Cyber Security Intelligence

Twitter< Follow on Twitter >

October Newsletter #5 2014

FBI Have Identified the Second NSA Leaker

The mystery ‘Second Source’ of leaked secret information from US intelligence has been identified by investigators.

The FBI searched the house of a government contractor in Northern Virginia and federal prosecutors have started a criminal investigation into the matter. Marc Raimondi, a spokesman for the US Justice Department, who declined to comment on the investigation, reportedly said: "Investigators are continuing to pursue it, but are not ready to charge yet."

In August, The Intercept, which first published sensitive documents obtained from Edward Snowden, the former National Security Agency (NSA) contractor, now in hiding at a secret Moscow location, revealed that nearly half of the 680,000 people on the U.S. government’s terrorist screening databases were not linked to any known terrorist group. It is though this information did not come from Snowden, but from a second source in US intelligence.

The  classified government documents subsequently published by journalist Glenn Greenwald outlines the U.S.’s terrorist watch-list of “known or suspected terrorists” that is shared with local law enforcement agencies, private contractors, and foreign governments—more than 40 percent of whom are described as having “no recognized terrorist group affiliation.” That category—280,000 people—dwarfs the number of watch-listed people suspected of ties to al Qaeda, Hamas, and Hezbollah combined.

Reports of the he watch-list system have appearered months after Snowden fled and revealed himself as the leaker of thousands of top secret documents from the NSA. But the case has also generated concerns among some within the U.S. intelligence community that top Justice Department officials — stung by criticism that they have been overzealous in pursuing leak cases — may now be reluctant to bring criminal charges involving unauthorized disclosures to the news media. One source, who asked not to be identified because of the sensitivity of the matter, said there was concern "there is no longer an appetite at Justice for these cases."

Estonia on the Cyber frontline

Recently President Barack Obama made a visit to Estonia, where he praised the country’s government in unsubtle terms as a core NATO ally. “As a high-tech leader, Estonia is also playing a leading role in protecting NATO from cyber threats,” he said. “Estonia is an example of how every NATO member needs to do its fair share for our collective defense.”

Estonia serves as the host of the NATO Cooperative Cyber Defense Centre of Excellence. In many ways, it’s NATO’s cyber tip of the spear in Europe. It’s also a world leader in e-governance. Citizens have unprecedented access to health, education, and government services online and can even exercise their right to vote digitally. But it’s also becoming an online country within a country.

In May, the government of Estonia announced the launch of a “digital country” initiative. Beginning next year, the country will allow anyone who can pass a quick background and identity check at an Estonian Embassy to become a digital citizen of Estonia and get an ID card. Estonia’s future e-citizens can open bank accounts, start online businesses headquartered there, pay taxes online, or reinvest in the country tax-free. The initiative could be a model revenue-generating scheme for countries all around the world. More importantly, it could significantly increase Estonia’s geopolitical clout.

Siim Sikkut, a government policy adviser in charge of the new e-citizen effort, believes that the number of virtual citizens of Estonia could top 10 million by 2025—a huge increase over the country’s current population of roughly 1.3 million.

Here’s why virtual countries, and digital citizens, matter to US security: A country with an increasingly antagonistic relationship with Russia is about to expand its cyber profile by a factor of more than seven, and it will be looking to the United States for protection.

At least, that’s what history suggests. In 2007, Estonia was the victim of one of the most famous coordinated cyber attacks in history following a dispute about the placement of a controversial World War II memorial. It was a small spat over a bronze statue dedicated to the Red Army soldiers who fought to liberate Tallinn from German control. But it was also an argument with big consequences.

Russian-aligned hackers, which many believed were acting under orders from the Kremlin, launched distributed denial of service or DDOS attacks affecting government and media outlets. The impact, for a country that’s highly reliant on the Internet, was surprising.
As The Economist described it in 2007: “Even at their crudest, the assaults broke new ground. For the first time, a state faced a frontal, anonymous attack that swamped the websites of banks, ministries, newspapers and broadcasters; that hobbled Estonia’s efforts to make its case abroad.”

Today, Estonia allocates 40 million euros (roughly $50 million) to cyber security every year, which amounts to about .5 percent of the country’s overall annual spending. But being a leader in cyber security doesn’t fully inure a country to cyber attacks or cyber warfare. More online activity means more targets and potential vulnerabilities. That matters to the United States, which played a big role in Estonia’s response to the 2007 assault. US forces in Europe provided personnel and technical assistance, and Estonia eventually became a hub for cyber collaboration, Lenz said.

The events currently playing out in Ukraine have put that collaboration back in focus. The NATO Cooperative Cyber Defence Centre of Excellence suffered a DDOS attack in March, just as the tensions over the disputed area of Crimea reached a major turning point. The shadowy pro-Russian group Cyber Berkut, which many believe to be aligned with the Russian government, took credit.

The responsibility of helping Estonia fight off cyber threats, if they continue to escalate, could fall to U.S. Cyber Command. As virtual countries grow, and tensions between NATO members and Russia rise, so do the stakes of cyber warfare as well as the likelihood of greater US involvement.

Open Government will Stop leaks claims Snowden film

Transparency is coming, whether the government likes it or not. The only question is whether they decide to bring it to the public before whistleblowers do it for them. That’s the underlying message of Laura Poitras’ mesmerizing new documentary, Citizenfour about Edward Snowden and the National Security Agency.

Others have hinted in the past that the government better act fast to stem the tide of unnecessary secrecy or have a revolt on its hands. Shortly after the first Snowden leaks (which are chronicled in real-time in the film), journalist Glenn Greenwald told Newsweek:

“Government and businesses cannot function without enormous amounts of data, and many people have to have access to that data,” Greenwald says, adding that it only takes one person with access and an assaulted consciences to leak, no matter what controls are in place.
But during the enthralling second act of the film, where Poitras and Greenwald met a then-unknown Edward Snowden at his Hong Kong hotel, Snowden hints at how realistic that prediction would become.

As he talks to Poitras about the potential consequences of his actions on his own life, Snowden explains that he’s confident that the coming government pursuit of him will only encourage others. It’s like the Internet principle of the Hydra, he says: “They can stomp me if they want to, but there will be seven more to take my place.”

In the dramatic conclusion of the film, Snowden learns on-camera Poitras and Greenwald now have a new source, who gave The Intercept information about the US government’s enormous “terrorism” watch list. That watch list, which contains 1.2 million names, most of which, have no direct nexus to terrorism, is governed by Kafkaesque secrecy rules that were recently ruled unconstitutional.

Recently, the US Director of National Intelligence took the extraordinary step of banning millions of intelligence employees from talking to the press about even unclassified, mundane topics. And the government’s pernicious “Insider Threat” program is stalking government employees’ every move, equating communication with journalists with spying for a foreign enemy.

But what the government has failed to grasp is that Chelsea Manning and Snowden’s leaks are not isolated incidents or, at least they won’t be when we look back on this era 10 years from now. There are 5 million people with security clearances in this country, and many of them are part of a new generation that is far more critical of the blanket secrecy permeating government agencies than the old guard.

Outgoing GCHQ boss defends agency after Snowden

Photograph: Reuters

Sir Iain Lobban, the outgoing director of Britain’s eavesdropping agency GCHQ, has used his valedictory address to deliver a full-throated defence of its activities in the wake of the Edward Snowden revelations.

In a speech referencing cryptographer Alan Turing and wartime code breaking efforts, Lobban praised GCHQ staff as “ordinary people doing an extraordinary job”, and said his agency’s mission was “the protection of liberty, not the erosion of it”. The usually secretive agency has been under unprecedented scrutiny since June 2013 when the Guardian and other news organisations revealed how it and its US counterpart, the NSA, were scooping up vast quantities of Internet and phone traffic.

Documents passed to the Guardian by Snowden, a former NSA contractor, disclose the existence of the Tempora program, in effect a system to store and recall substantial portions of internet traffic flowing in and out of the UK; the mass Optic Nerve system monitoring the webcam images of people using Yahoo video chat; and Dishfire – a bulk system to store and analyse text messages, including those sent from or received by UK numbers.

Though Lobban did not directly refer to Snowden in his remarks, he addressed many of the concerns raised by privacy advocates in the wake of the disclosures.

Stating that criminals and terrorists could act across the Internet – “unfortunately, there’s no” – he said GCHQ’s footprint was small. “Today, of all the communications out there globally – the emails, the texts, the images – only a small percentage are within reach of our sensors,” he told the invited audience at the Cabinet War Rooms.

“Of that, we only intercept a small percentage; of that, we only store a minuscule percentage for a limited period of time; of that, only a small percentage is ever viewed or listened to.” Lobban did concede that these efforts involved the “incidental collection of data at scale”, but said it was “impossible to operate successfully in any other way”.

He also praised the UK’s “triple lock” system of oversight and regulation, praising it as “the most coherent and well-developed system of which I am aware in relation to such agencies around the world”.

His remarks stand in sharp contrast to some GCHQ’s own training presentations, which noted “we [GCHQ] have a light oversight regime compared with the US”, and also praised the regulators for being “exceptionally good at understanding the need to keep our work secret”.
That internal GCHQ legal presentation also noted the investigatory powers tribunal – referred to by Lobban in his remarks – had “so far always found in our favour”.

The closest Lobban came in his speech to directly referring to the publication of the Snowden revelations was to defend the free press, despite the “frustrations” that caused the agency.
“We may get frustrated when our efforts are undone, our enemies advantaged, and our integrity questioned, but we’re not frustrated by the free press itself,” he said. “We do what we do precisely to safeguard the kind of society that has one.”

Lobban’s final day as director of GCHQ was 24 October, when he will retire after 31 years in the intelligence services. He has been be replaced by Robert Hannigan, who joins from the Foreign Office.

Will the Right to be Forgotten Censor the Internet?

The landmark ruling of the European Union Court of Justice earlier in May held that it was a responsibility of search engines to remove outdated or 'irrelevant' search results hosted by third parties. At the time, EU justice commissioner Viviane Reading hailed the decision as a "clear victory for the protection of personal data of Europeans". However some see this ruling marking the start of greater Internet censorship as links are removed and information becomes harder to find.

In a debate at the Law Society in London this week, chief executive of campaigning at charity Index on Censorship, Jodie Ginberg, said her organization had four main concerns over the ruling; clarity, consistency, accountability and lack of recourse.

“We do believe that making things much, much harder to find is indeed a form of censorship,” said Ginsberg. Another problem she cited was the vagueness of the ruling. “It leaves the door open to a fairly wide interpretation of what is irrelevant, outdated or inappropriate,” she said.

We do believe that making things much, much harder to find is indeed a form of censorship. Ginsberg said that there could be a lack of consistency as different search engines addressing various individuals could come to different conclusions about the same piece of information. She said this was “rather problematic”.

She added that her organization had concerns about putting decisions over very important pieces of information in the hands of private companies. Ginsberg said official guidelines are needed on who makes these decisions and how they are made. Ginsberg added that whilst an individual has recourse to a data commissioner if a search engine does not remove a link, there is no such recourse for publishers or individuals to argue against links being removed that are in the public interest.

She said that freedom of expression rights are gradually being eroded in favour of privacy rights in the digital space.

Anonymous Whisper under a cloud

Photo Credit: Thinkstock

Anonymous sharing app Whisper has come under a cloud after a newspaper report charged it with tracking the location of its users, including those who have asked not to be followed.

Whisper, which is described as a platform to anonymously share "innermost thoughts, secrets, and feelings," is one of many privacy focused applications that became attractive after revelations last year by former National Security Agency contractor, Edward Snowden, that the agency was secretly tracking people online both in the U.S. and abroad. It also benefited from user concerns about exposing their identities on social media websites.

The Guardian report will probably lead to a debate about how location data should be handled by services that promise users anonymity.

Whisper has a mapping tool that allows staff "to filter and search GPS data, pinpointing messages to within 500 meters of where they were sent," The Guardian newspaper wrote. The rough location of users who have turned off geolocation is arrived at by using the IP data from smartphones, it reported.

The Guardian came to know about this practice during a visit last month to WhisperText, the company behind the app, where the newspaper was exploring an "expanded journalistic relationship" with the social app.

WhisperText said in a statement Thursday that it does not collect nor store any personally identifiable information from users and is anonymous. "There is nothing in our geolocation data that can be tied to an individual user and a user's anonymity is never compromised," it said. "Whisper does not follow or track users. The Guardian's assumptions that Whisper is gathering information about users and violating user's privacy are false."

The social media app's editor-in-chief, Neetzan Zimmerman wrote on Twitter that the Guardian story is "lousy with falsehoods, and we will be debunking them all." He wrote in another tweet that the Guardian "made a mistake posting that story and they will regret it."

Information gathered by Whisper from smartphones it knows are used from military bases is shared with the US Department of Defense, and the company is also developing a version of its app that will conform with Chinese censorship regulations, according to The Guardian.

WhisperText highlights and curates thematic narratives from users who are not personally identifiable either to Whisper employees or to the public. The Guardian has partnered and worked with Whisper since February this year and published stories using Whisper posts, with full understanding of its guidelines, WhisperText said.

Once FBI backdoors into your smartphone, everyone can!

Photo Credit: Thinkstock

FBI director James Comey said recently that tech companies should not be allowed to put cryptographic locks on mobile devices so they can't be accessed by US intelligence agencies.

Comey, speaking at the Brookings Institute, criticized reactions by Apple and Google in the post-Edward Snowden era to offer encryption on iPhone and Android smartphones.

Comey said locking the government out of mobile devices with encryption will endanger criminal investigations and national security because bad guys will be able to operate in a "black hole."
He also suggested the Obama administration may seek regulations to force tech companies to offer a backdoor for the government to unlock data stored on the smartphones. "Perhaps it's time to suggest that the post-Snowden pendulum has swung too far in one direction -- in a direction of fear and mistrust," Comey said. "Are we so mistrustful of government and of law enforcement, that we are willing to let bad guys walk away?"

The problem with giving the government a backdoor into smartphones and other electronics is that it also opens them up to the bad guys, according to experts.

"Backdoors are nice, but they're exploitable. If we were to allow the FBI to have a backdoor, it would only be matter of time that someone who was not sanctioned by government would find their way into that door," said Jon Tanguy, senior technical marketing engineer from Micron, a maker of solid-state drives (SSDs).

Tanguy pointed out that not only are hackers smart and able to find backdoors, but any employee of a tech company who'd been involved in encryption deployment would be able to share that information.

Micron has standardized around self-encrypting drives (SEDs) for laptops and desktops for the past three years. The company is preparing to release SEDs for data centers, and it has refused to put in backdoors because doing so would essentially disable the government-grade AES 256-bit encryption on the drives.

Micron is not alone. Several solid-state drive (SSD) makers, including Intel, Samsung and Seagate, have chosen the Trusted Computing Groups Opal 2.0 AES 256-bit encryption specification to lock down products. The spec allows users to lock away data so securely that even a supercomputer would need years, if not decades, to crack the passcode.

And it won't be getting easier anytime soon. On its way into the industry over the next several years is an AES 512-bit encryption specification.

Comey's concerns are not unwarranted. On one hand, the government does not have carte blanche to access a citizen's private information or chats without a warrant. On the other hand, there was a time before smartphones and personal computers when a warrant allowed law enforcement and intelligence agencies to do just that. Encryption makes that latter prospect much less likely. The problem is that once a security hole is created, it compromises the device. Ironically, the AES specification was created more than a decade ago by the US Government's own National Institute of Standards and Technology.

Like the Ebola virus, the threat to national security and law enforcement investigations is more sensational than a real threat to US citizens. Placing backdoors in mobile devices opens them up to something more like a widespread influenza epidemic.

Israeli cyberwarriors learn to duel in the dark

There are a lot of secrets kept in Israel’s intelligence community, but this is not one of them: Israel aims to become a cybersecurity superpower, and to do that, the Israeli military is launching an ambitious program to groom the next generation of cyberwarriors while they are still in high school. The little Jewish state that prides itself on the sobriquet “Start-up Nation” has set cyber­security as a national goal, with Prime Minister Benjamin Netanyahu as a prominent cheerleader.

Netanyahu sees cyberspace as both Israel’s new frontier and new front line. The prime minister wants Israel not only to have the best military wonks in the world, but also to partner Israel’s high-tech military with the country’s venture capitalists and young computer talent to offer clients defensive strategies against the kind of hack attacks that have hit eBay and Target, South Korean banks and Google in China.

At a recent conference devoted to cybersecurity, Netanyahu described the Israeli military’s cyber units as locked in battle with “hacktivists” and state-sponsored actors, such as Iran, in daily duels that take place in dark rooms in front of computer screens. The Israeli leader said the cyber-fight reached a peak during the 50-day Gaza war this summer.

The cyberattacks included attempts to disrupt the country’s electricity and enter systems guarded by the Israel Defense Forces. A group calling itself the Syrian Electronic Army hacked into the Twitter account of the IDF Spokesperson’s Unit and falsely claimed that Israel’s Dimona nuclear reactor was “leaking” after a rocket attack.

For its part, Israeli cyber units crashed the official Hamas Web site just as Israeli ground forces launched an incursion into the Gaza Strip. Netanyahu asserted that most of the attacks aimed at Israel come from Iran or its allies Hezbollah and Hamas.

Israel has become the world’s No. 2 exporter of cyber products and services, after the United States. There are 200 homegrown cybersecurity companies in Israel, alongside dozens of joint research-and-development ventures. They produced $3 billion in exports last year, or about 5 percent of the $60 billion global market in products designed to keep hackers from crashing systems or siphoning data with viruses, malware and purloined passwords.

Haden Land, vice president of research and technology at Lockheed Martin, one of the world’s largest defense contractors, whose company just opened a cyber-?focused subsidiary in Israel, predicts that the global market will reach $100 billion this year and that Israel will be a center for innovation.

The government has committed to establishing cyber-learning programs in 100 Israeli high schools in the next five years. There are also after-school programs for rural children, as well as five-day “cyber summer camps.”

The program is a joint venture between the military and the national education department. But Sagi said his officers don’t wear uniforms when they enter civilian schools because some principals and parents fret about the military playing an outsize role in education.

Three students interviewed described the class as hard and fun. They began by studying how the Internet works and how computers talk to one another. But they also learned how someone unknown can listen in on these conversations.

What Is Spyware & Adware and What Is Malware

Has your computer been running more slowly recently? Has it been crashing? Do you get pop-up ads for no apparent reason? If you answered yes to any of these questions, you may have fallen victim to malicious types of programs called "malware", a term which includes both adware and spyware.

Adware (advertising software) is a type of program, which delivers ads to your computer screen. These adware programs run in the background whenever your computer is on. This can be annoying because the ads pop up from nowhere, and often contain offensive images, but can also cause conflicts and potentially crash your computer.

There are several ways these programs can get into your system. In some cases you find a shareware program, which, for example, delivers up-to-date weather reports to your computer. You download the program and install it, and while it does give you weather reports, it also watches what websites you visit and based on the profile it builds about you delivers targeted ads to your computer screen.

In other cases, the adware program is a completely separate program, which is attached to a program you choose to install. This is almost universally the case with file-trading programs. Many adware programs also get installed just by visiting certain websites, as the sites are designed to take advantage of security holes in your web browser, especially those in Internet Explorer.

An even bigger problem is that many of these hidden programs are also spyware - spyware gather information from your computer.

Most commonly they monitor web sites you visit, but some spyware programs are what is known as "keyloggers," which is short for "keystroke loggers." These programs literally record everything you type into your computer, harvesting passwords, credit card numbers, and social security numbers.

This personal information can then be sent off without your knowledge and can be used for identity theft, potentially embarrassing you or even robbing you of thousands of dollars and your good name and credit.

Fortunately, there are ways to clean up your system if it is infected, and ways to protect yourself from future infections. There are a number of anti-spyware programs out there, but be warned: many of them are scams, which actually install more spyware and adware on your system! Most people find the easiest way to learn how to get more out of their computer and be safe at the same time, is to be shown, step by step, how to do it.

HoverLite: New Intelligence gathering solution

Picture: HoverLite

Stark Aerospace, a US subsidiary of IAI, has unveiled the HoverLite tactical tethered hovering aerial ISR system. This is a new hovering intelligence-gathering platform designed for the US market

The system has been developed as part of a rapid research and development effort sponsored by the Combating Terrorism Technical Support Office (CTTSO).

According to Stark Aerospace, HoverLite provides exceptional asymmetric observation and surveillance capabilities supporting military, homeland security and civilian missions for pop-up surveillance, border patrol, crowd monitoring, and emergency rapid response missions.

During the demonstration, a manned aircraft flying over the river identified a vessel that posed a threat to the capital ship and sent a signal directly to 13 swarm boats below.

The platform is capable of carrying any payload of up to 13.2 lbs. This makes HoverLite is suitable for a wide range of small platforms including pick-up trucks, ATVs, UGVs/USVs (unmanned ground /surface vehicles), boats, communications vehicles.

Facebook Zuckerberg Ties-up Chinese Business School

In its quest to dominate the social media industry worldwide, Facebook has long hankered after China, where the company has been banned since 2009. Facebook may have just gained a foothold to help it infiltrate the Chinese market: the appointment of Chief Executive Officer Mark Zuckerberg to the board of one of China’s top business schools, the Tsinghua University School of Economics and Management.

Tsinghua University announced Zuckerberg’s appointment to the school’s board, a meeting ground of sorts for Western corporate higher-ups and Chinese officials. In addition to Zuckerberg and top brass from IBM , Anheuser-Busch InBev, and other multinationals, it includes Chinese government officials and entrepreneurs tasked with advising Tsinghua SEM’s development.

To the business school, Zuckerberg is an impressive name to add to a cadre of corporate superpowers. To Zuckerberg will fly to Beijing to attend the school’s annual board meeting, the appointment could provide an additional way for Facebook to make its case for reentering China, analysts say.

It’s too early to know whether the Tsinghua appointment gives Zuckerberg the increased clout he needs to push for the un-blocking of Facebook in China. The social-media site has been blocked since 2009. President Xi Jinping seems even more intent than his predecessor, Hu Jintao, on controlling the Internet. This week, China’s top leaders are meeting in Beijing for a four-day plenum focused on “rule of law.” Few outside observers, however, expect meaningful steps toward creating an independent judiciary or giving freer rein to the media – or unfiltered online discussion.

The list of foreign news sites and social media platforms blocked in China keeps growing longer. In addition to long-standing blocks on The New York Times, Bloomberg, Bloomberg Businessweek, YouTube, Twitter, and Facebook, among others, Beijing recently blocked the BBC and Instagram–perhaps to slow news from the Hong Kong protests from reaching the mainland. If anything, China’s Great Firewall only seems to be getting higher.

Facebook has enormous financial incentives to penetrate the Chinese market. As of April, China had about 618 million Internet users—roughly double the U.S. population, according to a memo from Topeka Capital Markets. Should a ban on Facebook be lifted, allowing it to reach 30 percent of China’s Internet users (compared to the 70 percent of Internet users it reaches in the U.S.), the company could tack an additional $3 to $4 onto its share price, the memo says.

The full web site is currently under development and will be available during 2014