US spies confirm Qatar’s claims that its media were hacked by Emirates to spark crisis

Sheikh Tamim Bin Hamad al-ThaniAmerican officials appear to confirm Qatar’s allegations that its news media were hacked by its Gulf adversaries, who then used the fake news posted by hackers to launch a massive campaign against it. Tensions between Qatar and other Muslim countries have risen since late May, when the country’s state-controlled news agency appeared to publish an incendiary interview with Qatar’s Emir, Sheikh Tamim Bin Hamad al-Thani. In the interview, which appeared on May 24, the sheikh appeared to praise Saudi regional rival Iran as a “great Islamic power” and to express support for the militant Palestinian group Hamas. On the following day, the United Arab Emirates, Egypt and Bahrain immediately banned all Qatari media —primarily Al Jazeera— from broadcasting in their territories and broke diplomatic relations with Doha. Later on, they declared a large-scale commercial embargo against the small oil kingdom. They have since threatened war unless Qatar changes its alleged support for Iran and for a number of militant groups in the region.

The Qatari government has dismissed the embargo as unjust and has claimed that Sheikh al-Thani’s controversial interview was fake, and was placed on the country’s state-owned news agency and social media as a result of a computer hack. It has also claimed to have evidence of a number of iPhones that were used from locations in Saudi Arabia and the Emirates to launch the hacks on its networks. Qatari officials have also said that an investigation into the incident is underway, but their claims have been criticized as outlandish by Qatar’s regional rivals.

Now, however, a report by The Washington Post claims that American officials have uncovered evidence that Qatar’s allegations of a computer hack are true. The paper cited “US intelligence and other officials” who spoke “on the condition of anonymity”. The officials said that US intelligence agencies recently became aware of a meeting of senior UAE state administrators that took place on May 23 in Abu Dhabi. At the meeting, the officials discussed a plan to hack Qatari news websites and social media, in order to post incendiary messages that could be used to spark a row between Qatar, the Saudi government and its allies. The alleged computer hacks is reported to have taken place on the following day. According to The Post, the only thing that US intelligence is unsure about is “whether the UAE carried out the hacks itself or contracted to have them done” by a third party.

The Post said that several US intelligence agencies, including the Central Intelligence Agency and the Federal Bureau of Investigation, refused to comment on its report. The paper received a response from the UAE embassy in Washington, DC, which said that the Emirates had “no role whatsoever in the alleged hacking described in the article”.

Author: Joseph Fitsanakis | Date: 18 July 2017 | Permalink

Advertisements

New clues emerge about targeted efforts by Russia to hack US elections

GRUNew information about carefully targeted attempts by Russian operatives to compromise the November 2016 presidential elections in the United States have emerged in a newly published intelligence document. The document, which dates from May of this year, was produced by the US National Security Agency and published on June 5 by The Intercept. The web-based outlet published the leaked document on the same day that Reality Leigh Winner, a US federal contractor with a top-security clearance, was charged with espionage for leaking classified documents to the media. This has led to speculation that Winner may be the source of the leak.

The NSA document details attempts by hackers to compromise the online accounts of over 100 election officials, as well as employees of private contractors involved in administering the election process. The attempts reportedly took place during the period leading up to November 8, 2016. To do that, hackers resorted to a technique commonly known as ‘spear-fishing’. They sent carefully crafted emails, claiming to be from Google, to specifically targeted individuals. The goal was to trick the email recipients into downloading and opening Microsoft Word attachments, which were infected with malware. The infected software would then allow the hackers to remotely access the compromised computers. The NSA document states that at least one targeted person had his or her computer compromised though the ‘spear-fishing’ technique. Importantly, the leaked document appears unequivocal in its assessment that the hackers behind the ‘spear-fishing’ attacks worked for the General Staff Main Intelligence Directorate (GRU) of the Russian armed forces. The document also states that the main goal of the attacks was to compromise the software used to manage voter registration lists, and that the attackers were operating under a “cyber espionage mandate specifically directed at US and foreign elections”.

American intelligence officials have previously said that Russian spies launched in a complex and prolonged campaign to undermine public faith in the US electoral process. It is also known that the Russian campaign targeted election officials in the months leading up to the November 2016 elections. But the NSA report is the first publicly available description of some of the specific techniques employed by the alleged Russian hackers as part of their campaign. The leaked document does not provide technical details about the ‘spear-phishing’ campaign. Nor does it discuss whether the attacks were successful, whether vote tallies were actually compromised, or whether the election process itself was sabotaged by the hackers. The Intercept said it contacted the NSA and the Office of the Director of National Intelligence, who refused to publicly comment on the content of the NSA report.

Author: Joseph Fitsanakis | Date: 09 June 2017 | Permalink

Same hacker group is targeting French and German elections, says report

Konrad Adenauer FoundationThe same group cyber-spies that attacked the campaign of French presidential candidate Emmanuel Macron is now attacking German institutions that are connected to the country’s ruling coalition parties, according to a report by a leading cyber-security firm. The Tokyo-based security software company Trend Micro published a 41-page report on Tuesday, in which it tracks and traces the attacks against French and German political targets over the past two years. The report, entitled From Espionage to Cyber Propaganda: Pawn Storm’s Activities over the Past Two Years, concludes that the hackers are seeking to influence the results of the national elections in the European Union’s two most powerful nations, France and Germany.

The Trend Micro report focuses on a mysterious group that cyber-security experts have dubbed Pawn Storm —otherwise known as Sednit, Fancy Bear, APT28, Sofacy, and STRONTIUM. It says that the group has launched an aggressive phishing campaign against German political institutions, which has intensified in the past two months. The group allegedly set up fake computer servers in Germany and the Ukraine, and used them to try to infiltrate the computer networks of two elite German think-tanks, the Konrad Adenauer Foundation (KAF) and the Friedrich Ebert Foundation (FEF). The KAF is connected with the Christian Democratic Union party, which is led by Germany’s Chancellor, Angela Merkel. The FEF has strong ties with the centrist Social Democratic Party, which is part of Germany’s governing alliance.

The report’s leading author, cyber-security expert Feike Hacquebord, told the Reuters news agency that the hackers were possibly seeking to infiltrate the two think-tanks as a means of gaining access to the two political parties that are connected with them. Some cyber-security experts in Europe and the United States have said that the Russian Main Intelligence Directorate, the country’s military intelligence agency, known as GRU, is behind the cyber-attacks on France, Germany and the United States. But the Trend Micro report did not attempt to place blame on Moscow or any other country for the cyber-attacks. The Kremlin has denied involvement with the alleged hacking operations.

Author: Ian Allen | Date: 26 April 2017 | Permalink

New report details one of history’s “largest ever” cyber espionage operations

GCHQ center in Cheltenham, EnglandA new report authored by a consortium of government and private organizations in Britain has revealed the existence of a computer hacking operation, allegedly based in China, that is said to be “one of the largest ever” such campaigns globally. The operation is believed to have compromised sensitive information from an inestimable number of private companies in Southeast Asia, Europe and the United States. The report was produced by a consortium of public and private organizations, including BAE systems and the London-based National Cyber Security Centre, an office of the United Kingdom’s signals intelligence agency, the Government Communications Headquarters. It details the outcome of Operation CLOUD HOPPER, which was launched to uncover the cyber espionage activities.

According to the report, the attacks were first launched several years ago against targets in Japan’s government and private sector. But after 2016, they spread to at least 14 other countries, including France, the United Kingdom and the United States. It is claimed that the attacks are “highly likely” to originate from China, given that the targets selected appear to be “closely aligned with strategic Chinese interests”. The authors of the report have named the hacker group APT10, but provide limited information about its possible links —or lack thereof— with the Chinese government.

The report claims that APT10 uses specially designed malware that is customized for most of their targets, thus constituting what experts describe as “spear fishing”. Past successful attacks have already resulted in an “unprecedented web of victims” who have had their information compromised, say the authors. The victims’ losses range from intellectual property to personal data. One of the report’s authors, Dr. Adrian Nish, who is head of threat intelligence at BAE Systems, told the BBC that it is currently impossible to estimate the number of organizations and agencies that have been impacted by APT10’s activities.

Author: Ian Allen | Date: 05 April 2017 | Permalink

North Korea is now robbing banks, says US intelligence official

North KoreaComments made by a senior American intelligence official on Tuesday appeared to suggest that the North Korean government was behind an attempt to steal nearly $1 billion from a Bangladeshi bank last year. The heist took place in February of 2016, when a computer malware was used to issue several requests to transfer funds from Bangladesh Bank —the state-owned central bank of Bangladesh— using the SWIFT network. The hackers were able to transfer five separate sums of $101 million each to a linked Bangladesh Bank account at New York’s Federal Reserve Bank. However, when further requests were issued, Federal Reserve Bank employees contacted Bangladesh Bank and blocked further transactions. Eventually, most of the transferred funds, which neared $1 billion, were recovered; but the hackers managed to get away with approximately $81 million worth of funds.

Forensic investigators described the heist as technically advanced. The antivirus company Symantec said it identified a piece of code in the malware that is known to have been used by North Korean government hackers in the past. Not everyone agreed with the claim that Pyongyang was behind the bank heist. But those who did, said that it was unprecedented in scope and aggressiveness. Some even said that the heist showed that North Korea’s cyber capabilities were among the most sophisticated and powerful in the world.

Meanwhile the United States government did not comment on the matter. However, this past Tuesday the deputy director of the National Security Agency appeared to confirm reports that North Korea was behind the Bangladesh Bank heist. Rick Ledgett, a 30-year veteran of the NSA, who is due to retire in 2018, was speaking at a public event hosted by the Aspen Institute in Washington, DC. He reminded the audience that private researchers had connected the malware code used in the Bangladesh Bank heist with that used in previous hacking attempts launched by North Korea. “If that linkage […] is accurate”, said Ledgett, it “means that a nation state is robbing banks”. When asked by the moderator whether he believes that to be the case, Ledgett responded “I do. And that’s a big deal”. Foreign Policy magazine reached out to Ledgett following his talk and asked him for clarification about his comments regarding the Bangladesh Bank heist. But the NSA official simply said that “the public case [about the heist] was well-made”. Foreign Policy also contacted the NSA, but the agency said it preferred not to comment on the matter.

Author: Joseph Fitsanakis | Date: 23 March 2017 | Permalink

FBI launches criminal investigation into WikiLeaks’ CIA disclosures

WikiLeaksThe United States federal government has launched a criminal investigation into the public disclosure of thousands of documents that purportedly belong to the Central Intelligence Agency. The documents were released on Tuesday by the anti-secrecy website WikiLeaks. They reveal what appear to be technical collection methods used by the CIA to extract information from digital applications and electronic devices, ranging from flash drives to smart screen televisions. WikiLeaks named the collection “Vault 7”, and said that it consists of nearly 8,000 web pages and 1,000 attachments. It also said that its editors redacted hundreds of pages of computer code, in order to prevent the public release of advanced cyberweapons allegedly used by the CIA to sabotage electronic devices and systems.

On Wednesday, former director of the CIA Michael Hayden told the BBC that the disclosure appeared “incredibly damaging”, because it revealed some of the methods that the CIA uses to acquire information. But some cybersecurity experts said that the techniques contained in the leaked documents did not appear to be uniquely advanced, and most focused on exploiting technical vulnerabilities that were generally known. Still, The New York Times reported on Wednesday that the CIA had begun to assess the damage caused by the release. The agency was also trying to contain the extent of the damage, and had even “halt[ed] work on some projects”, said The Times. Officials from the CIA are reportedly in communication with the Federal Bureau of Investigation, which on Wednesday launched a criminal investigation into the “Vault 7” release.

The main purpose of the FBI investigation is to find out how WikiLeaks acquired the files. The website said that the documents were leaked by a CIA contractor, which would imply that they were accessed from a server outside the CIA’s computer network. However, federal investigators are not excluding the possibility that the leaker of the information may be a full-time CIA employee. Reports suggest that the FBI is preparing to conduct hundreds, and possibly thousands, of interviews with individuals who are believed to have had access to the documents that were released by WikiLeaks. Meanwhile, neither the FBI nor the CIA have commented on the authenticity of the information contained in “Vault 7”. WikiLeaks said that Tuesday’s release, which it codenamed “Year Zero”, was the first part of several installments of documents that will be released under its Vault 7 program.

Author: Joseph Fitsanakis | Date: 09 March 2017 | Permalink

Files released by WikiLeaks show advanced CIA technical collection methods

Julian AssangeThousands of documents belonging to the United States Central Intelligence Agency, which were released on Tuesday by the international anti-secrecy website WikiLeaks, are almost certainly genuine. They reveal an entire universe of technical intelligence collection methods used by the CIA to extract information from digital applications and electronic devices, ranging from flash drives to smart screen televisions. WikiLeaks named the collection Vault 7, and said that it consists of nearly 8,000 web pages and 1,000 attachments. It also said that its editors redacted hundreds of pages of computer code, in order to prevent the public release of advanced cyberweapons that are allegedly used by the CIA to sabotage electronic devices and systems.

The information contained in the leaked documents is almost certainly genuine, and most likely belongs to the CIA —though many of the programs listed may be jointly run by the CIA and the National Security Agency (NSA). These programs, with names such as McNUGGET, CRUNCHYLIMESKIES, ELDERPIGGY, ANGERQUAKE and WRECKINGCREW, appear to be designed to compromise computer systems using a series of sophisticated methods that force entry or exploit built-in vulnerabilities or systems. Targets include popular communications systems like Skype and WhatsApp, smartphones produced by Google and Apple, commercial software like PDF and Microsoft Windows, and even so-called smart televisions that connect to the Internet.

The WikiLeaks revelations are most likely related to operations conducted under the auspices of the Special Collection Service (SCS), a joint CIA/NSA program that dates to the earliest days of the Cold War. The program was started by the United States Armed Forces but was eventually transferred to civilian hands and monitored by the CIA. It used advanced communications-interception facilities around the world to collect information. Over the years, the CIA collaborated with the NSA and developed many SCS projects targeting several foreign countries using technical and human means. In recent years the SCS has been primarily operated by the NSA, which oversees the program’s technical platforms.

WikiLeaks did not reveal the source of the documents. But it said that they had been “circulated [by the CIA] among former US government hackers and contractors” and that it was one of the latter that leaked them to the anti-secrecy website. A statement by WikiLeaks said that Tuesday’s release, which it codenamed “Year Zero”, was part one of several installments of documents that will be released under its Vault 7 program. The site also claimed that the information in “Year Zero” has “eclipsed the total number of pages published over the first three years of the Edward Snowden NSA leaks”. The CIA, the NSA and the White House have not commented on this development.

Author: Joseph Fitsanakis | Date: 08 March 2017 | Permalink