Russian hackers accessed Obama’s email correspondence

Computer hackers believed to be connected to the Russian government were able to access emails belonging to the president of the United States, according to American officials briefed about the ensuing investigation. The cyberattack on the White House was announced by American government officials in October of last year, soon after it was discovered by security experts. But The New York Times said on Saturday that the hacking was far more intrusive than had been publicly acknowledged and that the information breach resulting from it was “worrisome”. The paper said that the individuals behind the cyberattack were “presumed to be linked to the Russian government, if not working for it”. It also quoted one unnamed senior US official, who said that the group that perpetrated the hacking was “one of the most sophisticated actors we’ve seen”.

Little concrete information has emerged on the hacking, but it appears to have started with attempts to compromise computers at the US Department of State. As CNN reported earlier this month, the hackers essentially managed to take control of the State Department’s declassified computer network and exploit it for several months. In most American government departments, senior officials operate at least two computers in their offices. One is connected to the government’s secure network used for classified communications; the other is used to communicate unclassified information to the outside world. In theory, those two systems are supposed to be separate. However, it is common knowledge that the publicly linked computers often contain sensitive or even classified information. It is this unclassified part of the network that the alleged Russian hackers were able to access, in both the State Department and the White House.

According to The Times, by gaining access to the email accounts of senior US government officials, the hackers were able to read unclassified emails sent or received by, among others, President Barack Obama. The US president’s own unclassified account does not appear to have been breached, said the paper, nor were the hackers able to access the highly classified server that carries the president’s mobile telephone traffic. Nevertheless, the operation to remove monitoring files placed in US government servers by the hackers continues to this day, and some believe that the presence of the intruders has yet to be fully eradicated from the system. The Times contacted the US National Security Council about the issue, but was told by its spokeswoman, Bernadette Meehan, that the Council would “decline to comment”. The White House also declined to provide further information on the incident and the ensuing investigation.

News you may have missed #891

Edward SnowdenBy IAN ALLEN |
►►Sophisticated malware found in 10 countries ‘came from Lebanon’. An Israeli-based computer security firm has discovered a computer spying campaign that it said “likely” originated with a government agency or political group in Lebanon, underscoring how far the capability for sophisticated computer espionage is spreading beyond the world’s top powers. Researchers ruled out any financial motive for the effort that targeted telecommunications and networking companies, military contractors, media organizations and other institutions in Lebanon, Israel, Turkey and seven other countries. The campaign dates back at least three years and allegedly deploys hand-crafted software with some of the hallmarks of state-sponsored computer espionage.
►►Canada’s spy watchdog struggles to keep tabs on agencies. The Security Intelligence Review Committee (SIRC), which monitors Canada’s intelligence agencies, said continued vacancies on its board, the inability to investigate spy operations with other agencies, and delays in intelligence agencies providing required information are “key risks” to its mandate. As a result, SIRC said it can review only a “small number” of intelligence operations each year.
►►Analysis: After Snowden NSA faces recruitment challenge. This year, the NSA needs to find 1,600 recruits. Hundreds of them must come from highly specialized fields like computer science and mathematics. So far the agency has been successful. But with its popularity down, and pay from wealthy Silicon Valley companies way up, Agency officials concede that recruitment is a worry.

After China, Russia may ban some Apple products, fearing espionage

Russian State DumaBy JOSEPH FITSANAKIS |
Parliamentarians in Russia are preparing a bill that would prevent lawmakers from using several Apple products, including iPhones and iPads, due to fears that they are susceptible to penetration by foreign intelligence agencies. A group of lawmakers in the State Duma, the lower house of the Federal Assembly of Russia, have drafted the bill, which argues that State Duma deputies with access to confidential or classified government information should be banned from using iPhones and iPads, among other Apple products. One deputy, Dmitry Gorovtsov, from the center-left Just Russia party, said parliamentarians should simply “switch to simple mobile phones”, preferably produced by Russian manufacturers, and should use them “only for phone calls”. Last month, the Russian Ministry of Defense stepped in to deny media reports that it was about to ban Apple products. The denial came in response to a leading article in mass circulation daily Izvestia, which cited an unnamed Defense Ministry employee as saying that the Russian armed forces were about to ban the use of iPhones by all servicemen. The article claimed the move was designed to stop “information leaks”. But a Russian Ministry of Defense spokesman, Major General Igor Konashenkov, told a press conference that the Russian armed forces had no plans to ban “the mobile devices of a certain manufacturer”. The news from Russia comes a just months after authorities in China announced the removal of some Apple products from a government procurement list, reportedly because of fears that they were susceptible to electronic espionage by the United States. As intelNews reported at the time, nearly a dozen Apple products were removed from the Chinese government list; they included the iPad and iPad Mini, as well as MacBook Air and MacBook Pro products —though interestingly the inventory of removed items did not include Apple smartphone products. The Russian State Duma initiative to ban some Apple products has already been approved by a security-related committee and has now been forwarded to the Duma Council. The latter will consider the bill for approval, before sending it to a plenary session on the floor of the Duma for discussion. The process is expected to take up to two weeks.

Malware targeting ex-Soviet states has Russian hallmarks

Turla trojan operational diagramBy IAN ALLEN |
A malicious software that has infiltrated the computer systems of dozens of embassies belonging to former Eastern Bloc nations “has all the hallmarks of a nation-state” cyberespionage operation, according to researchers. Security firm Symantec said last week that the malware appears to be specifically targeting embassies of former communist nations located in China, Jordan, as well as in locations across Western Europe. In a report published on its website, Symantec said “only a nation state” was likely to have the funds and technical resources to create a malware of such complexity. Additionally, the malware seems to be designed “to go after explicit government networks that are not easy to find”, according to Symantec senior security researcher Vikram Thakur. The infiltration appears to occur in two stages. In the first stage, a computer is infected with a reconnaissance program, known as Wipbot. The initial infection usually occurs through a directed phishing attack or via a compromised website. The Wipbot then conducts an initial exploration of the infected system, collecting vital information about its identity, structure and contents. It then proceeds to compromise it only if it matches a specific Internet address that it is looking for. If a match is confirmed, the Wipbot then invites a second program into the compromised system, whose task is to expropriate data and exfiltrate it in batches that are camouflaged as Internet browser requests. Symantec researchers say that the technical similarities between the two programs are sufficient to justify the view that they were designed and developed by programmers working for the same government agency. Thakur said the structure of the malware is particularly creative; it uses Wipbot as an initial reconnaissance tool before delivering the exfiltration program if it judges that the compromised system is of high enough interest. The Symantec report adds that the malware in question is part of a four-year-long series of cyberespionage attacks that have systematically targeted government facilities belonging to former Communist Bloc states. In May of 2012, a similar malware was found to have infiltrated over 60 different computer systems belonging to a former Soviet Republic, including the office of the Prime Minister. A closely linked attack targeted another former communist state’s embassy in Paris, France, as well as its foreign and internal affairs ministries. The Symantec research points out that many of the malicious program’s core components were compiled in the UTC+4 time zone, which includes Russian cities such as Moscow and St. Petersburg.

China stops using some Apple products, fearing US espionage

By JOSEPH FITSANAKIS | intelNews.orgApple offices in China
Authorities in China have removed Apple products from a government procurement list because of fears that they are susceptible to electronic espionage by the United States. Citing “government officials familiar with the matter”, Bloomberg News said on Wednesday that 10 Apple products have been removed from the list, including the iPad and iPad Mini, as well as MacBook Air and MacBook Pro products —though interestingly the inventory of removed items does not include Apple smartphone products. The procurement list is produced several times a year by China’s Ministry of Finance and the National Commission for Development and Reform. It specifies the types of products that can be purchased with public funds by all central departments of the Communist Party of China, as well as by all state and local government ministries. The surprise removal of Apple products from the list follows a report aired by Beijing’s state-owned China Central Television in July, which claimed that security weaknesses in Apple software could cause the theft of sensitive state secrets. Apple vigorously rejected the claims made in the television report. The action by the Chinese government is the latest move in a tit-for-tat cyberespionage war between Washington and Beijing, which began in 2013, when American defector Edward Snowden began leaking US intelligence secrets. In June of that year, it was revealed that the US National Security Agency (NSA) has been engaged in protracted offensive cyberespionage operations against China for nearly 15 years. Almost a year later, the US Department of Justice charged a group of Chinese military officers with stealing American trade secrets through cyberespionage. Apple is not the first American technology firm to be hit with removals of its products from the Chinese government’s procurement list. Read more of this post

UK spy agency sued by Internet providers over malware attacks

GCHQ center in Cheltenham, EnglandBy JOSEPH FITSANAKIS |
A group of Internet service providers from North America, Europe, Asia and Africa have filed a lawsuit against Britain’s foremost signals intelligence agency, accusing it of hurting their business by spying on them. The legal complaint was filed against the Government Communications Headquarters (GCHQ), the British government agency tasked with communications interception, which also provides information assurance to both civilian and military components of the British state. Service providers from the United States, United Kingdom, Germany, Netherlands, South Korea and Zimbabwe are listed as plaintiffs in the complaint, which was filed on Wednesday in a court in London. The legal action against the spy agency is based on articles that surfaced in the international press last year. They alleged that GCHQ targeted Belgium’s largest telecommunications service provider Belgacom. The revelations surfaced first in September of 2013 in Flemish newspaper De Standaard. The paper claimed that Belgacom’s mainframe computers had been deliberately infected by an “unidentified virus”, which had specifically targeted telecommunications traffic carried by Belgacom’s international subsidiaries. De Standaard further claimed that the scope and technical sophistication of the operation pointed to a state-sponsored agency as the culprit. Further revelations about the Belgacom malware attacks were made in German newsmagazine Der Spiegel in November of last year, pointing to GCHQ as the agency behind the operation. The allegations originated in information provided by Edward Snowden, an American defector to Russia who used to work for GCHQ’s American equivalent, the National Security Agency. In their lawsuit, the Internet service providers allege that, regardless of whether they were themselves targeted by GCHQ in a manner similar to that of Belgacom, the British spy agency effectively compromised the integrity of their industry. It did so, they argue, by allegedly targeting employees of telecommunications service providers, by infecting telecommunications networks with malware, by Read more of this post

Analysis: Should government spies target foreign firms?

CyberespionageBy JOSEPH FITSANAKIS |
Last month, the government of the United States indicted five officers of the Chinese People’s Liberation Army with conspiracy to commit computer fraud, economic espionage, and theft of trade secrets, among other charges. In indicting the five PLA officers, the US Department of Justice went to great pains to ensure that it did not accuse the suspects of engaging in cyberespionage in defense of China’s national security. What sparked the indictments was that the accused hackers allegedly employed intelligence resources belonging to the Chinese state in order to give a competitive advantage to Chinese companies vying for international contracts against American firms. In the words of US Attorney General Eric Holder, the operational difference between American and Chinese cyberespionage, as revealed in the case against the five PLA officers, is that “we do not collect intelligence to provide a competitive advantage to US companies, or US commercial sectors”, whereas China engages in the practice “for no reason other than to advantage state-owned companies and other interests in China”. I recently authored a working paper that was published by the Cyberdefense and Cybersecurity Chair of France’s Ecole Spéciale Militaire de Saint-Cyr, in which I argued that the American distinction between public and private spheres of economic activity is not shared by PLA. The Chinese see both state and corporate cyberespionage targets as fair game and as an essential means of competing globally with the United States and other adversaries. In the paper, I argue that Beijing sees the demarcation between state and private economic activity as a conceptual model deliberately devised by the US to disadvantage China’s intelligence-collection ability. Read more of this post


Get every new post delivered to your Inbox.

Join 1,010 other followers