US Congressional review considers impact of federal database hack

Office of Personnel Management 2A United States Congressional review into last month’s cyber theft of millions of government personnel records has concluded that its impact will go far “beyond mere theft of classified information”. Up to 21 million individual files were stolen in June, when hackers broke into the computer system of the Office of Personnel Management (OPM). Part of OPM’s job is to handle applications for security clearances for all agencies of the US federal government. Consequently, the breach gave the unidentified hackers access to the names and sensitive personal records of millions of Americans —including intelligence officers— who have filed applications for security clearances.

So far, however, there is no concrete proof in the public domain that the hack was perpetrated by agents of a foreign government for the purpose of espionage. Although there are strong suspicions in favor of the espionage theory, there are still some who believe that the cyber theft could have been the financially motivated work of a sophisticated criminal ring. But a new report produced by the Congressional Research Service, which is the research wing of the US Congress, seems to be favoring the view that “the OPM data were taken for espionage rather than for criminal purposes”. The report was completed on July 17 and circulated on a restricted basis. But it was acquired by the Secrecy News blog of the Federation of American Scientists, which published it on Tuesday.

The 10-page document points out that strictly financial reasons, such as identity theft or credit card fraud, cannot be ruled out as possible motivations of the massive data breach. But it points out that the stolen data have yet to appear in so-called “darknet” websites that are used by the criminal underworld to buy and sell such information. This is highly unusual, particularly when one considers the massive size of the data theft, which involves millions of Americans’ credit card and Social Security numbers. Experts doubt, therefore, that the OPM data “will ever appear for sale in the online black market”. This inevitably leads to the conclusion that the breach falls “in the category of intelligence-gathering, rather than commercial espionage”, according to the report.

The above conclusion could have far-reaching consequences, says the report. One such possible consequence is that high-resolution fingerprints that were contained in the OPM database could be used to blow the covers of American case officers posing as diplomats, and even deep-cover intelligence operatives working secretly abroad. Furthermore, the hackers that are in possession of the stolen files could use them to create high-quality forged documents, or even publish them in efforts to cause embarrassment to American intelligence agencies.

Author: Ian Allen | Date: 30 July 2015 | Permalink: http://intelnews.org/2015/07/30/01-1746/

US spies voiced concerns about Fed database prior to massive hack

Office of Personnel ManagementUnited States intelligence officials expressed concerns about a federal database containing details of security-clearance applications in the years prior to a massive cyber hacking incident that led to the theft of millions of personnel records. Up to 18 21 million individual files were stolen last month, when hackers broke into the computer system of the US Office of Personnel Management (OPM), which handles applications for security clearances for all agencies of the federal government. The breach gave the unidentified hackers access to the names and sensitive personal records of millions of Americans who have filed applications for security clearances –including intelligence officers.

Until a few years ago, however, Scattered Castles, the database containing security clearance applications for the US Intelligence Community, was not connected to the OPM database. But in 2010, new legislation aiming to eliminate the growing backlog in processing security-clearance applications required that Scattered Castles be merged with the OPM database. The proposed move, which aimed to create a unified system for processing security clearances made sense in terms of eliminating bureaucratic overlap and reducing duplication within the federal apparatus. But, According to the Daily Beast, US intelligence officials expressed concerns about the merging of the databases as early as 2010. The website said that security experts from the Intelligence Community expressed “concerns related to privacy, security and data ownership” emerging from the impending merge. One official told the Daily Beast that there were fears that the “names, Social Security numbers, and personal information for covert operatives would be exposed to hackers”.

However, the merge went ahead anyway, and by 2014 parts of the Scattered Castles databases were gradually becoming accessible through the OPM network. The Daily Beast cited an unnamed US official as saying that there was “no connection between Scattered Castles and the OPM hack”. But when asked whether Scattered Castles was linked to the OPM system, he referred the website to the Federal Bureau of Investigation, which is probing last month’s hack attack.

Author: Joseph Fitsanakis | Date: 1 July 2015 | Permalink: http://intelnews.org/2015/07/01/01-1726/

Israel denies using computer virus to spy on Iran nuclear deal

Duqu 2.0The Israeli government rejected reports yesterday that its spy agencies were behind a virus found on the computers of three European hotels, which hosted American and other diplomats during secret negotiations on Iran’s nuclear program. Cybersecurity firm Kaspersky Lab said on Wednesday that it first discovered the malware, which it dubbed “Duqu 2.0”, in its own systems. The Moscow-based firm said the sophisticated and highly aggressive virus had been designed to spy on its internal research-related processes. Once they detected the malicious software in their own systems, Kaspersky technicians set out to map Duqu’s other targets. They found that the virus had infected computers in several Western countries, in the Middle East, as well as in Asia. According to Kaspersky, the malware was also used in a cyberattack in 2011 that resembled Stuxnet, the elaborate virus that was found to have sabotaged parts of Iran’s nuclear program in 2010.

However, Kaspersky said that among the more recent targets of the virus were “three luxury European hotels”, which appear to have been carefully selected among the thousands of prestigious hotels in Europe. The three appear to have only one thing in common: all had been patronized by diplomats engaged in the ongoing secret negotiations with Iran over the Islamic Republic’s nuclear program. Kaspersky was referring to the so-called P5+1 nations, namely the five permanent members of the United Nations Security Council plus Germany, who lead ‘the Geneva pact’. Israel has condemned the negotiations and has repeatedly expressed anger at reports that the Geneva pact is about to strike an agreement with Tehran over its nuclear program.

However, Israel’s deputy foreign minister flatly rejected Kaspersky’s allegations on Wednesday, calling them “pure nonsense”. Speaking on Israel Radio, Eli Ben-Dahan said Israel had “many far more effective ways” of gathering foreign intelligence and that it did not need to resort to computer hacking in order to meet its intelligence quotas. Israeli government spokespeople refused to comment on the allegations when asked late Wednesday.

Author: Joseph Fitsanakis | Date: 11 June 2015 | Permalink: http://intelnews.org/2015/06/11/01-1713/

Russian hackers accessed Obama’s email correspondence

White HouseBy JOSEPH FITSANAKIS | intelNews.org
Computer hackers believed to be connected to the Russian government were able to access emails belonging to the president of the United States, according to American officials briefed about the ensuing investigation. The cyberattack on the White House was announced by American government officials in October of last year, soon after it was discovered by security experts. But The New York Times said on Saturday that the hacking was far more intrusive than had been publicly acknowledged and that the information breach resulting from it was “worrisome”. The paper said that the individuals behind the cyberattack were “presumed to be linked to the Russian government, if not working for it”. It also quoted one unnamed senior US official, who said that the group that perpetrated the hacking was “one of the most sophisticated actors we’ve seen”.

Little concrete information has emerged on the hacking, but it appears to have started with attempts to compromise computers at the US Department of State. As CNN reported earlier this month, the hackers essentially managed to take control of the State Department’s declassified computer network and exploit it for several months. In most American government departments, senior officials operate at least two computers in their offices. One is connected to the government’s secure network used for classified communications; the other is used to communicate unclassified information to the outside world. In theory, those two systems are supposed to be separate. However, it is common knowledge that the publicly linked computers often contain sensitive or even classified information. It is this unclassified part of the network that the alleged Russian hackers were able to access, in both the State Department and the White House.

According to The Times, by gaining access to the email accounts of senior US government officials, the hackers were able to read unclassified emails sent or received by, among others, President Barack Obama. The US president’s own unclassified account does not appear to have been breached, said the paper, nor were the hackers able to access the highly classified server that carries the president’s mobile telephone traffic. Nevertheless, the operation to remove monitoring files placed in US government servers by the hackers continues to this day, and some believe that the presence of the intruders has yet to be fully eradicated from the system. The Times contacted the US National Security Council about the issue, but was told by its spokeswoman, Bernadette Meehan, that the Council would “decline to comment”. The White House also declined to provide further information on the incident and the ensuing investigation.

News you may have missed #882 (cybersecurity edition)

Andrew LewmanBy IAN ALLEN | intelNews.org
►►GCHQ launches ‘Cyber Security Challenge’. Britain’s signals intelligence agency, GCHQ, has created a new online game to find new recruits and test the public’s ability to deal with hacking attacks. The new game, named Assignment: Astute Explorer, will give registered players the chance to analyze code from a fictitious aerospace company, identify vulnerabilities and then suggest fixes.
►►Chinese hackers spied on investigators of Flight MH370. Malaysian officials investigating the disappearance of flight MH370 have been targeted in a hacking attack that resulted in the theft of classified material. The attack hit around 30 PCs assigned to officials in Malaysia Airlines, the country’s Civil Aviation Department and the National Security Council. The malware was hidden in a PDF attachment posing as a news article that was distributed on 9 March, just one day after the ill-fated Malaysian Airlines Boeing 777 disappeared en route from Kuala Lumpur to Beijing.
►►Developer alleges NSA and GCHQ employees are helping Tor Project. Tor is a free software used for enabling online anonymity and resisting censorship. It directs Internet traffic through a free, worldwide, volunteer network consisting of more than five thousand relays to conceal a user’s location or usage. Interestingly, its executive director, Andrew Lewman, has told the BBC that employees of the NSA and GCHQ offer his team of programmers tips “on probably [a] monthly” basis about bugs and design issues that potentially could compromise the [Tor] service”. He added that he had been told by William Binney, a former NSA official turned whistleblower, that one reason NSA workers might have leaked such information was because many were “upset that they are spying on Americans”.

News you may have missed #880

Augusto PinochetBy IAN ALLEN | intelNews.org
►►Chinese military establishes cyberintelligence research center. The Chinese People’s Liberation Army (PLA) has announced the creation of a Cyberspace Strategic Intelligence Research Center. Experts say the Center will “provide support in obtaining high-quality intelligence research findings and help China gain advantage in national information security”. Its staff reportedly specialize in such fields as strategic theory research, intelligence studies, and technology management, among others.
►►Chile court says US had role in 1973 killings of Americans. A court ruling released late Monday said the commander of the US Military Mission in Chile at the time of the 1973 military coup gave information to Chilean officials about journalist Charles Horman and student Frank Teruggi that led to their arrest and execution just days after the coup, which brought General Augusto Pinochet to power. The case remained practically ignored in Chile until 2000, when Horman’s widow, Joyce, came and filed a lawsuit against Pinochet.
►►Opinion: Cyber tools are no substitute for human intelligence. A colonel in the Israel Defense Forces critiques “the increasing use of cyber tools as a central and sometimes exclusive role in the work of many intelligence agencies throughout the world”. He argues that “the documents exposed by Edward Snowden show how willing the Americans are to invest in technological systems to collect information and gather as much intelligence as they can using cyber tools”. But he warns that “this almost exclusive reliance on the collection and analysis of intelligence using technology comes at the expense of the human element as a basic component of intelligence-gathering”.

Analysis: Should government spies target foreign firms?

CyberespionageBy JOSEPH FITSANAKIS | intelNews.org
Last month, the government of the United States indicted five officers of the Chinese People’s Liberation Army with conspiracy to commit computer fraud, economic espionage, and theft of trade secrets, among other charges. In indicting the five PLA officers, the US Department of Justice went to great pains to ensure that it did not accuse the suspects of engaging in cyberespionage in defense of China’s national security. What sparked the indictments was that the accused hackers allegedly employed intelligence resources belonging to the Chinese state in order to give a competitive advantage to Chinese companies vying for international contracts against American firms. In the words of US Attorney General Eric Holder, the operational difference between American and Chinese cyberespionage, as revealed in the case against the five PLA officers, is that “we do not collect intelligence to provide a competitive advantage to US companies, or US commercial sectors”, whereas China engages in the practice “for no reason other than to advantage state-owned companies and other interests in China”. I recently authored a working paper that was published by the Cyberdefense and Cybersecurity Chair of France’s Ecole Spéciale Militaire de Saint-Cyr, in which I argued that the American distinction between public and private spheres of economic activity is not shared by PLA. The Chinese see both state and corporate cyberespionage targets as fair game and as an essential means of competing globally with the United States and other adversaries. In the paper, I argue that Beijing sees the demarcation between state and private economic activity as a conceptual model deliberately devised by the US to disadvantage China’s intelligence-collection ability. Read more of this post

Follow

Get every new post delivered to your Inbox.

Join 977 other followers