Cyber Security Intelligence Newsletter - September Newsletter #4 2014

Cyber Security Intelligence

Twitter< Follow on Twitter >

September Newsletter #4 2014

Missing: NSA can't find Snowden’s whistleblowing emails

Last year, the National Security Agency (NSA) reviewed all of Edward Snowden's available emails in addition to interviewing NSA employees and contractors in order to determine if he had ever raised concerns internally about the agency's vast surveillance programs. According to court documents the government filed in federal court September 12, NSA officials were unable to find any evidence Snowden ever had forewarned about his proposed whistleblowing.

In a sworn declaration, David Sherman, the NSA's associate director for policy and records, said the agency launched a "comprehensive" investigation after journalists began to write about top-secret NSA spy programs upon obtaining documents Snowden leaked to them. The investigation, included searches of any records of emails that Snowden had sent about his concerns about NSA programs. These, "would be expected to be found within the agency," said Sherman, who has worked for the NSA since 1985. In his declaration, Sherman detailed steps he said agency officials took to track down any emails Snowden wrote that contained evidence he'd raised concerns inside the agency. Sherman said the NSA searched sent, received, and deleted emails from Snowden's account and emails "obtained by restoring back-up tapes."

Still, the agency says it did not find any evidence that Snowden attempted to address his concerns internally, as he has said he did, before leaking the documents. The email issue surfaced following an interview Snowden gave to NBC News last May, when Snowden said that before he leaked documents to journalists Glenn Greenwald, Barton Gellman, and Laura Poitras, he first raised concerns through "internal channels" and was told "more or less" to "stop asking questions." Lawmakers, intelligence officials, and even some journalists had previously pilloried Snowden for not first approaching NSA officials and members of congressional oversight committees about the surveillance programs that caused him concern.

"I actually did go through channels, and that is documented," Snowden told NBC News's Brian Williams during the interview in Moscow. The NSA's response to Snowden's claims was swift. The agency publicly released a single email Snowden sent to the NSA's general counsel in April 2013 in which he raised a question about NSA legal authorities in training materials.

What is also revelatory, aside from these details, is that the NSA has the capability to search its own emails. Previously, the NSA had maintained that the agency was unable to do so.

MonsterMind a CyberSecurity Machine

The National Security Agency has developed a cybersecurity machine that can detect and automatically counter attacks against US computers by blocking access to American networks, according to reports from former agency contractor Edward Snowden.

That automated response of the machine known as MonsterMind is dangerous because it may target computers of people who are unaware they are under the control of a hacker, and could lead the NSA to unintentionally disrupt civilian connections and even cause an international incident, Wired reports.

In addition to MonsterMind, the Wired story alleges that NSA hackers accidentally shut down Internet service in Syria for a short time in 2012 when trying to remotely install an exploit in one of the core routers at a major ISP in the country.

NSA workers were attempting to gain access to email and other Internet communications in Syria, but the router was destroyed in the process of trying to compromise it. The NSA was worried Syria would discover the exploit, but apparently didn’t, Snowden told Wired.

The plan to build a cybersecurity machine that would monitor all private communications coming into the US for attacks and retaliate without human involvement was the last straw that led Snowden to become a whistleblower, he told Wired in an interview.

“The argument is that the only way we can identify these malicious traffic flows and respond to them is if we're analyzing all traffic flows,” Snowden told Wired. “And if we're analyzing all traffic flows, that means we have to be intercepting all traffic flows. That means violating the Fourth Amendment, seizing private communications without a warrant, without probable cause or even a suspicion of wrongdoing.”

Snowden is living in Russia to avoid prosecution in the US for his disclosures of government documents to the press, which have revealed broad surveillance conducted both with and without a warrant. He was recently granted a three-year residency permit, which can be renewed for another three years, but he does not have asylum status. The whistleblower is working at an unnamed technology firm in Russia and can apply to be a citizen there after five years of residency. Snowden has said he does not care what happens to him, emphasizing that he wants to see continued conversation about privacy rights and curtailing broad government surveillance.

New Zealand has Mass Surveillance yet Denys it!

The New Zealand spy agency, the Government Communications Security Bureau (GCSB), worked in 2012 and 2013 to implement a mass metadata surveillance system even as top government officials publicly insisted no such program was being planned and would not be legally permitted.

Documents provided by NSA whistleblower Edward Snowden show that the government worked in secret to exploit a new Internet surveillance law enacted in the wake of revelations of illegal domestic spying to initiate a new metadata collection program that appeared designed to collect information about the communications of New Zealanders. Those actions are in direct conflict with the assurances given to the public by Prime Minister John Key (pictured above), who said the law was merely designed to fix “an ambiguous legal framework” by expressly allowing the agency to do what it had done for years, that it “isn’t and will never be wholesale spying on New Zealanders,” and the law “isn’t a revolution in the way New Zealand conducts its intelligence operations.”

Snowden in a post for The Intercept accused Prime Minster Key of fundamentally misleading the public about GCSB’s role in mass surveillance. “The Prime Minister’s claim to the public, that ‘there is no and there never has been any mass surveillance’, is false,” the former NSA analyst wrote. “The GCSB, whose operations he is responsible for, is directly involved in the untargeted, bulk interception and algorithmic analysis of private communications sent via internet, satellite, radio, and phone networks.”

Top secret documents provided by the whistleblower demonstrate that the GCSB, with ongoing NSA cooperation, implemented Phase I of the mass surveillance program code-named “Speargun” at some point in 2012 or early 2013. “Speargun” involved the covert installation of “cable access” equipment, which appears to refer to surveillance of the country’s main undersea cable link, the Southern Cross cable.

The NSA declined to comment for this story. A GCSB spokesperson would only say: “We don’t comment on matters that may or may not be operational.”

ISIS ramping up efforts to mount a massive cyber attack

Extremists groups of ISIS and Al Qaeda are ramping up efforts to launch major cyber attacks on Western Critical Infrastructure to set up digital Caliphate. ISIS has released a video showing the beheading of British hostage David Haines, the group has started again to flood the social media with imaged of propaganda. On the Internet many experts are proposing their analysis on the way ISIS manages social media platforms trying to explain which are the differences with Al-Qaeda under the technological profile.

Many security experts sustain that the ISIS is preparing a cyber offensive on critical infrastructure located in the West, electric grid, dams, airports, hospitals, banks, government networks, are now more than ever strategic objectives.

ISIS militants have clear targets in mind, their purpose is to disrupt the US financial and infrastructure system, the group is publicly announcing its plans of a caliphate in the Internet. The “cyber caliphate,” will make a large use of encryption software and custom-made tools to mount a catastrophic hacking campaign.

Cyberspace is the warfare’s fifth domain and cyber warfare is assuming a crucial importance also for extremists.

The situation is very dangerous, on one side there is the ISIS that is increasing its popularity and its trying to extend its operation also in the cyberspace, on the other side, there is Al Qaeda that wants to reaffirm its power in the Middle East and has recently announced that it was expanding in the Indian Subcontinent.

NSW police use advanced spyware'

NSW police are using advanced hacking software to spy on phones and computers during investigations. Documents published by WikiLeaks name NSW police among a long list of clients of Gamma International, a European supplier of spyware capable of remotely tracking computer use.

The documents show the force has spent about $2.5 million on software that can break into computers and phones, log keystrokes and take screenshots. Some versions are also able to remotely capture Skype and instant-messenger conversations and access microphones and web cameras. NSW police have held nine licenses for various forms of the software, including FinSpy and FinFly, during the past three years, the documents show.

A police representative declined to comment on the grounds the technology "relates to operational capability". NSW law allows police to remotely monitor computer use under warrant.

Ex-Israeli intelligence refuses to serve in Palestinian territories

Innocent people under military rule exposed to surveillance by Israel, say 43 ex-members of Unit 8200, including reservists. Forty-three veterans of one of Israel’s most secretive military intelligence units – many of them still active reservists – have signed a public letter refusing to serve in operations involving the occupied Palestinian territories because of the widespread surveillance of innocent residents.

The signatories include officers, former instructors and senior NCOs from the country’s equivalent of America’s NSA or Britain’s GCHQ, known as Unit 8200 – or in Hebrew as Yehida Shmoneh-Matayim.

They allege that the “all-encompassing” intelligence the unit gathers on Palestinians – much of it concerning innocent people – is used for “political persecution” and to create divisions in Palestinian society.

The largest intelligence unit in the Israeli military, Unit 8200 intercepts electronic communications including email, phone calls and social media in addition to targeting military and diplomatic traffic.

Cypherpunk and Dark Net Marketplaces

For Assange our democratic societies are constantly threatened by the deep state. This names the unchanging shadow state of democratic institutions, which takes its most insidious form in the mass surveillance apparatus. He believes strongly democracy, but he thinks we need to be armed to defend it. Not with guns, but with cryptography.

Also for Assange the Internet, home to immense amounts of data, is being plundered. In the name of the four horsemen of the online apocalypse (terrorism, pedophilia, drugs and copyright) it is all collected, analysed, deployed, manipulated, abused and used for gain. Carving out free spaces in such a situation becomes the ambition of the Cypherpunk who were, of course, almost all libertarians.

In this context cryptography is a set of techniques designed to ensure secure communication. In turn it involves decoding the methods deployed by adversaries, this is the favoured term in the community, and this is known as cryptanalysis.

Which is to say that without the tradition of the Cypherpunk dark web marketplaces would never have existed. Without the ‘space’ (Tor), the currency (Bitcoin), and means of secure communication (PGP) the very concept of such marketplaces would seem absurd. Can we consider such sites as positive contributions to this tradition? It is difficult to say precisely since the use of encryption for illegal activity naturally ensures that pressure will be brought upon these tools. The undermining of Tor or the potential regulation of Bitcoin can be justified, from the state perspective, on this basis. It’s an ethical dilemma since, especially in the case of Tor, its uses extend to aiding political dissidents in oppressive regimes.

This is why it is important to see dark web marketplaces in the wider context if we are to assess their long-term viability. If whistleblowers and coders of privacy technology represent the noble side of the Cypherpunk tradition then dark net administrators represent the more risky side of this adventure into the unknown. If the deep web is the Wild West they are the cowboys. The only issue is how long they can evade the Sheriff.

Defense Chief says CyberWar is a serious threat to Iran

The head of Iran's Civil Defense Organization Brigadier General Gholam Reza Jalali recently warned that the most important threat posed to the country is cyber warfare.

"Cyber warfare is as serious as conventional military warfare and its destruction power necessitates paying attention to cyber needs and requirements," General Jalali said, addressing a specialized civil defense conference in the Northwestern West-Azarbaijan province on Wednesday.

He noted that the enemy's number one threat comes through the Cyber space and other technological fields, which are rated as the second.

The head of Iran's Civil Defense Organization recalled the recent statements of Iran's Supreme Leader Ayatollah Seyed Ali Khamenei about the importance of civil defense and its influence on improving the country's immunity to threats.

He underlined that immunity is tantamount to reducing the level of vulnerability, boosting the country's level of stability and facilitating crisis management.

The head of Iran's Civil Defense Organization reiterated that the Iranian nation's preparedness to confront enemy's conventional war threats has been enhanced to the extent that the US officials have acknowledged now that their country cannot launch ground military attacks on Iran, and said the same should be done in area of cyber threats.

In June, Deputy Head of Civil Defense Organization Brigadier General Gholam Ali Heidari said his organization enjoys state-of-the-art equipment and experienced experts to defend Iran against enemies' cyber attacks.

General Heidari said that reducing vulnerability, promoting deterrence and national strength are among the strategic principles outlined by Iran's Supreme Leader.

Describing cyber attacks as one of the enemies' strategies to strike a blow to the Islamic Revolution of Iran, General Heidari noted that over 1,000 cyber attacks "are carried out against the country's sensitive centers which are neutralized through the vigilance of the Iranian experts".

North Korea cyber warfare capabilities exposed

North Korea's cyber warfare capabilities are on the rise despite being entrenched in ageing infrastructure and dampened by a lack of foreign technology.

According to a report released by Hewlett-Packard researchers, the so-called 'Hermit Kingdom' may keep Internet access from the masses and maintain an iron grip on information exchange, but this hasn't stopped the country from training up the next generation of cybersecurity and cyber warfare experts.

A number of countries, including the United States, have imposed restrictions on North Korea, which prevents the open trade of technologies, which would enhance cyber tools and capabilities -- due to the regime's treatment of citizens and closed-border policy. However, according to HP, the country is "remarkably committed" to improving its cyber warfare capabilities.

South Korea views the regime's cyber capabilities as a terroristic threat, and has prepared for a multifaceted attack in the future -- although it is important to note no such attack has yet occurred. According to a report written by Captain Duk-Ki Kim, a Republic of Korea Navy officer, "the North Korean regime will first conduct a simultaneous and multifarious cyber offensive on the Republic of Korea's society and basic infrastructure, government agencies, and major military command centers while at the same time suppressing the ROK government and its domestic allies and supporters with nuclear weapons." South Korea also claims that North Korea's "premier" hacking unit, Unit 121, is behind the US and Russia as the "world's third largest cyber unit."

However, North Korea's DDoS capabilities are not comprehensive as there are few outgoing connections due to heavy censorship and Internet restriction. This is why researchers believe the country uses the networks of other nations and botnets instead.

The full HP report is available by clicking below. The analysis is based on open source intelligence gathered by HP's security team.

Significant Insecurity About Internet of Things

Picture yourself coming home from work in twenty years’ time. The house alarm reacts to a signal from your car as you pull up on the drive and turns off. The alarm then triggers the doors to unlock. The doors unlocking tells the lights in your house to come on. You’ve already turned the heating on, using a mobile device while you were at work. All of these processes will have taken place because the devices are connected and able to respond to the others’ actions, based on commands you’ve already given or pre-programmed behaviour.

Fewer than one percent of more than 800 Dark Reading community members are ready for the fast approaching security onslaught of the IoT.

Which "Thing" of the Internet of Things represents the greatest potential security risk? They all do, according to the latest Dark Reading community poll, Security of "Things."

Admittedly, the choices in our unscientific instant poll are somewhat loaded.

When asked to select from a list of six diverse and connected “things” -- cars, cellphones, commercial transportation and communication systems, home appliances, medical devices, and wearables -- starting to show up in today’s consumer and business marketplaces, respondents, not surprisingly, gave the biggest nod to cell phones (16 percent).

The most revealing response, though, was the scant few -- representing less than 1 percent -- who say they are “somewhat concerned” about public safety and product security in the not-so-distant-world of connected devices. But they believe that the security industry “can handle the risk.”

An open Internet is Essential - why Net Neutrality Matters!
Opinion: Electronic Frontier Foundation

Right now the FCC is considering a set of rules that would allow Internet providers to offer faster access to some websites that can afford to pay. We need to stop them.

Let’s start with the obvious: The Internet is how we communicate and how we work, learn new things, and find out where to go and how to get there. It keeps us connected to those we love and informed of political events that affect our everyday lives.

At EFF, we have fought for almost 25 years to protect a free and open Internet. We depend on the Internet for everything we do, from our efforts to reform broken copyright laws, to our ongoing battles to end the NSA’s illegal mass surveillance. More fundamentally, we know that the open Internet makes possible not just our activism, but the work of many others around the world.

That’s why we’re fighting tooth and nail to defend a concept known as net neutrality. Net neutrality means that Internet providers should treat all data that travels over their networks equally, rather than slowing down or even blocking access to sites of their choosing.
Good net neutrality rules would forbid Internet providers from discriminating against sites that cannot afford to pay a toll for preferential treatment, or sites that are critical of Internet providers or undermine their business models.

Right now the entire architecture of the Internet is under threat. The FCC is about to make a decision that will determine whether or not Internet providers will be allowed to offer faster access to some websites, while leaving others in the slow-lane.

We’re calling on the FCC to do the right thing and not allow for rampant discrimination online. Specifically, we’re telling the FCC that the Internet needs to be treated as part of our essential communications infrastructure, and that means regulating it as such to protect net neutrality.
Without net neutrality, Internet providers may interfere with access to privacy protecting services and websites or encrypted traffic. We have the right to encrypt our communications because privacy is a human right and it’s protected in the US Constitution.

An increasing trend in privacy-conscious products is the move to technologies where sensitive data is self hosted, hosted by friends, or resides on an anonymous decentralized network instead of on the servers of a company that law enforcement can easily compel to turn over your data without telling you first.

One of our core visions for a more transparent political environment is for government data, court documents and interpretations of the law to be readily accessible online. Access to the law shouldn’t be slower than, say, viewing an entertainment website. But without strong net neutrality rules, Internet providers are likely to offer faster access to some websites while impeding our access to information.

Iran Aided Hamas in Cyber-War on Israel

A senior IDF source has revealed that in addition to supplying Hamas terrorists with weapons, including so-called "Judgement Day" missiles, Iran supported the Gaza terror group by launching a massive cyber assault on Israel during Operation Protective Edge.

The source, a senior commander in the IDF Computer Service Directorate, told Walla! on Sunday that as Israel faced terrorists in the Hamas enclave, it also faced "a significant Iranian effort" to attack the Jewish state through cyber warfare.

"We haven't seen such a scope (of attacks) like this in the past, also in terms of the type of targets," said the commander, who elaborated that Israeli civilian communications infrastructures, also was attacked by Iran.

The IDF's Homefront Command website, which provides security information to the Israeli public such as rocket warnings, also came under fire by the Iranian hackers, and the IDF Spokesperson's Unit site was targeted as well.

Arutz Sheva's Hebrew website came under a cyber attack during the operation too, although the culprits there were Turkish and not Iranian. Turkey replaced Iran in 2012 as Hamas's leading financial sponsor.

Fortunately, the IDF has been making impressive technological strides in defensive cyber-warfare, according to the commander, who remarked that just a year ago IDF forces on the ground often had trouble receiving information gathered by the IDF Intelligence Corps, which had to go through various sources first.

Now, thanks to a new network system of the Intelligence Corps and Computer Service Directorate, information in Operation Protective Edge was passed in real-time to soldiers on the ground.

The commander gave an example from the operation in which a terrorist involved in the digging of terror tunnels was captured by IDF forces.

During the IDF investigation of the terrorist, information on targets extracted from him was passed real-time through the new technology, and was transmitted by the Intelligence Corps to the Navy, which was able to immediately fire on the targets with precise munitions.

Roughly 65% of the new technology network is completed, according to the source, with the rest of the process promising to further connect units on the ground to essential intelligence information.

The commander also noted on the threat to the IDF posed by the Islamic State (IS, formerly ISIS), which has been conquering large portions of Iraq and Syria while committing various atrocities.

"They are a primitive organization, but effective. There are ten thousand fighters travelling in pick-up trucks, something like (Mongolian Emperor) Genghis Khan's hordes. They work through a network, and document their murderous attacks. In this way they exercise a strong element of consciousness," said the commander, noting their methods of instilling fear.

‘Cognizant Computing’ will be Forceful in Consumer IT

"Cognizant computing,” the next phase of the personal cloud movement, will become one of the strongest forces in consumer-focused IT, according to a new report from Gartner Inc. It will have an immense impact on mobile devices and apps, wearables, networking, services and cloud providers, the firm says.

Cognizant computing is a consumer experience in which data associated with individuals is used to develop services and activities according to simple rules, Gartner says. The services include alarms, bill payments, managing and monitoring health and fitness, and context-specific ads. Cognizant systems will provide services across multiple devices.

The practical application of cognizant computing helps business-to-consumer companies acquire deep insights into consumers' preferences and daily lives, Gartner says, and this will help create better, more-personalized services and offers.

"Cognizant computing is transforming personal clouds into highly intelligent collections of mobile apps and services," Jessica Ekholm, research director at Gartner, said in a statement. "Business-to-consumer providers must adapt their strategies to exploit this change to generate new revenue, find new ways to differentiate themselves and foster loyalty via mobile apps."

The firm predicts that cognizant computing will put the importance of applications, services and cloud at the forefront, making it one of the most important components of any customer retention strategy for B2C companies over the coming five years.

"Cognizant computing is already beginning to take shape via many mobile apps, smartphones and wearable devices that collect and sync information about users, their whereabouts and their social graph," Ekholm said. "Over the next two to five years, the Internet of Things and big data will converge with analytics. Hence, more data will make systems smarter."

The full web site is currently under development and will be available during 2014