Trump chief of staff’s phone was breached for nearly a year, say sources

John KellyThe personal cell phone of the White House Chief of Staff John Kelly (photo) was compromised by persons unknown and may have been bugged for nearly a year, according to United States government officials. General Kelly retired from the US Marine Corps in 2016, after serving as chief of the US Pentagon’s Southern Command, where he supervised American military operations in Latin America and the Caribbean. Soon afterwards, he was appointed by US President Donald Trump to lead the Department of Homeland Security, which he joined in January of 2017. Six months later, however, he replaced Reince Priebus, who resigned abruptly from the post of White House Chief of Staff, citing differences over management style with the Trump administration.

According to the online news outlet Politico, the breach of Kelly’s personal phone was discovered last summer, after the retired general sought the advice of the White House’s technical support staff. Kelly told the technical experts that his phone’s operating system had been malfunctioning for several months and that software updates seemed to make the problem worse. Once the breach was discovered, White House staff summarized the findings of the probe into Kelly’s phone in a one-page memorandum. Three people who read the document spoke anonymously to Politico. The news outlet said that, according to the White House memorandum, it is unclear how and when Kelly’s phone was breached. There is also no information in the document about how much and what kind of information was compromised throughout the duration of the breach. Politico cited a White House spokesman who claimed that the chief of staff used his personal phone sparsely and never for government business.

However, depending on the level of the breach, hackers could have used the compromised phone to listen in to Kelly’s private conversations —in and out of the White House— even when the phone was not in use but simply turned on. It follows that if the breach of Kelly’s phone was orchestrated by a foreign government, the magnitude of the compromise may be substantial. Politico reports that digital forensics experts are now reviewing Kelly’s travels in the past year, as part of a widening investigation into the breach. Meanwhile, the general has been issued a new phone for his personal use.

Author: Joseph Fitsanakis | Date: 10 October 2017 | Permalink

Advertisements

China hacking Hong Kong protesters’ smartphones, says security firm

Hong Kong protestersBy IAN ALLEN | intelNews.org
A mobile telephone security company has said the government of China is probably behind a sophisticated malware designed to compromise the smartphones of protesters in Hong Kong. Ever since the Hong Kong ‘umbrella revolution’ began to unfold, countless reports have referred to the use of smartphone applications as organizing tools by the protesters. According to one account, an application called FireChat was downloaded by more than 100,000 smartphone users in Hong Kong in less than 24 hours. FireChat is said to allow protesters to continue communicating with each other even when their individual devices are unable to connect to a mobile network. But a California-based mobile telephone security firm has warned that the Chinese government could be using such enabling applications to compromise the smartphones of pro-democracy protesters in the former British colony. Lacoon Mobile Security, which specializes in assessing and mitigating mobile security threats, said on Tuesday that it had detected several types of malware camouflaged as mobile phone applications designed to help the protesters organize. In a statement posted on its website, the security firm said that, once downloaded by a smartphone user, the malware gives an outsider access to the address book, communication logs and other private data stored on the unsuspecting user’s device. Lacoon added that what made the malware unusual was that it came in two different versions; one appears to target smartphones that run Apple’s iOS operating system, while the other is designed to compromise phones using Google’s Android software. The company noted that the types of malware that are circulating among Hong Kong protesters were some of the most sophisticated it had ever seen. They made use of a method called mRAT, which stands for multidimensional requirements analysis tool. Among other things, mRAT allows a hacker to take surreptitious pictures using the phone camera of a compromised smartphone. According to Lacoon, the design of the malware in question is so advanced that it is “undoubtedly backed by a nation state”. Read more of this post

News you may have missed #857 (hacking edition)

Mossad sealBy IAN ALLEN | intelNews.org
►►UK spies hacked Belgian phone company using fake LinkedIn page. British spies hacked into the routers and networks of a Belgian telecommunications company Belgacom by tricking its telecom engineers into clicking on malicious LinkedIn and Slashdot pages, according to documents released by NSA whistleblower Edward Snowden. The primary aim, reports the German newsmagazine Der Spiegel, which obtained the documents, was to compromise the GRX router system that BICS controlled, in order to intercept mobile phone traffic that got transmitted by the router.
►►Indonesian hackers behind attack on Australian spy service website. Indonesian hackers are believed to have brought down the website of the Australian Secret Intelligence Service, Australia’s leading spy agency. The page was not working on Monday afternoon after hackers launched a “denial of service” attack. A “404 not found” message typically appears when a website crashes under a “denial of service” attack. The cyber attack is reportedly a response to revelations that Australia had been spying on its closest neighbor through its Jakarta embassy.
►►Hamas blasts alleged Mossad website. Hamas officials released a warning about a website called Holol (“solutions”), claiming it is a ruse set up by Israel’s Mossad intelligence agency to recruit Gazans as informants. The website’s “Employment” page states, “due to our connections with the Israeli Civil Administration, we can help you bypass the bureaucratic tape and procedural processes which prevent you from leaving Gaza”. The site also offers Israeli medical assistance, “due to connections with the Ministry of Health and the Israeli Civil Administration”. Palestinians interested in contacting the website’s officials are asked to provide their full name, telephone number, email, topic of inquiry, and an explanation of why they are asking for help. Last month, Lebanese group Hezbollah accused the Mossad of being behind a website seeking information on Hezbollah’s intelligence wing.

Leaked documents show capabilities of new surveillance technologies

Net Optics logo

Net Optics logo

By JOSEPH FITSANAKIS | intelNews.org |
A trove of hundreds of documents, obtained by participants in a secretive surveillance conference, displays in unprecedented detail the extent of monitoring technologies used by governments around the world. The Wall Street Journal, which obtained the leaked documents, says they number in the hundreds; they were reportedly authored by 36 different private companies that specialize in supplying government agencies with the latest surveillance hardware and software. They were among dozens of vendors that participated in an unnamed conference near Washington, DC, in October, which attracted interested buyers from numerous government agencies in America and beyond. The Journal, which has uploaded scanned copies of the leaked documents, says that many include descriptions of computer hacking tools. The latter enable government agencies to break into targeted computers and access data stored in hard drives, as well as log keystrokes by the targeted computers’ users. Other applications target cellular telecommunications, especially the latest models of so-called ‘smartphones’; one vendor in particular, Vupen Security, gave a presentation at the conference, which describes how its products allow for electronic surveillance of cell phones by exploiting security holes unknown to manufacturers. Some of the most popular products at the conference related to what the industry calls “massive intercept” monitoring, namely large-scale software systems designed to siphon vast amounts of telephonic or email communications data, or to capture all Internet exchanges taking place within a country’s computer network. One conference participant, California-based Net Optics Inc., bragged in its presentation about having enabled “a major mobile operator in China” to conduct “real-time monitoring” of all cell phone [and] Internet content on its network. The stated goal of the surveillance was to “analyze criminal activity” and “detect and filter undesirable content”. Read more of this post

News you may have missed #546

Thomas Drake

Thomas Drake

By IAN ALLEN | intelNews.org |
►►Whistleblower says NSA mismanagement continues. Former US National Security Agency employee Thomas Drake was recently sentenced to a year’s probation for leaking secrets about the agency to a journalist. The presiding judge did not sentence him to prison, recognizing that his genuine intention was to expose mismanagement. Soon after his sentencing, Drake told The Washington Times that mismanagement continues at the NSA, which he compared to “the Enron of the intelligence world”. He also told the paper that NSA’s accounts were “unauditable”, like those of most of the other agencies operating under the Pentagon. ►►Taliban claim phones hacked by NATO. The Afghan Taliban have accused NATO and the CIA of hacking pro-Taliban websites, as well as personal email accounts and cell phones belonging to Taliban leaders, in order to send out a false message saying that their leader, Mullah Mohammad Omar, had died. Taliban spokesman Zabihullah Mujahid told the Reuters news agency that the hacking was “the work of American intelligence” and that the Taliban would “take revenge on the telephone network providers”. ►►Rumsfeld memo says ‘US can’t keep a secret’. “The United States Government is incapable of keeping a secret”. This was opined in a November 2, 2005 memo authored by Donald Rumsfeld. The memo by the then-Defense Secretary continues: Read more of this post

Phone hacking ring helped groups evade eavesdroppers

By JOSEPH FITSANAKIS | intelNews.org |
Even though computer hacking tends to monopolize information security headlines, phone hacking, or phreaking, as it is technically known, remains a major source of headache for communications security professionals. Last Friday, law enforcement agencies in several countries announced the arrest of more than half a dozen individuals in the US, Italy and the Philippines, who were operating a major international phreaking network. The group had apparently broken into thousands of corporate telephone networks in Australia, Canada, the US, and Europe, and was channeling near-free telecommunications services to several criminal and militant organizations around the world. According to law enforcement insiders, “the hacked networks might have been used by terrorist organizations to thwart eavesdropping and tracking by intelligence agencies”. Read more of this post