fix it”. “Spot the Fed” is an ongoing and widely popular contest at the convention. The task of regular attendees is to properly identify plain-clothed members of law enforcement or the intelligence community. As DefCon explains, “if you see some shady MIB (Men in Black) earphone penny loafer sunglass wearing Clint Eastwood to live and die in LA type lurking about, point him out”.

Read more of this post

Filed under A specialized intelligence blog written by experts Tagged with , , , , ,

News you may have missed #763

July 19, 2012 by Leave a comment

RedHack posterBy IAN ALLEN | intelNews.org |
►►Taiwan ex-colonel nabbed for spying for China. Cheng Lin-feng, a retired Lieutenant Colonel in the Taiwanese army, and civilian Tsai Teng-han, were taken in by Taiwanese police last week on suspicion of spying for China. Cheng was allegedly recruited by Chinese intelligence when he travelled to the mainland to do business, Taiwan’s Ministry of National Defense said in a statement, adding that he had been investigated ever since a tip-off in 2009. A court spokesman said that details of case will be held until the investigation is completed.
Russian law brands foreign-funded NGOs ‘foreign agents’. Russia’s Lower House of Parliament has approved a bill that brands non-governmental organizations receiving funding from abroad as “foreign agents”, a law that activists fear the Kremlin will use to target critics. The bill is almost certain to be approved by the Upper House before being signed into law by President Vladimir Putin, who last year accused the US State Department of funding protests against him. The bill is seen by many analysts as setting up a legal infrastructure for a crackdown on the opposition. Meanwhile, official statistics show that wiretapping in the Russian Federation has nearly doubled over the past five years. The main driver of the rise, analysts say, involves the myriad of Russia’s rival security services spying on each other.
►►Turkish hackers release names of police informants. Members of Turkey’s Marxist cyberactivist group RedHack have dumped online a 75-megabyte text file with thousands of emails from Turkish police informants. The group said it released the information in retaliation against ultra-nationalist hackers who have been threatening opposition academics and journalists. RedHack, which has been using ‘defacement hacking’ to promote a Marxist political agenda since its founding, in 1997, is included on the Turkish government’s list of terrorist organizations. In March of this year, RedHack stole data from the Turkish police’s network, forcing the police to shut down all its servers.

Filed under A specialized intelligence blog written by experts Tagged with , , , , , , , , , , , , , , , , , , , , ,

Comment: Who authored computer virus that ‘dwarfs Stuxnet’?

June 6, 2012 by 9 Comments

Flame virus code segmentBy JOSEPH FITSANAKIS | intelNews.org |
When the Stuxnet computer virus was detected, in 2010, it was recognized as the most sophisticated malware ever created. It had been specifically designed to sabotage Siemens industrial software systems, which were used in Iran’s nuclear energy program. Not surprisingly, most Stuxnet-infected computers were in Iran. Now a new, massive and extremely sophisticated piece of malware has been detected in computers belonging to the Iranian National Oil Company and Iran’s Ministry of Petroleum. It is called Flame and, according to antivirus company Kaspersky Lab, which first spotted the virus last week, it is “one of the most complex threats ever discovered”. Simply consider that Stuxnet, which caused unprecedented waves of panic among Iranian cybersecurity experts, was 500 kilobytes in size. Flame is over 20 megabytes in size, consisting of 650,000 lines of code; it is so complex that it is expected to take programming analysts around a decade to fully comprehend. The two are different, of course. Stuxnet was an infrastructure-sabotaging malware, which destroyed hundreds —maybe even thousands—of Iranian nuclear centrifuges. Flame, on the other hand, appears to be an espionage tool: it aims to surreptitiously collect information from infected systems. What connects them is their intended target: Iran. We now have Stuxnet, the most complex sabotaging malware ever discovered, which must have taken dozens of programmers several months to create, and Flame, the world’s most powerful cyberespionage tool ever detected by computer security experts. And both have been primarily directed at Iranian government computers. Read more of this post

Filed under A specialized intelligence blog written by experts Tagged with , , , , , , , , , , ,

News you may have missed #714

April 17, 2012 by Leave a comment

Tjostolv Moland and Joshua FrenchBy IAN ALLEN | intelNews.org |
►►British PM urged to intervene in Congo spy case. The mother of Joshua French, who has dual British and Norwegian nationality, and is facing execution in the Democratic Republic of Congo, has urged British Prime Minister David Cameron to ask Congolese authorities to pardon him. French, and his Norwegian friend Tjostolv Moland, were sentenced to death for murder and spying in the vast central African country in 2009. A prison official claimed in August last year that the pair had tried to escape, but their lawyer denies this.
►►Computers of Syrian activists infected with Trojan. Since the beginning of the year, pro-Syrian-government hackers have steadily escalated the frequency and sophistication of their attacks on Syrian opposition activists. Many of these attacks are carried out through Trojans, which covertly install spying software onto infected computers, as well as phishing attacks which steal YouTube and Facebook login credentials. According to the Electronic Frontier Foundation, the latest surveillance malware comes in the form of an extracting file which is made to look like a PDF if users have their file extensions turned off. The PDF purports to be a document concerning the formation of the leadership council of the Syrian revolution and is delivered via Skype message from a known friend.
►►Report claims Australian government spied on anti-coal activists. The leader of the Australian Greens, Bob Brown, says he is outraged at reports that the Australian Security Intelligence Organisation (ASIO) is spying on mining protesters, and says such action is a misuse of the spy agency’s resources. The revelations were reported in Australian newspapers yesterday, and are based on a Freedom of Information request to the Department of Resources, Energy and Tourism that was reportedly rejected because it involved “an intelligence agency document”. The ASIO says it cannot confirm whether it has conducted surveillance of anti-coal protesters, but it says it does not target particular groups or individuals unless there is a security-related reason to do so.

Filed under A specialized intelligence blog written by experts Tagged with , , , , , , , , , , , , , , , , , , , , , , , , , , , ,

News you may have missed #703: US edition

March 28, 2012 by Leave a comment

NSA headquartersBy IAN ALLEN | intelNews.org |
►►NSA pressed to reveal details on Google deal. The Electronic Privacy Information Center is locking horns with the National Security Agency over a secret deal the agency cut with Google following an attack on Gmail by Chinese hackers in 2010. The information center has filed a Freedom of Information Act request with the NSA to obtain information about the deal. That request was rejected by a federal court and an appeal process continues.
►►US spy agencies can keep data on Americans longer. Until now, the US National Counterterrorism Center had to immediately destroy information about Americans that was already stored in other government databases when there were no clear ties to terrorism. But it will now be able to store information about Americans with no ties to terrorism for up to five years under new Obama administration guidelines. The new rules replace guidelines issued in 2008 and have privacy advocates concerned about the potential for data-mining information on innocent Americans.
►►Islam convert leads CIA’s Counterterrorism Center. Roger, which is the first name of his cover identity, has been chief of the CIA’s Counterterrorism Center for the past six years. Colleagues describe Roger as a collection of contradictions. A chain-smoker who spends countless hours on a treadmill. Notoriously surly yet able to win over enough support from subordinates and bosses to hold on to his job. He presides over a campaign that has killed thousands of Islamist militants and angered millions of Muslims, but he is himself a convert to Islam. His defenders don’t even try to make him sound likable. Instead, they emphasize his operational talents, encyclopedic understanding of the enemy and tireless work ethic.

Filed under A specialized intelligence blog written by experts Tagged with , , , , , , , , , , , , , , , , ,

Spies seen behind fake Facebook profile of senior NATO commander

March 12, 2012 by 6 Comments

James G. StavridisBy JOSEPH FITSANAKIS| intelNews.org |
A Facebook account bearing the name of a senior commander of the North Atlantic Treaty Organization was set up by Chinese spies to siphon information from unsuspecting Western military officials, according to a British newspaper. The London-based Daily Telegraph said in an article that the fake Facebook account was discovered a year ago by NATO counterintelligence officers. It bore the name of United States Admiral James Stavridis, who serves as Supreme Allied Commander in Europe and currently leads the Organization’s mission in Libya. The account was reportedly used to befriend Western military officials, primarily in Britain and other European countries, probably in an attempt to collect personal information found on their personal pages on the popular social networking site. This sort of practice is known as ‘spear phishing’, and consists of messages sent to carefully targeted individuals, seemingly sent from a trusted source. The operation involving Admiral Stavridis appears to have been purposely targeted at high-ranking Western officials, a technique sometimes known as ‘whaling’. The London-based daily says NATO officials have been “reluctant to say publicly who was behind the attack”. But the paper claims it has been told that declassified briefings from NATO point to a series of Internet protocol addresses belonging to Chinese government facilities. Organization officials insist —correctly— that the individuals or government agencies behind the operation to falsify Stavridis’ social networking identity are unlikely to have acquired any actual military secrets. However, the information collected from Western military officials befriended online by Admiral Stavridis’ fake Facebook account could aid the compilation of personal and psychological profiles of these officials produced by foreign intelligence agencies. Read more of this post

Filed under A specialized intelligence blog written by experts Tagged with , , , , , , , , , ,

News you may have missed #691

March 9, 2012 by 1 Comment

Thomas DrakeBy IAN ALLEN| intelNews.org |
►►NSA whistleblower says Obama worse than Bush. Thomas Drake, the whistleblower whom the administration of US President Barack Obama tried and failed to prosecute for leaking information about waste, fraud and abuse at the National Security Agency, now works at an Apple store in Maryland. In an interview with Salon, Drake says the Obama administration is “expanding the secrecy regime far beyond what Bush ever intended”.
►►Australian spies reportedly buying computer bugs. The Australian government is buying computer security weaknesses found by hackers before they are sold on the black market, as part of its defense strategy, according to an Australian security consultant who wishes to remain anonymous. He says while the government won’t admit it, buying vulnerabilities is an obvious part of “gathering intelligence”.
►►Refugees in Finland face spying threats. Foreign governments and groups are carrying out more spying on refugees and dissidents living in Finland, according to SUPO, the country’s security intelligence service. SUPO issued a report last week contending that while the Scandinavian country isn’t seeing an increased threat of terrorist acts on its soil, it still faces several terror-related challenges. One of them is “regular” surveillance activity by foreign intelligence services operating within Finland, whose aim is spy on their home countries’ dissidents and develop links with other refugees and expatriates.

Filed under A specialized intelligence blog written by experts Tagged with , , , , , , , , , , , , , ,

News you may have missed #686

February 27, 2012 by Leave a comment

Folkert Arie van KoutrikBy IAN ALLEN| intelNews.org |
►►WikiLeaks to publish 5 million StatFor emails. In its latest high-profile data dump, WikiLeaks is to reveal five million internal and external emails from StratFor today. In a press release late Sunday, Wikileaks said the emails “show StratFor’s web of informers, pay-off structure, payment-laundering techniques and psychological methods”, and reveal “how StratFor has recruited a global network of informants who are paid via Swiss banks accounts and pre-paid credit cards. Stratfor has a mix of covert and overt informants, which includes government employees, embassy staff and journalists around the world”.
►►Analysis: Blurred line between espionage and truth under Obama. “There is plenty of authorized leaking going on, but this particular boat leaks from the top. Leaks from the decks below, especially ones that might embarrass the administration, have been dealt with very differently [...]. And it’s worth pointing out that the administration’s emphasis on secrecy comes and goes depending on the news. Reporters were immediately and endlessly briefed on the “secret” operation that successfully found and killed Osama bin Laden. And the drone program in Pakistan and Afghanistan comes to light in a very organized and systematic way every time there is a successful mission”.
►►Nazis had spy in MI5 but failed to use him. Dutchman Folkert Arie van Koutrik was the first German agent to ever infiltrate MI5 when he was employed by them in 1940, just a month before Anthony Blunt, who was later exposed as a Soviet spy. Koutrik had already worked for Abwehr, the German secret service, before the war as a double agent with MI6 in Europe and exposed some of the UK’s top agents. But, incredibly, after he moved to the UK and joined MI5 all contact appears to have broken off.

Filed under A specialized intelligence blog written by experts Tagged with , , , , , , , , , , , , , , , , , , ,

News you may have missed #679

February 13, 2012 by Leave a comment

Salem al-HassiBy IAN ALLEN | intelNews.org |
►►New spy chief in Libya. Libya’s ruling National Transitional Council yesterday appointed a lifelong opponent of slain Libyan leader Muammar Gaddafi as the country’s new intelligence chief. Salem al-Hassi, who was involved in a bid to assassinate Gaddafi in 1984, was appointed as the intelligence chief at a meeting of the council.
►►Anonymous hackers release German classified information. Hackers from the group Anonymous said last week they had accessed classified German files and posted them online, revealing details of the country’s military operations in Afghanistan. The military documents were collected for an inquiry, now finished, into a September 2009 airstrike by US jets under German orders that killed more than 140 Taliban fighters and Afghan civilians. Anonymous said it obtained the data from a server at the Bundestag  (German parliament).
►►Did Chinese espionage lead to F-35 delays? Did Chinese cyber spying cause the United States’ F-35 Joint Strike Fighter’s cost spikes and production delays? This is the question being asked by US Pentagon budget officials, according to industry magazine Aviation Week. Chinese spies apparently hacked into secure conference calls and listened to meetings discussing the classified technologies aboard the jets. In particular, China may have stolen info about the F-35’s secure communications and antenna systems, leading to costly software rewrites and other redesigns to compromised parts of the plane.

Filed under A specialized intelligence blog written by experts Tagged with , , , , , , , , , , , , , , , ,

News you may have missed #662: UK edition

January 9, 2012 by Leave a comment

Edward VIII and Wallis Simpson with Adolf HitlerBy IAN ALLEN | intelNews.org |
►►Hacked StratFor info exposes thousands of intel officials. Customer user data obtained from StratFor by Anonymous last month includes the private details of 221 British military officials and 242 NATO staff. Civil servants working at the heart of the UK government —including several in the Cabinet Office as well as advisers to the Joint Intelligence Organisation, which acts as the British Prime Minister’s eyes and ears on sensitive information— have also been exposed.
►►Book claims MI5 tapped phones of King Edward. According to a new biography of Tommy Robertson, who pioneered Britain’s wartime counterintelligence operations, MI5 agents tapped the phones of King Edward VIII and his brother the Duke of York, at the height of the ‘abdication crisis’. Edward VIII was infatuated with –and, in 1936, gave up his throne to marry– American divorcee and socialite Wallis Simpson, who was suspected by many in the British government of having Nazi sympathies.
►►UK spy watchdog wants to stop court disclosure of state secrets. The parliamentary watchdog for Britain’s spies, the Intelligence and Security Committee (ISC), is lobbying the government to introduce sweeping curbs that could prevent UK courts from examining intelligence material. The committee claims that its proposed new powers would ensure that intelligence obtained from foreign agencies, such as the CIA, is never publicly disclosed. This proposal clearly goes back the case of Binyam Mohamed; he was detained in Pakistan, where he was questioned by MI5, and eventually ended up in Guantánamo Bay, where he says he was tortured. In late 2009, British courts clashed with David Miliband, the then foreign secretary, over the publication of a summary of US intelligence material relating to Mohamed.

Filed under A specialized intelligence blog written by experts Tagged with , , , , , , , , , , , , , , , , , , ,

Did cell phone companies help India spy on the United States?

January 9, 2012 by Leave a comment

Page from the Lords of Dharamraja document leakBy JOSEPH FITSANAKIS | intelNews.org |
Leaked documents acquired by a computer hacker collective appear to show that international cell phone manufacturers helped Indian intelligence agencies spy on the United States, in return for access to the Indian cellular phone market. The documents, which are written in English, were posted online on Saturday by a group of Indian hackers calling themselves Lords of Dharamraja. In a statement, the group said they obtained the documents by breaking into the computer servers of Indian Military Intelligence, after managing to acquire the source code of Symantec Corporation, makers of Norton antivirus software. According to the documents, the companies arm-twisted to assist Indian intelligence agencies to spy on the US included Apple, Nokia, and Research in Motion, the company that builds BlackBerry devices. The documents also appear to show that Indian intelligence agencies were particularly eager to spy on the United States-China Economic and Security Review Commission. Established by the US Congress in 2000, the Commission is tasked with researching and reporting on the national security implications of bilateral trade between the US and China. Allegedly, the cellular telephone makers provided Indian intelligence agencies with backdoor access to personal phones used by Commission members. These back doors allegedly allowed the Indian Military Intelligence Directorate and India’s Central Bureau of Investigation to spy on Commission members beginning in April of 2011. Read more of this post

Filed under A specialized intelligence blog written by experts Tagged with , , , , , , , , , , , , , , , , , , ,

Older posts

Follow

Get every new post delivered to your Inbox.

Join 273 other followers