Cyber Security Intelligence

Twitter< Follow on Twitter>

February Newsletter #3 2015

A New US Cyber Intelligence Agency – Will it work?

The Obama administration is about to create a new agency to monitor cybersecurity threats and share data about possible attacks among government departments.

The Cyber Threat Intelligence Integration Center will pool information from a variety of sources and ensure that the data flows among government agencies, including those that handle communications about security with the private sector. No government agency handles this function, which is critical to protecting the US from hacks, an administration official, speaking on the condition of anonymity.

The agency will be formed along the lines of the National Counterterrorism Center, which was created after the Sept. 11, 2001, attacks to better coordinate sharing of intelligence in the federal government.

Currently, the United States intelligence community comprises of 17 federal agencies assigned an array of missions relating to national defense, foreign relations, homeland security and law enforcement. These agencies form just the foundation of a sprawling enterprise that incorporates intelligence and non-intelligence components of many other federal agencies, state and local police, including fire and emergency response, international government partners, as well as private companies and organizations.

These entities connect through an array of information sharing platforms and portals, including the National Counterterrorism Center, the Joint Counterterrorism Assessment Team, 71 FBI Joint Terrorism Task Forces, 56 Field Intelligence Groups, and 78 state and local intelligence fusion centers, which can incorporate military and private sector participants. Information collected by any of them can be distributed through official information sharing systems like the Defense Department's Secret Internet Protocol Router Network, or SIPRNet and many others.

FBI and Department of Homeland Security officials operate several private sector intelligence sharing organizations as well, including the Domestic Security Advisory Council, InfraGard, and the National Cyber Forensics and Training Alliance. In 2010, the Washington Post documented almost 2,000 private companies working on counterterrorism, homeland security, and intelligence. Over 5 million government employees and private contractors now hold security clearances giving them access to classified information.

US intelligence agencies also have close working relationships with international partners, including the governments of the United Kingdom, Canada, Australia and New Zealand under the "five eyes" agreement. They share intelligence with other nations such as Israel and Saudi Arabia through memoranda of understanding, or other less formal agreements. The U.S. military maintains from 598 to 1,000 bases and installations in at least 40 foreign countries.
The annual intelligence budget exceeds $70 billion per year, but that figure represents just a small portion of what the US spends on national defense and homeland security. In a recent interview, Ben Friedman of the Cato Institute does the math:

The nonpartisan Project on Government Oversight and the Columbia Journalism Review back up Friedman's estimate that the US now spends roughly $1 trillion a year for national security. This figure dwarfs the combined defense budgets of all possible contenders, combined.
Friedman argues that the threats we face today don't justify such profligate spending. Protected by oceans and bordered by friendly nations, there's little risk of a foreign invasion. Deaths from wars and other political violence abroad have sharply decreased as well. Terrorism and violent crime in the US are at historically low levels. Unfortunately, the excessive secrecy shrouding intelligence activities means Americans have little public information from which to evaluate whether the intelligence enterprise is worth the investment.

There are many culprits we can blame for spreading undue public fear, from a sensationalist media to manipulative politicians. But a significant part of the problem is that intelligence officials are incentivized to exaggerate threats, which risks the misapplication of security resources and poor national security policies.

Cyber Warfare: Technology backfires on the powerful.

February 12th, 2015

Cyber warfare is fast becoming the most progressive military technology since the Second World War. This rapid progression raises the question of identifying which global actors benefit most from a new found cyber capability. The acquisition of offensive cyber warfare capability by apparently weaker states for use against states with stronger kinetic warfare capability gives a strategic advantage, enabling them to change the balance of power.

Offensive cyber warfare capability is a strategic balancing factor that will be used by the rising state powers against each other and against more established powers. The attraction of cyber warfare for the weaker state is its low cost of development & deployment and its low visibility during development & mobilization as a weapon. Plus the fact that stronger states are more highly dependent on their critical cyber infrastructure than weaker ones.

From a government, intelligence agency and a border police perspective the strategy required to deal with cyber has some historic similarities to the way in which piracy was used by nations, particularly parts of nations or groups/tribes that could attack international trade routes. This issue was eventually internationally contained and gradually significantly reduced but of course piracy still operates in many places around the globe. The global oceans and seas and the international shipping routes, trade and naval activities, which can be seen as similar to an earlier version of the Internet, have gone through so much damage, theft, destruction and life loss via piracy and privateering.

The reduction of piracy took centuries to achieve, finally significant aspects of it were outlawed by the Peace of Westphalia and put into international treaties by the Declaration of Paris in 1856. Cyber security needs a similar, but much faster, globally inter-related process to be agreed and established.

Understanding the effectiveness of the strategic culture and use of cyber warfare techniques will have consequences on national security doctrine for many countries. For the United States, one of the most wired states in the world, there is a large potential vulnerability against cyber-attacks. Globalization, fueled by technological advancement and expansion of cyber space, is a manifestation of new means through which power is exercised and distributed.

By the same token, such power comes with a vulnerability that states such as North Korea and China are trying to separate themselves from by isolating their critical infrastructure from the Internet.

It seems Cyber Warfare is a special case, where the more you have invested in your capabilities in cyberspace the more vulnerable you become. It takes less economic, human and geo-political resources to develop cyber-attack capability than nuclear capability. This becomes a fundamental assumption in comparing nuclear capability and cyber war potential. The case that nuclear capability is the absolute form of military power that provides security for proliferated states may no longer hold.

Cyber warfare capability is a disruptive new phenomenon in strategic studies and will require an entirely new analysis of the technical and political elements to determine a new balance of power.

Deep Dive: A Guide to the Deep-Web for Law Enforcement

There's a part of the Internet known as the deep web. It is called the deep web because of its massive size, it's literally 'deep'. According to The Guardian, you can only access 0.03% of the internet via search engines like Google and the rest is what makes up the deep web.

You can't just access the deep web from a normal web browser – like Firefox for example – you can only access the deep web through a deep web browser. The most famous of these deep web browsers is called Tor and this is the one we recommend you get if you're looking to get onto the deep web.

The deep web is well known for containing some really messed up stuff (snuff/child porn etc as you might expect but we're going to try and avoid that for the most part), but if you successfully steer clear of all of that then you'll find some really interesting stuff on the deep web that you would never find on the public world wide web.

We'll start with what is definitely the most useful feature of the deep web to law enforcement & intelligence professionals.

First, Marijuana
Forget calling your dealer and having to wait in the cold for him to meet you at a dodgy bus stop on a dark, cold, wintery night just to be given a crappy 1.5 gram eighth of bush weed, just get on the deep web instead. Now you can do all your marijuana ordering from the comfort of your own sofa.

You buy your marijuana in bulk from this deep web site, with the prices varying upon the strain and the amount of you buy. There are a couple of ways you can have your ganja delivered: either standardly through DHL (after being vacuum packed four times) or via drop shipping.

Second, Silk Road
Other online drug markets also exist on the deep web where you can pick up pretty much any kind of drug or chemical. The most famous of these is known as Silk Road and you can literally pick up what you want from this site. You name it, somebody has got it on here and you'll pay with your bitcoins and it'll arrive in an untraceable package a few days later. It really is that easy. Apparently there's a 97% success rate on this.

Silk Road is set up kind of like eBay or Amazon. There are buyers and sellers and each buyer and seller has their own feedback rating so when you're looking to pick up some LSD or salvia or whatever drug takes your fancy that day, then you'll have a look through the site, find a seller with good feedback for that particular chemical high and then pay them with a bitcoin and sit back and wait for it to turn up. It's that easy.

Three, Hire a Hit Man
Want to take out your boss, nagging wife or that journalist who wrote that awful review for your restaurant? Well if you've got the cash this person will do it for you. This is taken from one website on the deep web that offers this service and includes the differing prices of a hit. These prices are dependent on who the person is and what information you need to send so the hit can take place. The most popular hire an assassin sites are White Wolves and C'thuthlu.

Fourth, Buttery bootlegging
Buttery bootlegging is run by a Dangler who is good at stealing and apparently will steal anything that you can't afford or just don't want to pay for. There are loads of these rob-to-order pages in the deep web.

Fifth, The Human Experiment
The Human Experiment is a deep web site that details medical experiments that are performed on homeless people that are usually unregistered citizens. They're picked up off the street, experimented on and then usually die but they're homeless and unregistered so nobody misses them.

As with most of the deep web, there's actually some debate about whether The Human Experiment was real or just a parody site as it could quite easily be either given its location on the deep web. The Human Experiment

Sixth, Buy Weapons
There's a site known as Euroarms that lets you buy all kinds of weapons and have them delivered to your door courtesy of the deep web. Unfortunately for those of you that jumped out of your seat when you read that as you envisioned shooting up your school or blasting your boss away, the ammunition for these weapons is sold separately and you have to track that down on a different site.

Seventh, Buy Credit Card Information
The site you want is called Atlantic Carding and as with most services, the more you pay the more you get for your Bitcoin and so you can potentially get access to business credit card accounts and infinite credit card accounts.

Of course, a lot of the time when you're buying stuff online with a credit card you're going to need the user's details – including their name, address and social security number – and this is all available on the site if you're willing to pay the premium. Again, it's unknown if all this stuff is true and easily available online but the fact that any of this even might be real is pretty disturbing.

Eight, Betting on Fixed Sporting Events
It's long been theorized that many sporting events are fixed – especially stuff like horse racing – and that people in the know are able to bet on said events in order to line their pockets. It would seem that thanks to the deep web this no longer needs to be achieved by shady phone calls and crumpled up post-it notes, but you can simply log onto a site and they'll do it all for you.

The financial investment in this one is particularly hefty but if it pays off and it's real then you'll make it back in no time.

Many of the sites might be designed to fleece unwitting fools out of their Bitcoins anonymously because it's so easy, but you've got to think they wouldn't be able to after a while because people would start talking because they're not legit and their reputation would soon be in the drain.

Ninth, the Hidden Wiki
Mail order marijuana, hiring a hitman and getting someone to steal something for you, match fixing and buying weapons are all just the tip of the iceberg of the deep web as there's also the 'hidden wiki', which is apparently the portal to anything you've ever wanted on the deep web. It explains everything you ever wanted to know about the deep web and features a full list of .onion sites and a description of each one as well as a bunch of other interesting information about it.

Tenth, Recent Developments
Last summer, a whole bunch of hidden websites – possiblyas many as 50% – vanished off the deep web. This was linked to the takedown of a hosting operation in Ireland, allegedly connected to the United State's attempts to extradite an Irish citizen called Eric Eoin Marques for questioning over the distribution of child porn online. Of course, it's no surprise that the deep web is a hotspot for this kind of activity and it goes without saying that this is definitely not a good use for it. It also really pinpoints the debate over whether its existence should even be allowed at all.

Tor released the following statement regarding the breach: 'In the past, adversarial organizations have skipped trying to break Tor hidden services and instead attacked the software running at the server behind the dot onion address. Exploits for PHP, Apache, MySQL, and other software are far more common than exploits for Tor. The current news indicates that someone has exploited the software behind Freedom Hosting. From what is known so far, the breach was used to configure the server in a way that it injects some sort of javascript exploit in the web pages delivered to users. This exploit is used to load a malware payload to infect user's computers. The malware payload could be trying to exploit potential bugs in Firefox 17 ESR [extended support release], on which our Tor Browser is based. We're investigating these bugs and will fix them if we can.'

As Tor said in their statement regarding this event, Tor is still safer and more anonymous than almost every other Internet browser out there, so it's probably still going to be used for a long, long time.

Memex – The new search tool and for the Deep Web

February 10th, 2015

DARPA has publicly presented for the first time a new set of search tools called Memex, which will improve also researches into the "Deep Web".

In 2014, the U.S. Defense Advance Research Projects Agency (DARPA) launched a the MEMEX project to design advanced search tools that could be also used to scan the deep web, which isn't indexed by Google and other commercial search engines.

The Memex search engine was started to allow search of not indexed content, an operation that in the majority of cases is still run manually by Intelligence Agency.

The Pentagon's research agency gave Scientific American a preview of the software and 60 Minutes exclusive looks at the technology. The researchers explained that there is an impressive amount of data that is not considered useful for ordinary web users, but that represents a crucial source of information for law enforcement and intelligence agencies.
The majority of information in the Deep Web is unstructured data, which are gathered from multiple sources that could not be crawled by ordinary search engines. The most popular subset of the Deep Web is the Tor network, an anonymizing network that is accessible only by using specific software.

"We're envisioning a new paradigm for search that would tailor indexed content, search results and interface tools to individual users and specific subject areas, and not the other way around," said Chris White, DARPA program manager. "By inventing better methods for interacting with and sharing information, we want to improve search for everybody and individualize access to information. Ease of use for non-programmers is essential."

The ambitious projects aim to revolutionize the way to search and present information from a larger pool of sources, including the content on the Deep Web.

According to several reports, including one published by researchers at the Carnegie Mellon University, the New York District Attorney's Office is one of several bureaus and agencies that already used earlier versions of the Memex system to collect information on human trafficking cases to prosecute criminals.

Israeli system intercepts cloud-stored data

In 2015, 83% of all Internet traffic worldwide is expected to run to and from mobile devices. This information is safeguarded and protected by sophisticated encryption mechanisms and processes designed to make sure that no-one gets access to our own data. For the most part, the key to this information is our username and password. There are additional, other, sophisticated cybersecurity methods.

The various types of software installed on most smartphones are based on a common operating system (iPhones on IOS, other smartphones on Android, RIM and so on). Each user installs his or her own favorite and required "Apps" – specific, dedicated, applications that provide certain functionality and utility (or game) features. Quite often, these Apps are only "reps" of the actual application, which resides in the cloud. For example "Gmail", a free e-mail service offered by Google. Our account is somewhere in the world; our Gmail App interfaces with our account – sends and receives e-mails.

All those "bad guys" make use of this privacy haven in order to communicate between themselves worldwide, to train, plan and exchange information and data, all the way from how to build a bomb according to Al-Qaeda E-learning courses, to storing financial information and chain of contacts, such as drug lords.

There is a major technology gap in terms of the capabilities used for intercepting this kind of encrypted data on our smartphones. This technology, featuring the ability to intercept Apps and Cloud-based information for lawful interception goals – is new and fresh, truly the last word in the field.

A unique Israeli company called "MAGEN" (Hebrew for 'Shield'), a start-up founded by young engineers and software programmers, all veterans of the IDF's Intelligence Corps, has been applying their technical skills and operational know-how to develop "MABIT" (Hebrew for 'Watching'), a tactical Apps and Cloud interception tool, which performs magic – no less.

A field agent barely has to walk inside a stadium or a restaurant – and this device starts collecting nearby information and data from the surrounding smartphones off the air. The data ranges from phone numbers, through user pictures, location history, browsing history and so on, to the "Holy Grail" – namely, the key to the 'gates' of the cloud storage. This is where the target's username and password are stored, thereby enabling the agent to access different cloud based services (Gmail, Hotmail, Exchange, Dropbox, LinkedIn, Instagram, Facebook, YouTube and so on). These are applications and services we all use, and as far as we are aware, they are cyber-secure. The agent in our example gathers the data without the target noticing anything; the agent gains access to all classified and encrypted information without leaving so much as a trace – unless a trained professional examines the target's platform later on. Then, an intelligence analyst will use all this data, along with additional material, to put together an intelligence picture of the target in particular and the whole surveillance in general.
Once all this data is gathered, different capabilities come into play. These range from Business Intelligence (BI) to Data Mining tools. The process involves analyzing, correlating and distinguishing the "signal from the noise" – using crawlers, semantics taxonomy analyzers, link analysis tools, un-structured to structured converters, meta-data extractors and many other intelligence-unique data mining tools. The key to these capabilities is achieving the data – a task, which the MABIT system enables.

North Korea Threatens 'Gangster' US With Nuclear Strikes, Cyber Warfare and Rules Out Talks

In an apparent reaction to recent comments from US President Barack Obama, who spoke of an eventual collapse of the North Korean regime, the country's National Defence Commission (NDC) said that Obama's statement revealed Washington's goal to "bring down" North Korea. NDC, the country's top military body, is headed by North Korean leader Kim Jong Un.

"Since the gangster-like U.S. imperialists are blaring that they will 'bring down' the DPRK [Democratic People's Republic of Korea]... the army and people of the DPRK cannot but officially notify the Obama administration of the USA that the DPRK has neither need nor willingness to sit at the negotiating table with the US any longer," NDC said in a statement.

In an interview with YouTube last month, Obama had called North Korea "the most isolated, the most sanctioned, the most cut-off nation on Earth." He also said that "a regime like this" would eventually fall. Obama's statement was followed by an angry reaction from Kim, who said that Pyongyang will not sit idly "with rabid dogs barking" about toppling its socialist system.

"If the U.S. ignites a war of aggression against the DPRK by conventional forces, it will fight it by conventional forces of its style, if the former unleashes a nuclear war against the latter, it will counter it through its own nuclear strikes," NDC said in a statement, carried by the Korean Central News Agency (KCNA), the North's state-run news agency.

"And if the former tries to bring down the latter through a cyber warfare, it will react to it with its own preeminent cyber warfare and will thus bring earlier the final ruin of the US," NDC said, adding that Pyongyang had decided "to write the last page of ... US history."

France's Online War Has A New Cyber Security Cell

France has declared what some are calling a war on terror in the wake of the attacks on the Charlie Hebdo magazine and Hyper Cacher market, and a number of the battles are expected to be waged online. The government has announced new policies aimed at preventing cyber attacks by Islamist hacking groups and online recruitment by extremist groups targeting French youth.

France has created its first cybersecurity crisis cell to complement its existing armed forces. The country has also doubled-down on an existing law that allows the shutdown of websites deemed to be "sympathizing with terror," extending it to social-media posts, evidenced, most notably, by the recent arrest of French comedian Dieudonne M'bala.

The French army's new cybersecurity crisis cell was established because of recent, "unprecedented" breaches. Roughly a dozen officers are working out the army's Center for Planning and Executing Operations, or CPCO, around the clock. For now, the branch is focused on gathering and synthesizing information linked to Islamist extremists as well as ensuring the protection of the country's defense systems, military personnel told Le Monde.

Sabrina, who asked her last name not be published, is a 28-year-old practicing Muslim who, since the attack at the Charlie Hebdo office, has had two Facebook posts removed, presumably by administrators. Both posts stated she was offended by the Charlie Hebdo cartoons mocking the Prophet Muhammad and expressed her refusal "to be Charlie."

The online crackdown stems from the belief the Internet plays a role in sparking radical thinking in France and is partially responsible for what Parisians call "bourrage de crane," which literally translates to "stuffing the skull" -- brainwashing. Interior Minister Bernard Cazeneuve warned this week about "social networks, used for recruitment more than ever, as points of contact and for the acquisition of techniques necessary to carry out an act."

The swift rise of the Islamic State group in Iraq and Syria was in part achieved because of its vigourous social-media campaigning, used for both recruitment and a tsunami like dissemination of its propaganda. Since then, al Qaeda in the Arabian Peninsula, or AQAP, has stepped up its own online presence to maintain its position in the terrorist group hierarchy. AQAP claimed responsibility for the attack at Charlie Hebdo while the Hyper Cacher gunman reportedly pledged allegiance to the militant group known as ISIS.

Several of France's largest French-language news outlets were taken temporarily offline following a report from of 19,000 "hostile" situations on French websites after the attack at Charlie Hebdo. In the past week, the websites of some French municipalities also reportedly were taken down and replaced with a flag similar to the one used by the Islamic State group. The United Islamic Cyber Force claimed responsibility for the attack on its Twitter account.

BMW Fixes Flaw showing 2.2 Million Cars to Break-Ins

German luxury carmaker BMW has fixed a security flaw that could have allowed hackers to unlock the doors of up to 2.2 million Rolls-Royce, Mini and BMW vehicles.

BMW said officials at German motorist association ADAC had identified the problem, which affected cars equipped with the company's ConnectedDrive software using on-board SIM cards -- the chips used to identify authorised users of mobile devices. BMW drivers can use the software and SIM cards to activate door locking mechanisms, as well as a range of other services including real-time traffic information, online entertainment and air conditioning.

The security risk occurred when data was transmitted, BMW said, adding it did not impede the car's critical functions of driving, steering or braking. BMW said it was not aware of any examples where the data had been used to compromise the security of a vehicle.

In recent years, cyber-security experts have criticised the automotive industry for failing to do more to secure internal communications of vehicles with network-connected features.

In a similar story it is said that hackers could take control of vehicles after a BlueTooth dongle used by insurance companies to track drivers' habits was compromised, it has been claimed.

Two million American drivers use one of the devices from Progressive Insurance, which collects vehicle location and speed records.

Security researcher Corey Theun said he discovered that the firmware running on the dongle was "minimal and insecure".

He told Forbes: "It does no validation or signing of firmware updates, no secure boot, no cellular authentication, no secure communications or encryption, no data execution prevention or attack mitigation technologies ... basically it uses no security technologies whatsoever."

Mr. Thuen said that an attack on the adjacent modem was possible, and an attack on the insurance company's servers could allow a potentially deadly takeover of the car's acceleration and braking.