US defense contractors allegedly hired Russian computer programmers

PentagonTwo American firms contracted by the Department of Defense have settled a lawsuit accusing them of having hired Russian programmers based in Moscow to write computer code for classified systems. The hires allegedly occurred as part of a $613 million contract, which was awarded by the US Pentagon to Massachusetts-based Netcracker Technology Corporation and Virginia-based Computer Systems Corporation (CSC). The two companies were hired to write software for the US Defense Information Systems Agency (DISA), a Pentagon outfit that provides the US armed forces with secure real-time combat communications. But in 2011, contractor John C. Kingsley, who had a supervisory role in the project, notified the US government that the two companies had farmed out part of the contract’s coding duties to programmers in Moscow and other Russian cities.

If true, Kingsley’s allegations would mean that Netcracker and CSC were in violation of federal regulations, which specify that only American citizens with the appropriate security clearances should be employed to work on classified communications systems. A subsequent government investigation, which lasted four years, gave rise to a lawsuit against the two companies. The court was told that the code written by the Russian programmers had allowed the installation of “numerous viruses” on the communications systems of the Pentagon “on at least one occasion”. Witnesses also accused Netcracker and CSC of being guided mainly by greed, since it was able to save over 60% of wage costs by employing the Russian programmers.

Last week, the two companies chose to settle the case, by paying the government a combined fee of nearly $13 million in civil penalties. It is important to note, however, that they both deny the government’s accusations that they violated the terms of their federal contract. In statement issued last week, the companies stated that their decision reflected their belief that it was “in the best interest of all stakeholders to settle the matter”. A spokeswoman for the DISA told The Daily Beast that she could not comment on the case, because doing so would “compromise the Agency’s national security posture”. According to The Daily Beast, last week’s settlement does not prevent the Department of Justice from filing criminal charges against Netcracker and CSC.

Author: Joseph Fitsanakis | Date: 12 November 2015 | Permalink | News tip: C.H.

Security firm says it shut down extensive Iranian cyber spy program

IRGC IranA security firm with headquarters in Israel and the United States says it detected and neutralized an extensive cyber espionage program with direct ties to the government of Iran. The firm, called Check Point Software, which has offices in Tel Aviv and California, says it dubbed the cyber espionage program ROCKET KITTEN. In a media statement published on its website on Monday, Check Point claims that the hacker group maintained a high-profile target list of 1,600 individuals. The list reportedly includes members of the Saudi royal family and government, American and European officials, North Atlantic Treaty Organization officers and nuclear scientists working for the government of Israel. The list is said to include even the names of spouses of senior military officials from numerous nations.

News agency Reuters quoted Check Point Software’s research group manager Shahar Tal, who said that his team was able to compromise the ROCKET KITTEN databases and acquire the list of espionage targets maintained by the group. Most targets were from Saudi Arabia, Israel, and the United States, he said, although countries like Turkey and Venezuela were also on the list. Tal told Reuters that the hackers had compromised servers in the United Kingdom, Germany and the Netherlands, and that they were using these and other facilities in Europe to launch attacks on their unsuspecting targets. According to Check Point, the hacker group was under the command of Iran’s Revolutionary Guards Corps, a branch of the Iranian military that is ideologically committed to the defense of the 1979 Islamic Revolution.

Reuters said it contacted the US Federal Bureau of Investigation and Europol, but that both agencies refused comment, as did the Iranian Ministry of Foreign Affairs. However, an unnamed official representing the Shin Bet, Israel’s domestic security agency, said that ROCKET KITTEN “is familiar to us and is being attended to”. The official declined to provide further details. Meanwhile, Check Point said it would issue a detailed report on the subject late on Monday.

Author: Joseph Fitsanakis | Date: 10 November 2015 | Permalink

CIA pulled officers from Beijing embassy following OPM database hack

Office of Personnel ManagementThe Central Intelligence Agency (CIA) pulled a number of officers from the United States embassy in Chinese capital Beijing, after a massive cyber hacking incident compromised an American federal database containing millions of personnel records. Up to 21 million individual files were stolen in June of this year, when hackers broke into the computer system of the US Office of Personnel Management (OPM), which handles applications for security clearances for agencies of the federal government. The breach gave the unidentified hackers access to the names and sensitive personal records of millions of Americans who have filed applications for security clearances —including intelligence officers.

According to sources in the US government, the records of CIA employees were not included in the compromised OPM database. However, that is precisely the problem, according to The Washington Post. The paper said on Wednesday that the compromised OPM records contain the background checks of employees in the US State Department, including those stationed at US embassies or consulates around the world. It follows that US diplomatic personnel stationed abroad whose names do not appear on the compromised OPM list “could be CIA officers”, according to The Post. The majority of CIA officers stationed abroad work under diplomatic cover; they are attached to an embassy or consulate and enjoy diplomatic protection, which is typically invoked if their official cover is blown. However, they still have to present their credentials and be authorized by their host country before they assume their diplomatic post. The CIA hopes that foreign counterintelligence agencies will not be able to distinguish intelligence personnel from actual diplomats.

Although the US has not officially pointed the finger at a particular country or group as being behind the OPM hack, anonymous sources in Washington have identified China as the culprit. If true, The Post’s claim that the CIA pulled several of its officers from the US embassy in Beijing would add more weight to the view that the Chinese intelligence services were behind the cyber theft. The paper quoted anonymous US officials who said that the CIA’s decision to remove its officers from Beijing was directly related to the OPM hack, and it was meant to safeguard their personal security, as well as to protect CIA programs currently underway in China.

Author: Joseph Fitsanakis | Date: 1 October 2015 | Permalink

Hackers stole 5.6 million US government employee fingerprints

Office of Personnel Management 2A massive cyber hacking incident that compromised a United States federal database containing millions of personnel records also resulted in the theft of 5.6 million fingerprint records, American officials have said. Up to 21 million individual files were stolen in June of this year, when hackers broke into the computer system of the US Office of Personnel Management (OPM), which handles applications for security clearances for all agencies of the federal government. The breach gave the unidentified hackers access to the names and sensitive personal records of millions of Americans who have filed applications for security clearances —including intelligence officers.

Back in July, OPM officials told reporters that just over 1 million fingerprint records had been compromised by the cyber hack. However, a new statement issued by the White House last week said that the actual number of stolen fingerprints from the OPM database was closer to 5.6 million. In a subsequent statement, the OPM said there was little that the hackers could do with the fingerprint records, and that the potential for exploitation was “currently limited”. But it added that, as technology continued to be developed, the risk of abuse of the stolen fingerprint records could increase. Therefore, an interagency working group would be put together to “review the potential ways adversaries could misuse fingerprint data now and in the future”, the OPM statement said. It added that the group would be staffed with fingerprint specialists for the Federal Bureau of Investigation, the Department of Defense and the Department of Homeland Security.

External American intelligence agencies, which typically send their officers abroad posing as diplomats, and sometimes under cover identities, are reportedly concerned that certain foreign counterintelligence agencies will be able to use the stolen fingerprints to identify the true identities or professional background of US government employees stationed abroad.

Author: Ian Allen | Date: 29 September 2015 | Permalink

Pakistani spies fear up to 100 million citizen records may have been stolen

NADRAA report by Pakistan’s main intelligence agency warns that the personal records of up to 100 million Pakistanis may have been stolen by foreign intelligence agencies due to the alleged links of a software vendor with Israel. The Inter-Services Intelligence directorate (ISI), Pakistan’s premier spy agency, said that the software used by the National Data base and Registration Authority (NADRA), which issues national identity cards on behalf of the government of Pakistan, is not secure and should be replaced by an “indigenous” software product.

Established in 1998 as the National Database Organization, NADRA operates under Pakistan’s Ministry of the Interior. Its main mission is to register and fingerprint every Pakistani citizen and supply every adult in the country with a secure Computerized National Identity Card. This has proven to be a Herculean task in a country of 182 million, of whom just over half are over the age of 18. Consequently, the NADRA electronic database contains files on over 96 million Pakistanis, making it one of the world’s largest centralized databases.

But the ISI warned in a recently authored report that the NADRA database may have been compromised through the software that the agency uses to digitize and store fingerprints. According to the Pakistani newspaper Express Tribune, which published a summary of the ISI report on Monday, “the thumb-digitiser system [used by NADRA] was purchased from a French company of Israeli origin”. The report refers to the Automatic Finger Print Identification System, known as AFIS, which NADRA has been using since 2004. The software was purchased for close to $10 million from Segem (now called Morpho), a leading global vendor of identity software. The company is based in France, but the ISI report states that has connections with Israel, a country that Pakistan does not officially recognize and has no diplomatic relations with. Because of that, says the ISI report, the entire content of NADRA’s database may have been accessed by the Israeli Mossad, the United States Central Intelligence Agency, India’s Research and Analysis Wing, and other spy agencies seen as “hostile” by Islamabad.

Officials from NADRA refused to respond to the Express Tribune’s allegations, or to acknowledge that the ISI had indeed contacted the agency with concerns about the AFIS database. But a NADRA senior technical expert, who spoke anonymously to the paper, claimed that the ISI’s concerns were unfounded, since NADRA’s servers were not connected to the World Wide Web and were therefore impossible to access from the outside. Another NADRA official told the Express Tribune that Segem was the only international vendor of fingerprint recognition systems in 2004, when NADRA purchased the software product. Additionally, the Ministry of the Interior successfully sought ISI’s approval prior to purchasing the software. Last but not least, NADRA officials pointed out that the Pakistani Armed Forces are also using Segem software products.

Author: Ian Allen | Date: 15 September 2015 | Permalink

US Congressional review considers impact of federal database hack

Office of Personnel Management 2A United States Congressional review into last month’s cyber theft of millions of government personnel records has concluded that its impact will go far “beyond mere theft of classified information”. Up to 21 million individual files were stolen in June, when hackers broke into the computer system of the Office of Personnel Management (OPM). Part of OPM’s job is to handle applications for security clearances for all agencies of the US federal government. Consequently, the breach gave the unidentified hackers access to the names and sensitive personal records of millions of Americans —including intelligence officers— who have filed applications for security clearances.

So far, however, there is no concrete proof in the public domain that the hack was perpetrated by agents of a foreign government for the purpose of espionage. Although there are strong suspicions in favor of the espionage theory, there are still some who believe that the cyber theft could have been the financially motivated work of a sophisticated criminal ring. But a new report produced by the Congressional Research Service, which is the research wing of the US Congress, seems to be favoring the view that “the OPM data were taken for espionage rather than for criminal purposes”. The report was completed on July 17 and circulated on a restricted basis. But it was acquired by the Secrecy News blog of the Federation of American Scientists, which published it on Tuesday.

The 10-page document points out that strictly financial reasons, such as identity theft or credit card fraud, cannot be ruled out as possible motivations of the massive data breach. But it points out that the stolen data have yet to appear in so-called “darknet” websites that are used by the criminal underworld to buy and sell such information. This is highly unusual, particularly when one considers the massive size of the data theft, which involves millions of Americans’ credit card and Social Security numbers. Experts doubt, therefore, that the OPM data “will ever appear for sale in the online black market”. This inevitably leads to the conclusion that the breach falls “in the category of intelligence-gathering, rather than commercial espionage”, according to the report.

The above conclusion could have far-reaching consequences, says the report. One such possible consequence is that high-resolution fingerprints that were contained in the OPM database could be used to blow the covers of American case officers posing as diplomats, and even deep-cover intelligence operatives working secretly abroad. Furthermore, the hackers that are in possession of the stolen files could use them to create high-quality forged documents, or even publish them in efforts to cause embarrassment to American intelligence agencies.

Author: Ian Allen | Date: 30 July 2015 | Permalink:

US spies voiced concerns about Fed database prior to massive hack

Office of Personnel ManagementUnited States intelligence officials expressed concerns about a federal database containing details of security-clearance applications in the years prior to a massive cyber hacking incident that led to the theft of millions of personnel records. Up to 18 21 million individual files were stolen last month, when hackers broke into the computer system of the US Office of Personnel Management (OPM), which handles applications for security clearances for all agencies of the federal government. The breach gave the unidentified hackers access to the names and sensitive personal records of millions of Americans who have filed applications for security clearances –including intelligence officers.

Until a few years ago, however, Scattered Castles, the database containing security clearance applications for the US Intelligence Community, was not connected to the OPM database. But in 2010, new legislation aiming to eliminate the growing backlog in processing security-clearance applications required that Scattered Castles be merged with the OPM database. The proposed move, which aimed to create a unified system for processing security clearances made sense in terms of eliminating bureaucratic overlap and reducing duplication within the federal apparatus. But, According to the Daily Beast, US intelligence officials expressed concerns about the merging of the databases as early as 2010. The website said that security experts from the Intelligence Community expressed “concerns related to privacy, security and data ownership” emerging from the impending merge. One official told the Daily Beast that there were fears that the “names, Social Security numbers, and personal information for covert operatives would be exposed to hackers”.

However, the merge went ahead anyway, and by 2014 parts of the Scattered Castles databases were gradually becoming accessible through the OPM network. The Daily Beast cited an unnamed US official as saying that there was “no connection between Scattered Castles and the OPM hack”. But when asked whether Scattered Castles was linked to the OPM system, he referred the website to the Federal Bureau of Investigation, which is probing last month’s hack attack.

Author: Joseph Fitsanakis | Date: 1 July 2015 | Permalink:


Get every new post delivered to your Inbox.

Join 1,057 other followers