US spies voiced concerns about Fed database prior to massive hack

Office of Personnel ManagementUnited States intelligence officials expressed concerns about a federal database containing details of security-clearance applications in the years prior to a massive cyber hacking incident that led to the theft of millions of personnel records. Up to 18 million individual files were stolen last month, when hackers broke into the computer system of the US Office of Personnel Management (OPM), which handles applications for security clearances for all agencies of the federal government. The breach gave the unidentified hackers access to the names and sensitive personal records of millions of Americans who have filed applications for security clearances –including intelligence officers.

Until a few years ago, however, Scattered Castles, the database containing security clearance applications for the US Intelligence Community, was not connected to the OPM database. But in 2010, new legislation aiming to eliminate the growing backlog in processing security-clearance applications required that Scattered Castles be merged with the OPM database. The proposed move, which aimed to create a unified system for processing security clearances made sense in terms of eliminating bureaucratic overlap and reducing duplication within the federal apparatus. But, According to the Daily Beast, US intelligence officials expressed concerns about the merging of the databases as early as 2010. The website said that security experts from the Intelligence Community expressed “concerns related to privacy, security and data ownership” emerging from the impending merge. One official told the Daily Beast that there were fears that the “names, Social Security numbers, and personal information for covert operatives would be exposed to hackers”.

However, the merge went ahead anyway, and by 2014 parts of the Scattered Castles databases were gradually becoming accessible through the OPM network. The Daily Beast cited an unnamed US official as saying that there was “no connection between Scattered Castles and the OPM hack”. But when asked whether Scattered Castles was linked to the OPM system, he referred the website to the Federal Bureau of Investigation, which is probing last month’s hack attack.

Author: Joseph Fitsanakis | Date: 1 July 2015 | Permalink: http://intelnews.org/2015/07/01/01-1726/

Israel denies using computer virus to spy on Iran nuclear deal

Duqu 2.0The Israeli government rejected reports yesterday that its spy agencies were behind a virus found on the computers of three European hotels, which hosted American and other diplomats during secret negotiations on Iran’s nuclear program. Cybersecurity firm Kaspersky Lab said on Wednesday that it first discovered the malware, which it dubbed “Duqu 2.0”, in its own systems. The Moscow-based firm said the sophisticated and highly aggressive virus had been designed to spy on its internal research-related processes. Once they detected the malicious software in their own systems, Kaspersky technicians set out to map Duqu’s other targets. They found that the virus had infected computers in several Western countries, in the Middle East, as well as in Asia. According to Kaspersky, the malware was also used in a cyberattack in 2011 that resembled Stuxnet, the elaborate virus that was found to have sabotaged parts of Iran’s nuclear program in 2010.

However, Kaspersky said that among the more recent targets of the virus were “three luxury European hotels”, which appear to have been carefully selected among the thousands of prestigious hotels in Europe. The three appear to have only one thing in common: all had been patronized by diplomats engaged in the ongoing secret negotiations with Iran over the Islamic Republic’s nuclear program. Kaspersky was referring to the so-called P5+1 nations, namely the five permanent members of the United Nations Security Council plus Germany, who lead ‘the Geneva pact’. Israel has condemned the negotiations and has repeatedly expressed anger at reports that the Geneva pact is about to strike an agreement with Tehran over its nuclear program.

However, Israel’s deputy foreign minister flatly rejected Kaspersky’s allegations on Wednesday, calling them “pure nonsense”. Speaking on Israel Radio, Eli Ben-Dahan said Israel had “many far more effective ways” of gathering foreign intelligence and that it did not need to resort to computer hacking in order to meet its intelligence quotas. Israeli government spokespeople refused to comment on the allegations when asked late Wednesday.

Author: Joseph Fitsanakis | Date: 11 June 2015 | Permalink: http://intelnews.org/2015/06/11/01-1713/

Russian hackers accessed Obama’s email correspondence

White HouseBy JOSEPH FITSANAKIS | intelNews.org
Computer hackers believed to be connected to the Russian government were able to access emails belonging to the president of the United States, according to American officials briefed about the ensuing investigation. The cyberattack on the White House was announced by American government officials in October of last year, soon after it was discovered by security experts. But The New York Times said on Saturday that the hacking was far more intrusive than had been publicly acknowledged and that the information breach resulting from it was “worrisome”. The paper said that the individuals behind the cyberattack were “presumed to be linked to the Russian government, if not working for it”. It also quoted one unnamed senior US official, who said that the group that perpetrated the hacking was “one of the most sophisticated actors we’ve seen”.

Little concrete information has emerged on the hacking, but it appears to have started with attempts to compromise computers at the US Department of State. As CNN reported earlier this month, the hackers essentially managed to take control of the State Department’s declassified computer network and exploit it for several months. In most American government departments, senior officials operate at least two computers in their offices. One is connected to the government’s secure network used for classified communications; the other is used to communicate unclassified information to the outside world. In theory, those two systems are supposed to be separate. However, it is common knowledge that the publicly linked computers often contain sensitive or even classified information. It is this unclassified part of the network that the alleged Russian hackers were able to access, in both the State Department and the White House.

According to The Times, by gaining access to the email accounts of senior US government officials, the hackers were able to read unclassified emails sent or received by, among others, President Barack Obama. The US president’s own unclassified account does not appear to have been breached, said the paper, nor were the hackers able to access the highly classified server that carries the president’s mobile telephone traffic. Nevertheless, the operation to remove monitoring files placed in US government servers by the hackers continues to this day, and some believe that the presence of the intruders has yet to be fully eradicated from the system. The Times contacted the US National Security Council about the issue, but was told by its spokeswoman, Bernadette Meehan, that the Council would “decline to comment”. The White House also declined to provide further information on the incident and the ensuing investigation.

News you may have missed #882 (cybersecurity edition)

Andrew LewmanBy IAN ALLEN | intelNews.org
►►GCHQ launches ‘Cyber Security Challenge’. Britain’s signals intelligence agency, GCHQ, has created a new online game to find new recruits and test the public’s ability to deal with hacking attacks. The new game, named Assignment: Astute Explorer, will give registered players the chance to analyze code from a fictitious aerospace company, identify vulnerabilities and then suggest fixes.
►►Chinese hackers spied on investigators of Flight MH370. Malaysian officials investigating the disappearance of flight MH370 have been targeted in a hacking attack that resulted in the theft of classified material. The attack hit around 30 PCs assigned to officials in Malaysia Airlines, the country’s Civil Aviation Department and the National Security Council. The malware was hidden in a PDF attachment posing as a news article that was distributed on 9 March, just one day after the ill-fated Malaysian Airlines Boeing 777 disappeared en route from Kuala Lumpur to Beijing.
►►Developer alleges NSA and GCHQ employees are helping Tor Project. Tor is a free software used for enabling online anonymity and resisting censorship. It directs Internet traffic through a free, worldwide, volunteer network consisting of more than five thousand relays to conceal a user’s location or usage. Interestingly, its executive director, Andrew Lewman, has told the BBC that employees of the NSA and GCHQ offer his team of programmers tips “on probably [a] monthly” basis about bugs and design issues that potentially could compromise the [Tor] service”. He added that he had been told by William Binney, a former NSA official turned whistleblower, that one reason NSA workers might have leaked such information was because many were “upset that they are spying on Americans”.

News you may have missed #880

Augusto PinochetBy IAN ALLEN | intelNews.org
►►Chinese military establishes cyberintelligence research center. The Chinese People’s Liberation Army (PLA) has announced the creation of a Cyberspace Strategic Intelligence Research Center. Experts say the Center will “provide support in obtaining high-quality intelligence research findings and help China gain advantage in national information security”. Its staff reportedly specialize in such fields as strategic theory research, intelligence studies, and technology management, among others.
►►Chile court says US had role in 1973 killings of Americans. A court ruling released late Monday said the commander of the US Military Mission in Chile at the time of the 1973 military coup gave information to Chilean officials about journalist Charles Horman and student Frank Teruggi that led to their arrest and execution just days after the coup, which brought General Augusto Pinochet to power. The case remained practically ignored in Chile until 2000, when Horman’s widow, Joyce, came and filed a lawsuit against Pinochet.
►►Opinion: Cyber tools are no substitute for human intelligence. A colonel in the Israel Defense Forces critiques “the increasing use of cyber tools as a central and sometimes exclusive role in the work of many intelligence agencies throughout the world”. He argues that “the documents exposed by Edward Snowden show how willing the Americans are to invest in technological systems to collect information and gather as much intelligence as they can using cyber tools”. But he warns that “this almost exclusive reliance on the collection and analysis of intelligence using technology comes at the expense of the human element as a basic component of intelligence-gathering”.

Analysis: Should government spies target foreign firms?

CyberespionageBy JOSEPH FITSANAKIS | intelNews.org
Last month, the government of the United States indicted five officers of the Chinese People’s Liberation Army with conspiracy to commit computer fraud, economic espionage, and theft of trade secrets, among other charges. In indicting the five PLA officers, the US Department of Justice went to great pains to ensure that it did not accuse the suspects of engaging in cyberespionage in defense of China’s national security. What sparked the indictments was that the accused hackers allegedly employed intelligence resources belonging to the Chinese state in order to give a competitive advantage to Chinese companies vying for international contracts against American firms. In the words of US Attorney General Eric Holder, the operational difference between American and Chinese cyberespionage, as revealed in the case against the five PLA officers, is that “we do not collect intelligence to provide a competitive advantage to US companies, or US commercial sectors”, whereas China engages in the practice “for no reason other than to advantage state-owned companies and other interests in China”. I recently authored a working paper that was published by the Cyberdefense and Cybersecurity Chair of France’s Ecole Spéciale Militaire de Saint-Cyr, in which I argued that the American distinction between public and private spheres of economic activity is not shared by PLA. The Chinese see both state and corporate cyberespionage targets as fair game and as an essential means of competing globally with the United States and other adversaries. In the paper, I argue that Beijing sees the demarcation between state and private economic activity as a conceptual model deliberately devised by the US to disadvantage China’s intelligence-collection ability. Read more of this post

UK to probe Chinese telecoms firm over security concerns

Huawei TechnologiesBy IAN ALLEN | intelNews.org |
The British government has confirmed that it will review the involvement of a Chinese telecommunications hardware manufacturer in a cybersecurity testing center in Oxfordshire, England. The facility, called Cyber Security Evaluations Centre, has been operating since 2010 in the town of Banbury, 64 miles northeast of London. Its establishment was part of a 2005 agreement between firm British Telecom and Chinese telecommunications hardware manufacturer Huawei. According to the stipulations of the agreement, British Telecom would purchase switches and other hardware equipment from the Chinese company, if the latter agreed to set up “the Cell”, as it is known, in Banbury, to test the equipment’s security features. However, last month, a report (.pdf)  by the British Parliament’s Intelligence and Security Committee (ISC) raised strong concerns about Huawei’s involvement at the Centre. The ISC report called the government’s attention to “the risks of Huawei effectively policing themselves” and stressed that Britain’s national security could potentially be compromised by Huawei’s alleged links to the Chinese military. The report based its concerns on the fact that virtually every member of staff at the Banbury testing facility is an employee of Huawei, barring its Director, who is a former deputy director of Britain’s General Communications Headquarters (GCHQ). The parliamentary report urged the government to overcome its “fear of jeopardizing trade links with Beijing” and pressure British Telecom to amend its agreement with Huawei. Instead of Huawei technicians, the ISC report suggested that the Banbury Centre should be staffed exclusively with personnel from GCHQ —Britain’s communications intelligence agency. Late last week, the UK Cabinet Office announced it was in agreement with the principal recommendations of the ISC report and said that a review of the Banbury testing facility will take place. Read more of this post

Chinese hackers ‘stole blueprints’ of Australian spy agency’s new HQ

ASIO's new headquartersBy JOSEPH FITSANAKIS | intelNews.org |
Chinese government hackers allegedly stole the master blueprints and other highly classified technical information relating to the new headquarters of the Australian Security Intelligence Organisation (ASIO). The state-of-the-art building, which is located at the shore of Lake Burley Griffin in Australian capital Canberra, has so far cost taxpayers in excess of AUD $631 million (US $608 million). Although it remains under construction, the new headquarters is said to feature the most sophisticated security features of any government building in Canberra. But a report aired on May 28 by Australian television’s Four Corners investigative program, alleged that a Chinese government agency managed to steal the building’s blueprints. The program claimed that the highly classified blueprints were stolen when hackers mounted a sophisticated cyberattack on a private-sector contractor involved in constructing the ASIO’s new headquarters. Four Corners suggested that the cyberattack, which was “traced to a server in China”, also compromised the building’s communications diagram, server locations and physical security systems. The revelation will undoubtedly add to the stream of public criticism about the project, which has been severely plagued by budget increases and construction delays. As recently as 2010, the government was insisting that the project was “progressing on time and on budget, with completion scheduled for mid-2012”. Today, however, the building’s budget has gone over by AUD $171 million and the building is expected to open its doors no earlier than the fall of 2013, with some commentators suggesting that it could be 2014 before ASIO’s personnel are able to start moving in. Read more of this post

Sophisticated cyberespionage operation focused on high-profile targets

Rocra malware programming codeBy JOSEPH FITSANAKIS | intelNews.org |
After Stuxnet and Flame, two computer programs believed to have made cyberespionage history, another super-sophisticated malware has been uncovered, this time targeting classified computer systems of diplomatic missions, energy and nuclear groups. The existence of the malware was publicly announced by Russian-based multi-national computer security firm Kaspersky Lab, which said its researchers had identified it as part of a cyberespionage operation called Rocra, short for Red October in Russian. The company’s report, published on Monday on Securelist, a computer security portal run by Kaspersky Lab, said that the malware has been active for at least six years. During that time, it spread slowly but steadily through infected emails sent to carefully targeted and vetted computer users. The purpose of the virus, which Kaspersky Lab said rivals Flame in complexity, is to extract “geopolitical data which can be used by nation states”. Most of the nearly 300 computers that have so far been found to have been infected belong to government installations, diplomatic missions, research organizations, trade groups, as well as nuclear, energy and aerospace agencies and companies. Interestingly, the majority of these targets appear to be located in Eastern Europe and former Soviet republics in Central Asia. On infected computers located in North America and Western Europe, the Rocra virus specifically targeted Acid Cryptofiler, an encryption program originally developed by the French military, which enjoys widespread use by European Union institutions, as well by executive organs belonging to the North Atlantic Treaty Organization. Read more of this post

News you may have missed #818 (USA edition)

Osama bin LadenBy IAN ALLEN | intelNews.org |
►►The real-life female CIA officer who helped track bin Laden. The Washington Post has a good article on the real-life career of a female CIA officer who helped the Agency track al-Qaeda founder Osama bin Laden. It is disappointing, however that the article, authored by Greg Miller and Toby Warrick, is headlined “In Zero Dark Thirty she’s the hero; in real life, CIA agent’s career is more complicated”. The CIA employee in question is not an “agent”; she is an officer. In the CIA, agents are assets, people recruited and handled by CIA officers. Amazing that The Post, with its experienced journalists and editors would confuse such a basic operational distinction.
►►US spy agencies to detail cyber-attacks from abroad. The US intelligence community is nearing completion of its first detailed review of cyber-spying against American targets from abroad, including an attempt to calculate US financial losses from hacker attacks based in China. The National Intelligence Estimate, the first involving cyber-espionage, will also seek to determine how large a role the Chinese government plays in directing or coordinating digital attacks aimed at stealing US intellectual property, according to officials who spoke on the condition of anonymity to discuss a classified undertaking.
►►CIA begins LGBT recruiting. As part of the CIA’s efforts to diversify its workforce, the spy agency is reaching out to a group that once was unable to get security clearance: lesbians and gay men. CIA officials have held a networking event for the Miami gay community sponsored by the Miami-Dade Gay and Lesbian Chamber of Commerce and the CIA. “This is the first time we’ve done a networking event of this type with any of the gay and lesbian chamber of commerces in the United States,” says Michael Barber, a self-identified “straight ally” and the spy agency’s LGBT Community Outreach and Liaison program manager.

Did US spies hack French government computers using Facebook?

The Palais de l'ÉlyséeBy JOSEPH FITSANAKIS | intelNews.org |
A sophisticated computer virus discovered at the center of the French government’s secure computer network was planted there by the United States, according to unnamed sources inside France’s intelligence community. Paris-based magazine L’Express, France’s version of Time magazine, says in its current issue that the alleged American cyberattack took place shortly before last April’s Presidential elections in France. It resulted in the infection of the entire computer system in the Palais de l’Élysée, which is the official residence of the President of France. The French magazine cites unnamed sources inside the French Network and Information Security Agency (ANSSI), which is responsible for cybersecurity throughout France. The sources claim that the snooping virus allowed its handlers to gain access to the computers of most senior French Presidential aides and advisers during the final weeks of the administration of French President Nicolas Sarkozy, including his Chief of Staff, Xavier Musca. The article claims that the virus used a source code nearly identical to that of Flame, a super-sophisticated version of Stuxnet, the virus unleashed a few years ago against the computer infrastructure of the Iranian nuclear energy program. Many cybersecurity analysts believe that the US and Israel were instrumental in designing both Stuxnet and Flame. IntelNews understands that the alleged virus was initially directed at employees of the Palais de l’Élysée through Facebook. The targets were allegedly befriended by fake Facebook profile accounts handled by the team that operated the virus. The targets were then sent phishing emails that contained links to phony copies of the login page for the Palais de l’Élysée intranet website. Read more of this post

Ex-intelligence official: cyber espionage more dangerous than terrorism

Raymond BoisvertBy JOSEPH FITSANAKIS | intelNews.org |
A former senior member of Canada’s intelligence community has said that the threat of cyber espionage requires more resources that are currently being diverted to counterterrorism. Ray Boisvert, who retired last year from the post of Assistant Director of Intelligence for the Canadian Security Intelligence Service (CSIS), said in an assertive speech last week that cyber espionage is “fundamentally undermining [Canada’s] future prosperity as a nation”. Speaking on Friday in Ottawa, Boisvert compared cyber espionage to the climate-change debate, which has been marked by a series of ignored warnings, due to “some willful blindness on behalf of individuals”. As a result, he said, the need to establish essential security measures to protect worldwide electronic infrastructure is being neglected, while desperately needed resources are being diverted to counterterrorism. He explained the lack of action on three levels: first, the resistance emanating from technologically challenged decision-makers in the government and private sector, who simply do not understand the technical complexities of digital telecommunications security. Second, it is rooted in the government’s reluctance to invest the funds required to shield the nation’s communications infrastructure from espionage attacks. Finally, he placed the blame on the fragmentation and shortsightedness of the private sector, which owns and operates nearly 90 percent of Canada’s critical communications infrastructure and yet is too consumed by competition to sit around the same table on matters of security. In giving examples of the seriousness of the threat of cyber espionage, Boisvert cited the attacks last year on the computer systems of Canada’s Treasury Board and Finance Department, which compromised trade secrets of several national industries. He also mentioned the attacks on Nortel Networks Inc., which he said lasted for over a decade and may have contributed to the company’s 2009 demise. Read more of this post

News you may have missed #791

Liang GuanglieBy IAN ALLEN | intelNews.org |
►►India sees espionage behind Chinese cash payments to Indian pilots. According to Indian government sources, Chinese Defense Minister General Liang Guanglie gave two envelopes to the two Indian pilots, both wing commanders, who had flown him in a special Indian Air Force aircraft to New Delhi from Mumbai. After seeing off Liang, the pilots opened the sealed envelopes and found cash gifts inside. They immediately reported this to their superiors, who, in turn, informed the Indian Defense Ministry. India is now planning to lodge a protest with China over the incident.
►►NSA says foreign cyberattacks increasingly reckless. Debora Plunkett, of the secretive National Security Agency, whose responsibilities include protecting US government computer networks, has said that other nations are increasingly employing cyberattacks without “any sense of restraint”, citing “reckless” behaviors that neither the United States nor the Soviet Union would have dared at the height of Cold War tensions. She also predicted that Congress would pass long-stalled cybersecurity legislation within the next year. One wonders whether the Stuxnet incident is included in such “reckless” cyberattacks?
►►Taliban ‘using Facebook to lure Australian soldiers’. According to a review of social media by the Australian federal government, Australian soldiers are being warned by their commanders that enemies are creating fake Facebook profiles to spy on them. The report says that Taliban insurgents in Afghanistan are posing as “attractive women” on Facebook to befriend coalition soldiers and gather intelligence about operations. It adds that family and friends of soldiers are inadvertently jeopardizing missions by sharing confidential information online. This is not the first such warning in recent years.

News you may have missed #789

Mikhail FradkovBy IAN ALLEN | intelNews.org |
►►Putin adds spy chief to energy commission. Russian President Vladimir Putin has reinforced a presidential commission seen as Kremlin’s vehicle for vying for control over the country’s crucial oil and gas sector, by adding the country’s top police officer and senior spy to its ranks. They are Interior Minister Vladimir Kolokoltsev and Mikhail Fradkov, director of the Foreign Intelligence Service, formerly a department of the KGB. The commission is driven by Igor Sechin, a former KGB officer and close ally of President Putin.
►►US spy sat agency plans major expansion. The National Reconnaissance Office (NRO), America’s secretive spy satellite agency, operates a vast constellation of spy satellites in orbit. But these surveillance spacecraft have traditionally only been able to gaze down on a few small areas of the planet at a time, like flashlights probing the dark. And this, only with careful advance planning by human operators on the ground. Now the NRO wants to expand the current flashlight-like satellite deployment to a horizon-spanning, overhead spotlight that can illuminate vast swaths of the planet all at once. The agency also wants new spacecraft that can crunch the resulting data using sophisticated computer algorithms, freeing the satellites somewhat from their current reliance on human analysts.
►►GCHQ warns of ‘unprecedented’ cyberattack threat. The British government’s electronic eavesdropping and security agency, GCHQ, has warned the chief executives of Britain’s biggest companies about an allegedly “unprecedented threat” from cyber-attacks. “GCHQ now sees real and credible threats to cybersecurity of an unprecedented scale, diversity, and complexity”, said Ian Lobban, the agency’s director. The magnitude and tempo of the attacks pose a real threat to Britain’s economic security’, Lobban adds, but notes that about 80% of known attacks would be defeated by embedding basic information security practices.

News you may have missed #783

Uri SaguyBy IAN ALLEN | intelNews.org |
►►Israeli ex-intel chief says warns of ‘hysteria’ over Iran. Major General Uri Saguy (a.k.a. Uri Sagi), who was head of the IDF’s Operations Directorate during the 1982 Lebanon war, and Military Intelligence chief from 1991 to 1995, has warned of an “orchestrated and purposely timed hysteria that puts the country into a state of anxiety, artificial or not”, regarding the Iranian nuclear issue. Saguy, who resigned from the IDF in 1995 due to a conflict between him and the Chief of General Staff, added that “it would be a mistake if Israel uses force, certainly now, in order to thwart the Iranian nuclear potential”. The essence of Saguy’s message, notes Ha’aretz‘s Amir Oren, is that Israel’s citizens cannot trust Defense Minister Ehud Barak or Prime Minister Benjamin Netanyahu.
►►Australian spy chief warns of economic espionage. The director-general of the Australian Security Intelligence Organisation, David Irvine, has warned that the online revolution has left Australian companies increasingly vulnerable to cyber attacks and commercial espionage. Speaking to a business audience in Canberra, Irvine said that most online attacks in the business world go undetected, despite growing awareness of the threat. Asked how much commercial cyber crime went undetected, he said: “I would be very surprised if we who are active in this area are picking up the greater proportion of it, in fact, quite the reverse”.
►►Top US military official objects to attack on Iran. As Israeli officials are telling local reporters that they’re really, really ready to attack Iran’s nuclear facilities, and they mean it this time, the top US military officer is saying what a terrible idea that would be. “I may not know about all of [Israel’s] capabilities”, said General Martin Dempsey, the chairman of the Joint Chiefs of Staff. “But I think that it’s a fair characterization to say that they could delay but not destroy Iran’s nuclear capabilities”. Left unsaid: in a few years, the US and Israel would be back to the same standoff with Iran —except this time it might do so amidst a proxy terrorist war to avenge the Iranians.

Follow

Get every new post delivered to your Inbox.

Join 922 other followers