Cyber Security Intelligence

Twitter< Follow on Twitter >

August Newsletter #1 2014

Russia will reopen spy base in Cuba as US relations sour

Russia has quietly reached an agreement with Cuba to reopen a Soviet-era spy base on America's doorstep, amid souring relations between Moscow and Washington.

The deal to reopen the signals intelligence facility in Lourdes, south of Havana, was agreed in principle during president Vladimir Putin's visit to the island as part of a Latin American tour last week, according to the Russian newspaper Kommersant.

Opened in 1967, the Lourdes facility was the Soviet Union's largest foreign base, a mere 155 miles from the US coast. It employed up to 3,000 military and intelligence personnel to intercept a wide array of American telephone and radio communications, but Putin announced its closure in 2001 because it was too expensive – Russia had been paying $200m (£117m) a year in rent – and in response to US demands.

The move appears to be part of Moscow's campaign to reassert itself as a geopolitical rival to the United States and comes as the west is set to expand sanctions against Russia over its role in the Ukraine conflict. European Union leaders are expected to implement further asset freezes and stop lending to Russia, while the United States is reportedly considering its own unilateral sanctions against the Russian financial and defence industries.

Reopening the Lourdes base marks another low in US-Russian relations, although some experts argue the significance of the move is largely symbolic. Moscow-based defence analyst Pavel Felgenhauer called the reported re-establishment of the Lourdes base a "PR move" to show Washington the "middle finger" and said it was prompted in part by the expansion of western influence in Ukraine. Russian officials have worried that Ukraine, which recently signed an association agreement with the EU, will become the latest former Soviet republic to join Nato.

GCHQ leak lists UK cyber-spies' hacking tools

A document that appears to list a wide variety of GCHQ's cyber-spy tools and techniques has been leaked online apparently by Edward Snowden.

It indicates the agency worked on ways to alter the outcome of online polls, find private Facebook photos, and send spoof emails that appeared to be from Blackberry users, among other things.

Alan Woodward, a security consultant who has done work for GCHQ, the UK's intelligence agency, said: "If you read the mission statement of any signals intelligence organisation, all the listed techniques are what you'd expect them to be doing.

"But it's very unhelpful for the details to leak out because as soon as you reveal to people how something is being done they can potentially take steps to avoid their information being collected.”

Glenn Greenwald, the journalist who published the latest document, noted in his article that an earlier inquiry by the European Parliament's Civil Liberties Committee had called into question the "legality, necessity and proportionality" of the data-collection activities of GCHQ and the US National Security Agency (NSA), for which Snowden worked.

However, GCHQ denies it is at fault.
"It is a longstanding policy that we do not comment on intelligence matters," it said in a statement.

"Furthermore, all of GCHQ's work is carried out in accordance with a strict legal and policy framework which ensures that our activities are authorised, necessary and proportionate, and that there is rigorous oversight, including from the secretary of state, the interception and intelligence services commissioners and the Parliamentary Intelligence and Security Committee."

More than 100 projects are included in the document, which appears to be from a Wikipedia-style listing for GCHQ's Joint Threat Research Intelligence Group.

For example, the ability to send an audio message to a large number of telephones and/or "repeatedly bomb" a target number with the same message is called Concrete Donkey - the name of a weapon in the video game Worms.

Other examples include:

  1. Swamp donkey - a way to send a modified Excel spreadsheet document that silently extracts and runs malware on the target's computer
  2. Underpass - a tool to change the result of online polls

Some of the schemes are listed as being operational while others are said to be still at the design, development or pilot stages.

Robots will take over middle-class jobs

David Willets, the university minister, suggests high-level professions are more likely to be taken over by computers than those that involve apparently simple tasks such as making a cup of tea.

Accountants, teachers and other middle-class professionals will see their jobs increasingly be taken over by robots, the universities minister has said.

David Willetts said that professions, which require “quite a high level cognitive” skills are more likely to be replaced by robots than ones that involve manual tasks such as making a cup of tea.

He said that it was a “paradox” that IT advances mean that professions that are seen as “really rather sophisticated” are actually harder to replicate with a computer programme. More instinctive manual tasks are much more challenging to replicate.

“So quite a lot of stuff that we think is really rather sophisticated cognitive work is also routine and can be replaced by systems.

“In areas like accountancy, clearly very significant changes, and dare I say it, much as I love Fleet Street’s finest significant areas of journalism - for several years we have had computer generated financial reports.

IT advances would mean “big changes” in education with automatic systems were already in place to mark tests and even essays, he said.

Vocational teaching for practical skills such as dentistry through to video game style virtual courses “will soon be sufficiently realistic that it will count as training” he added.

Although advances in technology would “dramatically change the type of work we do” but that people must not “fall for the luddite fallacy” that there would be less work as a whole to go around, he said.

Recent research has shown three in 10 Britons believe that they will soon be replaced in their job by a robot.

The military, space exploration and policing are the industries those surveyed thought were most likely to take over in the next 10 years.

From the Cold War to the Code War: UK boosts spending on cyber warfare

The UK is upping its spending on cyber defence as a report warns that the country's increasing reliance on a connected infrastructure could create new opportunities for criminals and terrorists.

Prime minister David Cameron said that £800m will be spent on intelligence and surveillance equipment, which he said "includes the latest in cyber defence technology". The Ministry of Defence (MoD) was unable to provide any breakdown of the spending or detail what projects this would include.

Cameron said: "We are equipping our armed forces for the conflicts of this century, not the last. The threats we face have changed utterly in 30 years — from the clarity of the Cold War to the complex and shifting challenges of today: global terrorism, organised crime, hostage taking, the risk of nuclear proliferation, cyber attack, energy security.

"It is not massed tanks on the European mainland we need, but the latest in cyber warfare, unmanned aircraft technology and special forces capability... in the 21st century, you cannot defend the realm from the white cliffs of Dover."

The UK's National Security Strategy lists cyber attacks as a 'tier one' threat to national security, alongside international terrorism and warns the threat from cyber attacks "is real and growing".

In addition, the newly published Global Strategic Trends report by the MoD's Development, Concepts and Doctrine Centre sets the context for defence and security out as far as 2045, and warns: "As more of our work and social activities depend on a richly interconnected information and communications network (which may, in places, be extremely vulnerable to attack) there could be more opportunities for criminals and terrorists to have a greater impact on our day-to-day lives."

But, unsurprisingly, it's hard to work out how much the government is already spending on cyber defence projects. The Strategic Defence and Security Review in 2010 allocated £650m over four years for a national cyber security programme, with another £210m added after the 2013 spending review for 2015-16.

On the cyber-offensive side, defence secretary Philip Hammond told the Conservative party conference last year: "Simply building cyber defences is not enough. As in other domains, we also have to deter... Britain will build a dedicated capability to counter-attack in cyber-space and, if necessary, to strike in cyber space as part of our full-spectrum military capability."
Spending on this project could reach £500m over the next few years, according to one report.

UK intelligence forced to reveal secret policy for mass surveillance of residents’ Facebook and Google use

Britain’s top counter-terrorism official has been forced to reveal a secret Government policy justifying the mass surveillance of every Facebook, Twitter, and YouTube and Google user in the UK.

The statement, from Charles Farr, the Director General of the Office for Security and Counter Terrorism, claims that the indiscriminate interception of UK residents’ Facebook and Google communications would be permitted under law because they are defined as ‘external communications’.

Farr’s statement is the first time the Government has openly commented on how it thinks it can use the UK’s vague surveillance legal framework to indiscriminately intercept communications through its mass interception programme, TEMPORA.

The secret policy outlined by Farr defines almost all communications via Facebook and other social networking sites, as well as webmail services Hotmail and Yahoo and web searches via Google, to be ‘external communications’ because they use web-based ‘platforms’ based in the US.

The distinction between ‘internal’ and ‘external’ communications is crucial. Under the Regulation of Investigatory Powers Act (‘RIPA’), which regulates the surveillance powers of public bodies, ‘internal’ communications may only be intercepted under a warrant, which relates to a specific individual or address.

By defining the use of ‘platforms’ such as Facebook, Twitter and Google as ‘external communications’, British residents are being deprived of the essential safeguards that would otherwise be applied to their communications - simply because they are using services that are based outside the UK.

Such an approach suggests that GCHQ believes it is entitled to indiscriminately intercept all communications in and out of the UK.

Max Vetter

Two recent developments of the UK government’s Internet strategy should have us all concerned, if not outraged.

First, a recent study showed that changes to Internet Service Provider (ISP) rules has lead to a fifth of all websites now being blocked under the governments “voluntary” censorship filter. Second, a new surveillance bill is being pushed through parliament this week that will extend the governments right to monitor innocent citizens.

After the year-long fervor in the US of the over-zealous intelligence collection programs revealed by Edward Snowden, high level discussions by many, including the president, recently led to a complete cut in funding for the most egregious of these programs.

Though it was mainly a British paper, The Guardian, that broke the Snowden revelations, outrage has been much more muted in the UK, with little political discussion. Now instead of cutting these programs the government are planning to expand and extend them. Combined with the censorship by ISPs these increases further the UK’s inappropriate and needless monitoring and manipulation of what its citizens do online.

The large scale censoring blocks websites showing among other things, pornography. This industry is unlikely to get much sympathy, but as found with the intelligence programs, the wider ramifications of this censorship is much more serious. Many innocent websites have already been blocked such as those offering sexual health advice, and even one selling Porsches.

The ineptitude and heavy-handedness of these blocks is only matched with the ease at which they can be circumvented using the simplest proxy-browser plug-in (I use Firefox with AnonymoX). The government itself insists that these blocks are voluntary, and anyone can have them removed, so if this is the case what is the point?

Even more worrying is what it means for political views. The blocks include material of “extremist” related content, but these are not illegal websites, so who decides what “extremist” means? The old adage; “One man’s terrorist is another man’s freedom fighter” is as apt now as it has ever been. For example, depending on your political views you may have completely opposing views of who are extremists in the latest unrest between Israel and Palestine.

I don’t argue against blocks on illegally operating websites but these websites are not illegal. It this comes down to what our politicians think is ethically or morally wrong, with nothing to do with legality. Highly ironic given the all-time low opinion the public holds for politicians, and especially with current revelations surrounding the political and media elite’s involvement in sexual abuse.

I believe strongly in policing the people who pose a risk and break the law online, but none of that has to involve large scale monitoring of innocent people, or of stopping those people looking at law-abiding websites. There are many things that can be done to increase online safety (as mentioned in a previous posts) start with more education, dedicated training for police officers and proper directed surveillance of specific targets.

Politicians have shown again how badly out of tune they are with the technological age. While scrambling to do something about an unknown “threat to morality” they have adopted an ineffective, expensive system that will easily be manipulated to breach innocent citizens human rights, do little to stop the real threats and make the internet less safe for us all.

CIA with Amazon changed Intelligence

Amazon has signed a contract to provide digital data on cloud computing and information on customers to the Central Intelligence Agency (CIA). For $600 million over 10 years, Amazon will spy on their customers for the federal government.

Amazon Web Services (AWS) has agreed to assist the CIA in building a “private cloud infrastructure” with data mining technologies to expand the CIA’s surveillance capabilities.

And so the intelligence community is about to get the equivalent of an adrenaline shot to the chest. This summer, a $600 million computing cloud developed by Amazon Web Services for the Central Intelligence Agency over the past year will begin servicing all 17 agencies that make up the intelligence community. If the technology plays out as officials envision, it will usher in a new era of cooperation and coordination, allowing agencies to share information and services much more easily and avoid the kind of intelligence gaps that preceded the Sept. 11, 2001, terrorist attacks.

The government was spending more money on information technology within the IC than ever before. IT spending reached $8 billion in 2013, according to budget documents leaked by former NSA contractor Edward Snowden.

It is difficult to underestimate the cloud contract’s importance. In a recent public appearance, CIA Chief Information Officer Douglas Wolfe called it “one of the most important technology procurements in recent history,” with ramifications far outside the realm of technology.

“It’s going to take a few months to bring this online in a robust way, but it’s coming,” Wolfe said.  “And I think it’s going to make a big difference for national security.”

The Amazon-built cloud will operate behind the IC’s firewall, or more simply: It’s a public cloud built on private premises.

Because the IC cloud will serve multiple tenants—the 17 agencies that comprise the IC—administrators will be able to restrict access to information based on the identity of the individual seeking it. The idea is to foster collaboration without compromising security. Visually, the IC cloud can be thought of as a workspace hanging off the IC’s shared network—a place where data can be loaded for a variety of tasks like computing or sharing. The IC cloud gives agencies additional means to share information in an environment where automated security isn’t a barrier to the sharing itself. This could prove vital in situations reminiscent of 9/11, in which national security is an immediate concern.

Whether or not the IC cloud serves as an example for the rest of government, the CIA’s quest to buy innovation will loom large for years to come.

Internet Understanding and Analysis Course

ICC Commercial Crime Services has developed a three-day course at Queens’ College, Cambridge University from 21-24 September 2014, which will provide delegates with:

  1. An overview of the Internet and how it works.
  2. The ability to use the Internet in a more effective way as an open source/competitive intelligence tool.
  3. Advanced techniques to mine data using different search tools and uncover hidden information.
  4. Strategies for filtering, analysing and organising research data.
  5. An awareness of security and privacy issues, including techniques to both hide and increase visibilities of sites.

The course is highly practical and interactive and is led by David Toddington, who is a leading expert with a wealth of experience in his field. It will be of interest to a range of different individuals including:

In additional to this training, each delegate will receive a new laptop computer, a comprehensive suite of Internet resources and research tools and a certificate of attendance.  

10 Cyber Security Predictions for 2014

1. Active defensive and offensive security continues to rise

The previously predicted cycles of offensive security will continue to unfold. Huge investments by large customers will fuel the market, driving commercial security and defense organizations to develop and offer new product and services. The talent pool is absorbed, which will both leave a void education institutions will race to fill, driving salaries upward. Support functions such as forensics, investigations, and detection/response capabilities are going to be the first to mature.

2. Expansion of financial targets, with attacks going deeper, faster, and with more complexity

Financial targets will expand well beyond banks and reach more deeply into ecommerce, crypto currencies, credit institutions, and end-user financial blackmail. Banks will continue to be under tremendous pressure from attackers seeking a big score. However, other supporting financial targets will also come under attack, such as retail point-of-sale (POS), large Internet ecommerce systems, and credit institution infrastructures.

One of the most interesting trends we will witness will be the exploitation, theft, and misuse of crypto-currencies like Bitcoin and its competitors. These technology-based fiat currencies are relatively new to exist and very unstable. Dozens exist - Bitcoin is the most recognizable example - and more are sure to be created. They are not backed by any central organization or commodity and can simply be created through software and willing users. Such crypto-currencies are very volatile and many have imploded with no residual value for their owners. For the few which survive and gain acceptance, they may be used to purchase goods, services, and even other currencies around the globe.

3. Economic impacts of privacy and cyber-crime will be sufficient enough to influence policy

Better industry metrics and business modeling will help the industry quantify economic impacts of privacy and malicious cyber activities. Armed with such information, policies will be lobbied to protect businesses, markets, and interests. A rise in lobbyists and social groups will drive more legislative proposals in local, regional, and international political circles. Cloud and data virtualization, communication services, and data collection/aggregation will be at the forefront of the discussions.

4. The next battleground emerges, with Hardware and Firmware attacks becoming more prolific

The desire for more pervasive, stealthy, and resilient control by attackers will drive hardware- and firmware-based attacks to gain momentum and real exploits will be seen in the wild. Well-financed, talented, and dedicated teams (such as those by governments, organized cyber-criminals, and the next generation of researchers) will be best suited to address the difficulty, challenges and costs associated with this type of work
This will coincide with the emergence of new SoC’s as part of the Internet of Things (IoT) phenomenon and align with desires to compromise industrial environments (ex. SCADA). Alternatively, better security controls and services will be developed for industrial environments, creating yet another area of escalation between attackers and defenders.

5. Security technology improves for some key areas, making compromise more difficult

Investments in security controls will reap benefits in other areas. Banking access and applications will become stronger, especially from mobile devices. Communications will be hardened for email, social postings, web browsing, instant messaging, IP phone calls, group chats, and video conferencing. Social media will get the double-sided benefit of more secure access, posting, and storage as well as the ability for patrons to contribute to sites in more anonymous and private ways.

6. Attackers innovate and adapt at a significantly faster pace than security, maneuvering for greater overall opportunities

A flood of investment, talent, and time will be spent looking for more vulnerabilities and ways to exploit the cyber world. Such competition will drive exploit markets, shrink the time of discovery, and drive an expansion of the types of systems being scrutinized. Attackers will move in-step with technology innovation and adoption. Emerging devices and security mechanisms will be quickly analyzed and dissected. Security will continue to struggle to keep up, and will likely fail more often.

7. Cloud will grow, but security concerns will drive more compartmentalization and controls

Cloud and virtualization technologies in the datacenter will continue to grow and deliver strong economic and service delivery benefits but newfound emphasis on security will drive changes to architecture, physical deployments, and control attestation. Customers will want assurance that their workloads are more compartmentalized and secure.

We may even see the emergence of more private Internets.

8. Rise in individual and small and medium business (SMB) attacks, due to automation and economies of scale for attacks

SMB’s and individuals have always been targeted, mostly due to the typical lack of security and ease of compromise. It has been a problem, but traditionally most attackers seek higher value targets. The low value of SMBs and individuals greatly limit their desirability for attackers, who are lured toward attacking fewer targets with the potential of much bigger returns.

For a long time, large organizations weren’t terribly secure, but over the years they have been closing vulnerabilities and improving security practices. The tipping point is approaching this year where through the use of advanced automation it becomes economical to expand the tactics. Attackers will diversify to include compromising many smaller easy targets instead of just a few larger more protected ones.

9. Regulations and industry standards continue to evolve in a fragmented way and will remain confusing and difficult to follow

The calls for more regulations and controls, sometimes focused on limiting what governments can do, are increasing. The concerns for weak critical infrastructures and regulated environments, such as healthcare and finance, continue to spawn legislative proposals for more laws and standards. Many of these originate in sub-national bodies and rarely attain a common agreement at the international levels.

Consequently, it fosters situations ripe for lawsuits, injunctions, and non-compliance findings, adding pain to frustration.

10. Rise in social self-awareness for security. People realize behavioral cause-and-effect “We are victims of our own desires…”

People are an integral part of security and our behaviors are one of the most important aspects. However, psychologically, most people defer the responsibility of security to other entities such as product manufacturers, software vendors, service owners, law enforcement, or system administrators.

Our desires for convenience, social communication, entertainment, and profit are driving dangerous actions that lead to compromise and loss. People will begin to act with more forethought, will consider risks more carefully, and will weigh options when it comes to their digital lives. It could be a watershed moment for the security industry.

The full web site is currently under development and will be available during 2014