North Korea is now robbing banks, says US intelligence official

North KoreaComments made by a senior American intelligence official on Tuesday appeared to suggest that the North Korean government was behind an attempt to steal nearly $1 billion from a Bangladeshi bank last year. The heist took place in February of 2016, when a computer malware was used to issue several requests to transfer funds from Bangladesh Bank —the state-owned central bank of Bangladesh— using the SWIFT network. The hackers were able to transfer five separate sums of $101 million each to a linked Bangladesh Bank account at New York’s Federal Reserve Bank. However, when further requests were issued, Federal Reserve Bank employees contacted Bangladesh Bank and blocked further transactions. Eventually, most of the transferred funds, which neared $1 billion, were recovered; but the hackers managed to get away with approximately $81 million worth of funds.

Forensic investigators described the heist as technically advanced. The antivirus company Symantec said it identified a piece of code in the malware that is known to have been used by North Korean government hackers in the past. Not everyone agreed with the claim that Pyongyang was behind the bank heist. But those who did, said that it was unprecedented in scope and aggressiveness. Some even said that the heist showed that North Korea’s cyber capabilities were among the most sophisticated and powerful in the world.

Meanwhile the United States government did not comment on the matter. However, this past Tuesday the deputy director of the National Security Agency appeared to confirm reports that North Korea was behind the Bangladesh Bank heist. Rick Ledgett, a 30-year veteran of the NSA, who is due to retire in 2018, was speaking at a public event hosted by the Aspen Institute in Washington, DC. He reminded the audience that private researchers had connected the malware code used in the Bangladesh Bank heist with that used in previous hacking attempts launched by North Korea. “If that linkage […] is accurate”, said Ledgett, it “means that a nation state is robbing banks”. When asked by the moderator whether he believes that to be the case, Ledgett responded “I do. And that’s a big deal”. Foreign Policy magazine reached out to Ledgett following his talk and asked him for clarification about his comments regarding the Bangladesh Bank heist. But the NSA official simply said that “the public case [about the heist] was well-made”. Foreign Policy also contacted the NSA, but the agency said it preferred not to comment on the matter.

Author: Joseph Fitsanakis | Date: 23 March 2017 | Permalink

Advertisements

FBI launches criminal investigation into WikiLeaks’ CIA disclosures

WikiLeaksThe United States federal government has launched a criminal investigation into the public disclosure of thousands of documents that purportedly belong to the Central Intelligence Agency. The documents were released on Tuesday by the anti-secrecy website WikiLeaks. They reveal what appear to be technical collection methods used by the CIA to extract information from digital applications and electronic devices, ranging from flash drives to smart screen televisions. WikiLeaks named the collection “Vault 7”, and said that it consists of nearly 8,000 web pages and 1,000 attachments. It also said that its editors redacted hundreds of pages of computer code, in order to prevent the public release of advanced cyberweapons allegedly used by the CIA to sabotage electronic devices and systems.

On Wednesday, former director of the CIA Michael Hayden told the BBC that the disclosure appeared “incredibly damaging”, because it revealed some of the methods that the CIA uses to acquire information. But some cybersecurity experts said that the techniques contained in the leaked documents did not appear to be uniquely advanced, and most focused on exploiting technical vulnerabilities that were generally known. Still, The New York Times reported on Wednesday that the CIA had begun to assess the damage caused by the release. The agency was also trying to contain the extent of the damage, and had even “halt[ed] work on some projects”, said The Times. Officials from the CIA are reportedly in communication with the Federal Bureau of Investigation, which on Wednesday launched a criminal investigation into the “Vault 7” release.

The main purpose of the FBI investigation is to find out how WikiLeaks acquired the files. The website said that the documents were leaked by a CIA contractor, which would imply that they were accessed from a server outside the CIA’s computer network. However, federal investigators are not excluding the possibility that the leaker of the information may be a full-time CIA employee. Reports suggest that the FBI is preparing to conduct hundreds, and possibly thousands, of interviews with individuals who are believed to have had access to the documents that were released by WikiLeaks. Meanwhile, neither the FBI nor the CIA have commented on the authenticity of the information contained in “Vault 7”. WikiLeaks said that Tuesday’s release, which it codenamed “Year Zero”, was the first part of several installments of documents that will be released under its Vault 7 program.

Author: Joseph Fitsanakis | Date: 09 March 2017 | Permalink

Files released by WikiLeaks show advanced CIA technical collection methods

Julian AssangeThousands of documents belonging to the United States Central Intelligence Agency, which were released on Tuesday by the international anti-secrecy website WikiLeaks, are almost certainly genuine. They reveal an entire universe of technical intelligence collection methods used by the CIA to extract information from digital applications and electronic devices, ranging from flash drives to smart screen televisions. WikiLeaks named the collection Vault 7, and said that it consists of nearly 8,000 web pages and 1,000 attachments. It also said that its editors redacted hundreds of pages of computer code, in order to prevent the public release of advanced cyberweapons that are allegedly used by the CIA to sabotage electronic devices and systems.

The information contained in the leaked documents is almost certainly genuine, and most likely belongs to the CIA —though many of the programs listed may be jointly run by the CIA and the National Security Agency (NSA). These programs, with names such as McNUGGET, CRUNCHYLIMESKIES, ELDERPIGGY, ANGERQUAKE and WRECKINGCREW, appear to be designed to compromise computer systems using a series of sophisticated methods that force entry or exploit built-in vulnerabilities or systems. Targets include popular communications systems like Skype and WhatsApp, smartphones produced by Google and Apple, commercial software like PDF and Microsoft Windows, and even so-called smart televisions that connect to the Internet.

The WikiLeaks revelations are most likely related to operations conducted under the auspices of the Special Collection Service (SCS), a joint CIA/NSA program that dates to the earliest days of the Cold War. The program was started by the United States Armed Forces but was eventually transferred to civilian hands and monitored by the CIA. It used advanced communications-interception facilities around the world to collect information. Over the years, the CIA collaborated with the NSA and developed many SCS projects targeting several foreign countries using technical and human means. In recent years the SCS has been primarily operated by the NSA, which oversees the program’s technical platforms.

WikiLeaks did not reveal the source of the documents. But it said that they had been “circulated [by the CIA] among former US government hackers and contractors” and that it was one of the latter that leaked them to the anti-secrecy website. A statement by WikiLeaks said that Tuesday’s release, which it codenamed “Year Zero”, was part one of several installments of documents that will be released under its Vault 7 program. The site also claimed that the information in “Year Zero” has “eclipsed the total number of pages published over the first three years of the Edward Snowden NSA leaks”. The CIA, the NSA and the White House have not commented on this development.

Author: Joseph Fitsanakis | Date: 08 March 2017 | Permalink

US, British intelligence agencies spied on Israelis and Palestinians, files show

Israel’s Ministry of Foreign AffairsDocuments accessed by a French newspaper show that American and British intelligence agencies worked together to spy on diplomats, academic researchers and defense contractors in Israel and the Palestinian territories. Last year, the German newsmagazine Der Spiegel and the American newspaper The Wall Street Journal reported that the United States National Security Agency spied on senior Israeli politicians throughout the last decade, including Prime Minister Ehud Olmert and his successor, Benjamin Netanyahu. Now French daily Le Monde has alleged that the NSA teamed up with its British equivalent, the Government Communications Headquarters to spy on Israeli foreign service officials and diplomats, academic researchers and defense contractors. The newspaper also alleged that British and American spies targeted Palestinian government officials.

According to Le Monde, the information came from documents leaked by Edward Snowden, a former employee of the NSA and the Central Intelligence Agency, who is currently living in Russia. Snowden defected there in June 2013, after initially fleeing to Hong Kong with millions of stolen US government documents in his possession. In a leading article on Wednesday, the newspaper claimed that British and American spy agencies have systematically targeted senior officials in Israel’s Ministry of Foreign Affairs in Jerusalem. Several Israeli foreign service officials stationed abroad have also been targeted, said Le Monde, including Israel’s ambassadors to Nigeria and Kenya. But the Anglo-American intelligence alliance has also targeted Palestinian government institutions, including the Office of the Secretary General of the Palestinian Liberation Organization. Senior Palestinian officials that have been spied on include Ahmed Qurei, a former prime minister of the Palestinian National Authority, and Ahmad Tibi, a member of the Israeli Knesset who served as an advisor to Palestinian leader Yasser Arafat in the 1990s.

Palestinian diplomats stationed around the world have also been targeted by the NSA and the GCHQ, said Le Monde, in cities such as Paris, Brussels, Lisbon, Islamabad, Pretoria, and Kuala Lumpur. The documents also show that the two intelligence agencies have spied on Israeli defense contractors, including a company named Ophir Optronics, which works in the areas of laser and fiber optic technologies. Finally, the French newspaper said that research centers throughout Israel had been targeted, including scientific laboratories located at the Jerusalem-based Hebrew University.

Author: Joseph Fitsanakis | Date: 08 December 2016 | Permalink

NSA chief preempts move to fire him by entering talks with Trump

Michael S. RogersThe director of the United States National Security Agency has taken the unprecedented step of entering talks with president-elect Donald Trump, amidst reports that President Barack Obama may fire him. Admiral Michael S. Rogers, 57, a US Navy cryptologist with a military career that spans over three decades, has been at the helm of the NSA since April of 2014. Last weekend, however, The Washington Post alleged that senior US military and intelligence officials urged President Obama to fire him. Citing “several US officials familiar with the matter”, The Post said on Saturday that a recommendation to fire Admiral Rogers was delivered to the President in October by Secretary of Defense Ashton B. Carter and the Director of National Intelligence James R. Clapper.

Secretary Carter is allegedly displeased with the NSA director’s performance, following what The Post said were “persistent complaints from NSA personnel” that Admiral Rogers is “aloof, frequently absent” from his duties, and tends to disregard input from his advisors at NSA. DNI Clapper added to Rogers’ list of concerns, while also proposing that the NSA should be led by a civilian administrator. The paper alleged that the president agreed with the recommendations and had planned to replace Admiral Rogers with an acting NSA director shortly before the election of November 8. That would reportedly allow the incoming president to appoint a new director of their preference in the new year. However, the move was delayed due to ongoing discussions about balancing the NSA’s military and civilian roles.

In the meantime, it appears that the NSA director preempted his impending firing by entering negotiations with president-elect Donald Trump about joining the new administration. According to The Post, Trump is considering appointing Admiral Rogers to the post of DNI, to replace Clapper. The paper described the Admiral’s move to meet with Trump without notifying his superiors —including the president— as “unprecedented for a military officer”. The NSA director’s move has allegedly displeased the Obama administration, but it is unclear how the president will respond. During a press conference in Lima, Peru, on Sunday, President Obama declined to answer questions about Admiral Rogers’ rumored replacement. He described the NSA director as “a terrific patriot”, but added that it was not his practice to comment on matters relating to personnel appointments. The Department of Defense, Office of the DNI, and the NSA have all declined to comment on the matter.

Author: Joseph Fitsanakis | Date: 21 November 2016 | Permalink

NSA contractor accused of spying stole real names of US undercover officers

NSAClassified information stolen by a United States federal contractor, who was charged with espionage last month, includes the true identities of American intelligence officers posted in undercover assignments abroad, according to court documents. In August of this year, Harold Thomas Martin III, was arrested by the Federal Bureau of Investigation on charges of stealing government property and illegally removing classified material. Martin, 51, served as a US Navy officer for over a decade, where he acquired a top secret clearance and specialized in cyber security. At the time of his arrest earlier this year, he was working for Booz Allen Hamilton, one of the largest federal contractors in the US. Some media reports said Martin was a member of the National Security Agency’s Office of Tailored Access Operations, described by observers as an elite “hacker army” tasked with conducting offensive cyber espionage against foreign targets.

Last week, after prosecutors alleged that the information Martin removed from the NSA was the equivalent of 500 million pages, a judge in the US state of Maryland ruled that the accused might flee if he is released on bail. Soon afterwards, Martin’s legal team filed a motion asking the judge to reconsider his decision to deny him bail. That prompted a new filing by the prosecution, which was delivered to the court on Thursday. The document alleges that the information found in Martin’s home and car includes “numerous names” of American intelligence officers who currently “operate under cover outside the US”. The court filing adds that Martin’s removal of the documents from secure government facilities constitutes “a security breach that risks exposure of American intelligence operations” and “could endanger the lives” of undercover intelligence officers and their agents abroad.

It is alleged that Martin told the FBI he never shared classified information with anyone, and that he removed it from his office at the NSA in order to deepen his expertise on his subject. His legal team argues that Martin suffers from a mental condition that compels him to be a hoarder. But prosecutors for the government argue in court documents that Martin appears to have communicated via the Internet with Russian speakers, and that he was learning Russian at the time of his arrest. The case is expected to be tried later this year.

Author: Joseph Fitsanakis | Date: 28 October 2016 | Permalink

NSA contractor charged with spying removed both electronic and printed files

NSAA United States federal contractor, who was charged with espionage after he was found to have stolen classified documents, was able to remove both electronic and printed files from his office at the National Security Agency, according to a report. The man was identified by The New York Times last week as Harold Thomas Martin III, a 51-year-old employee of Booz Allen Hamilton, one of the largest federal contractors in the US. Last August, agents of the Federal Bureau of Investigation raided Martin’s house in Maryland and arrested him on charges of stealing government property and illegally removing classified material.

In reporting on the disclosure earlier this week, we noted that the FBI found classified information “on a variety of electronic devices that Martin had stored —though apparently not hidden— in his house and car”. It turns out, however, that at least some of the classified files in Martin’s possession were in printed format. According to The Washington Post, which revealed this information on Wednesday, this means that Martin extracted the information from his office at the NSA “the old-fashioned way, by walking out of the workplace with printed-out papers he had hidden”. The paper cites unnamed US government officials who claim that Martin was repeatedly able to walk out the front door of the NSA with what one anonymous congressional aide described as “a whole bunch of stuff”. The paper alleged that printed classified material found in Martin’s possession amounts to “thousands of pages”.

It appears that Martin extracted most of the documents before the fall of 2013, when the NSA and other US intelligence agencies imposed strict security controls on data access following the defection of Edward Snowden, another federal contractor who worked for the NSA and is today living in Russia. But the revelation will undoubtedly raise further questions about the ability of US intelligence agencies to scrutinize the activities of hundreds of thousands of employees who have access to classified information. The Post notes that the NSA and other US intelligence agencies do not employ universal searches of personnel that enter or exit government facilities. Instead they prefer random checks for reasons of convenience and to foster a sense of trust among employees. That, however, may change if more cases like those of Snowden and Martin become known.

Author: Joseph Fitsanakis | Date: 14 October 2016 | Permalink