Same hacker group is targeting French and German elections, says report

Konrad Adenauer FoundationThe same group cyber-spies that attacked the campaign of French presidential candidate Emmanuel Macron is now attacking German institutions that are connected to the country’s ruling coalition parties, according to a report by a leading cyber-security firm. The Tokyo-based security software company Trend Micro published a 41-page report on Tuesday, in which it tracks and traces the attacks against French and German political targets over the past two years. The report, entitled From Espionage to Cyber Propaganda: Pawn Storm’s Activities over the Past Two Years, concludes that the hackers are seeking to influence the results of the national elections in the European Union’s two most powerful nations, France and Germany.

The Trend Micro report focuses on a mysterious group that cyber-security experts have dubbed Pawn Storm —otherwise known as Sednit, Fancy Bear, APT28, Sofacy, and STRONTIUM. It says that the group has launched an aggressive phishing campaign against German political institutions, which has intensified in the past two months. The group allegedly set up fake computer servers in Germany and the Ukraine, and used them to try to infiltrate the computer networks of two elite German think-tanks, the Konrad Adenauer Foundation (KAF) and the Friedrich Ebert Foundation (FEF). The KAF is connected with the Christian Democratic Union party, which is led by Germany’s Chancellor, Angela Merkel. The FEF has strong ties with the centrist Social Democratic Party, which is part of Germany’s governing alliance.

The report’s leading author, cyber-security expert Feike Hacquebord, told the Reuters news agency that the hackers were possibly seeking to infiltrate the two think-tanks as a means of gaining access to the two political parties that are connected with them. Some cyber-security experts in Europe and the United States have said that the Russian Main Intelligence Directorate, the country’s military intelligence agency, known as GRU, is behind the cyber-attacks on France, Germany and the United States. But the Trend Micro report did not attempt to place blame on Moscow or any other country for the cyber-attacks. The Kremlin has denied involvement with the alleged hacking operations.

Author: Ian Allen | Date: 26 April 2017 | Permalink

Advertisements

Russia says it foiled major foreign cyber attack on its financial system

FSB - IARussian authorities say they prevented a large-scale cyber attack by “a foreign intelligence service”, which had been designed to destabilize the country’s financial system and subvert its economy. In an official statement published on its website last week, Russia’s Federal Security Service (FSB) said the perpetrators of the foiled attack had planned to carry it out on December 5. The spy agency, which stems from the Soviet-era KGB, said that the cyber attack had been designed to bring down computer systems belonging to some of Russia’s largest banking institutions.

Text to the statement by the FSB, the planned attack consisted of several components. One component included the use of social media and text messages to be spread through the mobile phone system. The goal was to spread rumors claiming that Russia’s financial system was facing imminent collapse and create panic in the Russian stock exchange. The FSB alleged that several large cities throughout Russia were to be targeted under the foiled plan. The spy agency claimed that the attack originated from a “foreign intelligence service”, but did not identify any countries as culprits of the operation. However, it said that a Ukrainian web hosting company had been used as a base from which to launch the attack through servers located in the Netherlands. On Friday, the Ukrainian web host, BlazingFast, denied that its systems had been used to prepare an attack on the Russian financial sector. In a statement published on Facebook, the company said it had not been contacted by Russian authorities, and assumed that the FSB had “been able to handle the situation without the need of BlazingFast’s cooperation”. It added that it was willing “to cooperate with any legal entity” to investigate Russia’s accusations.

In August of this year, the FSB disclosed that “a meticulously coded and sophisticated virus” had been found on the computer networks of at least 20 major Russian agencies and organizations. As intelNews reported at the time, the targets appeared to have been carefully selected by the malware’s authors. They included government bodies, weapons laboratories and defense contractors located throughout Russia.

Author: Ian Allen | Date: 06 December | Permalink

Senior South Korean officials’ cell phones hacked by North: report

NIS South KoreaDozens of cell phones belonging to senior government officials in South Korea were compromised by North Korean hackers who systematically targeted them with texts containing malicious codes, according to reports. The National Intelligence Service (NIS), South Korea’s primary intelligence agency, said the cell phone penetrations were part of a concerted campaign by North Korea to target smart phones belonging to South Korean senior government officials. Once they managed to compromise a cell phone, the hackers were able to access the call history stored on the device, the content of text messages exchanged with other users and, in some cases, the content of telephone calls placed on the compromised device. Moreover, according to the NIS, the hackers were able to access the contact lists stored on compromised cell phones, which means that more attacks may be taking place against cell phones belonging to South Korean government officials.

The breach was considered critical enough for the NIS to host an emergency executive meeting with the security heads of 14 government ministries on Tuesday, in order to update them on the situation and to discuss ways of responding to the crisis. According to Korean media, the emergency meeting took place on Tuesday and lasted for over three hours. During the meeting the NIS told ministry representatives that the North Korean operation was launched in late February and was ongoing as of early this week. It specifically targeted government officials and appeared to concentrate on their cell phones, instead of their office phones –probably because the latter are known to be equipped with advanced anti-hacking features. The government employees’ cell phones were reportedly attacked using text messages and emails containing links to web sites that downloaded malicious codes on the users’ phones.

The NIS did not specify the precise purpose of the hacking operation, nor did it explain whether the attacks were informed by an overarching strategic goal. The officials targeted work for a variety of government ministries, but there is no clarification as to whether any operational or administrative links between them exist. The NIS did say, however, that approximately a fifth of all attacks against cell phones were successful in compromising the targeted devices.

Author: Joseph Fitsanakis | Date: 10 March 2016 | Permalink

US defense contractors allegedly hired Russian computer programmers

PentagonTwo American firms contracted by the Department of Defense have settled a lawsuit accusing them of having hired Russian programmers based in Moscow to write computer code for classified systems. The hires allegedly occurred as part of a $613 million contract, which was awarded by the US Pentagon to Massachusetts-based Netcracker Technology Corporation and Virginia-based Computer Systems Corporation (CSC). The two companies were hired to write software for the US Defense Information Systems Agency (DISA), a Pentagon outfit that provides the US armed forces with secure real-time combat communications. But in 2011, contractor John C. Kingsley, who had a supervisory role in the project, notified the US government that the two companies had farmed out part of the contract’s coding duties to programmers in Moscow and other Russian cities.

If true, Kingsley’s allegations would mean that Netcracker and CSC were in violation of federal regulations, which specify that only American citizens with the appropriate security clearances should be employed to work on classified communications systems. A subsequent government investigation, which lasted four years, gave rise to a lawsuit against the two companies. The court was told that the code written by the Russian programmers had allowed the installation of “numerous viruses” on the communications systems of the Pentagon “on at least one occasion”. Witnesses also accused Netcracker and CSC of being guided mainly by greed, since it was able to save over 60% of wage costs by employing the Russian programmers.

Last week, the two companies chose to settle the case, by paying the government a combined fee of nearly $13 million in civil penalties. It is important to note, however, that they both deny the government’s accusations that they violated the terms of their federal contract. In statement issued last week, the companies stated that their decision reflected their belief that it was “in the best interest of all stakeholders to settle the matter”. A spokeswoman for the DISA told The Daily Beast that she could not comment on the case, because doing so would “compromise the Agency’s national security posture”. According to The Daily Beast, last week’s settlement does not prevent the Department of Justice from filing criminal charges against Netcracker and CSC.

Author: Joseph Fitsanakis | Date: 12 November 2015 | Permalink | News tip: C.H.

Security firm says it shut down extensive Iranian cyber spy program

IRGC IranA security firm with headquarters in Israel and the United States says it detected and neutralized an extensive cyber espionage program with direct ties to the government of Iran. The firm, called Check Point Software, which has offices in Tel Aviv and California, says it dubbed the cyber espionage program ROCKET KITTEN. In a media statement published on its website on Monday, Check Point claims that the hacker group maintained a high-profile target list of 1,600 individuals. The list reportedly includes members of the Saudi royal family and government, American and European officials, North Atlantic Treaty Organization officers and nuclear scientists working for the government of Israel. The list is said to include even the names of spouses of senior military officials from numerous nations.

News agency Reuters quoted Check Point Software’s research group manager Shahar Tal, who said that his team was able to compromise the ROCKET KITTEN databases and acquire the list of espionage targets maintained by the group. Most targets were from Saudi Arabia, Israel, and the United States, he said, although countries like Turkey and Venezuela were also on the list. Tal told Reuters that the hackers had compromised servers in the United Kingdom, Germany and the Netherlands, and that they were using these and other facilities in Europe to launch attacks on their unsuspecting targets. According to Check Point, the hacker group was under the command of Iran’s Revolutionary Guards Corps, a branch of the Iranian military that is ideologically committed to the defense of the 1979 Islamic Revolution.

Reuters said it contacted the US Federal Bureau of Investigation and Europol, but that both agencies refused comment, as did the Iranian Ministry of Foreign Affairs. However, an unnamed official representing the Shin Bet, Israel’s domestic security agency, said that ROCKET KITTEN “is familiar to us and is being attended to”. The official declined to provide further details. Meanwhile, Check Point said it would issue a detailed report on the subject late on Monday.

Author: Joseph Fitsanakis | Date: 10 November 2015 | Permalink

CIA pulled officers from Beijing embassy following OPM database hack

Office of Personnel ManagementThe Central Intelligence Agency (CIA) pulled a number of officers from the United States embassy in Chinese capital Beijing, after a massive cyber hacking incident compromised an American federal database containing millions of personnel records. Up to 21 million individual files were stolen in June of this year, when hackers broke into the computer system of the US Office of Personnel Management (OPM), which handles applications for security clearances for agencies of the federal government. The breach gave the unidentified hackers access to the names and sensitive personal records of millions of Americans who have filed applications for security clearances —including intelligence officers.

According to sources in the US government, the records of CIA employees were not included in the compromised OPM database. However, that is precisely the problem, according to The Washington Post. The paper said on Wednesday that the compromised OPM records contain the background checks of employees in the US State Department, including those stationed at US embassies or consulates around the world. It follows that US diplomatic personnel stationed abroad whose names do not appear on the compromised OPM list “could be CIA officers”, according to The Post. The majority of CIA officers stationed abroad work under diplomatic cover; they are attached to an embassy or consulate and enjoy diplomatic protection, which is typically invoked if their official cover is blown. However, they still have to present their credentials and be authorized by their host country before they assume their diplomatic post. The CIA hopes that foreign counterintelligence agencies will not be able to distinguish intelligence personnel from actual diplomats.

Although the US has not officially pointed the finger at a particular country or group as being behind the OPM hack, anonymous sources in Washington have identified China as the culprit. If true, The Post’s claim that the CIA pulled several of its officers from the US embassy in Beijing would add more weight to the view that the Chinese intelligence services were behind the cyber theft. The paper quoted anonymous US officials who said that the CIA’s decision to remove its officers from Beijing was directly related to the OPM hack, and it was meant to safeguard their personal security, as well as to protect CIA programs currently underway in China.

Author: Joseph Fitsanakis | Date: 1 October 2015 | Permalink

Hackers stole 5.6 million US government employee fingerprints

Office of Personnel Management 2A massive cyber hacking incident that compromised a United States federal database containing millions of personnel records also resulted in the theft of 5.6 million fingerprint records, American officials have said. Up to 21 million individual files were stolen in June of this year, when hackers broke into the computer system of the US Office of Personnel Management (OPM), which handles applications for security clearances for all agencies of the federal government. The breach gave the unidentified hackers access to the names and sensitive personal records of millions of Americans who have filed applications for security clearances —including intelligence officers.

Back in July, OPM officials told reporters that just over 1 million fingerprint records had been compromised by the cyber hack. However, a new statement issued by the White House last week said that the actual number of stolen fingerprints from the OPM database was closer to 5.6 million. In a subsequent statement, the OPM said there was little that the hackers could do with the fingerprint records, and that the potential for exploitation was “currently limited”. But it added that, as technology continued to be developed, the risk of abuse of the stolen fingerprint records could increase. Therefore, an interagency working group would be put together to “review the potential ways adversaries could misuse fingerprint data now and in the future”, the OPM statement said. It added that the group would be staffed with fingerprint specialists for the Federal Bureau of Investigation, the Department of Defense and the Department of Homeland Security.

External American intelligence agencies, which typically send their officers abroad posing as diplomats, and sometimes under cover identities, are reportedly concerned that certain foreign counterintelligence agencies will be able to use the stolen fingerprints to identify the true identities or professional background of US government employees stationed abroad.

Author: Ian Allen | Date: 29 September 2015 | Permalink