White House Weighs Sanctions After Second Breach of a Computer System
- Get link
- Other Apps
WASHINGTON — The White House on Friday revealed that hackers had breached a second computer system at the Office of Personnel Management, and said that President Obama was considering financial sanctions against the attackers who gained access to the files of millions of federal workers.
Investigators had already said that Chinese hackers appeared to have obtained personal data from more than four million current and former federal employees in one of the boldest invasions into a government network.
But on Friday, officials said they believed that a separate computer system at the agency was breached by the same hackers, putting at risk not only data about the federal employees, but also information about friends, family members and associates that could number millions more. Officials said that the second system contained files related to intelligence officials working for the F.B.I., defense contractors and other government agencies.
Sam Schumach, a spokesman for the personnel office, said that the F.B.I.’s incident response team had concluded “with a high degree of confidence” that systems containing information related to background investigations of current, former and prospective federal employees were compromised.
A senior government official, speaking on the condition of anonymity, said that investigators became aware of the second intrusion while assessing the damage from the first breach. The official said the information apparently taken in the second breach appeared not to be limited to federal employees.
The database contains copies of what is known as Standard Form 86, a questionnaire filled out by applicants for national security positions. The 127-page form can include medical data, including information on treatment or hospitalization for “an emotional or mental health condition.”
In addition, the form asks for detailed information on close relatives and “people who know you well.” The form has spaces for each contact’s home or work address, email address, phone number and other information.
The personnel office has said that the number of federal employees and applicants affected could rise beyond the four million already reported. If the relatives and close contacts are included, the total number of people affected could be several times as high, officials said.
At the White House, officials said that Mr. Obama was weighing the use of an executive order he signed in April that allows the Treasury secretary to impose sanctions on individuals or groups that engage in malicious cyberattacks, or people who benefit from them.
“This newly available option is one that is on the table,” said Josh Earnest, the White House press secretary.
Mr. Obama signed the executive order after the attack on Sony Pictures’ computer network, an intrusion that American officials believe was carried out by the government of North Korea. The order gives the administration the ability to freeze assets in the United States, bar Americans from doing business with groups that sponsor cyberattacks, and cut the groups off from American goods and technology. But the use of the sanctions authority could be more significant if Mr. Obama wielded it against China, which officials believe has continued to sponsor cyberattacks even as the two nations warily seek a working relationship in other areas.
Mr. Earnest declined to say whether investigators had concluded that the attacks at the personnel office affected many millions more people than the four million already announced. And he declined to say whether officials at the United States Embassy in China were being relocated out of a fear that the hackers retrieved information about their contacts in that country.
“We have acknowledged that potentially sensitive data about a substantial number of federal employees was breached or is at least now at risk,” Mr. Earnest said. “But we haven’t talked publicly about the details of that.”
Security experts say the forensic evidence from the attacks suggests that they were the work of a sophisticated Chinese group that for the past three years has targeted a number of government agencies and defense contractors.
More recently, however, the group appears to have been looking for inroads into the personal lives of government workers, military and intelligence personnel, and defense contractors, and it has been gathering the personal data and medical histories of its targets. Though experts say it is not clear what the attackers plan to use the information for, they note that it is the sort of delicate medical data that could be used for blackmail.
While the group is not a unit of the People’s Liberation Army’s Third Department, which oversees the Chinese military’s cyberintelligence gathering, the chronology of its attacks matches Beijing’s stated economic and strategic objectives.
It is unclear what exactly the relationship is between the attackers and the Chinese state, but for years security researchers have found evidence of a freelance market for Chinese hackers. Previous attacks against targets that would be of interest to the Chinese government have been tied to students and educators at Chinese universities and employees at Chinese Internet firms.
The impact of the breach of personnel files is continuing to ripple across other federal agencies. On Friday, for example, the Office of Management and Budget announced new steps that agencies must take to secure their networks as part of a “30-Day Cybersecurity Sprint” ordered by the government’s chief information officer.
Those steps include continuous, real-time monitoring of computer networks and the use of multifactor authentication, in which users are required to go beyond user names and passwords to verify their identity when logging on. Neither of those security features was in place at the personnel office before the attack last month.
Read the whole story
· · · ·
The Azerbaijani authorities have arrested a bus driver whose vehicle injured three teenage Austrian swimmers ahead of Baku's European Games.
Veli Ahmadov has been accused of a breach of road rules and his employer may face legal action, officials said.
Synchronised swimmer Vanessa Sahinovic, 15, suffered "severe injuries" in the crash and was put in an induced coma.
Another athlete, Luna Pajer, broke an elbow while the third suffered only bruising.
Sahinovic underwent 10 hours of surgery in Vienna after being flown from Azerbaijan, and a hospital spokesman said on Friday that further surgery would be necessary.
The incident occurred in the athlete's village.
Reports in Azerbaijani media suggested alcohol may have been a factor in the crash and that some staff had been drunk on duty in the village.
Organisers said on Saturday they were looking into the allegations but said there was no evidence to link the claims to the bus incident.
Fast Company
Does Obama Know There's a Cyberwar Going On?
Investor's Business Daily-16 hours ago
Like it or not, there is a cyberwar against the U.S. under way. It would be good if President Obama and his top executives acted like it.
Second OPM breach: Potentially devastating for counterintelligence ...
<a href="http://Examiner.com" rel="nofollow">Examiner.com</a>-57 minutes ago
<a href="http://Examiner.com" rel="nofollow">Examiner.com</a>-57 minutes ago
How Did Hackers Get The Personal Data of Millions of U.S. ...
In-Depth-Fast Company-18 hours ago
In-Depth-Fast Company-18 hours ago
Explore in depth (614 more articles)
Cyber attacks – such as that on Sony Pictures in 2014 – suggest the world is in the early stages of a cyber war arms race.
So said Bruce Schneier, chief technology officer of Resilient Systems: “We are in the early years of a cyber war arms race.
"There is a lot of nation state rhetoric,and we are seeing a lot of nation state attacks against non nation states,” he told Infosecurity Europe 2015 in London.
Schneier cited North Korea’s attack on Sony Pictures, China’s attack on Github and Iran’s attack on Saudi Aramco as examples.
“There is a lot of this back and forth, where countries are not attacking each other, but attacking companies in those countries – and I think we are going to see more of that,” he said.
Schneier warned that, as nations build up for cyber war, commercial companies need to prepare for raids on their IT because they are within the “blast radius”.
He said there needs to be more policy discussions around the issue and, while the US is having some “pretty impressive” discussions in Congress about surveillance, there is not enough discussion about vulnerabilities, resilience, defence and how to maintain a military cyber option.
Schneier said the cyber attack on Sony Pictures illustrates a lot of the problems and themes that affect incident response, and he delved into what he called a “good story” in some detail.
Although he was among those who initially cast doubt on US claims that North Korea was behind the attack, Schneier said he now believed the US gleaned the information needed for attribution from spying on the South Koreans – who were spying on the North Koreans – and a source in the North Korean government.
The first thing to note about the attack, he said, is that the initial strike was made through a spearphishing attack in September 2014 that went “completely undetected” by Sony. This enabled the attackers to obtain administrative credentials “pretty quickly” and spend a lot of time mapping the corporate network and planning their attack.
Schneier said the attack began only about two months later in November 2014, with the destruction of hard drives and servers in the Sony network. “As soon as the skull and crossbones started appearing on screens, savvy employees pulled the plug and that ended up saving data,” he said.
The first major leaks began on 1 December 2014, proving that the attack was much more than a destructive campaign. “The data is actually being picked at this point to provide fodder for headlines,” said Schneier.
"Executives’ salaries is a big deal – especially when you pay your female executives less than the male executives."
On 3 December 2014, more data was leaked, including passwords and accounting information. “Another security tip – do not put your passwords in a clear text file marked ‘passwords’. You just look stupid,” said Schneier.
“On 19 December – three weeks after the attack – finally we have official US government attribution,” he said. “And on 22 December, North Korea was the victim of a denial of service attack.
"The US denied that it was behind this attack. We just know that North Korea fell off the internet for two days – it could have been coincidence. Nobody knows.”
The next development was the US imposing fresh sanctions against North Korea in retaliation for the cyber attack on Sony Pictures.
“A February Sony earnings statement said the cost of the investigation and clean-up was $15m,” said Schneier.
"I actually don’t believe that. It’s impossible it was that cheap."
This incident, he said, encapsulates a lot of the themes and some of the surprises of cyber conflict in the 21st century.
Schneier said there was a lot of “sabre rattling” in the US and “scary” talk of “cyber warfare” – despite the fact that the target was not critical national infrastructure.
“Who actually thought that the first major cyber attack in the US would be against a movie company. Not on our list of critical infrastructure,” he said.
Schneier noted that, unlike most cyber attacks, the objective was not theft, but “coercion, embarrassment or just pure damage".
"Not the sort of threat we tend to worry about. But we are all vulnerable to this sort of thing. I don’t believe that any of us could have withstood this sort of attack by this sort of adversary,” he said.
He described the attack as a highly skilled, highly focused attack. “Against that sort of attack, it does not matter if your security is relatively better than anybody else's. What matters is if your security is better than the attackers’ skills,” he said.
“But we all know that a sufficiently skilled, funded, motivated attacker will never fail to get in. The challenge is how to deal with it."
Schneier said another important point what he called the “democratisation” of tactics.
“It’s not that we are fighting a cyber war. It is that we are increasingly seeing war-like tactics in broader cyber conflicts,” he said.
“We are living in a world where you can be attacked, and not know if it is a nuclear-powered government with a $20bn military budget or a couple of guys in a basement somewhere, and that’s freaky. Technology is broadly spreading capability, and the same tactics and weaponry are used by everybody."
Schneier said this had given rise to threats from groups such hacker collective Anonymous against the likes of Isis and Nato. “This politically motivated attacking is real and very important. We are seeing it against governments, corporations, institutions and individuals, for all sorts of reasons,” he said.
Schneier said attribution is always difficult. “It took the US government three weeks to announce that North Korea attacked Sony. When you are being attacked, you have milliseconds to respond,” he said.
"Three weeks is not going to cut it."
Schneier said it is typically not clear who is attacking and why, which makes defence difficult. “This means we need good defence without attribution. We need good incident response without knowing who did it. Fast, flexible, effective, technical and non-technical,” he said.
In this regard, Schneier said a lot of failures were exposed inside Sony's organisation. “They had no incident response plan. Team cohesiveness fell apart immediately because there was no team response,” he said.
“What we want is resilience in our networks, resilience in our systems, resilience in our institutions – and you don’t get that without some co-ordination."
Read the whole story
· · · · ·
WASHINGTON (AP) — The U.S. has elevated its appraisal of the cyber threat from Russia, the U.S. intelligence chief said Thursday, as he delivered the annual assessment by intelligence agencies of the top dangers facing the country.
"While I can't go into detail here, the Russian cyber threat is more severe than we had previously assessed," James Clapper, the director of national intelligence, told the Senate Armed Services Committee, as he presented the annual worldwide threats assessment.
As they have in recent years, U.S. intelligence agencies once again listed cyber attacks as the top danger to U.S. national security, ahead of terrorism. Saboteurs, spies and thieves are expanding their computer attacks against a vulnerable American internet infrastructure, chipping away at U.S. wealth and security over time, Clapper said.
If there is good news, he said, it is that a catastrophic destruction of infrastructure appears unlikely.
"Cyber threats to U.S. national and economic security are increasing in frequency, scale, sophistication, and severity of impact," the written assessment says. "Rather than a 'Cyber Armageddon' scenario that debilitates the entire US infrastructure, we envision something different. We foresee an ongoing series of low-to-moderate level cyber attacks from a variety of sources over time, which will impose cumulative costs on U.S. economic competitiveness and national security."
Russia, China, Iran and North Korea are the top nation-state cyber threats, the intelligence assessment found. Traditionally, China had been first on that list, but Russia was listed first this year for the first time. Previously, intelligence officials have said that hackers linked to China have been probing the U.S. electrical grid in an effort to lay the groundwork for attack.
Clapper did not elaborate on his cryptic comment about Russia's cyber capabilities, but the written assessment he delivered said that Russia's defense ministry is establishing its own cyber command responsible for offensive activities, "including propaganda operations and inserting malware into enemy command and control systems." The U.S. Cyber Command plans its own offensive operations, about which little is known.
The intelligence assessment noted public reports that detail how "Russian cyber actors" are developing the ability to remotely hack into industrial control systems that run electric power grids, urban mass-transit systems, air-traffic control networks and oil and gas pipelines. "These unspecified Russian actors have successfully compromised the product supply chains of three (control system) vendors so that customers download exploitative malware directly from the vendors' websites along with routine software updates, according to private sector cyber security experts," the assessment said.
The U.S. and Israel are widely cited as having launched a cyber attack on Iran's nuclear program through an industrial control system. The Stuxnet virus reportedly damaged Iranian nuclear centrifuges, proving that a remote computer attack could cause physical destruction.
The assessment noted that U.S. intelligence agencies have improved their ability to figure out who is perpetrating cyber attacks, despite the many ways such attacks can be disguised. Still, the lack of international norms makes the behavior difficult to deter, the assessment says.
What's more, "the muted response by most victims to cyber attacks has created a permissive environment in which low-level attacks can be used as a coercive tool short of war, with relatively low risk of retaliation."
The assessment said officials are increasingly concerned that cyber attackers will seek to change or destroy crucial data in a way that could undermine financial markets and business confidence.
Beyond cyber, the assessment surveyed an increasingly uncertain world, noting the existence of more terrorist safe havens than at any time in recent history.
"Unpredictable instability is the new normal," Clapper said.
On terrorism, the assessment noted that "Sunni violent extremists" such as the Islamic State group are "gaining momentum" and that the groups "challenge local and regional governance and threaten U.S. allies, partners, and interests."
"The threat to key US allies and partners will probably increase, but the extent of the increase will depend on the level of success that Sunni violent extremists achieve in seizing and holding territory," the assessment says.
Another variable is "the durability of the U.S.-led coalition in Iraq and Syria," the assessment says.
"Homegrown violent extremists continue to pose the most likely threat to the homeland," Clapper said.
Six months into the U.S. campaign against the Islamic State group in Iraq and Syria, Clapper described a stalemate, with neither side able to "achieve its territorial ambitions."
The growing prominence of Shiite militias in Iraq, and their campaign of "retribution killings and forced displacement of Sunni civilians," threatens to undermine the fight against the Islamic State group, the assessment said.
Read the whole story
· · ·
President Obama’s top intelligence official pointed to a range of threats facing America Thursday, from the surge by Sunni Muslim extremist groups in the Middle East, to the pursuit of nuclear weapons by Iran and North Korea, to the push by Russian and Chinese operatives to penetrate Washington’s clandestine national security community.
But one threat was listed above all others in congressional testimony provided by Director of National Intelligence James R. Clapper — that of cyberattacks carried out by a growing host of politically, as well as criminally motivated actors against both government and private U.S. computer networks .
“Cyber threats to U.S. national and economic security are increasing in frequency, scale, sophistication and severity of impact; [and] the ranges of cyber threat actors, methods of attack, targeted systems and victims are also expanding,” Mr. Clapper said in prepared remarks to the Senate Armed Services Committee.
While the threat is complex, however, Mr. Clapper downplayed the idea America is at a high risk of having its infrastructure crippled by a major doomsday-like “Cyber Armageddon” scenario.
“The likelihood of a catastrophic attack from any particular actor is remote at this time,” he said. “We envision something different. We foresee an ongoing series of low-to-moderate level cyberattacks from a variety of sources over time, which will impose cumulative costs on US economic competitiveness and national security.”
Computer system attacks by Russian, Chinese, Iranian and North Korea operatives represent the biggest threat, the intelligence director said.
“Politically motivated cyberattacks are now a growing reality, and foreign actors are reconnoitering and developing access to U.S. critical infrastructure systems, which might be quickly exploited for disruption if an adversary’s intent became hostile,” he said. “In addition, those conducting cyber espionage are targeting U.S. government, military and commercial networks on a daily basis.”
Mr. Clapper’s remarks came as part of the intelligence community’s annual reporting to Congress on worldwide threats facing the U.S. The intelligence director’s prepared testimony is generally regarded each year as the declassified boilerplate of the intelligence community’s annual assessment of those threats.
In addition to cyber, Thursday’s threat assessment pointed to dangers associated with a variety of other developments around the globe, from Russia’s ongoing military action in eastern Ukraine, to the political and security crises in Syria and Libya, to the spread Boko Haram Islamic extremist attacks from Nigeria into Chad, Niger and Cameroon.
China’s nuclear weapons
Among the more notable passages in the assessment was one asserting that “the leading state intelligence threats to U.S. interests in 2015 will continue to be Russia and China, based on their capabilities, intent and broad operational scopes.”
The evolving nuclear weapons pursuits of Iran and North Korea were also noted — as was that of China, where the People’s Liberation Army’s (PLA’s) Second Artillery Force continues to “modernize its nuclear missile force by adding more survivable road-mobile systems and enhancing its silo-based systems,” according to the assessment.
“This new generation of missiles is intended to ensure the viability of China’s strategic deterrent by providing a second strike capability,” it stated. “In addition, the PLA Navy continues to develop the JL-2 submarine-launched ballistic missile (SLBM) and might produce additional JIN-class nuclear-powered ballistic missile submarines.”
“The JIN-class submarines, armed with JL-2 SLBMs, will give the PLA Navy its first long-range, sea-based nuclear capability,” the assessment said. “We assess that the Navy will soon conduct its first nuclear deterrence patrols.”
Islamic State threat
Mr. Clapper testified that “Sunni violent extremists are gaining momentum and the number of Sunni violent extremist groups, members and safe havens is greater than at any other point in history.”
While he said “the threat to key U.S. allies and partners will probably increase,” the intelligence director added that the growing number of the extremist groups is likely to be “balanced by a lack of cohesion and authoritative leadership.”
He also said that while “the January 2015 attacks against Charlie Hebdo in Paris is a reminder of the threat to the West,” most groups place a higher priority on “local concerns” than on attacking the so-called far enemy of the the U.S. and the West — the way that Osama Bin Laden’s original al Qaeda had been so focused during the years leading up to and immediately following Sept. 11, 2001.
But Mr. Clapper’s testimony suggested that there is still uncertainty surrounding the threat posed by the Islamic State movement, known by the acronym ISIL.
“If ISIL were to substantially increase the priority it places on attacking the West rather than fighting to maintain and expand territorial control, then the group’s access to radicalized Westerners who have fought in Syria and Iraq would provide a pool of operatives who potentially have access to the United States and other Western countries,” he said. “Since the conflict began in 2011, more than 20,000 foreign fighters — at least 3,400 of whom are Westerners — have gone to Syria from more than 90 countries.”
Read the whole story
· · · ·
Next Page of Stories
Loading...
Page 2
Russia is leading the way, as new technology is combined with old spying techniques, says Owen Matthews
ADVERTISEMENT
IN hacker jargon, a ‘cyber-to-physical effect’ is when a hacker reaches out from the virtual world into the real one — often with catastrophic consequences.
The Americans and Israelis pioneered the technique in 2009, when the Stuxnet programme infiltrated Iranian computer systems and wrecked thousands of uranium-enriching centrifuges.
But now other players — especially the Russians and Chinese — are also remotely using computer networks to destroy infrastructure and threaten lives.
DISCOVER MORE OF OUR DAILY FEATURES HERE
Last year, according to a report by Germany’s Federal Office for Information Security, a blast furnace melted down in an unnamed industrial city in Germany, after a digital attack on its control systems, causing “massive damage.”
It nearly happened in the United States, too, when unknown hackers penetrated U.S. electrical, water and fuel distribution systems in 2014.
READ NEXT: Cork Opera House celebrates its 160 anniversary
While old-fashioned, low-tech data hacks make headlines — for instance, high-profile break-ins to the email systems and databases of the White House, the US State Department, US Department of Homeland Security, US Department of Defence and Sony Pictures Inc. — what has security officials worried is the new and dangerous world of cyber-to-physical infrastructure attacks.
“This is not theoretical,” National Security Agency director admiral, Michael Rogers, told the US House of Representatives’ Intelligence Committee recently.
“Hacking attacks on the US and its allies are “costing us hundreds of billions of dollars,” Rogers warned, and will result in “truly significant, almost catastrophic failures if we don’t take action.”
That warning hit home last week — millions of US government personnel files were compromised.
The giant hack is probably the work of foreign spies who could use the information to fake their way into more-secure computers and plunder US secrets.
US federal employees were told to change their passwords, put fraud alerts on their credit reports, and watch for attempts by foreign intelligence services to exploit them.
That message came from Dan Payne, a senior counterintelligence official for the US Director of National Intelligence.
“Some of you may think that you are not of interest, because you don’t have access to classified information,” he said. “You are mistaken.”
US federal officials said the cyber-attack appeared to have originated in China, but they didn’t point fingers at the Chinese government. The Chinese said any such accusation would be “irresponsible and unscientific.”
The latest security breach shows that governments are vulnerable.
According to Alexander Klimburg, an affiliate of the Harvard Kennedy School of Government’s Belfer Center and senior research fellow at the Hague Centre for Strategic Studies, “cyber-space today is like Europe in 1914, before World War I. Governments are like sleepwalkers. They do not comprehend the power of new technology and the consequences of misunderstanding each other’s activities.”
According to the US Intelligence Community’s 2015 ‘Worldwide Threat Assessment’ report, Russia and China are the “most sophisticated nation-state actors” in the new generation of cyber warfare, and Russian hackers lead in terms of sophistication, programming power and inventiveness.
“The threat from China is over-inflated, while the threat from Russia is underestimated,” says Jeffrey Carr, head of web security consultancy, Taia Global, and author of the book, Inside Cyber Warfare.
“The Russians are the most technically proficient. For instance, we believe that Russian hackers-for-hire were responsible for the Sony attack.”
Last year, hackers gained access to thousands of Sony company emails and threatened further damage unless a film lampooning North Korean leader, Kim Jong Un, was withdrawn from cinemas. “We spoke to [one of the hackers] via an intermediary,” says Carr.
“Even after Sony lost 80% of its network capability, the hackers were still operating. That shows an incredibly high level of technical ability.”
The Moscow connection is worrying, because Russia is the only country to have combined cyber-warfare with conventional assaults by guns and tanks.
“The Russia-Georgia war of 2008 was a perfect example of a combined kinetic and cyber operation,” says Carr.
“Nobody else has ever done anything like that.”
Similarly, in the wake of Russia’s annexation of Crimea in April, 2014, ground assaults were accompanied by a deluge of mostly low-tech cyber-assaults on over a hundred government and industrial organisations in Poland and Ukraine, and attacks on the European Parliament and the European Commission.
Many of these attacks featured a modified version of ‘BlackEnergy,’ a malware program known as a Trojan horse that remotely takes over computers.
A network of such infected computers, or ‘bots,’ is known as a ‘botnet.’ This can be mobilised to overwhelm a target server with requests for information and crash it — an attack known as distributed denial of service, or DDoS.
“The BlackEnergy malware was authored by a Russian hacker and originally used for DDoS attacks, bank frauds and spam distribution,” says Pierluigi Paganini, founder of the Security Affairs blog and a member of a European Union Agency for Network and Information Security working group.
“But the new variant was used in targeted attacks on government entities, and private companies across a range of industries,” says Paganini.
One of the biggest mysteries of the latest generation of cyber-attacks — known in the US government as Offensive Cyber Effects Operations — is learning who is behind them and whether they are being launched with political or criminal intent.
What’s not in doubt is that Russian hackers have long been kings of the cyber-crime world.
A group of Russians and Ukrainians was named by US federal prosecutors as the culprit behind the biggest cyber-crime case in US history, a bank-card fraud spree from 2010 to 2013 that cost companies, including J.C. Penney, JetBlue and French retailer, Carrefour, $300m.
Russian ‘click-jackers’ were convicted in the US last year for hijacking users of Apple’s iTunes store, Netflix, the U.S. Internal Revenue Service, <a href="http://Amazon.com" rel="nofollow">Amazon.com</a>, <a href="http://ESPN.com" rel="nofollow">ESPN.com</a> and the Wall Street Journal website — as well as computers at NASA.
Another as-yet-unidentified hacking ring, based in a small city in south-central Russia, stole 1.2bn internet logins and passwords and 500mn email addresses, last year, by plundering data from 400,000 websites, according to US cyber-security firm, Hold Security.
In February, the Moscow-based internet security company, Kaspersky Labs, revealed details of the biggest internet heist of all time — a raid on 100 banks in Russia, Ukraine, Japan, the United States and Europe, from 2013 to 2014.
Kaspersky reported evidence of $300m in losses just from the banks that had hired it to clean up the mess — and estimated that the total amount stolen was $900m.
“This is cyber-crime on an industrial scale,” says one Moscow-based, western internet security consultant, who helped overhaul several Russian banks’ defences in the wake of the attack.
“In one case, in Kiev, they made the bank’s ATMs spew out money, which was collected by people walking by.”
The techniques used to break into the bank’s electronic systems, via flaws in Adobe and Microsoft programmes, “were not particularly sophisticated,” says the consultant, “but it was amazing how careful they were not to alert the victims and to keep their backdoor into their systems a secret.”
The exact nature of the links between these criminal hackers and the Russian government remains murky.
“Cyber-crime, cyber-terrorism and cyber-warfare share a common technological basis, tools, logistics and operational methods,” says Klimburg.
“They can also share the same social networks and have comparable goals. The differences between these categories of cyber-activity are often razor–thin. It’s hard to distinguish in cyber-space between financial and political motivation.”
The methods of delivering malware into a target computer are identical. Hackers seek vulnerabilities in popular programmes that allow them to introduce alien code, in particular a weak spot in the code known as a ‘zero-day’.
This means it remains unpatched and can be used for an attack before it is discovered by everyone else, so there are zero-days between an attack and the discovery of the vulnerability.
A good zero-day vulnerability can be sold for €170,000, says Klimburg, but there are many examples of Russian hackers ‘lending’ their zero-day hacks to the government for espionage purposes, then using them for crime later.
“Hundreds of ‘black-hat’ Russian hackers are doing this for a living — whether it’s at the order of Swiss bankers or Ukrainian oligarchs,” says Carr.
“Russian hackers who are caught are given the choice to work for the FSB [Federal Security Service] or to go to jail. The FSB also has some on contract hire.”
DISCOVER MORE OF OUR DAILY FEATURES HERE
There is strong evidence, going back to cyber-attacks on Estonia as early as 2007, that Russian cyber-criminals were working either with, or for, the Russian state. But now, it seems, the Kremlin is directly involved.
U.S. Director of National Intelligence, James Clapper, told the Senate Armed Services Committee, in March, that Russia’s Ministry of Defense is “establishing its own cyber-command” responsible for “conducting offensive cyber-activities.”
And the Russian is stepping up funding for the research and development of cyber-technology at world-class computer science centers, such as the prestigious St. Petersburg Polytechnic University and Samara State University, according to information gathered by Seattle-based Taia Global.
Possible evidence linking recent hacking attacks on the US government to the Russian state includes the digital signatures of a hacker group known as Advanced Persistent Threat 28 (or APT28, identified by the US-based internet security company, FireEye) and a family of hackers labelled CozyDuke, CosmicDuke, MiniDuke and OnionDuke (spotted by Kaspersky Labs).
These groups, which may or may not be related, have giveaway signatures that tie them to Russia.
“Indicators in APT28’s malware suggest that the group consists of Russian speakers operating during business hours in Russia’s major cities,” says a recent FireEye report.
“More than half of the malware samples...attributed to APT28 included Russian-language settings.”
But the real giveaway is not the forensics of the APT28 codes, but their targets over the past five years, which have included Georgia’s ministries of internal affairs and defense, the Polish and Hungarian governments, NATO, the Organization for Security and Co-operation, in Europe, the Norwegian army and US defence contractors.
The APT28 hacking crew “does not appear to conduct widespread intellectual property theft for economic gain, but, instead, is focused on collecting intelligence,” says FireEye. “That would be most useful to a government.”
Though there is evidence that the development teams of APT28 and the CosmicDuke, MiniDuke and OnionDuke “worked together and shared same knowledge and coding techniques,” and that they all have Russian origins, it’s likely they are separate groups, says Paganini.
“All these groups are state-sponsored hackers, probably backed by the Russian government, though it is likely that they operate under different divisions of the same cyber-army.”
Were APT28 and the Kremlin behind hacking attacks on the White House and US State Department this year, which cracked open confidential email records (though not, according to a spokesman, the US president’s personal email)?
The Kremlin strongly denies it.
“We know that blaming Russia for everything has turned into a sport,” Kremlin spokesman, Dmitry Peskov, joked to journalists.
“At least they haven’t looked for Russian submarines in [Washington’s] Potomac River, as has been the case in a few other countries.”
Yet some code — in particular, the family of ‘backdoors’ into programmes, known as CHOPSTICK — regularly used by APT28 has been linked to those virtual break-ins.
And there’s less ambiguity about a similar attack on an unclassified military network at the US Department of Defence last year.
“We analysed their network activity, associated it with Russia, and then quickly kicked them off the network,” US Secretary of Defense, Ashton Carter, said in April.
Cyber-spying on the West Wing’s emails may be cheeky, but it’s not much different from the old-school espionage and signals — intelligence games that Russia and America have been playing for decades.
What’s truly scary is the infiltration of physical infrastructure in a way that could herald a new generation of violent covert action and sabotage.
“This is an entirely new way of waging war,” says one former KGB general, once posted as a spy to London and who now works in the private security sector.
“It is like the invention of planes or submarines. Suddenly you can attack the enemy from a completely new and unexpected direction.... This is the essence of warfare: constant surprise.”
In April, Eugene Kaspersky, the Moscow-born CEO of Kaspersky Labs, noted that there has been a dramatic surge in targetted attacks against power grids, banks and transportation networks around the world — and warned that groups targetting crucial infrastructure have “the capacity to inflict very visible damage. The worst terrorist attacks are not expected.”
Among the most frightening new-generation cyber-weapons are those designed to target super-secure, so-called ‘air-gapped’ systems that have no links to the internet or outside networks.
The developers of Stuxnet bridged the air gap by developing ingenious programmes that infected CD-ROMs and memory sticks that then colonised Iran’s nuclear development computers, ultimately inflicting devastating physical damage on uranium centrifuges and forcing the Iranians to replace their entire computer infrastructure.
But a Stuxnet-like programme that can be carried by email and memory sticks, called Uroburos, has been around since 2011 — and was diagnosed as being of Russian origin.
Uroburos targets Microsoft Windows, sets up surreptitious communications with its parent network, and is able to leap across air gaps, isolating secure networks from the internet.
“The scary thing is that now everyone can do pretty much anything to anyone,” says Klimburg.
He says that one way to distinguish between criminal and government cyber-activity is to measure the amount of programming resources an attack requires — like malware designed to leap across air gaps.
“If you see a huge amount of organisation and programming going into an attack, that’s a good indicator that there’s a government involved.”
The US and Europe remain extremely vulnerable to infrastructure attacks — especially as so much of these developed economies’ vital infrastructure is now electronic, from financial systems to social networks.
One small example: in late April, a fleet of American Airlines Boeing 737s was temporarily grounded after an iPad application, known as an ‘electronic flight bag’, used by pilots for pre-flight checks, crashed.
The iPad app replaced 13 pounds of paper manuals — but when it went down, so did the entire fleet.
More worrying, though still hypothetical: the US Government Accountability Office issued an official warning in April that “modern aircraft’s interconnectedness can potentially provide unauthorised remote access to aircraft avionics systems” and that an aircraft’s Wi-Fi access could be exploited by hackers.
When security researcher, Chris Roberts, joked on Twitter about how easy it would be to “start playing with the EICAS” — Engine-Indicating and Crew-Alerting System — he was bumped off a flight.
Boeing issued a statement saying that “no changes to the flight plans loaded into the airplane systems can take place without pilot review and approval.”
Other infrastructure is just as unprotected.
A recent survey by the energy industry consultants, Black & Veatch, revealed that only 32% of US electric-utility companies had integrated security systems with the “proper segmentation, monitoring and redundancies needed for cyber-threat protection.”
In February, US President Barack Obama set up a new Cyber Threat Intelligence Integration Center, described as “a national intelligence centre focused on connecting the dots regarding malicious foreign cyber-threats to the nation.”
US Defence Secretary Carter made a trip to the heart of Silicon Valley, this month, to improve relationships with tech companies, after damaging revelations byformer National Security Agency contractor, Edward Snowden, about digital surveillance.
“This threat affects us all,” Carter told the assembled techies.
“There are also really great opportunities to be seized through a new level of partnership between the Pentagon and Silicon Valley.”
Behind the scenes, American spy agencies are also busy fighting a secret war against cyber-enemies. Snowden — now in hiding in Russia — publicly revealed the massive scale of data mining by US intelligence agencies, often in apparent violation of protections for US citizens’ privacy.
But a recent report by Kaspersky Labs suggests that the US is no slouch in the hacking department, either.
A hacking collective that Kaspersky’s team dubbed Equation Group — sponsored, it coyly says, “by a nation-state with nearly unlimited resources” — has for the past 14 years apparently been busy planting top-flight spyware around the world, including a keystroke-logging programme, called Grok, and a protective encryption system known as GrayFish.
The top targets? Iran and Russia, followed by Pakistan, China and India.
The malware has targetted financial, governmental, diplomatic, aerospace and telecommunications networks, as well as research institutions and universities.
According to Kaspersky’s engineers, the Equation Group designed “the world’s most mysterious malware warhead” as well as “a secret storage vault that survived military-grade disk wiping and reformatting, making sensitive data stolen from victims available even after reformatting the drive and reinstalling the operating system.”
Thanks to its vast resources, the US may well be able to stay one step ahead of its cyber-enemies.
But the problem with this new battlefield is that none of the potential combatants knows the rules — and, even more dangerously, no-one can be certain of who the combatants are.
“It is not always possible to distinguish between cyber-espionage, cyber covert action and, most importantly, preparation for cyber-sabotage or war,” says Klimburg.
“Serious misunderstandings are pre-programmed.... The consequences of misidentifying the motive of the attacker could be, in diplomatic-speak, ‘inadvertent escalation’ — or accidental cyber-war.”
Richard Clarke, head of cyber-security and counterterrorism coordination in the George W. Bush administration, has warned of the dangers of a “false flag” cyber-attack designed to create tension between the US and, for instance, China, and launched by a hidden third party.
Some academics have proposed ‘cyber-military exercises’ between the United States and Russia as a vehicle for trust building.
Others suggest establishing ‘rules of the road’ — a kind of informal agreement for cyber-space that outlines what is a legitimate target for espionage purposes, with an agreement not to target super-critical infrastructure, such as power grids with cyber-espionage attacks.
But even if Beijing could be persuaded to come on board, the current geopolitical tension between Washington and Moscow is hardly conducive to gentleman’s agreements.
Russian president, Vladimir Putin, has characterised the internet as a “CIA invention” and this month ordered the FSB to “cleanse the Russian internet” by forcing all internet providers to keep their servers in Russia — another turn of the screw in the Kremlin’s long-term plan to create a separate Russian internet, a project to which Putin has pledged some $100m since 2012.
And during the Sochi Olympics, in February, 2014, the FSB deployed aggressive cyber-spying tools to infect foreign visitors’ computers and cellphones with spyware through Wi-Fi networks and cellphone towers.
It is unlikely that such a regime would shy away from using every cyber-weapon at its disposal.
It’s equally unlikely that, faced with a barrage of what White House spokeswoman Jan Psaki described as “hundreds of cyber-attacks a day,” the US will cease and desist from developing some of the world’s most sophisticated cyber-weapons in retaliation.
The cyber-arms race is on.
DISCOVER MORE OF OUR DAILY FEATURES HERE
READ MORE. Visit the section home page here
© Irish Examiner Ltd. All rights reserved
Read the whole story
· · · · · · · · · · · · · · · ·
President Obama, with House Minority Leader Nancy Pelosi at his side, leaves a meeting where he made a last-ditch appeal to House Democrats for his trade agenda on Friday in Washington. (Kevin Lamarque/Reuters)
Cheers rang out Thursday evening when President Obama made a surprise visit to the annual congressional baseball game at National Park. Thousands of Democratic staffers began to chant: “O-ba-ma! O-ba-ma!” More unexpectedly, Republican lawmakers and staffers, who have been locked in battle with the president for more than six years, began a cheer of their own: “TPA, TPA!” they chanted, voicing approval for Obama’s trade promotion agenda.
Obama flashed the GOP side a thumbs-up.
Inside the Democratic dugout, according to several senior aides and lawmakers, the president’s usual allies were appalled by the scene: He was waving to Republicans in approval of trade legislation that most of them opposed.
A day later, the Democratic team threw the president a curveball by blocking his high-stakes bid to win fast-track authority to complete a sweeping, multinational Pacific Rim free-trade accord. For Obama, who has staked enormous personal credibility and political capital on the effort, the loss on Friday represented a major setback on a key presidential priority and renewed questions in Washington about his relationship with the House Democratic caucus.
Though the White House and GOP leaders quickly vowed to try again on trade next week, the rebuke from the president’s own party — despite a personal plea from Obama on Capitol Hill just hours before the vote — sent a clear message that their own skepticism on trade trumped their faith in Obama. The blow left his trade agenda on life support.
“Unfortunately, Democrats did not heed his message,” said Rep. Gerald E. Connolly (D-Va.), who supported the trade deal. “Trade is an existential issue for a lot of Democrats. That transcends everything, including loyalty to him. A lot of Democrats were really anguished about that very choice. They were saying, ‘I don’t want to harm him. I don’t want to damage him. But I can’t go home to my district and say that out of loyalty to him, ‘I sold you all [out].’ ”
The outcome was especially frustrating for a president who has spent four years unable to advance major initiatives — including a tax and budget “grand bargain,” stricter gun control and immigration reform — through Congress in the face of relentless Republican opposition.
After the midterm elections, Obama and his advisers gambled that with the GOP in control of both chambers for the next two years, the scrambled politics of trade would offer the president his best chance to score a legacy-building win in the final stretch of his presidency. Assuming that he could convince more than a sliver of his own party to support him.
He faced significant odds: Democrats have long been skeptical of the effects of trade, which labor unions have blamed for lost jobs and falling wages in traditional, blue-collar manufacturing sectors.
The president launched an administration-wide lobbying effort that lasted months and, by virtually all accounts, was more exhaustive and personal than any push he has made since the health care reform effort in his first year.
He phoned and met with key Democratic lawmakers, promised to campaign for them against primary challenges and invited them aboard Air Force One for a trip to a European summit. He traveled to Oregon in May to give a trade speech at Nike in the home state of Sen. Ron Wyden (D), who offered crucial support to help win passage of the fast-track legislation in the Senate.
“The president is personally engaged on this,” Sen. Ron Wyden (D-Ore.), who helped win passage for the fast-track bill in the Senate, said of Obama on Thursday. “He’s all in.”
But his surprise appearance at the congressional baseball game — the presidential motorcade departed the White House after aides had declared he was in for the night — betrayed the confident tone from administration officials on the eve of the House vote.
During his tenure, Obama has been criticized by both sides of the aisle for ignoring lawmakers, courting them only when absolutely necessary and failing to establish personal connections that could help him politically.
That the president was attending an exhibition game that was not on his public schedule showed the lengths he felt he had to go to try to salvage his trade deal.
By Friday morning, however, the vote remained in doubt — and Obama was leaving the White House on another scheduled trip, this time to Capitol Hill for an emergency meeting with the House Democratic caucus. Once there, he huddled privately with House Minority Leader Nancy Pelosi (D-Calif.) and her deputies, before addressing the entire membership.
“You could always say there coulda, shoulda been more with any president,” Connolly said, when asked if Obama’s lack of attention to lawmakers over the years harmed his chances on trade. “This president’s style is different than Bill Clinton’s. He is who he is. I don’t know if somehow it’s fundamentally flawed. It’s just different.”
Most in Congress agree on one thing: The administration, despite its blitz in recent weeks, was facing an opposition, made up of labor unions, environmentalists and progressive Democrats, that has been relentless in lobbying against trade. Led by Rep. Rosa L. DeLauro (D-Conn.), the coalition has met with individual Democrats and with small groups for more than two years to pressure them to oppose any fast-track bill.
Asked by reporters after the vote if Obama’s trade push came too late, White House press secretary Josh Earnest scoffed.
“I find it hard to believe that the president’s attendance at the 2014 congressional baseball game would have, in any way, contributed to the vote count today,” he said. “I think that the president takes much more seriously members of Congress and their concerns than some analysts do.”
But Obama appeared to be blindsided by Pelosi, who said months ago, during a fact-finding mission to Asia with other lawmakers, that she was “trying to get to yes” on the president’s trade deal. In 2009 and 2010, Obama leaned heavily on her, when she was the House speaker, to help wrestle the Affordable Care Act through Congress with Democratic majorities on a party-line vote.
As the trade vote neared, Pelosi refused to tip her hand, although she appeared to be working with Speaker John A. Boehner (R-Ohio) to schedule a package of related trade bills in a way to help them pass the House, even if she didn’t support them.
On Friday, taking the floor minutes before the vote, Pelosi broke her silence: “I will be voting to slow down fast-track,” she declared. “Today, we have an opportunity to slow down. Whatever the deal is with other countries, we want a better deal for American workers.”
It was a fatal blow for Obama, and supportive Democrats were stunned.
“She screwed this president,” one lawmaker fumed, speaking on condition of anonymity out of fear of retaliation. “She pandered to the left. She does not ever want to be outflanked by the left because that’s her base.”
The minority leader had heeded her center of power, while the president was left wondering where his had gone.
Kelsey Snell contributed to this report.
David Nakamura covers the White House. He has previously covered sports, education and city government and reported from Afghanistan, Pakistan and Japan.
Paul Kane covers Congress and politics for the Washington Post.
Get the Daily 202 Newsletter
Free daily updates delivered just for you.
Success! Check your inbox for details.
Please enter a valid email address
You might also like:
Our Online Games
Play right from this page
Read the whole story
· · · · · · ·
- Get link
- Other Apps
Comments
Post a Comment