North Korea is now robbing banks, says US intelligence official

North KoreaComments made by a senior American intelligence official on Tuesday appeared to suggest that the North Korean government was behind an attempt to steal nearly $1 billion from a Bangladeshi bank last year. The heist took place in February of 2016, when a computer malware was used to issue several requests to transfer funds from Bangladesh Bank —the state-owned central bank of Bangladesh— using the SWIFT network. The hackers were able to transfer five separate sums of $101 million each to a linked Bangladesh Bank account at New York’s Federal Reserve Bank. However, when further requests were issued, Federal Reserve Bank employees contacted Bangladesh Bank and blocked further transactions. Eventually, most of the transferred funds, which neared $1 billion, were recovered; but the hackers managed to get away with approximately $81 million worth of funds.

Forensic investigators described the heist as technically advanced. The antivirus company Symantec said it identified a piece of code in the malware that is known to have been used by North Korean government hackers in the past. Not everyone agreed with the claim that Pyongyang was behind the bank heist. But those who did, said that it was unprecedented in scope and aggressiveness. Some even said that the heist showed that North Korea’s cyber capabilities were among the most sophisticated and powerful in the world.

Meanwhile the United States government did not comment on the matter. However, this past Tuesday the deputy director of the National Security Agency appeared to confirm reports that North Korea was behind the Bangladesh Bank heist. Rick Ledgett, a 30-year veteran of the NSA, who is due to retire in 2018, was speaking at a public event hosted by the Aspen Institute in Washington, DC. He reminded the audience that private researchers had connected the malware code used in the Bangladesh Bank heist with that used in previous hacking attempts launched by North Korea. “If that linkage […] is accurate”, said Ledgett, it “means that a nation state is robbing banks”. When asked by the moderator whether he believes that to be the case, Ledgett responded “I do. And that’s a big deal”. Foreign Policy magazine reached out to Ledgett following his talk and asked him for clarification about his comments regarding the Bangladesh Bank heist. But the NSA official simply said that “the public case [about the heist] was well-made”. Foreign Policy also contacted the NSA, but the agency said it preferred not to comment on the matter.

Author: Joseph Fitsanakis | Date: 23 March 2017 | Permalink

Advertisements

FBI launches criminal investigation into WikiLeaks’ CIA disclosures

WikiLeaksThe United States federal government has launched a criminal investigation into the public disclosure of thousands of documents that purportedly belong to the Central Intelligence Agency. The documents were released on Tuesday by the anti-secrecy website WikiLeaks. They reveal what appear to be technical collection methods used by the CIA to extract information from digital applications and electronic devices, ranging from flash drives to smart screen televisions. WikiLeaks named the collection “Vault 7”, and said that it consists of nearly 8,000 web pages and 1,000 attachments. It also said that its editors redacted hundreds of pages of computer code, in order to prevent the public release of advanced cyberweapons allegedly used by the CIA to sabotage electronic devices and systems.

On Wednesday, former director of the CIA Michael Hayden told the BBC that the disclosure appeared “incredibly damaging”, because it revealed some of the methods that the CIA uses to acquire information. But some cybersecurity experts said that the techniques contained in the leaked documents did not appear to be uniquely advanced, and most focused on exploiting technical vulnerabilities that were generally known. Still, The New York Times reported on Wednesday that the CIA had begun to assess the damage caused by the release. The agency was also trying to contain the extent of the damage, and had even “halt[ed] work on some projects”, said The Times. Officials from the CIA are reportedly in communication with the Federal Bureau of Investigation, which on Wednesday launched a criminal investigation into the “Vault 7” release.

The main purpose of the FBI investigation is to find out how WikiLeaks acquired the files. The website said that the documents were leaked by a CIA contractor, which would imply that they were accessed from a server outside the CIA’s computer network. However, federal investigators are not excluding the possibility that the leaker of the information may be a full-time CIA employee. Reports suggest that the FBI is preparing to conduct hundreds, and possibly thousands, of interviews with individuals who are believed to have had access to the documents that were released by WikiLeaks. Meanwhile, neither the FBI nor the CIA have commented on the authenticity of the information contained in “Vault 7”. WikiLeaks said that Tuesday’s release, which it codenamed “Year Zero”, was the first part of several installments of documents that will be released under its Vault 7 program.

Author: Joseph Fitsanakis | Date: 09 March 2017 | Permalink

Files released by WikiLeaks show advanced CIA technical collection methods

Julian AssangeThousands of documents belonging to the United States Central Intelligence Agency, which were released on Tuesday by the international anti-secrecy website WikiLeaks, are almost certainly genuine. They reveal an entire universe of technical intelligence collection methods used by the CIA to extract information from digital applications and electronic devices, ranging from flash drives to smart screen televisions. WikiLeaks named the collection Vault 7, and said that it consists of nearly 8,000 web pages and 1,000 attachments. It also said that its editors redacted hundreds of pages of computer code, in order to prevent the public release of advanced cyberweapons that are allegedly used by the CIA to sabotage electronic devices and systems.

The information contained in the leaked documents is almost certainly genuine, and most likely belongs to the CIA —though many of the programs listed may be jointly run by the CIA and the National Security Agency (NSA). These programs, with names such as McNUGGET, CRUNCHYLIMESKIES, ELDERPIGGY, ANGERQUAKE and WRECKINGCREW, appear to be designed to compromise computer systems using a series of sophisticated methods that force entry or exploit built-in vulnerabilities or systems. Targets include popular communications systems like Skype and WhatsApp, smartphones produced by Google and Apple, commercial software like PDF and Microsoft Windows, and even so-called smart televisions that connect to the Internet.

The WikiLeaks revelations are most likely related to operations conducted under the auspices of the Special Collection Service (SCS), a joint CIA/NSA program that dates to the earliest days of the Cold War. The program was started by the United States Armed Forces but was eventually transferred to civilian hands and monitored by the CIA. It used advanced communications-interception facilities around the world to collect information. Over the years, the CIA collaborated with the NSA and developed many SCS projects targeting several foreign countries using technical and human means. In recent years the SCS has been primarily operated by the NSA, which oversees the program’s technical platforms.

WikiLeaks did not reveal the source of the documents. But it said that they had been “circulated [by the CIA] among former US government hackers and contractors” and that it was one of the latter that leaked them to the anti-secrecy website. A statement by WikiLeaks said that Tuesday’s release, which it codenamed “Year Zero”, was part one of several installments of documents that will be released under its Vault 7 program. The site also claimed that the information in “Year Zero” has “eclipsed the total number of pages published over the first three years of the Edward Snowden NSA leaks”. The CIA, the NSA and the White House have not commented on this development.

Author: Joseph Fitsanakis | Date: 08 March 2017 | Permalink

British intelligence ‘among the first’ to notify US about Russian hacking

MI6British intelligence agencies gave their United States counterparts an early warning about Russian attempts to influence the outcome of the American presidential election, according to The New York Times. The American newspaper cited “two people familiar with the conclusions” of a US intelligence report, who said that British spies helped “raise the alarm” in Washington about Russian hacking. The Times were referring to a classified US intelligence report that purports to prove that Moscow tried to skew the US election results in favor of Republican Party nominee Donald Trump. The report, parts of which have been released to the public, was shared with Trump in a secret meeting with US intelligence officials last week.

Interestingly, media reports suggest that US intelligence agencies were not aware of the severity of Russian hacking operations until they were notified by allied intelligence agencies. British spy agencies were “among the first” to tell their transatlantic partners that Moscow was engaged in an allegedly large-scale operation against American political parties and institutions. According to The Times, British intelligence reports mentioned Russian hacking operations against the Democratic National Committee in Washington, DC, as well as against senior officials in the Democratic Party. There is no mention in the report about how the British acquired the information. The London-based newspaper The Guardian speculates that British intelligence agencies picked up clues by monitoring Russian government communications (voice intercepts and computer traffic). However, the possibility that the information was acquired through an agent should not be ruled out.

According to the British newspaper, government officials in London were “alarmed” by the close contacts between Moscow and the inner circle of Donald Trump’s campaign. They even contacted the Federal Bureau of Investigation and passed information about what The Guardian describes as “the depth and nature of contacts” between the Russian government and the Trump campaign. There is no information, however, about whether the FBI did anything with that information. Meanwhile, the British government is eager to cultivate good relations with the US president-elect, despite concerns in Whitehall about the close Russian connections of the incoming American administration. London needs Washington’s support as it is disengaging from the European Union, says The Guardian.

Author: Joseph Fitsanakis | Date: 9 January 2017 | Permalink

Analysis: US expulsion of Russian spies is mostly symbolic, aimed domestically

Russian embassy in WashingtonThere had been rumors for some time about a possible expulsion of Russian diplomats from the United States, in response to alleged Russian interference in the 2016 US Presidential election. The White House confirmed the rumors on Thursday morning, by announcing the expulsion of 35 accredited Russian diplomats from the US, and the reclamation of two “recreational facilities” used by Russian diplomats in New York and Maryland. Washington said the Russian diplomats are spies operating under diplomatic cover and that the recreational facilities were being “used for Russian intelligence activities”. Although the sanctions may seem significant at first, they are mostly symbolic, and their impact will be temporary and limited. They may even end up hurting the United States more than Russia.

As I told Newsweek‘s intelligence correspondent Jeff Stein earlier today, the current size of Russia’s human-intelligence presence in the United States is estimated at more than 100 officers. Therefore, the expulsion of a third of those operatives will set back Russian human-intelligence activities on US soil —but only temporarily, since most of the expelled officers will be replaced in time. Moreover, Moscow will probably respond in kind, so Washington is likely to suffer a proportional reduction of its human-intelligence presence in Russia. That could hurt the US more than Russia, because the American human-intelligence presence in Russia is smaller and more needed in a relatively closed society as Russia’s. Thus, a proportional expulsion of Russian and American spies from each other’s territory may actually harm Washington more than Moscow.

In reality, the expulsions and sanctions pertain more to domestic American politics than foreign policy. They are designed to place the incoming president, Donald Trump, who is seen as a friend of Russia, in a difficult position, by further-complicating Russian-American relations in the last weeks of President Barack Obama’s Administration. These measures should arguably have been implemented much earlier this year, and certainly before November 8, when they may have had some impact. At this late stage, they can hardly be taken seriously, given the inconsistency in US national policy toward Russia, as shown in the differing viewpoints of the Obama and Trump teams.

Assuming that Russia was indeed behind a systematic effort to influence the 2016 US Presidential election, it has already achieved one of its main goals. It was to weaken the reputation of American political institutions as a whole and to divide America by intensifying the already growing mistrust between American —and by extension Western— civil society and its political institutions. Moscow will see the US response, such as it is, as a price worth paying, given the broader accomplishments of its covert operation against US democracy.

Author: Joseph Fitsanakis | Date: 29 December 2016 | Permalink

Russia says it foiled major foreign cyber attack on its financial system

FSB - IARussian authorities say they prevented a large-scale cyber attack by “a foreign intelligence service”, which had been designed to destabilize the country’s financial system and subvert its economy. In an official statement published on its website last week, Russia’s Federal Security Service (FSB) said the perpetrators of the foiled attack had planned to carry it out on December 5. The spy agency, which stems from the Soviet-era KGB, said that the cyber attack had been designed to bring down computer systems belonging to some of Russia’s largest banking institutions.

Text to the statement by the FSB, the planned attack consisted of several components. One component included the use of social media and text messages to be spread through the mobile phone system. The goal was to spread rumors claiming that Russia’s financial system was facing imminent collapse and create panic in the Russian stock exchange. The FSB alleged that several large cities throughout Russia were to be targeted under the foiled plan. The spy agency claimed that the attack originated from a “foreign intelligence service”, but did not identify any countries as culprits of the operation. However, it said that a Ukrainian web hosting company had been used as a base from which to launch the attack through servers located in the Netherlands. On Friday, the Ukrainian web host, BlazingFast, denied that its systems had been used to prepare an attack on the Russian financial sector. In a statement published on Facebook, the company said it had not been contacted by Russian authorities, and assumed that the FSB had “been able to handle the situation without the need of BlazingFast’s cooperation”. It added that it was willing “to cooperate with any legal entity” to investigate Russia’s accusations.

In August of this year, the FSB disclosed that “a meticulously coded and sophisticated virus” had been found on the computer networks of at least 20 major Russian agencies and organizations. As intelNews reported at the time, the targets appeared to have been carefully selected by the malware’s authors. They included government bodies, weapons laboratories and defense contractors located throughout Russia.

Author: Ian Allen | Date: 06 December | Permalink

Joint British-American operation has decimated Islamic State’s cyber force

Computer hackingCoordinated efforts by Anglo-American military and intelligence agencies have resulted in the killing or capturing of nearly every senior commander of the Islamic State’s online force. The close-knit group of Islamic State hackers and online propagandists, which are informally known as “the Legion”, is responsible for hacking and online recruitment incidents that led to several lone-wolf attacks in the West. In one incident in March of 2015, the Legion claimed responsibility for the unauthorized release of personal details of over 1,300 American government employees, with orders to Islamic State volunteers to kill them. In other instances, Legion operatives reached out to impressionable young men and women in Western Europe and the United States and convinced them to move to Syria or conduct attacks at home.

According to The New York Times, which published an article last week about the current state of the Legion, in the early days of its emergence the group was viewed as a law enforcement problem. However, there were several successful and unsuccessful attacks by lone-wolf actors in the United States during the summer of 2015. According to The Times, the Federal Bureau of Investigation became overwhelmed and “was struggling to keep pace with the threat” posed by the Islamic State on the domestic front. It therefore pressed the US Department of Defense to help tackle the problem at its source. The DoD then teamed up with the British government, which was monitoring the Legion due to many of its members being British-born subjects. The two governments embarked on a “secretive campaign”, which has led to the capture of nearly 100 individuals associated with the Legion in less than two years. Another 12 members of the group, who had senior positions, have been killed in targeted drone strikes since the summer of 2015, says The Times.

The joint Anglo-American operation is allegedly responsible for the recent drop in terrorist activity instigated by the Islamic State in the West. It appears, says the paper, that the Islamic State is failing to replace the captured or killed members of the Legion with equally skilled operatives, which may point to the desperate state of the organization. But the Islamic State continues to operate a relatively sophisticated media arm, according to US government officials, and its media reach should not be underestimated, even as it is losing ground in Syria and Iraq.

Author: Joseph Fitsanakis | Date: 28 November 2016 | Permalink