Attack by Chinese hacker group targeted high-profile individuals around the world

Operation SOFTCELLA hacker attack of impressive magnitude targeted specific individuals of interest to the Chinese government as they moved around the world, in what appears to be the first such operation in the history of cyberespionage. The attack was revealed late last month by Cybereason, an American cybersecurity firm based in Boston, Massachusetts. Company experts described the scope and length of the attack, dubbed Operation SOFTCELL, as a new phenomenon in state-sponsored cyberespionage. Cybereason said SOFTCELL has been in operation since at least 2017, and identified the culprit as APT10, a hacker group that is believed to operate on behalf of China’s Ministry of State Security.

The operation is thought to have compromised close to a dozen major global telecommunications carriers in four continents —the Middle East, Europe, Asia and Africa. According to Cybereason, the hackers launched persistent multi-wave attacks on their targets, which gave them “complete takeover” of the networks. However, they did not appear to be interested in financial gain, but instead focused their attention on the call detail records (CDRs) of just 20 network users. With the help of the CDRs, the hackers were able to track their targets’ movements around the world and map their contacts based on their telephone activity. According to The Wall Street Journal, which reported on Cybereason’s findings, the 20 targets consisted of senior business executives and government officials. Others were Chinese dissidents, military leaders, as well as law enforcement and intelligence officials.

An especially impressive feature of SOFTCELL was that the hackers attacked new telecommunications carriers as their targets moved around the world and made use of new service providers. The attacks thus followed the movements of specific targets around the world. Although this is not a new phenomenon in the world of cyberespionage, the geographical scope and persistence of the attacks are unprecedented, said The Wall Street Journal. Speaking last week at the 9th Annual International Cybersecurity Conference in Tel Aviv, Israel, Lior Div, Cybereason’s chief executive officer and co-founder, said SOFTCELL attacks occurred in waves over the course of several months. The hackers used a collection of techniques that are commonly associated with identified Chinese hacker groups. If detected and repelled, the hackers would retreat for a few weeks or months before returning and employing new methods. The Cybereason security experts said that they were unable to name the targeted telecommunications carriers and users “due to multiple and various limitations”.

Author: Joseph Fitsanakis | Date: 09 July 2019 | Permalink

Norway spy agency urges IT firms to be cautious when outsourcing operations abroad

Broadnet NorwayThe Norwegian National Security Authority (NSM) has warned the country’s information technology firms to prioritize national security over cutting costs when outsourcing their operations abroad. The warning follows what has come to be known as the “Broadnet affair”, which, according to the Norwegian government, highlighted the dangers of extreme cost-cutting measures by Norway’s heavily privatized IT industry. The incident is named after Broadnet, Norway’s leading supplier of fiber-optic communications to the country’s industry and state sectors. Among Broadnet’s customers is Nødnett, an extensive digital network used by agencies and organizations that engage in rescue and emergency operations, including police and fire departments, as well as medical response agencies. Although 60% of the Nødnett network is owned by the Norwegian government, Broadnet is a member of the Nødnett consortium, and is thus supervised by Norway’s Ministry of Transport and Communications.

In September of 2015, Broadnet fired 120 of its Norway-based employees and outsourced their jobs to India, in search of cost-cutting measures. The company signed a multimillion dollar contract with Tech Mahindra, an outsourcing firm based in Mumbai. But an audit by the Norwegian government soon discovered several instances of security breaches by Tech Mahindra staff. The latter were reportedly able to access Nødnett without authorization through Broadnet’s core IT network, which was supposed to be off-limits to outsourced staff without Norwegian security clearances. Soon after the breaches were discovered, Broadnet began to bring its outsourced operations back to Norway. By the end of 2017, all security-related IT tasks had been returned to Norway. In the meantime, however, Broadnet had come under heavy criticism from the Norwegian government, opposition politicians, and the NSM —the government agency responsible for protecting Norway’s IT infrastructure from cyber threats, including espionage and sabotage.

The NSM warning —published earlier this month in the form of a 20-page report— makes extensive mention of the Broadnet affair. It recognizes the right of Norwegian IT firms to outsource some or all of their operational tasks as a cost-cutting measure. But it also stresses that the country’s IT firms are required by law to abide to national security protocols when outsourcing part of their IT portfolios to foreign companies. There have been numerous instances in recent years, where “risk management obligations relative to outsourcing decisions by Norwegian [IT] companies have fallen short”, the NSM report states. It adds that IT firms must abide to strict protocols of risk management when making outsourcing decisions. It also states that the firms’ Norway-based senior managers must regain complete overview of outsourced projects at every step of the way.

Author: Joseph Fitsanakis | Date: 27 June 2018 | Permalink

UK spy agency sued by Internet providers over malware attacks

GCHQ center in Cheltenham, EnglandBy JOSEPH FITSANAKIS | intelNews.org
A group of Internet service providers from North America, Europe, Asia and Africa have filed a lawsuit against Britain’s foremost signals intelligence agency, accusing it of hurting their business by spying on them. The legal complaint was filed against the Government Communications Headquarters (GCHQ), the British government agency tasked with communications interception, which also provides information assurance to both civilian and military components of the British state. Service providers from the United States, United Kingdom, Germany, Netherlands, South Korea and Zimbabwe are listed as plaintiffs in the complaint, which was filed on Wednesday in a court in London. The legal action against the spy agency is based on articles that surfaced in the international press last year. They alleged that GCHQ targeted Belgium’s largest telecommunications service provider Belgacom. The revelations surfaced first in September of 2013 in Flemish newspaper De Standaard. The paper claimed that Belgacom’s mainframe computers had been deliberately infected by an “unidentified virus”, which had specifically targeted telecommunications traffic carried by Belgacom’s international subsidiaries. De Standaard further claimed that the scope and technical sophistication of the operation pointed to a state-sponsored agency as the culprit. Further revelations about the Belgacom malware attacks were made in German newsmagazine Der Spiegel in November of last year, pointing to GCHQ as the agency behind the operation. The allegations originated in information provided by Edward Snowden, an American defector to Russia who used to work for GCHQ’s American equivalent, the National Security Agency. In their lawsuit, the Internet service providers allege that, regardless of whether they were themselves targeted by GCHQ in a manner similar to that of Belgacom, the British spy agency effectively compromised the integrity of their industry. It did so, they argue, by allegedly targeting employees of telecommunications service providers, by infecting telecommunications networks with malware, by Read more of this post

NSA ‘broke, circumvented Internet encryption standards’

NSA headquartersBy IAN ALLEN | intelNews.org |
The United States National Security Agency (NSA) has been able to crack or get around basic encryption standards used daily by hundreds of millions of Internet users, according to newly leaked documents. The New York Times said on Friday that it was in possession of documents that prove that the NSA is not restrained by universal encryption standards used in the US and abroad. The NSA, which is America’s largest intelligence agency, and is tasked by the US government with intercepting electronic communications worldwide, is now able to routinely circumvent Secure Sockets Layer or virtual private networks, as well as encryption protection standards used on fourth-generation cell phones. It therefore has instant access to the content of billions of encrypted messages exchanged by users of some of the Internet’s most popular email companies, including Gmail, Hotmail, Yahoo and Facebook. The paper said it obtained the documents from Edward Snowden, a technical contractor for the NSA who defected to Russia this past summer. They include internal NSA memoranda that suggest the NSA deployed specially built supercomputers to break Internet encryption standards. In other cases, the Agency worked with selected companies and convinced them to “build entry points into their products”. The multi-billion effort was apparently launched by the NSA in the early 2000s, soon after the US government lost a lengthy battle with the communications industry centering on the so-called ‘clipper chip’. Read more of this post

Analysis: PRISM revelations harm US political, financial interests

NSA headquartersBy JOSEPH FITSANAKIS | intelNews.org |
Ever since June 6, when Edward Snowden, a former United States Central Intelligence Agency (CIA) technician, exposed a vast communications spying system called PRISM, observers have focused on the ramifications of this controversy inside America. But in an excellent analysis written for ComputerWorld magazine’s New Zealand edition, Taylor Armerding points out that Snowden’s revelation could result in extensive international blowback for the United States, in both the political and economic realms. Armerding quotes Toronto University political science professor Ron Deibert, who argues that this latest revelation of massive communications interception activity by the National Security Agency (NSA) carries with it “unintended consequences […] that will undermine US foreign policy interests”. Deibert points out that the spy scandal has the potential to undercut America’s role and influence in global Internet governance. In the words of renowned security expert Bruce Schneier, many around the world are beginning to view the US as “simply too untrustworthy to manage the Internet”. Even policymakers and ordinary users friendly to Washington are worried about what they perceive as the “huge disadvantages” of their dependence on US-managed Internet networks that host the content of social media sites, cloud computing databases, or telecommunications exchanges, says Deibert. But the biggest potential damage to US interests, argues Armerding, is not political, but economic. “It is not just personal information that is being swept into the NSA’s massive databases”, he notes; “it is corporate data as well”. Indeed, the vast foreign and domestic spying represented by PRISM poses a direct threat to the global competitiveness of the American technology sector. Read more of this post

Scandinavian phone company helps ex-Soviet republics spy on citizens

TeliaSonera CEO Lars NybergBy JOSEPH FITSANAKIS | intelNews.org |
A highly profitable cellular telecommunications company, which is jointly owned by a Swedish-Finnish public-private consortium, is enabling some of the world’s most authoritarian regimes to spy on their own citizens, according to a new report. TeliaSonera AB, the dominant telephone company and mobile network operator in Sweden and Finland, is currently active in nearly 20 countries around the world. In 2011, it posted a net profit of nearly $3 billion, 25 percent of which came from the company’s operations in countries of the former Soviet Union. They include some of TeliaSonera’s most lucrative franchises, such as Geocell in Georgia, Kcell in Kazakhstan, Ucell in Uzebekistan, Tcell in Tajikistan, and Azercell in Azerbaijan, among others. But a new investigation by Sweden’s public broadcaster, Sveriges Television AB  (SVT), accuses TeliaSonera of knowingly giving some of the world’s most oppressive governments the means to spy on their own citizens. The report, which is available online in English, effectively states that TeliaSonera is directly complicit in some of the world’s most severe human rights abuses. The accusation is bound to cause embarrassment among senior officials in the Swedish government, which owns nearly 40 percent of TeliaSonera’s stock. The SVT investigation singles out Uzbekistan, Belarus and Azerbaijan, where TeliaSonera operates monopoly cellular networks on behalf of the state, “in exchange for lucrative contracts”. While running the networks, TeliaSonera allegedly grants local intelligence agencies complete and real-time access to the all telephone calls, pen-register data, and content of text messages exchanged by users. This, says the SVT report, has in turn facilitated several arrests of pro-democracy activists and political dissidents in countries like Belarus and Azerbaijan. Read more of this post

News you may have missed #724

Shakil AfridiBy IAN ALLEN | intelNews.org |
►►Aid group denies link to US intelligence in Pakistan. Aid group Save the Children denied accusations it has ties to US intelligence agencies in Pakistan. The organization’s denial came shortly after Dr. Shakil Afridi, a doctor the CIA recruited to help in the search for Osama bin Laden, told Pakistani interrogators that Save the Children played a role in his becoming involved with the CIA. Following Afridi’s interrogation, the Pakistani government banned some Save the Children members from leaving the country and aid supplies –including medical supplies– have been blocked by customs.
►►Is MI6 double spy’s case linked with Gareth Williams’ death? In 2010, British authorities jailed for a year MI6 employee Daniel Houghton, after he was caught trying to sell classified documents to MI5 spooks posing as foreign agents. According to newspaper The Daily Mirror, British police are now “probing a possible link between the Houghton’s case and the death of MI6 employee Gareth Williams, who was found dead in his London apartment in 2010. According to the paper, police detectives “want assurances from MI6 that Williams’ details [and] identity were not compromised” by Houghton.
►►Fears of spying hinder US license for China Mobile. China Mobile, the world’s largest mobile provider, applied in October for a license from the Federal Communications Commission to provide service between China and the United States and to build facilities on American soil. But officials from the FBI, the Department of Homeland Security and the Justice Department’s National Security Division are concerned that the move would give the company access to physical infrastructure and Internet traffic that might allow China to spy more easily on the US government and steal intellectual property from American companies. This is according to The Los Angeles Times, which cites “people familiar with the process who declined to be identified because the deliberations are secret”. US officials and lawmakers have expressed similar concerns about a Chinese telecommunications hardware manufacturer Huawei Technologies, which is alleged to have contacts with the Chinese People’s Liberation Army and the Ministry of State Security.