Same hacker group is targeting French and German elections, says report

Konrad Adenauer FoundationThe same group cyber-spies that attacked the campaign of French presidential candidate Emmanuel Macron is now attacking German institutions that are connected to the country’s ruling coalition parties, according to a report by a leading cyber-security firm. The Tokyo-based security software company Trend Micro published a 41-page report on Tuesday, in which it tracks and traces the attacks against French and German political targets over the past two years. The report, entitled From Espionage to Cyber Propaganda: Pawn Storm’s Activities over the Past Two Years, concludes that the hackers are seeking to influence the results of the national elections in the European Union’s two most powerful nations, France and Germany.

The Trend Micro report focuses on a mysterious group that cyber-security experts have dubbed Pawn Storm —otherwise known as Sednit, Fancy Bear, APT28, Sofacy, and STRONTIUM. It says that the group has launched an aggressive phishing campaign against German political institutions, which has intensified in the past two months. The group allegedly set up fake computer servers in Germany and the Ukraine, and used them to try to infiltrate the computer networks of two elite German think-tanks, the Konrad Adenauer Foundation (KAF) and the Friedrich Ebert Foundation (FEF). The KAF is connected with the Christian Democratic Union party, which is led by Germany’s Chancellor, Angela Merkel. The FEF has strong ties with the centrist Social Democratic Party, which is part of Germany’s governing alliance.

The report’s leading author, cyber-security expert Feike Hacquebord, told the Reuters news agency that the hackers were possibly seeking to infiltrate the two think-tanks as a means of gaining access to the two political parties that are connected with them. Some cyber-security experts in Europe and the United States have said that the Russian Main Intelligence Directorate, the country’s military intelligence agency, known as GRU, is behind the cyber-attacks on France, Germany and the United States. But the Trend Micro report did not attempt to place blame on Moscow or any other country for the cyber-attacks. The Kremlin has denied involvement with the alleged hacking operations.

Author: Ian Allen | Date: 26 April 2017 | Permalink

Advertisements

New report details one of history’s “largest ever” cyber espionage operations

GCHQ center in Cheltenham, EnglandA new report authored by a consortium of government and private organizations in Britain has revealed the existence of a computer hacking operation, allegedly based in China, that is said to be “one of the largest ever” such campaigns globally. The operation is believed to have compromised sensitive information from an inestimable number of private companies in Southeast Asia, Europe and the United States. The report was produced by a consortium of public and private organizations, including BAE systems and the London-based National Cyber Security Centre, an office of the United Kingdom’s signals intelligence agency, the Government Communications Headquarters. It details the outcome of Operation CLOUD HOPPER, which was launched to uncover the cyber espionage activities.

According to the report, the attacks were first launched several years ago against targets in Japan’s government and private sector. But after 2016, they spread to at least 14 other countries, including France, the United Kingdom and the United States. It is claimed that the attacks are “highly likely” to originate from China, given that the targets selected appear to be “closely aligned with strategic Chinese interests”. The authors of the report have named the hacker group APT10, but provide limited information about its possible links —or lack thereof— with the Chinese government.

The report claims that APT10 uses specially designed malware that is customized for most of their targets, thus constituting what experts describe as “spear fishing”. Past successful attacks have already resulted in an “unprecedented web of victims” who have had their information compromised, say the authors. The victims’ losses range from intellectual property to personal data. One of the report’s authors, Dr. Adrian Nish, who is head of threat intelligence at BAE Systems, told the BBC that it is currently impossible to estimate the number of organizations and agencies that have been impacted by APT10’s activities.

Author: Ian Allen | Date: 05 April 2017 | Permalink

Arrested contractor may have worked for NSA’s elite cyber spy unit

NSAA United States federal contractor, who remains in detention following his arrest last summer for stealing classified documents, may have worked for an elite cyber espionage unit of the National Security Agency. The man was identified by The New York Times last week as Harold Thomas Martin III, a 51-year-old employee of Booz Allen Hamilton, one of the largest federal contractors in the US. The paper said that, prior to joining Booz Allen Hamilton, Martin served as a US Navy officer for over a decade, where he specialized in cyber security and acquired a top secret clearance. But last August, agents of the Federal Bureau of Investigation raided Martin’s house in Maryland and arrested him on charges of stealing government property and illegally removing classified material.

Media reports suggest that the FBI discovered significant quantities of classified information, some of it dating back to 2006, on a variety of electronic devices that Martin had stored —though apparently not hidden— in his house and car. Another interesting aspect of the case is that there is no proof at this point that Martin actually shared the classified information with a third party. There is some speculation that he may be behind a disclosure of a collection of NSA hacking tools, which were leaked in August of this year by a previously unknown group calling itself “the Shadow Brokers”. But some speculate that Martin may have taken the classified material home so he could write his dissertation for the PhD he is currently undertaking at the University of Maryland’s Information Systems program.

A few days ago, The Daily Beast quoted an unnamed former colleague of Martin who said that the NSA contractor was a member of one of the agency’s elite cyber spy units. The existence of the secretive unit, which is known as the NSA’s Office of Tailored Access Operations, was revealed in June 2013 by veteran NSA watcher Matthew M. Aid. Writing in Foreign Policy, Aid cited “a number of highly confidential sources” in alleging that the NSA maintained a substantial “hacker army” tasked with conducting offensive cyber espionage against foreign targets. More information on NSA’s TAO was provided in January 2014 by German newsmagazine Der Spiegel. If The Daily Beast’s allegations about Martin are accurate, they would explain why anonymous government sources told The Washington Post last week that some of the documents Martin took home “could be expected to cause exceptionally grave damage to the national security of the United States”. The case also highlights the constant tension between security and the privatization of intelligence, which was also a major parameter in the case of Edward Snowden, another Booz Allen Hamilton contractor who defected to Russia in 2013.

Meanwhile, Martin remains in detention. If he is convicted, he will face up to 11 years behind bars.

Author: Joseph Fitsanakis | Date: 10 October 2016 | Permalink

France’s ex-cyber spy chief speaks candidly about hacking operations

Bernard BarbierThe former director of France’s cyber spy agency has spoken candidly about the recent activities and current state of French cyber espionage, admitting for the first time that France engages in offensive cyber operations. Between 2006 and 2013, Bernard Barbier was director of the technical division of the General Directorate for External Security, France’s external intelligence agency, which is commonly known as DGSE. During his tenure at DGSE, the organization’s technical division witnessed unprecedented financial and administrative growth. Today it is said to employ over 2500 people, nearly half of DGSE’s total personnel.

Earlier this month, Barbier was interviewed on stage during a symposium held by the CentraleSupélec, a top French engineering university based in Paris. He spoke with surprising candor about France’s cyber espionage operations. In the first part of his interview, which can be watched on YouTube, he recounted the history of what he described as “France’s cyber army”. He said that France began to build “teams of hackers” in 1992. Around that time, the DGSE purchased an American-built Cray supercomputer, said Barbier, and soon discovered that it could use the machine’s immense computing power to break passwords. More recently, said the former cyber spy chief, the DGSE has been trying to “catch up” with its American and British counterparts, the National Security Agency and the Government Communications Headquarters, by increasing its annual budget to over half a billion and hiring hundreds of young hackers. Many of these new employees have little to no university education, said Barbier, and are instead self-taught, having started hacking in their teenage years.

Like most governments, France will not officially admit to conducting offensive cyber operations using computer hacking and other techniques. But Barbier said during his interview that France was behind an offensive cyber operation that targeted Iran in 2009. He added that the DGSE has also directed cyber operations against Canada, Ivory Coast, Algeria, Norway, as well as its European Union partners Spain and Greece. He also complained that French government executives do not understand the importance of cyber operations and are not aiming high enough when it comes to planning, direction and hiring. The DGSE’s technical division still needs between 200 and 300 more staff members, Barbier argued in his interview.

Author: Joseph Fitsanakis | Date: 16 September 2016 | Permalink

Russian hackers accessed Obama’s email correspondence

White HouseBy JOSEPH FITSANAKIS | intelNews.org
Computer hackers believed to be connected to the Russian government were able to access emails belonging to the president of the United States, according to American officials briefed about the ensuing investigation. The cyberattack on the White House was announced by American government officials in October of last year, soon after it was discovered by security experts. But The New York Times said on Saturday that the hacking was far more intrusive than had been publicly acknowledged and that the information breach resulting from it was “worrisome”. The paper said that the individuals behind the cyberattack were “presumed to be linked to the Russian government, if not working for it”. It also quoted one unnamed senior US official, who said that the group that perpetrated the hacking was “one of the most sophisticated actors we’ve seen”.

Little concrete information has emerged on the hacking, but it appears to have started with attempts to compromise computers at the US Department of State. As CNN reported earlier this month, the hackers essentially managed to take control of the State Department’s declassified computer network and exploit it for several months. In most American government departments, senior officials operate at least two computers in their offices. One is connected to the government’s secure network used for classified communications; the other is used to communicate unclassified information to the outside world. In theory, those two systems are supposed to be separate. However, it is common knowledge that the publicly linked computers often contain sensitive or even classified information. It is this unclassified part of the network that the alleged Russian hackers were able to access, in both the State Department and the White House.

According to The Times, by gaining access to the email accounts of senior US government officials, the hackers were able to read unclassified emails sent or received by, among others, President Barack Obama. The US president’s own unclassified account does not appear to have been breached, said the paper, nor were the hackers able to access the highly classified server that carries the president’s mobile telephone traffic. Nevertheless, the operation to remove monitoring files placed in US government servers by the hackers continues to this day, and some believe that the presence of the intruders has yet to be fully eradicated from the system. The Times contacted the US National Security Council about the issue, but was told by its spokeswoman, Bernadette Meehan, that the Council would “decline to comment”. The White House also declined to provide further information on the incident and the ensuing investigation.

News you may have missed #891

Edward SnowdenBy IAN ALLEN | intelNews.org
►►Sophisticated malware found in 10 countries ‘came from Lebanon’. An Israeli-based computer security firm has discovered a computer spying campaign that it said “likely” originated with a government agency or political group in Lebanon, underscoring how far the capability for sophisticated computer espionage is spreading beyond the world’s top powers. Researchers ruled out any financial motive for the effort that targeted telecommunications and networking companies, military contractors, media organizations and other institutions in Lebanon, Israel, Turkey and seven other countries. The campaign dates back at least three years and allegedly deploys hand-crafted software with some of the hallmarks of state-sponsored computer espionage.
►►Canada’s spy watchdog struggles to keep tabs on agencies. The Security Intelligence Review Committee (SIRC), which monitors Canada’s intelligence agencies, said continued vacancies on its board, the inability to investigate spy operations with other agencies, and delays in intelligence agencies providing required information are “key risks” to its mandate. As a result, SIRC said it can review only a “small number” of intelligence operations each year.
►►Analysis: After Snowden NSA faces recruitment challenge. This year, the NSA needs to find 1,600 recruits. Hundreds of them must come from highly specialized fields like computer science and mathematics. So far the agency has been successful. But with its popularity down, and pay from wealthy Silicon Valley companies way up, Agency officials concede that recruitment is a worry.

After China, Russia may ban some Apple products, fearing espionage

Russian State DumaBy JOSEPH FITSANAKIS | intelNews.org
Parliamentarians in Russia are preparing a bill that would prevent lawmakers from using several Apple products, including iPhones and iPads, due to fears that they are susceptible to penetration by foreign intelligence agencies. A group of lawmakers in the State Duma, the lower house of the Federal Assembly of Russia, have drafted the bill, which argues that State Duma deputies with access to confidential or classified government information should be banned from using iPhones and iPads, among other Apple products. One deputy, Dmitry Gorovtsov, from the center-left Just Russia party, said parliamentarians should simply “switch to simple mobile phones”, preferably produced by Russian manufacturers, and should use them “only for phone calls”. Last month, the Russian Ministry of Defense stepped in to deny media reports that it was about to ban Apple products. The denial came in response to a leading article in mass circulation daily Izvestia, which cited an unnamed Defense Ministry employee as saying that the Russian armed forces were about to ban the use of iPhones by all servicemen. The article claimed the move was designed to stop “information leaks”. But a Russian Ministry of Defense spokesman, Major General Igor Konashenkov, told a press conference that the Russian armed forces had no plans to ban “the mobile devices of a certain manufacturer”. The news from Russia comes a just months after authorities in China announced the removal of some Apple products from a government procurement list, reportedly because of fears that they were susceptible to electronic espionage by the United States. As intelNews reported at the time, nearly a dozen Apple products were removed from the Chinese government list; they included the iPad and iPad Mini, as well as MacBook Air and MacBook Pro products —though interestingly the inventory of removed items did not include Apple smartphone products. The Russian State Duma initiative to ban some Apple products has already been approved by a security-related committee and has now been forwarded to the Duma Council. The latter will consider the bill for approval, before sending it to a plenary session on the floor of the Duma for discussion. The process is expected to take up to two weeks.