US offensive cyber campaign disabled Iran’s strike capabilities, say sources

IRGC IranThe Islamic Revolutionary Guard Corps (IRGC) is still recovering from the damage it suffered by an offensive American cyber campaign against it that took place in June, according to sources. The attack allegedly degraded the IRGC’s ability to strike at oil tankers and other ships in the Persian Gulf. The New York Times said on Thursday that the cyber attack took place on June 20, hours after United States President Donald Trump called off airstrikes on Iran. The White House had considered launching the airstrikes in retaliation against the downing of an American surveillance drone by Iranian forces and their alleged use of limpet mines against commercial oil tankers by the IRGC the previous month.

The paper did not reveal details of the cyber campaign, but said it did not target any part of Iran’s missile or other defense programs. Its mission was to degrade the covert strike capabilities of the IRGC, which operates in a paramilitary capacity and is not supervised by the military. Washington blamed the IRGC for the limpet mine attacks against oil tankers, and expressed concerns that they would continue. The cyber attack corrupted the computer databases and communications networks that the IRGC uses to co-ordinate covert operations at sea, and resulted in the temporary cessation of IRGC attacks on oil tankers, said The Times.

The June 20 cyber attacks were not meant to be permanent but their effects have endured much longer than was expected, according to the paper. It cited claims by anonymous senior American officials that the IRGC is “still trying to repair critical communications systems and has not recovered the data lost in the attack”. It is also worth noting that, according to US sources, Iran did not escalate its own cyber attacks against Western targets in retaliation to the American cyber campaign against the IRGC.

However, according to The Times, some American officials have expressed doubts about the wisdom and long-term impact of the cyber operation. They claim that the cyber attack gave the Iranians the opportunity to collect valuable information about US cyber capabilities. It also allowed them to detect and fix their vulnerabilities so that they are now better able to defend against future cyber attacks. Lastly, the attacks neutralized IRGC communications networks, which the US had penetrated and was collecting vital intelligence from, they argue.

Author: Joseph Fitsanakis | Date: 30 August 2019 | Permalink

Britain launched first-ever military-style cyber campaign against ISIS, says spy chief

Jeremy FlemingFor the first time in its history, the United Kingdom has launched its first-ever military-style cyber campaign against an adversary, according to the director of the country’s primary cyber security agency. The target of the campaign was the Islamic State, the militant Sunni Muslim group that is also known as the Islamic State of Iraq and Syria (ISIS). The existence of the all-out cyber war was announced last week by Jeremy Fleming, the newly appointed director of the Government Communications Headquarters (GCHQ), Britain’s signals intelligence organization. Fleming, a former Security Service (MI5) officer, was speaking at the CYBERUK2018 conference, held in the northern English city of Manchester. It was his first public speech as director of GCHQ.

Fleming told his Manchester audience that the cyber operation that targeted ISIS was a “major offensive campaign” that seriously hampered the group’s ability to launch and coordinate both physical and online attacks against its enemies. The campaign also prevented ISIS from using its “normal channels” online to spread its message, effectively suppressing the group’s propaganda efforts, said Fleming. The new GCHQ director noted that large parts of the cyber operation against ISIS were “too sensitive to talk about”. But he added that the methods used to combat the Sunni Muslim group’s online operations were so aggressive that they “even destroyed equipment and networks” used by ISIS members. He did not specify what he meant by “destroyed equipment”, but his comment brought to mind the so-called Stuxnet virus, which was discovered by researchers in 2010. The virus appeared to have been designed by what experts described as “a well-resourced nation-state”, with the aim of sabotage sensitive hardware components found in centrifuges used by the Iranian government in its nuclear program.

During his Manchester speech, Fleming claimed that the British cyber war against ISIS was conducted in compliance with existing international legal frameworks. He added, however, that the “international doctrine governing the use [of cyber weapons] is still evolving”. The GCHQ director admitted that Britain’s cyber capabilities “are very powerful”, but argued that “we only use them in line with domestic and international law, when our tests of necessity and proportionality have been satisfied, and with all the usual oversight in place”.

Author: Joseph Fitsanakis | Date: 20 April 2018 | Permalink | Research credit: K.B.

US plans to beef up Cyber Command, separate cyberwar operations from NSA

PentagonThe White House will soon announce its decision to strengthen the United States Cyber Command and separate cyber war operations from intelligence functions, according to insider reports. For many decades, the National Security Agency has been in charge of protecting America’s cyber network and combating online threats. But in 2009, the Administration of US President Barack Obama established a brand new Cyber Command, proposing that the online environment represented a new theater of war. Since that time, the US Department of Defense has been campaigning in favor of strengthening the new Cyber Command and completely removing it from the patronage of the NSA –despite the fact that the latter is also a Pentagon agency.

According to media reports, US President Donald Trump has decided to follow the Pentagon’s suggestion. After several months of delay, his administration is now preparing to announce a major reinforcement of the US Cyber Command, and a formal separation between its functions and those of the NSA. According to the American news network PBS, which broke the news on Monday, the idea behind the move is to give the Cyber Command more operational autonomy and to allow it to establish its own mission statement, which will be distinct from that of the NSA. The latter is an intelligence organization, which means that it primarily seeks to exploit adversary networks for purposes of collecting information. Broadly speaking, therefore, the NSA finds operational adversary cyber networks far more useful than destroyed networks. That tends to clash with the goals of the US Cyber Command, whose tactical goals often center on launching destructive attacks on enemy networks. It is believed that the impending change will allow it to do so without the interference of the NSA.

According to PBS, which cited anonymous sources in its report, the details of the separation “are still being worked out”. Furthermore, some observers caution that the Cyber Command will continue to rely on NSA technology and expertise for years to come, until it is able to carry its own weight. There is even less discussion about the view of the NSA on the matter, which some claim is notably negative. However, the move appears to have been decided, and the Cyber Command’s budget will be increased by nearly 20% to $647 million in the coming year, reflecting its elevated role in US defense.

Author: Joseph Fitsanakis | Date: 19 July 2017 | Permalink

Islamic State’s cyber army still ‘largely intact’ despite America’s efforts

US Cyber CommandThe global reach of the Islamic State through the use of the internet remains “largely intact” despite relentless efforts by some of America’s most advanced cyber warfare experts to neutralize the group’s online presence. It is now over a year since the United States Department of Defense announced that it had launched a cyber war against the Islamic State —the militant Sunni Muslim group that today controls large parts of Syria and Iraq.

At that time, the Pentagon’s Cyber Command (USCYBERCOM), put in motion plans that included the deployment of computer viruses, denial-of-service attacks and other cyber weapons against computers, internet servers and cell phone networks belonging to the Islamic State. As intelNews wrote at the time, the idea behind the plan was that an all-out online war against the Sunni militant group would hurt its public image and prevent it from launching armed attacks against targets abroad. Additionally, the Pentagon aimed to disrupt the Islamic State’s ability to recruit new members online, to spread its propaganda and to coordinate operations through the use of encrypted communications.

However, according to The New York Times, American military commanders are disappointed with the Cyber Command’s efforts. The Pentagon is quickly discovering, says the paper, that its cyber warfare methods, which were designed for fixed targets in countries like North Korea and Iran, are ineffective against the mobile and polymorphic cyber army of the Islamic State. In many instances, US Pentagon hackers wipe out online information found on Islamic State servers, only to see it reappear elsewhere online within hours. In other cases, US Cyber Command experts uncover Islamic State information stored on the cloud, but are unable to access it because it is strongly encrypted.

According to The Times, the lack of progress in the cyber war against the Islamic State was one of the reasons why the administration of President Barack Obama sought to replace Admiral Mike Rogers, the head of the National Security Agency, who also led the US Cyber Command —and continues to do so under the Donald Trump administration.

Author: Ian Allen | Date: 20 June 2017 | Permalink

US considers launching all-out cyber war against Islamic State

US Cyber CommandFollowing a request from the White House, the United States Department of Defense is putting together options to launch offensive cyber operations of an unprecedented scale against the Islamic State. The White House reportedly issued the request soon after the December 2 shooting in San Bernardino, California, in response to reports that the two shooters were radicalized through exposure to online propaganda by the Islamic State. According to American government officials, US President Barack Obama directed the Pentagon to put together a report outlining options for “a stepped up cyber offensive” against online activities by the Islamic State in Iraq and Syria.

The report is allegedly being prepared by the US Cyber Command (USCYBERCOM), the Pentagon office responsible for conducting what the US military calls “full spectrum military cyberspace operations”. Offensive cyber security planners at USCYBERCOM, which is located at Fort George G. Meade in Maryland, are said to have prepared plans that include proposals to launch numerous computer viruses, denial-of-service attacks and other cyber weapons against computers, internet servers and cell phone networks belonging to the Islamic State. The idea behind the plan is that an all-out online war against the Sunni militant group would hurt its image and prevent it from launching armed attacks against civilian targets abroad.

However, Canadian newspaper The Toronto Star reports that a number of other US agencies, including the Federal Bureau of Investigation, have voiced objections to the USCYBERCOM plan, arguing that an all-out cyber war against the Islamic State could backfire. Specifically, some US intelligence officials argue that sabotaging online communications nodes, as well as cell phone networks, would make it harder to spy on the Islamic State. Additionally, such a move would hinder the work of aid groups, opposition forces, and even Western-backed rebel forces in the Levant, who rely on the same Internet and cellular networks to communicate with each other. These officials argue instead that the US should opt for surgical attacks on specific computers or cell phones used by senior Islamic State planners.

According to media reports, US Defense Secretary Ashton Carter is scheduled to meet with USCYBERCOM commanders this week in order to evaluate the possibilities for offensive cyber attacks against the Islamic State. He will then brief President Barack Obama on the available options.

Author: Ian Allen | Date: 22 December 2015 | Permalink

Did US spies hack French government computers using Facebook?

The Palais de l'ÉlyséeBy JOSEPH FITSANAKIS | intelNews.org |
A sophisticated computer virus discovered at the center of the French government’s secure computer network was planted there by the United States, according to unnamed sources inside France’s intelligence community. Paris-based magazine L’Express, France’s version of Time magazine, says in its current issue that the alleged American cyberattack took place shortly before last April’s Presidential elections in France. It resulted in the infection of the entire computer system in the Palais de l’Élysée, which is the official residence of the President of France. The French magazine cites unnamed sources inside the French Network and Information Security Agency (ANSSI), which is responsible for cybersecurity throughout France. The sources claim that the snooping virus allowed its handlers to gain access to the computers of most senior French Presidential aides and advisers during the final weeks of the administration of French President Nicolas Sarkozy, including his Chief of Staff, Xavier Musca. The article claims that the virus used a source code nearly identical to that of Flame, a super-sophisticated version of Stuxnet, the virus unleashed a few years ago against the computer infrastructure of the Iranian nuclear energy program. Many cybersecurity analysts believe that the US and Israel were instrumental in designing both Stuxnet and Flame. IntelNews understands that the alleged virus was initially directed at employees of the Palais de l’Élysée through Facebook. The targets were allegedly befriended by fake Facebook profile accounts handled by the team that operated the virus. The targets were then sent phishing emails that contained links to phony copies of the login page for the Palais de l’Élysée intranet website. Read more of this post

US and Israel behind computer virus that hit Iran, say sources

Flame virus code segmentBy JOSEPH FITSANAKIS | intelNews.org |
Flame, a sophisticated computer malware that was detected last month in computers belonging to the Iranian National Oil Company and Iran’s Ministry of Petroleum, was created by Israel and the United States, according to a leading American newspaper. Quoting “officials familiar with US cyber-operations”, The Washington Post reported on Wednesday that the malware, which is said to be “massive in size”, is part of a wider covert program codenamed OLYMPIC GAMES. The paper said that the US portion of the program is spearheaded by the National Security Agency, which specializes in cyberespionage, and the CIA’s Information Operations Center. The Post further claims that OLYMPIC GAMES has a three-fold mission: to delay the development of the Iranian nuclear program; to discourage Israeli and American officials from resorting to a conventional military attack on Iran; and to buy time for those officials who favor addressing the Iranian nuclear stalemate with diplomatic pressures coupled with sanctions. According to one “former intelligence official” quoted in The Post, the scale of OLYMPIC GAMES “is proportionate to the problem that’s trying to be resolved”. Russian antivirus company Kaspersky Lab, which first spotted the Flame virus in May, said that it is “one of the most complex threats ever discovered”. It is over 20 megabytes in size, consisting of 650,000 lines of code. In comparison, Stuxnet, a computer super-virus that was detected by experts in 2010, and caused unprecedented waves of panic among Iranian cybersecurity experts, was 500 kilobytes in size. Read more of this post

News you may have missed #675

Eugene ForseyBy IAN ALLEN | intelNews.org |
►►US ‘has engaged in cyberwarfare’. Former National Security Agency Director Mike McConnell said in an interview with Reuters that the United States has already used cyber attacks against an adversary. Most believe he was referring to Stuxnet, the computer virus unleashed against Iran in 2010.
►►Philippines studying US offer to deploy spy planes. The Philippines is considering a US proposal to deploy surveillance aircraft on a temporary, rotating basis to enhance its ability to guard disputed areas in the South China Sea, the Philippine defense minister said last week. The effort to expand military ties between the United States and the Philippines, which voted to remove huge American naval and air bases 20 years ago, occurs as both countries grapple with the growing assertiveness of China.
►►Canadian intelligence spied on constitutional expert. Canadian security forces kept close tabs on renowned constitutional scholar Eugene Forsey from his early days as a left-wing academic to his stint as a senator, according to newly declassified documents. The collection of more than 400 pages, which has been obtained by Canadian newspaper The Toronto Star, reveals the RCMP Security Service (the predecessor to the Canadian Security Intelligence Service), followed Forsey for four decades throughout his career as an economics professor, research director for the Canadian Congress of Labour (now called the Canadian Labour Congress), a two-time Ottawa-area candidate for the Cooperative Commonwealth Federation and then his 1970 appointment as a Liberal senator. No surprises here.

US Pentagon computers cannot be protected, says NSA head

General Keith AlexanderBy JOSEPH FITSANAKIS | intelNews.org |
The man in charge of America’s most powerful intelligence agency says the United States Department of Defense computer network is so disordered and chaotic that it cannot be defended from cyberattacks. General Keith Alexander directs the National Security Agency, America’s wealthiest intelligence institution, which expert James Bamford has described as “the world’s most powerful spy agency”. As America’s foremost signals intelligence agency, the NSA is largely responsible for protecting the integrity, security and cohesion of the country’s public and restricted military communications networks, including computer networks. To do so, it consumes an annual budget that dwarfs those of most other intelligence agencies, and employs entire armies of computer security experts and other professionals. But, according to General Alexander, who also heads the US Pentagon’s new Cyber Command, there is not much his army of cyberwarriors can do to either prevent or repel possible large-scale cyberattacks directed against the DoD’s computer networks. The NSA chief was speaking yesterday at the International Conference on Cyber Security, a high-profile gathering of experts at New York’s Fordham University. He told the conference, which is sponsored by the Federal Bureau of Investigation, that the Pentagon’s computer infrastructure is too anarchic and chaotic to be successfully defended from cyberespionage, cyberterrorism, or cyberwarfare assaults. He said the DoD computer system consists of so many interconnected networks —over 15,000 in all— that the NSA “can’t see them all [let alone] defend them all”. As a result, said Alexander, the DoD’s current communications infrastructure “is indefensible”. Read more of this post

Does Iran have access to satellite jamming technology?

Iran displays captured US droneBy JOSEPH FITSANAKIS | intelNews.org |
A European intelligence official has said that Iran downed an unmanned American surveillance aircraft earlier this month by remotely sabotaging its satellite navigation system. The official, who has not been named, told The Christian Science Monitor that the Iranians used a state-of-the-art laser system to effectively “blind” the American spy satellite that guided the drone’s global positioning system (GPS). In doing this, Iran’s military was able to remotely skyjack the aircraft and assume control over its navigational system. The paper also published an exclusive interview with an Iranian electronic warfare specialist, who claimed he was part of a team that hacked into the drone’s communication frequency and reprogrammed its GPS data. Eventually, the Iranian specialists managed to cause the unmanned aircraft to switch into autopilot mode, and guided it to land relatively smoothly on Iranian territory, where it was eventually captured intact by Iranian authorities. If this is true, it will mark the first-ever indication that the Iranian state is in possession of sophisticated satellite jamming technology. In an important development, Iran’s Minister of Foreign Affairs, Ali Akbar Salehi, told Iran’s government-run IRNA news agency on Saturday that the American drone was brought down by Iranian armed forces, without any foreign assistance. If this is so, then does it mean that the Iranians developed the state-of-the-art jamming system themselves? Read more of this post

News you may have missed #639

GCHQ

GCHQ

►►GCHQ will sell cyberdefense tech to private firms. The GCHQ, Britain’s signals intelligence agency, is to market some of its security technologies to companies in the private sector, in an attempt to bolster defenses against the foreboding threat of cyberwarfare. The UK government’s “cyber security strategy”, which was unveiled this month, has earmarked £650 million in public funding to set up a four-year National Cyber Security Program, a percentage of which will be used to collaborate with private companies. Click here for an excellent analysis on the public-private cybersecurity collaboration in Britain.
►►Was there a coup attempt in Trinidad? Many in Trinidad and Tobago were expressing skepticism yesterday about an alleged assassination plot, which Prime Minister Kamla Persad-Bissessar said had been uncovered against her and several of her ministers. Police said nearly a dozen people had been arrested, including members of the army and police, but authorities have not given more details, citing the need to maintain security in operations to dismantle the plot.
►►US Senators resist $7 Billion in spending cuts for spy satellites. The Obama Administration wants to stop incessant spending by Defense Department contractors, especially those who have wasted billions of US taxpayers’ money in failed spy satellite projects. But the contractors’ friends in Congress, including lawmakers on the US Senate Intelligence Committee, are trying to stop the White House from cutting a $7 billion commercial satellite program being developed by GeoEye Inc. and DigitalGlobe Inc. What else is new?

News you may have missed #566 (analysis edition)

Jeffrey Richelson

Jeffrey Richelson

►►Stuxnet virus opens new era of cyberwar. Well-argued article by quality German newsmagazine Der Spiegel on Stuxnet, the sophisticated computer virus that attacked the electronic infrastructure of Iran’s nuclear program last year. The article argues that, in terms of strategic significance, the virus, which is widely considered a creation of Israeli intelligence agency Mossad, is comparable to cracking Germany’s Enigma cipher machine by Polish and British cryptanalists during World War II.
►►The fallout from the Turkish Navy’s recent spy scandal. Recently, the Turkish High Criminal court indicted members of an alleged spy ring operating inside the Turkish Navy. According to the indictment, members of the ring stole more than 165,000 confidential documents and obtained dozens of surveillance records and classified military maps. Its biggest customers were allegedly the intelligence services of Israel, Greece and Russia.
►►New edition of classic intelligence handbook published. A new edition of Jeffrey Richelson’s encyclopedic work on Read more of this post

Ex-CIA counterterrorist chief says al-Qaeda to turn to computer hacking

Cofer Black

Cofer Black

By JOSEPH FITSANAKIS | intelNews.org |
The strategic retreat currently being experienced by al-Qaeda will force the group to concentrate on inflicting damage on its enemies through the Internet. This is the opinion of Cofer Black, the straight-talking CIA veteran who retired in 2002 as Director of the Agency’s Counterterrorism Center. Black, who is known for his hawkish views on Washington’s ‘war on terrorism’, gave the keynote speech on Wednesday at the Black Hat Technical Security Conference in Las Vegas, Nevada. He told an audience of nearly 7,000 conference participants that “the natural thing” would be for al-Qaeda in the post-bin-Laden age to continue to engage in terrorism by “fall[ing] back to things that are small and agile”, with computer hacking being an ideal candidate. Black, who since 2002 has worked for private contractors, including Blackwater/Xe, illustrated his point by referring to Stuxnet, the elaborately programmed computer virus that targeted electronic hardware in Iran’s nuclear energy program in July of 2010. “The Stuxnet attack is the Rubicon of our future”, said the former CIA official, adding that it was the computer virus designed to cause “physical destruction of a national resource”. Black is rightly revered by intelligence observers for having warned US government officials of a large-scale terrorist attack in August of 2001, one month prior to the September 11 hijackings. Having said this, it is not exactly prophetic to state, as he did, that “cyber will be a key component of any future conflict”. Read more of this post

News you may have missed #546

Thomas Drake

Thomas Drake

By IAN ALLEN | intelNews.org |
►►Whistleblower says NSA mismanagement continues. Former US National Security Agency employee Thomas Drake was recently sentenced to a year’s probation for leaking secrets about the agency to a journalist. The presiding judge did not sentence him to prison, recognizing that his genuine intention was to expose mismanagement. Soon after his sentencing, Drake told The Washington Times that mismanagement continues at the NSA, which he compared to “the Enron of the intelligence world”. He also told the paper that NSA’s accounts were “unauditable”, like those of most of the other agencies operating under the Pentagon. ►►Taliban claim phones hacked by NATO. The Afghan Taliban have accused NATO and the CIA of hacking pro-Taliban websites, as well as personal email accounts and cell phones belonging to Taliban leaders, in order to send out a false message saying that their leader, Mullah Mohammad Omar, had died. Taliban spokesman Zabihullah Mujahid told the Reuters news agency that the hacking was “the work of American intelligence” and that the Taliban would “take revenge on the telephone network providers”. ►►Rumsfeld memo says ‘US can’t keep a secret’. “The United States Government is incapable of keeping a secret”. This was opined in a November 2, 2005 memo authored by Donald Rumsfeld. The memo by the then-Defense Secretary continues: Read more of this post

News you may have missed #438 (Stuxnet edition)

[Research credit to Arthur Sbygniew]