British intelligence ‘among the first’ to notify US about Russian hacking

MI6British intelligence agencies gave their United States counterparts an early warning about Russian attempts to influence the outcome of the American presidential election, according to The New York Times. The American newspaper cited “two people familiar with the conclusions” of a US intelligence report, who said that British spies helped “raise the alarm” in Washington about Russian hacking. The Times were referring to a classified US intelligence report that purports to prove that Moscow tried to skew the US election results in favor of Republican Party nominee Donald Trump. The report, parts of which have been released to the public, was shared with Trump in a secret meeting with US intelligence officials last week.

Interestingly, media reports suggest that US intelligence agencies were not aware of the severity of Russian hacking operations until they were notified by allied intelligence agencies. British spy agencies were “among the first” to tell their transatlantic partners that Moscow was engaged in an allegedly large-scale operation against American political parties and institutions. According to The Times, British intelligence reports mentioned Russian hacking operations against the Democratic National Committee in Washington, DC, as well as against senior officials in the Democratic Party. There is no mention in the report about how the British acquired the information. The London-based newspaper The Guardian speculates that British intelligence agencies picked up clues by monitoring Russian government communications (voice intercepts and computer traffic). However, the possibility that the information was acquired through an agent should not be ruled out.

According to the British newspaper, government officials in London were “alarmed” by the close contacts between Moscow and the inner circle of Donald Trump’s campaign. They even contacted the Federal Bureau of Investigation and passed information about what The Guardian describes as “the depth and nature of contacts” between the Russian government and the Trump campaign. There is no information, however, about whether the FBI did anything with that information. Meanwhile, the British government is eager to cultivate good relations with the US president-elect, despite concerns in Whitehall about the close Russian connections of the incoming American administration. London needs Washington’s support as it is disengaging from the European Union, says The Guardian.

Author: Joseph Fitsanakis | Date: 9 January 2017 | Permalink

Analysis: US expulsion of Russian spies is mostly symbolic, aimed domestically

Russian embassy in WashingtonThere had been rumors for some time about a possible expulsion of Russian diplomats from the United States, in response to alleged Russian interference in the 2016 US Presidential election. The White House confirmed the rumors on Thursday morning, by announcing the expulsion of 35 accredited Russian diplomats from the US, and the reclamation of two “recreational facilities” used by Russian diplomats in New York and Maryland. Washington said the Russian diplomats are spies operating under diplomatic cover and that the recreational facilities were being “used for Russian intelligence activities”. Although the sanctions may seem significant at first, they are mostly symbolic, and their impact will be temporary and limited. They may even end up hurting the United States more than Russia.

As I told Newsweek‘s intelligence correspondent Jeff Stein earlier today, the current size of Russia’s human-intelligence presence in the United States is estimated at more than 100 officers. Therefore, the expulsion of a third of those operatives will set back Russian human-intelligence activities on US soil —but only temporarily, since most of the expelled officers will be replaced in time. Moreover, Moscow will probably respond in kind, so Washington is likely to suffer a proportional reduction of its human-intelligence presence in Russia. That could hurt the US more than Russia, because the American human-intelligence presence in Russia is smaller and more needed in a relatively closed society as Russia’s. Thus, a proportional expulsion of Russian and American spies from each other’s territory may actually harm Washington more than Moscow.

In reality, the expulsions and sanctions pertain more to domestic American politics than foreign policy. They are designed to place the incoming president, Donald Trump, who is seen as a friend of Russia, in a difficult position, by further-complicating Russian-American relations in the last weeks of President Barack Obama’s Administration. These measures should arguably have been implemented much earlier this year, and certainly before November 8, when they may have had some impact. At this late stage, they can hardly be taken seriously, given the inconsistency in US national policy toward Russia, as shown in the differing viewpoints of the Obama and Trump teams.

Assuming that Russia was indeed behind a systematic effort to influence the 2016 US Presidential election, it has already achieved one of its main goals. It was to weaken the reputation of American political institutions as a whole and to divide America by intensifying the already growing mistrust between American —and by extension Western— civil society and its political institutions. Moscow will see the US response, such as it is, as a price worth paying, given the broader accomplishments of its covert operation against US democracy.

Author: Joseph Fitsanakis | Date: 29 December 2016 | Permalink

Russia says it foiled major foreign cyber attack on its financial system

FSB - IARussian authorities say they prevented a large-scale cyber attack by “a foreign intelligence service”, which had been designed to destabilize the country’s financial system and subvert its economy. In an official statement published on its website last week, Russia’s Federal Security Service (FSB) said the perpetrators of the foiled attack had planned to carry it out on December 5. The spy agency, which stems from the Soviet-era KGB, said that the cyber attack had been designed to bring down computer systems belonging to some of Russia’s largest banking institutions.

Text to the statement by the FSB, the planned attack consisted of several components. One component included the use of social media and text messages to be spread through the mobile phone system. The goal was to spread rumors claiming that Russia’s financial system was facing imminent collapse and create panic in the Russian stock exchange. The FSB alleged that several large cities throughout Russia were to be targeted under the foiled plan. The spy agency claimed that the attack originated from a “foreign intelligence service”, but did not identify any countries as culprits of the operation. However, it said that a Ukrainian web hosting company had been used as a base from which to launch the attack through servers located in the Netherlands. On Friday, the Ukrainian web host, BlazingFast, denied that its systems had been used to prepare an attack on the Russian financial sector. In a statement published on Facebook, the company said it had not been contacted by Russian authorities, and assumed that the FSB had “been able to handle the situation without the need of BlazingFast’s cooperation”. It added that it was willing “to cooperate with any legal entity” to investigate Russia’s accusations.

In August of this year, the FSB disclosed that “a meticulously coded and sophisticated virus” had been found on the computer networks of at least 20 major Russian agencies and organizations. As intelNews reported at the time, the targets appeared to have been carefully selected by the malware’s authors. They included government bodies, weapons laboratories and defense contractors located throughout Russia.

Author: Ian Allen | Date: 06 December | Permalink

Joint British-American operation has decimated Islamic State’s cyber force

Computer hackingCoordinated efforts by Anglo-American military and intelligence agencies have resulted in the killing or capturing of nearly every senior commander of the Islamic State’s online force. The close-knit group of Islamic State hackers and online propagandists, which are informally known as “the Legion”, is responsible for hacking and online recruitment incidents that led to several lone-wolf attacks in the West. In one incident in March of 2015, the Legion claimed responsibility for the unauthorized release of personal details of over 1,300 American government employees, with orders to Islamic State volunteers to kill them. In other instances, Legion operatives reached out to impressionable young men and women in Western Europe and the United States and convinced them to move to Syria or conduct attacks at home.

According to The New York Times, which published an article last week about the current state of the Legion, in the early days of its emergence the group was viewed as a law enforcement problem. However, there were several successful and unsuccessful attacks by lone-wolf actors in the United States during the summer of 2015. According to The Times, the Federal Bureau of Investigation became overwhelmed and “was struggling to keep pace with the threat” posed by the Islamic State on the domestic front. It therefore pressed the US Department of Defense to help tackle the problem at its source. The DoD then teamed up with the British government, which was monitoring the Legion due to many of its members being British-born subjects. The two governments embarked on a “secretive campaign”, which has led to the capture of nearly 100 individuals associated with the Legion in less than two years. Another 12 members of the group, who had senior positions, have been killed in targeted drone strikes since the summer of 2015, says The Times.

The joint Anglo-American operation is allegedly responsible for the recent drop in terrorist activity instigated by the Islamic State in the West. It appears, says the paper, that the Islamic State is failing to replace the captured or killed members of the Legion with equally skilled operatives, which may point to the desperate state of the organization. But the Islamic State continues to operate a relatively sophisticated media arm, according to US government officials, and its media reach should not be underestimated, even as it is losing ground in Syria and Iraq.

Author: Joseph Fitsanakis | Date: 28 November 2016 | Permalink

France’s ex-cyber spy chief speaks candidly about hacking operations

Bernard BarbierThe former director of France’s cyber spy agency has spoken candidly about the recent activities and current state of French cyber espionage, admitting for the first time that France engages in offensive cyber operations. Between 2006 and 2013, Bernard Barbier was director of the technical division of the General Directorate for External Security, France’s external intelligence agency, which is commonly known as DGSE. During his tenure at DGSE, the organization’s technical division witnessed unprecedented financial and administrative growth. Today it is said to employ over 2500 people, nearly half of DGSE’s total personnel.

Earlier this month, Barbier was interviewed on stage during a symposium held by the CentraleSupélec, a top French engineering university based in Paris. He spoke with surprising candor about France’s cyber espionage operations. In the first part of his interview, which can be watched on YouTube, he recounted the history of what he described as “France’s cyber army”. He said that France began to build “teams of hackers” in 1992. Around that time, the DGSE purchased an American-built Cray supercomputer, said Barbier, and soon discovered that it could use the machine’s immense computing power to break passwords. More recently, said the former cyber spy chief, the DGSE has been trying to “catch up” with its American and British counterparts, the National Security Agency and the Government Communications Headquarters, by increasing its annual budget to over half a billion and hiring hundreds of young hackers. Many of these new employees have little to no university education, said Barbier, and are instead self-taught, having started hacking in their teenage years.

Like most governments, France will not officially admit to conducting offensive cyber operations using computer hacking and other techniques. But Barbier said during his interview that France was behind an offensive cyber operation that targeted Iran in 2009. He added that the DGSE has also directed cyber operations against Canada, Ivory Coast, Algeria, Norway, as well as its European Union partners Spain and Greece. He also complained that French government executives do not understand the importance of cyber operations and are not aiming high enough when it comes to planning, direction and hiring. The DGSE’s technical division still needs between 200 and 300 more staff members, Barbier argued in his interview.

Author: Joseph Fitsanakis | Date: 16 September 2016 | Permalink

FBI arrests two more members of hacker group that targeted CIA director

Computer hackingTwo more members of a computer hacker group that targeted senior United States intelligence officials, including the director of the Central Intelligence Agency, have been arrested by the Federal Bureau of Investigation. The arrests of Justin Liverman, 24, and Andrew Boggs, 22, took place on Thursday in Morehead City and North Wilkesboro, in the US state of North Carolina. They are accused by the FBI of being members of Crackas With Attitude (CWA) an international group of computer hackers that specialized in targeting American intelligence and law enforcement officials.

Last October, the international whistleblower website WikiLeaks published personal emails and documents belonging to CIA Director John Brennan. The documents included a 47-page application for security clearance that Brennan had submitted to the US government a few years earlier. It was apparently found on his personal America Online (AOL) email account, which had been hacked by the CWA hacker group. Members of the group, who are all in their late teens or early 20s, routinely employed a method known as ‘social engineering’ to gain access to their victims’ information. The method refers to impersonating technicians or other service provider company personnel to gain access to private email or telephone accounts.

CWA members used these techniques to target dozens of senior US government officials from October 2015 until February 2016. Their targets included the Director of National Intelligence James Clapper and the Deputy Director of the FBI, Mark Giuliano. The hackers also gained access to electronic databases belonging to the US Department of Justice, from where they obtained the names, personal telephone numbers and home addresses of nearly 30,000 employees of the FBI and the Department of Homeland Security. That information was eventually published online by the hacker group.

In February, a 16-year-old hacker known as ‘Cracka’, who is the purported ringleader of CWA, and whose name cannot be released due to his young age, was arrested in the East Midlands region of Britain. It is believed that information on the teenager’s electronic devices eventually led the FBI to the capture of Liverman and Boggs. The two men have been charged with computer crime and are expected to appear in court in the US state of Virginia next week.

Author: Joseph Fitsanakis | Date: 09 September 2016 | Permalink

Sophisticated spy malware found on Russian government computers

FSB - IAAccording to the predominant media narrative, the United States is constantly defending itself against cyber-attacks from countries like China and Russia. But, as intelNews has argued for years, this narrative is misleading. Recent intelligence disclosures clearly show that the US cyber-security posture is as offensive as that of its major adversaries. Additionally, China and Russia have to defend their computer networks as much as America does. Last weekend’s report from Moscow helps restore some of the balance that is missing from media reporting on cyber-security. According to the Russian Federal Security Service (FSB), a meticulously coded and sophisticated virus has been found on the computer networks of at least 20 major Russian agencies and organizations. The targets appear to have been carefully selected by the malware’s authors. They include government bodies, weapons laboratories and defense contractors located throughout Russia.

The FSB said that once installed, the virus gave its handler control of the infected computer system. It permitted an outside hacker to turn on a computer’s microphone or camera, and capture screenshots. It also stealthily installed keylogging software, thus allowing an outside party to monitor keyboard strokes on an infected system. Based on its functions, the malicious software seems to be designed to conduct deep surveillance on infected computers and their physical surroundings. The FSB would not attribute the malware to a specific hacking group or nation. But it said it believed that the malware attack was “coordinated”, “planned and planned professionally”. It also said that the coding of the virus “required considerable expertise”. In a brief statement released Saturday, the FSB said that aspects of the coding of the virus, as well as other identifying information, resembled those detected in preceding hacking attacks on computer servers in Russia and other countries. The statement did not elaborate, however.

The news about hacked Russian computers comes less than two weeks after it was claimed that Russian government-backed hackers stole electronic data belonging to the Democratic National Convention (DNC) in the United States. The Democratic Party’s presidential candidate, Hillary Clinton, publicly accused the Russian government of orchestrating the hacking of the DNC computer systems in an attempt to damage her campaign.

Author: Ian Allen | Date: 01 August 2016 | Permalink