CopyKittens cyber espionage group linked to Iranian state, says report

CopyKittensA cyber espionage group that has alarmed security researchers by its careful targeting of government agencies has links to the Iranian state, according to a new report. The existence of the group calling itself CopyKittens was first confirmed publicly in November of 2015. Since that time, forensic analyses of cyber attacks against various targets have indicated that the group has been active since at least early 2013. During that time, CopyKittens has carefully targeted agencies or officials working for Jordan, Saudi Arabia, Turkey, Israel, the United States, and Germany, among other countries. It has also targeted specific offices and officials working for the United Nations.

Throughout its existence, CopyKittens has alarmed cyber security researchers by its strategic focus on political targets belonging to governments. The group’s methods of operation do not resemble those of most other hacker groups, which are usually crude by comparison. Now a new report by two leading cyber security groups claims that CopyKittens is linked to the Iranian state. The report was published on Tuesday as a joint effort by Japan’s Trend Micro and Israel’s ClearSky firms. The report analyzes several operations by CopyKittens, some conducted as recently as last April. It concludes that CopyKittens is “an active cyber espionage actor whose primary focus [is] foreign espionage on strategic targets”. Additionally, the report suggests that the group operates using “Iranian government infrastructure”.

According to the Trend Micro/ClearSky report, CopyKittens tends to use relatively simple hacking techniques, such as fake social media profiles, attacks on websites, or emails that contain attachments that are infected with malicious codes. However, its members appear to be “very persistent” and usually achieve their goal “despite lacking technological sophistication”. The security report did not directly address the political ramifications of implicating the Iranian government in the CopyKittens’ hacking operations. The Reuters news agency contacted Iranian officials at the United Nations about the CopyKittens report, but they nobody was available for comment.

Author: Ian Allen| Date: 26 July 2017 | Permalink

Advertisements

After Trump, NSA director backs away from joint US-Russian cyber unit proposal

NSA headquartersThe director of the United States National Security Agency appears to have backed away from a proposal to set up a joint American-Russian cyber security working group, with the aim of defending both countries from hackers. Earlier in July, US President Donald Trump said he was considering the establishment of what he described as “an impenetrable cyber security unit” that would be a joint project between the United States and Russia. The unit would have the task of defending both countries from cyber attacks aimed at hacking their election systems and other vital state functions. The US president said he had discussed the idea with his Russian counterpart, President Vladimir Putin, during the G20 summit in German city of Hamburg. Last week, a Russian official confirmed that Moscow and Washington were considering the creation of a working group that would examine the creation of a joint cyber defense force.

The announcements, however, were strongly criticized by Democrats in Congress. They were also not welcomed by several Republican lawmakers, who argued that such a move would not be sound policy on the part of the White House, given the ongoing controversy about alleged Russian meddling in the 2016 US presidential election. Eventually, President Trump appeared to abandon the plan. He tweeted that just because he had spoken about the idea with the Russian leader did not mean that such a plan was necessarily in the works. “The fact that President Putin and I discussed a Cyber Security unit doesn’t mean I think it can happen. It can’t”, wrote Mr. Trump.

On Saturday, the Director of the NSA, Admiral Mike Rogers, appeared to agree with Mr. Trump’s revised view that a joint US-Russian cyber unit was not high on Washington’s priority list. After delivering a speech at the Aspen Security Forum, hosted by the Aspen Institute in Colorado, Admiral Rogers was asked by a member of the audience to address the US president’s remarks. He prefaced his response by saying that he is “not a policy guy”. But he went on to “argue [that] now is probably not the best of time to be doing this”. The head of the NSA added that a joint cyber security project between Washington and Moscow is “something that you might want to build over time, were we to see changes in [Russia’s] behavior”. He did not specify what he meant by “changes in [Russia’s] behavior”.

Author: Ian Allen | Date: 24 July 2017 | Permalink

Dozens of Western ‘freelance fighters’ embedded with anti-ISIS forces in Syria

Kurdish YPG SyriaDozens of Western European and American citizens are participating in the ongoing takeover of Raqqa, the de facto capital of the Islamic State in Syria, despite being prohibited from doing so by their own governments, according to recent news reports. Much has been written about foreign fighters who enter Iraq and Syria in order to join the ranks of the Islamic State, the Sunni militant group that previously went by the name Islamic State of Iraq and Syria (ISIS). But relatively little attention has been paid to the thousands of foreign fighters who have traveled to the region to join the war against ISIS.

In late 2015, independent researcher Nathan Patin published “The Other Foreign Fighters”, a rare examination of Americans who had joined the various armed groups fighting ISIS in the region. Patin found that at least 200 Americans had attempted to travel to the region in order to join the fight against ISIS as ‘freelance fighters’. Roughly half of those had managed to embed themselves with armed —primarily Kurdish— groups, and saw action on the ground. In 2016, three British and Irish anti-ISIS volunteers were jailed by Iraqi authorities while attempting to return to Europe after having fought for the Kurdish People’s Protection Unit (YPG), a group that serves as the armed wing of the Kurdistan Workers’ Party (PKK) in northern Syria. The three were initially suspected of being foreign ISIS volunteers, but were released from prison in April of 2016, after the YPG verified their bona fides.

A recent report by The Los Angeles Times claims that there are still “several dozen” Western volunteers embedded with anti-ISIS militias in Syria. They are doing so in the face of warnings by European and American government agencies that freelance participation in the Syrian civil war is a potentially punishable offense. The Times cited “local estimates” and spoke to Daman Frat, a YPG commander stationed in the eastern outskirts of Raqqa, who said that “several foreign volunteers” were embedded in YPG units. Most, though certainly not all of them, said Frat, had prior military experience. According to the paper, at least three Western volunteers, one British and two American citizens, have died in recent days, as YPG forces are closing in on the de facto ISIS capital. The US Departments of State and Defense, which are tacitly in support of the YPG and other Kurdish groups operating in Syria, did not comment on The Los Angeles Times report.

Author: Joseph Fitsanakis | Date: 20 July 2017 | Permalink

US plans to beef up Cyber Command, separate cyberwar operations from NSA

PentagonThe White House will soon announce its decision to strengthen the United States Cyber Command and separate cyber war operations from intelligence functions, according to insider reports. For many decades, the National Security Agency has been in charge of protecting America’s cyber network and combating online threats. But in 2009, the Administration of US President Barack Obama established a brand new Cyber Command, proposing that the online environment represented a new theater of war. Since that time, the US Department of Defense has been campaigning in favor of strengthening the new Cyber Command and completely removing it from the patronage of the NSA –despite the fact that the latter is also a Pentagon agency.

According to media reports, US President Donald Trump has decided to follow the Pentagon’s suggestion. After several months of delay, his administration is now preparing to announce a major reinforcement of the US Cyber Command, and a formal separation between its functions and those of the NSA. According to the American news network PBS, which broke the news on Monday, the idea behind the move is to give the Cyber Command more operational autonomy and to allow it to establish its own mission statement, which will be distinct from that of the NSA. The latter is an intelligence organization, which means that it primarily seeks to exploit adversary networks for purposes of collecting information. Broadly speaking, therefore, the NSA finds operational adversary cyber networks far more useful than destroyed networks. That tends to clash with the goals of the US Cyber Command, whose tactical goals often center on launching destructive attacks on enemy networks. It is believed that the impending change will allow it to do so without the interference of the NSA.

According to PBS, which cited anonymous sources in its report, the details of the separation “are still being worked out”. Furthermore, some observers caution that the Cyber Command will continue to rely on NSA technology and expertise for years to come, until it is able to carry its own weight. There is even less discussion about the view of the NSA on the matter, which some claim is notably negative. However, the move appears to have been decided, and the Cyber Command’s budget will be increased by nearly 20% to $647 million in the coming year, reflecting its elevated role in US defense.

Author: Joseph Fitsanakis | Date: 19 July 2017 | Permalink

US spies confirm Qatar’s claims that its media were hacked by Emirates to spark crisis

Sheikh Tamim Bin Hamad al-ThaniAmerican officials appear to confirm Qatar’s allegations that its news media were hacked by its Gulf adversaries, who then used the fake news posted by hackers to launch a massive campaign against it. Tensions between Qatar and other Muslim countries have risen since late May, when the country’s state-controlled news agency appeared to publish an incendiary interview with Qatar’s Emir, Sheikh Tamim Bin Hamad al-Thani. In the interview, which appeared on May 24, the sheikh appeared to praise Saudi regional rival Iran as a “great Islamic power” and to express support for the militant Palestinian group Hamas. On the following day, the United Arab Emirates, Egypt and Bahrain immediately banned all Qatari media —primarily Al Jazeera— from broadcasting in their territories and broke diplomatic relations with Doha. Later on, they declared a large-scale commercial embargo against the small oil kingdom. They have since threatened war unless Qatar changes its alleged support for Iran and for a number of militant groups in the region.

The Qatari government has dismissed the embargo as unjust and has claimed that Sheikh al-Thani’s controversial interview was fake, and was placed on the country’s state-owned news agency and social media as a result of a computer hack. It has also claimed to have evidence of a number of iPhones that were used from locations in Saudi Arabia and the Emirates to launch the hacks on its networks. Qatari officials have also said that an investigation into the incident is underway, but their claims have been criticized as outlandish by Qatar’s regional rivals.

Now, however, a report by The Washington Post claims that American officials have uncovered evidence that Qatar’s allegations of a computer hack are true. The paper cited “US intelligence and other officials” who spoke “on the condition of anonymity”. The officials said that US intelligence agencies recently became aware of a meeting of senior UAE state administrators that took place on May 23 in Abu Dhabi. At the meeting, the officials discussed a plan to hack Qatari news websites and social media, in order to post incendiary messages that could be used to spark a row between Qatar, the Saudi government and its allies. The alleged computer hacks is reported to have taken place on the following day. According to The Post, the only thing that US intelligence is unsure about is “whether the UAE carried out the hacks itself or contracted to have them done” by a third party.

The Post said that several US intelligence agencies, including the Central Intelligence Agency and the Federal Bureau of Investigation, refused to comment on its report. The paper received a response from the UAE embassy in Washington, DC, which said that the Emirates had “no role whatsoever in the alleged hacking described in the article”.

Author: Joseph Fitsanakis | Date: 18 July 2017 | Permalink

Senior Iraqi intelligence official rejects Russian claims that ISIS leader is dead

Abu Bakr al-BaghdadiA senior Iraqi intelligence official has rejected assurances given by Russia that Abu Bakr al-Baghdadi, the founder and leader of the Islamic State, is dead, insisting instead that the Iraqi-born cleric is alive in Syria. In mid- June, Russia’s Ministry of Defense said that, according to its sources, al-Baghdadi had been killed. Subsequently, many Russian officials and political figures appeared to confirm Moscow’s report. On January 23, Russian media quoted Viktor Ozerov, chairman of the Committee of National Defense of the Federation Council (the Russian Duma’s upper house) as saying that the likelihood that al-Baghdadi was dead was “close to 100 percent”. Last week, the British-based Syrian Observatory for Human Rights said it too was in a position to confirm that al-Baghdad had been killed, adding that the Islamic State had admitted as much in a statement issued to its senior commanders.

But Western governments, including the United States, have been reluctant to accept the Russian reports as accurate, saying that they prefer to wait for concrete proof of the Islamic State leader’s demise. On Sunday, the Iraqi government appeared to side with the skeptics. In an interview with the Baghdad-based daily Al-Sabah, senior Iraqi intelligence official Abu Ali al-Basri claimed al-Baghdadi was very much alive. Al-Basri, who supervises the Falcon Intelligence Cell, a US-trained counterterrorist unit operating under the Ministry of the Interior, said that the reports recently circulated about the rumored death of al-Baghdadi were “simply untrue”. He added that the founder of the Islamic State was “still living in Syria”, possibly at an Islamic State military facility on the outskirts of the organization’s de facto capital city of Raqqa.

Born in Iraq in 1971, al-Baghdadi has never been seen in public after his historic speech in June 2014, in which he proclaimed the creation of a so-called Islamic caliphate in Iraq and Syria. Speaking from the Grand Mosque in the old city of the Iraqi city of Mosul, which his forces had just conquered, al-Baghdadi issued a public call for supporters of the Islamic State around the world to join its ranks. But he never reappeared in public in the ensuing years, giving rise to occasional speculation that he may have been seriously wounded or even killed.

Author: Joseph Fitsanakis | Date: 17 July 2017 | Permalink

CIA whistleblower complains of seven-year inaction by Agency’s inspector general

CIAA contractor for the United States Central Intelligence Agency has complained in an interview that no action has been taken in the seven years since he revealed a “billion-dollar fraud” and “catastrophic intelligence failure” within the Agency’s ranks. John Reidy argues that his case illustrates the unreasonable delay that impedes investigations by whistleblowers like him inside the CIA. Individuals like him, he argues, are forced to seek justice through leaks to the media, something which could be avoided if the CIA’s Office of the Inspector General addressed concerns more promptly.

Reidy, 46, from Worcester in the US state of Massachusetts, joined the CIA in 2003, after graduating with a law degree from the University of San Francisco. But he left the agency soon after joining, initially to work for a security contractor before setting up his own company, Form III Defense Solutions. He continued to work with the CIA by subcontracting his services, focusing on Iran. Reidy’s company developed an intelligence study guide for Iran and advised the CIA on the use of human intelligence (known as HUMINT) in the Islamic Republic.

In 2010, Reidy submitted two complaints to the CIA’s Office of the Inspector General, the Agency’s internal watchdog that is tasked with investigating whistleblower allegations. The first issue related to what Reidy describes as large-scale “fraud between elements within the CIA and contractors”. The second issue involved a “massive [and] catastrophic” intelligence failure “due to a bungled foreign operation”. When he filed his concerns with the OIG, Reidy was hoping that attention would be given to his claims right away. However, seven years later, his case is still “gathering dust” at a CIA office, he says. When he realized that no progress had taken place in several years, a frustrated Reidy forwarded his case —which includes copies of 80 emails and nearly 60 other documents— to Senator Chuck Grassley, chairman of the US Senate Committee on the Judiciary. He also reached out to the McClatchy news service with his concerns.

The secrecy rules that apply to those who work for the US Intelligence Community prevent Reidy from disclosing details of the alleged fraud and intelligence failure, or from specifying the country in which these incidents took place —though it seems from his intelligence résumé  that they probably involve Iran. But in an interview with McClatchy news service, the intelligence contractor voiced grave concerns about the internal investigation process in the CIA. “I played by the rules [and] they are broken”, he said. “The public has to realize that whistleblowers [like me] can follow all the rules and nothing gets done”, added Reidy. He went on to warn that if the CIA does not improve its internal investigation system, leaks to the media “may grow worse”.

McClatchy contacted the CIA about Reidy’s concerns and was told by a spokesperson, Heather Fritz Horniak, that, “as a general matter, [the CIA does] not comment on ongoing litigation”.

Author: Joseph Fitsanakis | Date: 14 July 2017 | Permalink