Russia says it foiled major foreign cyber attack on its financial system

FSB - IARussian authorities say they prevented a large-scale cyber attack by “a foreign intelligence service”, which had been designed to destabilize the country’s financial system and subvert its economy. In an official statement published on its website last week, Russia’s Federal Security Service (FSB) said the perpetrators of the foiled attack had planned to carry it out on December 5. The spy agency, which stems from the Soviet-era KGB, said that the cyber attack had been designed to bring down computer systems belonging to some of Russia’s largest banking institutions.

Text to the statement by the FSB, the planned attack consisted of several components. One component included the use of social media and text messages to be spread through the mobile phone system. The goal was to spread rumors claiming that Russia’s financial system was facing imminent collapse and create panic in the Russian stock exchange. The FSB alleged that several large cities throughout Russia were to be targeted under the foiled plan. The spy agency claimed that the attack originated from a “foreign intelligence service”, but did not identify any countries as culprits of the operation. However, it said that a Ukrainian web hosting company had been used as a base from which to launch the attack through servers located in the Netherlands. On Friday, the Ukrainian web host, BlazingFast, denied that its systems had been used to prepare an attack on the Russian financial sector. In a statement published on Facebook, the company said it had not been contacted by Russian authorities, and assumed that the FSB had “been able to handle the situation without the need of BlazingFast’s cooperation”. It added that it was willing “to cooperate with any legal entity” to investigate Russia’s accusations.

In August of this year, the FSB disclosed that “a meticulously coded and sophisticated virus” had been found on the computer networks of at least 20 major Russian agencies and organizations. As intelNews reported at the time, the targets appeared to have been carefully selected by the malware’s authors. They included government bodies, weapons laboratories and defense contractors located throughout Russia.

Author: Ian Allen | Date: 06 December | Permalink

Joint British-American operation has decimated Islamic State’s cyber force

Computer hackingCoordinated efforts by Anglo-American military and intelligence agencies have resulted in the killing or capturing of nearly every senior commander of the Islamic State’s online force. The close-knit group of Islamic State hackers and online propagandists, which are informally known as “the Legion”, is responsible for hacking and online recruitment incidents that led to several lone-wolf attacks in the West. In one incident in March of 2015, the Legion claimed responsibility for the unauthorized release of personal details of over 1,300 American government employees, with orders to Islamic State volunteers to kill them. In other instances, Legion operatives reached out to impressionable young men and women in Western Europe and the United States and convinced them to move to Syria or conduct attacks at home.

According to The New York Times, which published an article last week about the current state of the Legion, in the early days of its emergence the group was viewed as a law enforcement problem. However, there were several successful and unsuccessful attacks by lone-wolf actors in the United States during the summer of 2015. According to The Times, the Federal Bureau of Investigation became overwhelmed and “was struggling to keep pace with the threat” posed by the Islamic State on the domestic front. It therefore pressed the US Department of Defense to help tackle the problem at its source. The DoD then teamed up with the British government, which was monitoring the Legion due to many of its members being British-born subjects. The two governments embarked on a “secretive campaign”, which has led to the capture of nearly 100 individuals associated with the Legion in less than two years. Another 12 members of the group, who had senior positions, have been killed in targeted drone strikes since the summer of 2015, says The Times.

The joint Anglo-American operation is allegedly responsible for the recent drop in terrorist activity instigated by the Islamic State in the West. It appears, says the paper, that the Islamic State is failing to replace the captured or killed members of the Legion with equally skilled operatives, which may point to the desperate state of the organization. But the Islamic State continues to operate a relatively sophisticated media arm, according to US government officials, and its media reach should not be underestimated, even as it is losing ground in Syria and Iraq.

Author: Joseph Fitsanakis | Date: 28 November 2016 | Permalink

France’s ex-cyber spy chief speaks candidly about hacking operations

Bernard BarbierThe former director of France’s cyber spy agency has spoken candidly about the recent activities and current state of French cyber espionage, admitting for the first time that France engages in offensive cyber operations. Between 2006 and 2013, Bernard Barbier was director of the technical division of the General Directorate for External Security, France’s external intelligence agency, which is commonly known as DGSE. During his tenure at DGSE, the organization’s technical division witnessed unprecedented financial and administrative growth. Today it is said to employ over 2500 people, nearly half of DGSE’s total personnel.

Earlier this month, Barbier was interviewed on stage during a symposium held by the CentraleSupélec, a top French engineering university based in Paris. He spoke with surprising candor about France’s cyber espionage operations. In the first part of his interview, which can be watched on YouTube, he recounted the history of what he described as “France’s cyber army”. He said that France began to build “teams of hackers” in 1992. Around that time, the DGSE purchased an American-built Cray supercomputer, said Barbier, and soon discovered that it could use the machine’s immense computing power to break passwords. More recently, said the former cyber spy chief, the DGSE has been trying to “catch up” with its American and British counterparts, the National Security Agency and the Government Communications Headquarters, by increasing its annual budget to over half a billion and hiring hundreds of young hackers. Many of these new employees have little to no university education, said Barbier, and are instead self-taught, having started hacking in their teenage years.

Like most governments, France will not officially admit to conducting offensive cyber operations using computer hacking and other techniques. But Barbier said during his interview that France was behind an offensive cyber operation that targeted Iran in 2009. He added that the DGSE has also directed cyber operations against Canada, Ivory Coast, Algeria, Norway, as well as its European Union partners Spain and Greece. He also complained that French government executives do not understand the importance of cyber operations and are not aiming high enough when it comes to planning, direction and hiring. The DGSE’s technical division still needs between 200 and 300 more staff members, Barbier argued in his interview.

Author: Joseph Fitsanakis | Date: 16 September 2016 | Permalink

FBI arrests two more members of hacker group that targeted CIA director

Computer hackingTwo more members of a computer hacker group that targeted senior United States intelligence officials, including the director of the Central Intelligence Agency, have been arrested by the Federal Bureau of Investigation. The arrests of Justin Liverman, 24, and Andrew Boggs, 22, took place on Thursday in Morehead City and North Wilkesboro, in the US state of North Carolina. They are accused by the FBI of being members of Crackas With Attitude (CWA) an international group of computer hackers that specialized in targeting American intelligence and law enforcement officials.

Last October, the international whistleblower website WikiLeaks published personal emails and documents belonging to CIA Director John Brennan. The documents included a 47-page application for security clearance that Brennan had submitted to the US government a few years earlier. It was apparently found on his personal America Online (AOL) email account, which had been hacked by the CWA hacker group. Members of the group, who are all in their late teens or early 20s, routinely employed a method known as ‘social engineering’ to gain access to their victims’ information. The method refers to impersonating technicians or other service provider company personnel to gain access to private email or telephone accounts.

CWA members used these techniques to target dozens of senior US government officials from October 2015 until February 2016. Their targets included the Director of National Intelligence James Clapper and the Deputy Director of the FBI, Mark Giuliano. The hackers also gained access to electronic databases belonging to the US Department of Justice, from where they obtained the names, personal telephone numbers and home addresses of nearly 30,000 employees of the FBI and the Department of Homeland Security. That information was eventually published online by the hacker group.

In February, a 16-year-old hacker known as ‘Cracka’, who is the purported ringleader of CWA, and whose name cannot be released due to his young age, was arrested in the East Midlands region of Britain. It is believed that information on the teenager’s electronic devices eventually led the FBI to the capture of Liverman and Boggs. The two men have been charged with computer crime and are expected to appear in court in the US state of Virginia next week.

Author: Joseph Fitsanakis | Date: 09 September 2016 | Permalink

Sophisticated spy malware found on Russian government computers

FSB - IAAccording to the predominant media narrative, the United States is constantly defending itself against cyber-attacks from countries like China and Russia. But, as intelNews has argued for years, this narrative is misleading. Recent intelligence disclosures clearly show that the US cyber-security posture is as offensive as that of its major adversaries. Additionally, China and Russia have to defend their computer networks as much as America does. Last weekend’s report from Moscow helps restore some of the balance that is missing from media reporting on cyber-security. According to the Russian Federal Security Service (FSB), a meticulously coded and sophisticated virus has been found on the computer networks of at least 20 major Russian agencies and organizations. The targets appear to have been carefully selected by the malware’s authors. They include government bodies, weapons laboratories and defense contractors located throughout Russia.

The FSB said that once installed, the virus gave its handler control of the infected computer system. It permitted an outside hacker to turn on a computer’s microphone or camera, and capture screenshots. It also stealthily installed keylogging software, thus allowing an outside party to monitor keyboard strokes on an infected system. Based on its functions, the malicious software seems to be designed to conduct deep surveillance on infected computers and their physical surroundings. The FSB would not attribute the malware to a specific hacking group or nation. But it said it believed that the malware attack was “coordinated”, “planned and planned professionally”. It also said that the coding of the virus “required considerable expertise”. In a brief statement released Saturday, the FSB said that aspects of the coding of the virus, as well as other identifying information, resembled those detected in preceding hacking attacks on computer servers in Russia and other countries. The statement did not elaborate, however.

The news about hacked Russian computers comes less than two weeks after it was claimed that Russian government-backed hackers stole electronic data belonging to the Democratic National Convention (DNC) in the United States. The Democratic Party’s presidential candidate, Hillary Clinton, publicly accused the Russian government of orchestrating the hacking of the DNC computer systems in an attempt to damage her campaign.

Author: Ian Allen | Date: 01 August 2016 | Permalink

Islamic State’s online army is a Russian front, says German intelligence

Cyber CaliphateA German intelligence report alleges that the so-called ‘Cyber Caliphate’, the online hacker wing of the Islamic State, is in fact a Russian front, ingeniously conceived to permit Moscow to hack Western targets without retaliation. The group calling itself Cyber Caliphate first appeared in early 2014, purporting to operate as the online wing of the Islamic State of Iraq and Syria (ISIS), later renamed Islamic State. Today the Cyber Caliphate boasts a virtual army of hackers from dozens of countries, who are ostensibly operating as the online arm of the Islamic State. Their known activities include a strong and often concentrated social media presence, and computer hacking, primarily in the form of cyber espionage and cyber sabotage.

Since its inception, the Cyber Caliphate has claimed responsibility for hacking a number of European government agencies and private media outlets. Its targets include the BBC and French television channel TV5 Monde, which was severely impacted by cyber sabotage in April of 2015. The Cyber Caliphate said it was also behind attacks on the servers of the United States Federal Bureau of Investigation, the Department of Defense, and the website of the Pentagon’s US Central Command. The US has since retaliated, both with cyber attacks and physical strikes. One such strike resulted in the killing of Junaid Hussain, a British hacker of Pakistani background, who was said to be among the Cyber Caliphate’s senior commanders. Hussain, 21, was reportedly killed in August 2015 in Raqqa, the Islamic State’s de facto capital in Syria, reportedly after clicking on a compromised link in an email, which gave away his physical whereabouts.

Now, however, a German intelligence report claims that the Cyber Caliphate is not associated with the Islamic State, but is rather a fictitious front group created by Russia. According to German newsmagazine Der Spiegel, which said it had seen the classified report, German authorities suggest that the Cyber Caliphate is in fact a project of APT28 (also known as ‘Pawn Storm’), a notorious Russian hacking collective with close ties to Russian intelligence. The German intelligence report echoes previous assessments by French authorities, which in 2015 stated that the TV5 Monde cyber attack was a false flag operation orchestrated by APT28. Also in 2015, a security report by the US State Department concluded that despite the Cyber Caliphate’s proclamations of connections to the Islamic State, there were “no indications —technical or otherwise— that the groups are tied”.

Author: Ian Allen | Date: 20 June 2016 | Permalink

German nuclear power plant found to be infected with computer viruses

Gundremmingen nuclear power plantThe computers of a nuclear power plant in southern Germany have been found to be infected with computer viruses that are designed to steal files and provide attackers with remote control of the system. The power plant, known as Gundremmingen, is located in Germany’s southern district of Günzburg, about 75 miles northwest of the city of Munich. The facility is owned and operated by RWE AG, Germany’s second-largest electricity producer, which is based in Essen, North Rhine-Westphalia. The company provides energy to over 30 million customers throughout Europe.

On Tuesday, a RWE AG spokesperson said cybersecurity experts had discovered a number of computer viruses in a part of the operating system that determines the position of nuclear rods in the power plant. The software on the system was installed in 2008 and has been designed specifically for this task, said the company. The viruses found on it include two programs known as “Conficker” and “W32.Ramnit”. Both are responsible for infecting millions of computers around the world, which run on the Microsoft Windows operating system. The malware seem to be specifically designed to target Microsoft Windows and tend to infect computer systems through the use of memory sticks. Once they infect a computer, they siphon stored files and give attackers remote access to the system when the latter is connected to the Internet. According to RWE AG, viruses were also found on nearly 20 removable data drives, including memory sticks, which were in use by employees at the power plant. However, these data drives were allegedly not connected to the plant’s main operating system.

RWE AG spokespersons insisted this week that “Conficker”, “W32.Ramnit”, and other such malware, did not pose a threat to the nuclear power plant’s computer systems, because the facility is not connected to the Internet. Consequently, it would be impossible for an attacker associated with the viruses to acquire remote access to Gundremmingen’s computer systems. The company did not clarify whether it believed that the viruses had specifically targeted at the power plant. But they insisted that cyber security measures had been strengthened following the discovery of the malware, and said that they had notified Germany’s Federal Office for Information Security (BSI), which is now looking into the incident.

Author: Ian Allen | Date: 29 April 2016 | Permalink