Author Topic: Cyber attacks/defence/incdents (merged)  (Read 16419 times)

0 Members and 1 Guest are viewing this topic.

Online GAP

  • Semper Fi
  • Army.ca Subscriber
  • Army.ca Legend
  • *
  • 204,940
  • Rate Post
  • Posts: 12,878
Cyber attacks/defence/incdents (merged)
« on: May 17, 2007, 11:51:05 »
An update on Christian Science Monitor earlier article

This might also become another facet of the Global Terror War, not by Russia, but by others. Once the door is open and they see how successful they can be.......
Estonia accuses Russia of 'cyberattack'
By Arthur Bright | csmonitor.com
Article Link

NATO is investigating siege on Estonian government, media, and banking websites, but Russia denies involvement.

Estonia accused Russia of launching a barrage of "cyberattacks" that are shutting down Estonian government, newspaper, and banking websites.

The Guardian reports that the attacks began in late April, coinciding with Estonia's decision to move a Soviet World War II memorial, the Bronze Soldier, from a central location in Tallinn, the Baltic nation's capital. Though Estonians saw the memorial as a reminder of Soviet oppression, Russia viewed the decision to move it as an affront, prompting riots by ethnic Russians in Tallinn and condemnations and sanctions from Moscow. The cyberattacks have continued since then.

The crisis unleashed a wave of so-called DDoS, or Distributed Denial of Service, attacks, where websites are suddenly swamped by tens of thousands of visits, jamming and disabling them by overcrowding the bandwidths for the servers running the sites. The attacks have been pouring in from all over the world, but Estonian officials and computer security experts say that, particularly in the early phase, some attackers were identified by their internet addresses - many of which were Russian, and some of which were from Russian state institutions. ...

The attacks have come in three waves: from April 27, when the Bronze Soldier riots erupted, peaking around May 3; then on May 8 and 9 - a couple of the most celebrated dates in the Russian calendar, when the country marks Victory Day over Nazi Germany, and when President Vladimir Putin delivered another hostile speech attacking Estonia and indirectly likening the Bush administration to the Hitler regime; and again this week.

The Guardian notes that Estonia is a pioneer of "e-government" and one of the most wired countries in Europe, making it that much more vulnerable to cyberattacks. In order to stop the attacks, Estonia has shut down foreign access to the sites under siege.

Estonian Foreign Minister Urmas Paet accused the Kremlin of direct involvement in the cyberattacks, saying they were an attempt to paralyze Estonian businesses and government offices, writes The Times of London.

"When there are attacks coming from official IP addresses of Russian authorities and they are attacking not only our websites but our mobile phone network and our rescue service network, then it is already very dangerous," Mr Paet said.

"It can cost lives. I hope they will stop it but the attacks are continuing. They are sending huge levels of stuff through the networks so that our different servers will crash.

"The largest part of these attacks are coming from Russia and from official servers of the authorities of Russia."
More on link
Two things are infinite: the universe and human stupidity; and I´m not so sure about the universe

Offline Falange

  • New Member
  • **
  • 370
  • Rate Post
  • Posts: 47
Re: Cyber attacks/defence/incdents (merged)
« Reply #1 on: May 18, 2007, 17:20:32 »
Not surprising, specially taking into consideration how ethnic Russians that live outside the Rus. Federation have become in a major interest for the foreing policy-makers in Moscow. First Georgia, now the Baltics. Actually I beleive that was a big source for confrontation in the last EU - Russia summit.

Offline JackD

  • jackd
  • Full Member
  • *****
  • 2,670
  • Rate Post
  • Posts: 340
Re: Cyber attacks/defence/incdents (merged)
« Reply #2 on: May 19, 2007, 03:06:18 »
When you consider the history of these regions - it is no wonder Baltic, Black Sea region, Central European countries are not exactly enamored of Russia... whether it be the Russian Empire, or the USSR. Basically the residual effect of 18th-19th century power politics. It certainly does make one appreciate being bordered by the Eagle rather than the Bear... Actions as shown here also - i think - portray national characteristics. Live in Europe long enough and you'd see that a United Europe is a Utopian dream. It is quite tribal.

Offline geo

  • Army.ca Subscriber
  • Army.ca Legend
  • *
  • 25,765
  • Rate Post
  • Posts: 10,643
Re: Cyber attacks/defence/incdents (merged)
« Reply #3 on: May 19, 2007, 12:56:02 »
these cyber attacks were, for all intents and purposes, "denial of service" assaults on the major servers of this small country.

Did the Russians do it? possible = but it could easily be the work of the proletariat.
North America has certainly suffered through some small localised denial of service attacks before.....
Doing it on a national scale (albeit a small coutry) is a simple progression...
Chimo!

Offline Dare

  • Full Member
  • *****
  • -30
  • Rate Post
  • Posts: 263
Re: Cyber attacks/defence/incdents (merged)
« Reply #4 on: May 22, 2007, 14:10:02 »
these cyber attacks were, for all intents and purposes, "denial of service" assaults on the major servers of this small country.

Did the Russians do it? possible = but it could easily be the work of the proletariat.
North America has certainly suffered through some small localised denial of service attacks before.....
Doing it on a national scale (albeit a small coutry) is a simple progression...
I'd have to agree it was likely the citizenry who conducted this. However, I would not put it off the table that the Russians may have funded (purchased) this attack. It has been done many times and will be done again.

Offline Richie

  • Member
  • ****
  • -30
  • Rate Post
  • Posts: 117
Estonian cyber defence hub set up
« Reply #5 on: May 14, 2008, 18:11:49 »
BBC NEWS

Estonian cyber defence hub set up

Seven Nato nations have backed a new cyber defence centre in Estonia, which last year blamed Russia for weeks of attacks on its internet structure.

Germany, Slovakia, Latvia, Lithuania, Italy and Spain will staff and fund the hub in the Estonian capital Tallinn.

Estonia came under cyber attack in 2007 after its decision to remove the bronze statue of a Red Army soldier from the centre of Tallinn.

Moscow denied involvement in the flood of data which crashed computers.

"We have seen in Estonia that a cyber attack can swiftly become an issue of national security," Nato spokesman James Appathurai said after a signing ceremony in Brussels.

"Cyber attacks can cripple societies."

The US will initially send an observer to the project, which will have some 30 staff when fully operational in August.

The centre will provide research, consultation and training on the development of cyber defences for participating national governments.

Story from BBC NEWS:
http://news.bbc.co.uk/go/pr/fr/-/2/hi/europe/7401260.stm

Published: 2008/05/14 16:00:57 GMT

© BBC MMVIII
If a man does not keep pace with his companions, perhaps it is because he hears a different drummer. Let him step to the music which he hears, however measured or far away.
- Henry David Thoreau

Offline geo

  • Army.ca Subscriber
  • Army.ca Legend
  • *
  • 25,765
  • Rate Post
  • Posts: 10,643
Re: Estonian cyber defence hub set up
« Reply #6 on: May 15, 2008, 08:39:40 »
Considering that the Internet has become a major part of how we communicate with each other, it's time has come.

Will be interesting to see how far they manage to take this initiative.
Chimo!

Offline S.M.A.

  • Army.ca Fixture
  • *****
  • 132,340
  • Rate Post
  • Posts: 6,515
All Things Cyber - Foreign Forces (merged)
« Reply #7 on: October 05, 2009, 10:38:25 »
Reminds me of that anti-corruption agency that Singapore already has.

Quote
Singapore to Form National Cyber-security Agency

http://tech.yahoo.com/news/pcworld/20090930/tc_pcworld/singaporetoformnationalcybersecurityagency

Singapore will set up a government agency, the Singapore Infocomm Technology Security Authority (SITSA), to handle technology-related threats to the city-state's national security, a government minister said Wednesday.

"It will be the specialist authority to deal with threats to national security, especially external threats such as cyber-terrorism and cyber-espionage," said K. Shanmugam, Singapore's minister for law and second minister for home affairs, according to a transcript of his speech.

SITSA will be under the Internal Security Department of Singapore's Ministry of Home Affairs, which has handled security for government IT systems, Shanmugam said.

"SITSA is being formed at a time when the world has witnessed the Estonian cyberwar in 2007 and the Georgian cyberwar in 2008. In July this year, we witnessed yet another widespread cyber attack. This time, it was targeted against government and banking websites in South Korea and the United States," he said.

The newly formed unit will initially focus on securing the country's critical IT infrastructure in the finance, energy, water and transportation sectors. It will also work to raise the level of readiness for a cyber attack against the country and create a process for reporting, escalating and monitoring security incidents.

From next year, SITSA will hold regular exercises to practice its response to a cyber attack, Shanmugam said.
Our Country
--------------------------------
"A leader is best when people barely know he exists, when his work is done, his aim fulfilled, they will say: We did it ourselves."   - Lao Zi (老子)
-------------------------------------------
"Courage is going from failure to failure without losing enthusiasm."
- Winston Churchill

Offline milnews.ca

  • Info Curator, Baker & Food Slut
  • Directing Staff
  • Army.ca Relic
  • *
  • 405,005
  • Rate Post
  • Posts: 21,390
    • MILNEWS.ca-Military News for Canadians
Cyber-Marines Who Won't Have to Deploy?
« Reply #8 on: October 13, 2010, 21:51:23 »
Interesting concept, from Marine Corps Times:
Quote
Marines pride themselves on being expeditionary, but a new career path could keep some of them at home, in front of a computer, for their entire time in the Corps.

Plans are in the works for a potential slate of new careers and enticements that would build a cadre of specialized computer warfare technicians who wouldn’t necessarily need to branch out to get promoted, the top general responsible for cyberwarfare told House lawmakers Sept. 23.

Lt. Gen. George Flynn, deputy commandant for combat development and integration, told a House Armed Services Committee panel that tomorrow’s cyber-Marines could essentially spend their entire careers without deploying, instead taking recruiting duty or other jobs.

“One thing that we have to take a look at is, once you get somebody schooled in this area and they become an effective operator, they need to stay in it. And so we’re going to have to take a look at career progression [in which it] isn’t going to be acceptable to somebody not to have to go out of occupational specialty assignment to get promoted,” Flynn said. “This may be the case where, once you’re in cyber, you never leave the cyber, something like we do with some of our special operations units.”

Although Flynn had few specifics for what Marine officials could be cooking up, he did mention that cyber-Marines could have longer enlistments, of which about two years would be spent just in training, and there may be special bonuses or other lures to keep them in the force ....
If they're supporting Marines, shouldn't they have to know how Marines do their jobs outside CONUS?  Maybe I'm a dinosaur, but I can't see how it wouldn't create a two-tier Corps.
“The risk of insult is the price of clarity.” -- Roy H. Williams

The words I share here are my own, not those of anyone else or anybody I may be affiliated with.

Tony Prudori
MILNEWS.ca - Twitter

Offline TimBit

  • Full Member
  • *****
  • 16,285
  • Rate Post
  • Posts: 404
Re: Cyber-Marines Who Won't Have to Deploy?
« Reply #9 on: October 14, 2010, 11:52:54 »
Out of curiosity, would you support it more for any of the three other services?

The only other option, really, is to heed the advice from some US Cyber Command senior officers and create a 5th service:

http://www.homelandsecuritynewswire.com/us-cyber-command-will-not-go-operational-today-planned

Offline milnews.ca

  • Info Curator, Baker & Food Slut
  • Directing Staff
  • Army.ca Relic
  • *
  • 405,005
  • Rate Post
  • Posts: 21,390
    • MILNEWS.ca-Military News for Canadians
Re: Cyber-Marines Who Won't Have to Deploy?
« Reply #10 on: October 14, 2010, 12:08:56 »
Out of curiosity, would you support it more for any of the three other services?
For the same reason, I'm leery about the idea elsewhere, too.  While the service rendered may be just as valuable (hell, could even be a one alternative for wounded warriors who can't deploy), those who would have to deploy wouldn't be wild about it.  That said....
The only other option, really, is to heed the advice from some US Cyber Command senior officers and create a 5th service:
http://www.homelandsecuritynewswire.com/us-cyber-command-will-not-go-operational-today-planned
.... I guess the alternative would be even more unruly, given the (at least potential) duplication of top-end stuff that I'm guessing comes with creation of new services.
“The risk of insult is the price of clarity.” -- Roy H. Williams

The words I share here are my own, not those of anyone else or anybody I may be affiliated with.

Tony Prudori
MILNEWS.ca - Twitter

Online GAP

  • Semper Fi
  • Army.ca Subscriber
  • Army.ca Legend
  • *
  • 204,940
  • Rate Post
  • Posts: 12,878
Re: Cyber-Marines Who Won't Have to Deploy?
« Reply #11 on: October 14, 2010, 12:28:49 »
The Marines operate on the premise that all Marines are Grunts first and are taught that right from basic....so, some exposure to the various combat branches, in addition to their initial training and requals every year, should give enough exposure to allow the cyber guys/gals operating assistance capability....along with experienced command for touchy situations....
Two things are infinite: the universe and human stupidity; and I´m not so sure about the universe

Offline TimBit

  • Full Member
  • *****
  • 16,285
  • Rate Post
  • Posts: 404
Re: Cyber-Marines Who Won't Have to Deploy?
« Reply #12 on: October 14, 2010, 12:53:59 »
For the same reason, I'm leery about the idea elsewhere, too.  While the service rendered may be just as valuable (hell, could even be a one alternative for wounded warriors who can't deploy), those who would have to deploy wouldn't be wild about it.  That said........ I guess the alternative would be even more unruly, given the (at least potential) duplication of top-end stuff that I'm guessing comes with creation of new services.

The wounded warrior is exactly why this won't work. Cyber warfare is complicated and takes years to learn even for compu sci graduates. You can't just take a grunt and pop him in front of a computer and expect he will excel. Would you have an injured infantry soldier fly rescue helicopters because he can't run with a backpack anymore? Different jobs, different skill sets, different recruits. You can be re-trained, sure, but the future of cyber means you need to attract a special type who is computer literate and attracted to this job. I work in cyber, and I sure as hell don't want someone who dreams of shooting pop-up targets all day long when we talk shop. I agree 100% that there needs to be a specialist trade. Now, should they be deployable? Why? But then, were ICBM crews deployable? No. I think the Air Force is the way to go with Space Ops and Missile Ops already pretty much a ConUS environment.

Offline milnews.ca

  • Info Curator, Baker & Food Slut
  • Directing Staff
  • Army.ca Relic
  • *
  • 405,005
  • Rate Post
  • Posts: 21,390
    • MILNEWS.ca-Military News for Canadians
Re: Cyber-Marines Who Won't Have to Deploy?
« Reply #13 on: October 14, 2010, 13:18:46 »
The wounded warrior is exactly why this won't work. Cyber warfare is complicated and takes years to learn even for compu sci graduates. You can't just take a grunt and pop him in front of a computer and expect he will excel. Would you have an injured infantry soldier fly rescue helicopters because he can't run with a backpack anymore? Different jobs, different skill sets, different recruits.
True dat - that's why it may be one alternative for some (especially, as you say, given the nature of the training beast).

Now, should they be deployable? Why? But then, were ICBM crews deployable? No. I think the Air Force is the way to go with Space Ops and Missile Ops already pretty much a ConUS environment.
Never thought of that as an analogy....  Based on that, the USAF could be the place to put it, given its experience in (what I'm guessing would be) similar working environments.
“The risk of insult is the price of clarity.” -- Roy H. Williams

The words I share here are my own, not those of anyone else or anybody I may be affiliated with.

Tony Prudori
MILNEWS.ca - Twitter

Offline 57Chevy

    widower.

  • Army.ca Veteran
  • *****
  • 36,405
  • Rate Post
  • Posts: 1,317
U.S. sees "huge" cyber threat in the future
« Reply #14 on: November 16, 2010, 18:08:49 »
I'm pretty sure the cyber threat mentioned applies here also ::)
One only has to look at
Symantec Threat Monitor, powered by DeepSight
to have an idea of what is going on out there :nod:
                  _____________________________________________________________

article link

WASHINGTON - The United States faces a major threat in the future from cyber technologies that will require civil-military co-ordination to shield networks from attack, Defense Secretary Robert Gates said on Tuesday.

"I think there is a huge future threat. And there is a considerable current threat," Gates told The Wall Street Journal CEO Council. "And that's just the reality that we all face."

The U.S. Defense Department estimates that over 100 foreign intelligence organizations have attempted to break into U.S. networks. Every year, hackers also steal enough data from U.S. government agencies, businesses and universities to fill the U.S. Library of Congress many times over, officials say.

The Pentagon's biggest suppliers — including Lockheed Martin Corp., Boeing Co and Northrop Grumman Corp. — are investing in the growing market for cyber technology, estimated at up to $140 billion a year worldwide.

Gates said the U.S. military had made considerable progress protecting its own sites and was working with its private-sector partners "to bring them under that umbrella."

But how to allow Pentagon know-how to be applied to protecting domestic infrastructure can be tricky for legal reasons, including fear of violating civil liberties.

"The key is the only defense that the United States has against nation-states and other potential threats in the cyber-world is the National Security Agency," Gates said, referring to the super-secretive Defense Department arm that shields national security information and networks, and intercepts foreign communications.

"You cannot replicate the National Security Agency for domestic affairs. There isn't enough money. There isn't enough time. And there isn't enough human talent."

Last month, President Barack Obama's administration announced steps to allow greater co-operation between the NSA and the Department of Homeland Security. That includes stationing the DHS' privacy, civil liberties and legal personnel at the NSA.

"So you have the domestic security agency, DHS, being able to reach into NSA in a real-time way to get the kind of protection we need," Gates said.

"And my hope is that over time that will lead to better protections for both '.gov' and '.com.'"

                           (Reproduced under the Fair Dealings provisions of the Copyright Act)




Offline 57Chevy

    widower.

  • Army.ca Veteran
  • *****
  • 36,405
  • Rate Post
  • Posts: 1,317
Re: U.S. sees "huge" cyber threat in the future
« Reply #15 on: November 18, 2010, 18:23:35 »
NATO mobilizes for cyber warfare

BRUSSELS - In 1989, before the Internet revolution, Suleyman Anil was the lone man in charge of the security of NATO’s IT system, armed with a single computer.

Two decades later, with the threat of cyber attacks on the rise, Anil oversees two teams tasked with protecting the networks of the alliance’s political headquarters in Brussels and operations command in Mons, Belgium.

The threat is constant, with as many as 100 attempted cyber attacks on NATO every day, but it could take just "one in a day to be dangerous," said Anil, a Turkish IT expert who heads NATO’s Cyber Defence and Countermeasures Branch.

NATO leaders meeting at a summit in Lisbon on Friday and Saturday will enshrine cyber security as one of the 28-nation alliance’s priorities when they endorse a "strategic concept" to guide its strategy for the next decade.

A message seen on a computer in a NATO office makes the threat clear: "Computer viruses pose a risk to our organisation, varying from anonymous to outright dangerous."

The warning seeks to discourage employees from using USB keys, which can serve as a Trojan horse to plant viruses. But such worms are not the only threat.

The vulnerability of its servers to "professional" and "amateur" hackers was highlighted in 1999 when Serbs flooded NATO with thousands of emails to protest the alliance’s bombing campaign in Kosovo, Anil said.

The turning point for NATO came at a summit in Prague in 2002, when leaders asked NATO to improve the security of its computer networks, he told AFP in an interview.

Cyber warfare is one of five sections within a new NATO division against emerging security threats that was created in August.

A costly cyber strike against Estonia in 2007 and the Stuxnet computer worm attack in Iran this year gave new urgency to the need to protect networks.

Following the attack on the Baltic NATO member, the alliance established a research and development centre in Tallin called the Cooperative Cyber Defence Centre of Excellence.

It also decided to establish a rapid reaction team that would be deployed to help any NATO member following a cyber attack.

Although NATO has taken huge strides towards cyber security, it still has work to do.

The transatlantic military organisation will have to wait until 2013 to have 100 percent protection coverage for all its structure following a programme that was launched five years ago.

"We are not yet at the level where we would like to be," Anil said.

There are also legal challenges to linking up cyber defences between allied nations.

Since last year, NATO has signed a memorandum of understanding with seven alliance members on data sharing and procedures to follow in case of a cyber attack. Four other nations will follow suit.

US Admiral James Stavridis, the Supreme Allied Commander Europe, noted earlier this year the difficulty of governing cyberspace, comparing it to the 10 years it took to establish an international law of the sea.

Meanwhile, the alliance is gearing up for cyberwarfare.

Last year, the United States created its own Cyber Command to respond to computer threats and launch its own offensives.

NATO is in the midst of its third cyber defence exercise since 2008 which began Tuesday and ends Thursday. It involves 24 of 28 alliance members plus Austria.

The "Cyber Coalition 2010" exercise simulates "multiple simultaneous cyber attacks" against NATO and alliance members to test their strategic decision-making process.
 article link
                          (Reproduced under the Fair Dealings provisions of the Copyright Act)

Offline 57Chevy

    widower.

  • Army.ca Veteran
  • *****
  • 36,405
  • Rate Post
  • Posts: 1,317
Re: U.S. sees "huge" cyber threat in the future
« Reply #16 on: November 24, 2010, 00:22:31 »
China 'hijacked' Internet to divert government and military data

China "hijacked" 15 per cent of the world's Internet traffic earlier this year, according to a report to the U.S. Congress, in what could be a new form of cyber terrorism.

A state-run telecoms firm is accused of diverting traffic including data from U.S. military and government websites, and some in Britain, via Chinese servers.

Experts fear that the authorities could have carried out "severe malicious activities" as a result of the 18-minute operation, even harvesting sensitive data from emails or implanting viruses in computers worldwide.

The report by the U.S.-China Economic and Security Review Commission says it raises the prospect that China might seek to "assert some level of control over the Internet".

Carolyn Bartholomew, vice-chairman of the commission, said Chinese efforts to penetrate U.S. networks were becoming more sophisticated, adding: "The massive scale and the extensive intelligence and reconnaissance components of recent high-profile, China-based computer exploitations suggest that there continues to be some level of state support for these activities."

It is the latest sign that governments are apparently seeking to attack computer networks or defend themselves from such attacks.

The U.S. military has a Cyber Command, while Israel is suspected of being behind a computer worm that may have damaged Iran's nuclear facilities. Earlier this year, Google said that Chinese hackers had tried to access the email accounts of human rights activists in the country, while the government has blocked popular websites such as Wikipedia and BBC News.

The new report provides previously unpublished details about a suspected "hijack" of almost one-seventh of Internet traffic. The report said it was unclear whether the incident was intentional, but added that "computer security researchers have noted that the capability could enable severe malicious activities".

The attack took advantage of the way that data are sent via computer servers. When an Internet user in, for example, California wants to look at a website based in Texas, the data make several "hops" on the way via servers.

Data are meant to travel by the most efficient route, but this can be manipulated as servers in China can suddenly announce that they provide the quickest route.

For 18 minutes on April 8, the state-owned China Telecom advertised "erroneous" network routes which led to traffic for 15 per cent of all Internet destinations being sent via servers in China.

These involved U.S. websites covering the Senate, army, navy, marine corps and Nasa as well as companies such as Microsoft, IBM and Yahoo. A handful of websites based in Britain were also affected.

Wang Yongzhen, a senior press official with China Telecom, said: "China Telecom has never done such an act."

                          (Reproduced under the Fair Dealings provisions of the Copyright Act)







Offline 57Chevy

    widower.

  • Army.ca Veteran
  • *****
  • 36,405
  • Rate Post
  • Posts: 1,317
Re: Cyber attacks/defence/incdents (merged)
« Reply #17 on: November 25, 2010, 08:49:30 »
Iran Suspends Nuclear Enrichment;Stuxnet Virus Suspected

Major technical problems in Iran's nuclear program have forced the temporary shutdown of thousands of centrifuges enriching uranium at Iran's Natanz plant, diplomats told The Associated Press on Monday.

 The diplomats said the problems have caused Iranian experts to “briefly power down” the machines they use for enrichment.
 
The sources said they did not have further details but suspicions focused on the Stuxnet worm, the computer virus which has recently plagued Iran's nuclear program, and is believed by many observers to have been unleashed by the US or Israel.
 
Experts said last week that the Stuxnet worm was designed to destroy centrifuges by sending them spinning out of control.
 
“There have been hints that the program is beset by technical problems,” AP reported. “Even a brief shutdown of the thousands of enriching machines would be the strongest documentation to date that the program – Iran's nuclear cornerstone and a source of national pride – is in trouble.”
article continues here
             _________________________________________________________________


The Stuxnet worm at war in Iran


The intrigue and mystery read like the stuff of a spy novel, updated for the digital age.

There’s theories of state-sponsored sabotage, coded biblical messages, and a real computer worm called Stuxnet.

Security experts around the globe have unearthed evidence that Stuxnet was able to penetrate industrial plants in Iran and may have been deliberately crafted to destabilize that country’s controversial nuclear-enrichment operations.
                     __________________________________________________________

And in China: (other thread link, reply 1506)
Malware that infected Iran's nuclear industry has now infected Chinese industry as well.
              __________________________________________________________________
What is the Stuxnet worm?

Stuxnet (wikipedia)
Stuxnet is a Windows-specific computer worm first discovered in June 2010 by VirusBlokAda, a security firm based in Belarus. Stuxnet does not affect GNU/Linux or Unix operating systems such as BSD. It is the first discovered worm that spies on and reprograms industrial systems,[1] the first to include a programmable logic controller (PLC) rootkit,[2] and the first to target critical industrial infrastructure.[3] It was specifically written to attack Supervisory Control And Data Acquisition (SCADA) systems used to control and monitor industrial processes.[4] Stuxnet includes the capability to reprogram the PLCs and hide its changes.[5]

The worm's probable target has been said to have been high value infrastructures in Iran using Siemens control systems.[6][7] According to news reports the infestation by this worm might have damaged Iran's nuclear facilities in Natanz[8][9] and eventually delayed the start up of Iran's Bushehr Nuclear Power Plant.[10] Siemens has stated, however, that the worm has not in fact caused any damage.[11]

Russian digital security company Kaspersky Labs released a statement that described Stuxnet as "a working and fearsome prototype of a cyber-weapon that will lead to the creation of a new arms race in the world." Kevin Hogan, Senior Director of Security Response at Symantec, noted that 60% of the infected computers worldwide were in Iran, suggesting its industrial plants were the target.[12] Kaspersky Labs concluded that the attacks could only have been conducted "with nation-state support", making Iran the first target of real cyberwarfare
                __________________________________________________________
                         (Reproduced under the Fair Dealings provisions of the Copyright Act)

Offline Thucydides

  • Army.ca Legend
  • *****
  • 182,525
  • Rate Post
  • Posts: 13,206
  • Freespeecher
Re: Cyber attacks/defence/incdents (merged)
« Reply #18 on: November 30, 2010, 10:18:59 »
More on the worm and the alleged damage it has done to the Iranian nuclear program:

http://nextbigfuture.com/2010/11/stuxnet-is-game-changing-weaponized.html#more

Quote
Stuxnet is a game changing weaponized computer virus

Intelligence agencies, computer security companies and the nuclear industry have been trying to analyze the worm since it was discovered in June by a Belarus-based company that was doing business in Iran. And what they've all found, says Sean McGurk, the Homeland Security Department's acting director of national cyber security and communications integration, is a “game changer.”

UPDATE: Iran admits that there was cyber attack and there was an effect on their centrifuges. Iran is trying to downplay the effects Also, car bombs killed a top Iranian nuclear scientist in Tehran and wounded another.

    The construction of the worm was so advanced, it was “like the arrival of an F-35 into a World War I battlefield,” says Ralph Langner, the computer expert who was the first to sound the alarm about Stuxnet. Others have called it the first “weaponized” computer virus.

    Simply put, Stuxnet is an incredibly advanced, undetectable computer worm that took years to construct and was designed to jump from computer to computer until it found the specific, protected control system that it aimed to destroy: Iran’s nuclear enrichment program.

    The worm was designed not to destroy the plants but to make them ineffective. By changing the rotation speeds, the bearings quickly wear out and the equipment has to be replaced and repaired. The speed changes also impact the quality of the uranium processed in the centrifuges creating technical problems that make the plant ineffective,” he explained.

    In other words the worm was designed to allow the Iranian program to continue but never succeed, and never to know why.

    At Natanz, for almost 17 months, Stuxnet quietly worked its way into the system and targeted a specific component -- the frequency converters made by the German equipment manufacturer Siemens that regulated the speed of the spinning centrifuges used to create nuclear fuel. The worm then took control of the speed at which the centrifuges spun, making them turn so fast in a quick burst that they would be damaged but not destroyed. And at the same time, the worm masked that change in speed from being discovered at the centrifuges' control panel.

    At Bushehr, meanwhile, a second secret set of codes, which Langner called “digital warheads,” targeted the Russian-built power plant's massive steam turbine.

    Here's how it worked, according to experts who have examined the worm:

    --The nuclear facility in Iran runs an “air gap” security system, meaning it has no connections to the Web, making it secure from outside penetration. Stuxnet was designed and sent into the area around Iran's Natanz nuclear power plant -- just how may never be known -- to infect a number of computers on the assumption that someone working in the plant would take work home on a flash drive, acquire the worm and then bring it back to the plant.

    --Once the worm was inside the plant, the next step was to get the computer system there to trust it and allow it into the system. That was accomplished because the worm contained a “digital certificate” stolen from JMicron, a large company in an industrial park in Taiwan. (When the worm was later discovered it quickly replaced the original digital certificate with another certificate, also stolen from another company, Realtek, a few doors down in the same industrial park in Taiwan.)

    --Once allowed entry, the worm contained four “Zero Day” elements in its first target, the Windows 7 operating system that controlled the overall operation of the plant. Zero Day elements are rare and extremely valuable vulnerabilities in a computer system that can be exploited only once. Two of the vulnerabilities were known, but the other two had never been discovered. Experts say no hacker would waste Zero Days in that manner.

    --After penetrating the Windows 7 operating system, the code then targeted the “frequency converters” that ran the centrifuges. To do that it used specifications from the manufacturers of the converters. One was Vacon, a Finnish Company, and the other Fararo Paya, an Iranian company. What surprises experts at this step is that the Iranian company was so secret that not even the IAEA knew about it.

    --The worm also knew that the complex control system that ran the centrifuges was built by Siemens, the German manufacturer, and -- remarkably -- how that system worked as well and how to mask its activities from it.

    --Masking itself from the plant's security and other systems, the worm then ordered the centrifuges to rotate extremely fast, and then to slow down precipitously. This damaged the converter, the centrifuges and the bearings, and it corrupted the uranium in the tubes. It also left Iranian nuclear engineers wondering what was wrong, as computer checks showed no malfunctions in the operating system.

    Estimates are that this went on for more than a year, leaving the Iranian program in chaos. And as it did, the worm grew and adapted throughout the system. As new worms entered the system, they would meet and adapt and become increasingly sophisticated.

    During this time the worms reported back to two servers that had to be run by intelligence agencies, one in Denmark and one in Malaysia. The servers monitored the worms and were shut down once the worm had infiltrated Natanz. Efforts to find those servers since then have yielded no results.

    This went on until June of last year, when a Belarusan company working on the Iranian power plant in Beshehr discovered it in one of its machines. It quickly put out a notice on a Web network monitored by computer security experts around the world. Ordinarily these experts would immediately begin tracing the worm and dissecting it, looking for clues about its origin and other details.

    But that didn’t happen, because within minutes all the alert sites came under attack and were inoperative for 24 hours.

    “I had to use e-mail to send notices but I couldn’t reach everyone. Whoever made the worm had a full day to eliminate all traces of the worm that might lead us them,” Eric Byers, a computer security expert who has examined the Stuxnet. “No hacker could have done that.”

    Experts, including inspectors from the International Atomic Energy Agency, say that, despite Iran's claims to the contrary, the worm was successful in its goal: causing confusion among Iran’s nuclear engineers and disabling their nuclear program.

    Because of the secrecy surrounding the Iranian program, no one can be certain of the full extent of the damage. But sources inside Iran and elsewhere say that the Iranian centrifuge program has been operating far below its capacity and that the uranium enrichment program had “stagnated” during the time the worm penetrated the underground facility. Only 4,000 of the 9,000 centrifuges Iran was known to have were put into use. Some suspect that is because of the critical need to replace ones that were damaged.

    The efforts by the Iranians to cleanse Stuxnet from their system “will probably take another year to complete,” and during that time the plant will not be able to function anywhere normally.
Dagny, this is not a battle over material goods. It's a moral crisis, the greatest the world has ever faced and the last. Our age is the climax of centuries of evil. We must put an end to it, once and for all, or perish - we, the men of the mind. It was our own guilt. We produced the wealth of the world - but we let our enemies write its moral code.

Offline 57Chevy

    widower.

  • Army.ca Veteran
  • *****
  • 36,405
  • Rate Post
  • Posts: 1,317
Re: Cyber attacks/defence/incdents (merged)
« Reply #19 on: December 08, 2010, 07:58:23 »
'Cry Stuxnet And Let Slip The Dogs Of War?' The Potentially Deadly Viruses Of Cyber Warfare

The most recent battle in the New Cold War is being waged as you read this. It is a battle over nuclear weapons.

 Claiming that more than 30,000 of their computers have been compromised by a nasty piece of malware dubbed Stuxnet, the Iranians say that electronic warfare is being waged against their state. Considered by many experts to be the best cyber virus ever, the Stuxnet virus plaguing Iran is a complex piece of malware-a short term for "malicious software," created to infiltrate surreptitiously and take control of certain aspects of a computer system.

Michael Scheidell, Chief Technology Officer of SECNAP Network Security and a nationally recognized expert on cyber-infrastructure security, acknowledges that "Stuxnet's complexity, multi-layered design, and range of technically disparate elements suggest that a large, well-funded team is responsible for its creation-possibly a nation-state. Some analysis also points to a highly specific target-a nuclear plant in Iran. So you could conclude that a powerful entity, organization or country created Stuxnet in retaliation against Iran. We may find another scenario at the end of the day, but this one looks good, given what we know now."

As the world becomes increasingly interconnected and reliant on computers to run everything from our coffeemakers to our nuclear plants, cyberspace has emerged as the fifth domain of warfare, after Land, Sea, Air, and Space.

A cyberattack launched by one nation against another raises many questions. After a cyberattack, will there be retaliation? In what form: Another cyberattack? A more traditional military attack or an asymmetrical terror attack?

What of treaties? NATO's lynchpin is that an attack on one member is an attack on all members. If a member of NATO is harmed via cyber-attack, does it trigger the obligation of fellow NATO members to declare war? The implications of cyber warfare are grave.

STUXNET: A POWERFUL, INDUSTRIAL-GRADE VIRUS

Stuxnet focuses on Supervisory Control and Data Acquisition (SCADA) systems which control the processes in many industrial and factory settings. Though it was first developed more than a year ago, Stuxnet was discovered in July 2010, when a Belarus-based security company found the worm on computers belonging to an Iranian client.

The Stuxnet virus is initially installed on a Microsoft workstation via the use of a USB memory stick, after which it immediately begins to search for a workstation running Siemens SIMATIC WinCC software.

Siemens, which boasts on its website that it is a "global powerhouse in the industry, energy and healthcare sectors," is the manufacturer of the software that Stuxnet targets. Siemens will not confirm how many customers it has in Iran. However, earlier this year, Siemens said it planned to wind down its Iran

ian business-a 290-employee unit that netted $562.9 million in 2008, according to the Wall Street Journal. Critics say the company's trade there has helped feed Iran's nuclear development effort in spite of the U.S. embargo on Iran.

Stuxnet is highly complex malware that is capable of infecting equipment isolated from the Internet and which targets industrial processes employed in the energy, transportation and healthcare sectors. It specifically, targets the systems of a single manufacturer criticized for assisting Iran in its nuclear development efforts.

The suspicions of a pre-emptive military fifth domain attack may or may not be true, but they are certainly not far-fetched.

THE CONVERGENCE OF TECHNOLOGY

Two decades ago, in an attempt to save money in the growing software-based process control and automation industry, companies began to explore the logistics, implications and benefits of converging the pathways that control desktops, servers and industrial equipment. Stuxnet takes advantage of the inherent flaws in this convergence strategy.

One of the flaws in convergence is the introduction of USB Memory Sticks (the same ones you may carry on your keychain) to the factory floor. Industrial equipment rarely has USB ports, but because of convergence these devices, which now share networks with office-grade equipment, are integrated (knowingly or unknowingly) with desktop computers. As a result of this convergence, power plants, pipeline networks, refineries, mass transit, high-rise HVAC, elevator systems, water and sewage plants, grain elevators, communications networks and other large-scale SCADA applications are susceptible to USB stick-borne viruses, even if the network is completely isolated from the Internet.

Stuxnet leveraged the widespread appeal of convergence to infiltrate factories and, perhaps, nuclear facilities.

IT'S ALL CONNECTED

The world is crisscrossed by networks of wires, cables, waves, pulses and signals. The computer systems that operate this world are all around us, yet just under the surface. Driven to design simplicity and ease of use into most systems, developers have learned to cleverly disguise the fact that you are even using a computer. But computers they are, in every imaginable size, supporting every conceivable application-and it is all connected. Just consider:
Smartphones, laptops, mobiles, desktops
ATMs, store barcode scanners, credit card swipe machines
Telephone systems, television systems
High-rise elevator and HVAC system controls
Ordering systems, payment systems, money moving systems
Factory production systems, assembly lines
Food processing and packaging systems
City water systems, sewage systems, rail lines, traffic signals
Electric and gas utility processing/production and distribution

Imagine these systems infiltrated by malware, crashing, rendered useless, at least temporarily. The data grid falls. The power grid falls. The communication grid fails. The transportation grid fails. Imagine the potential for panic-financial and otherwise-in the face of cascading network failures.

FIRST CYBERATTACK OF THE NEW COLD WAR

The first shots in the cyberspace Cold War were fired by the Russians against Estonia and Georgia in 2007 and 2008. At that time, the cyber infrastructure in Georgia was suffering from the type of cascading system failure described above. This took place as Russian tanks were advancing across the Caucasus in 2008.

Perhaps it was a coincidence. We have never been able to trace the cyber denial of service (DoS) attacks directly back to the Russians. Regardless, due to widespread system failure the established government in Georgia was unable to coordinate any defense, and was isolated from the rest of the world to gain assistance.

Destabilizing a nation's cyber-infrastructure is not an exact science. The results are not foreseeable or controllable necessarily. And neither is the potential for retaliation. However, forcing a nation-state into chaos without an identifiable adversary is a perfect tool for the asymmetric attacks of terrorists. There is little lead time. There is little chatter. Assembling the devices necessary rarely requires embargoed or highly regulated materials.

Was the United States or its allies behind the Stuxnet virus? We may never know. But we are no less a combatant in the New Cold War. The damage threatened in this war is tremendous to our country and way of life. We must continue to exert our influence in all domains-not only air, sea, land and space-but cyberspace as well.

U.S. DEFENSE AGAINST CYBER WARFARE

Our vulnerabilities are considerable in this country. But so are our defenses and our resilience. Despite economic woes, the Department of Homeland Security is spending significantly to bolster critical infrastructure. Rules regulating private industry are being revamped to require strong defenses of critical processes and data. These reforms are also being pushed by private industry, healthcare, the accounting and legal professions, and the financial industry. Federal regulation and those who enforce and interpret it are assisting our industries in bolstering their defenses.

As the most computer-reliant country in the world, the United States recognizes the threat posed by cyber warfare.

Twenty-five percent of all malware discovered this year is propagated through the use of USB sticks. Given the flaws of convergence, and the prevalence of USBs, it is not surprising that the Pentagon and Central Command were "hacked" via USB-borne malware in 2008. Since that time, the military has substantially bolstered its cyber defenses. The Federal Government has likewise taken giant steps in bolstering cyber security for non-military branches of government.

However, our government currently takes no official role in protecting private business and, outside of Homeland Security dollars, assumes no acknowledged role in protecting critical quasi-government infrastructure-such as power plants, pipeline networks, refineries, communications networks and other large-scale applications.

Cyber Command Chief General Keith Alexander has confirmed publicly that Cyber Command does not work with private industry. Recently, however, Alexander's position seems to be morphing toward a more robust government involvement in protecting strategic infrastructure such as water, gas and electricity. The Cyber Command Chief envisions a team approach to security involving the Department of Defense, the Department of Homeland Security and the FBI. The FBI would investigate computer hacking, Homeland Security would work with industry and other critical areas. Alexander has emphasized that it will be critical for private industry and contractors to be involved if the proposed program is to be effective.

History is rife with the stories of new technologies that turned the tide in favor of one side in warfare. You don't need to look back to the Longbow's effect on the Hundred Year's War in the 1400s for examples. You don't even need to look back to World War II. The technology-driven unmanned drone program currently in use in Iraq and Afghanistan is exceedingly effective. The best technology often wins wars. And we are a nation at war. The responsibility to defend our nation is ours, on all fronts.

                       (Reproduced under the Fair Dealings provisions of the Copyright Act)

 


Offline 57Chevy

    widower.

  • Army.ca Veteran
  • *****
  • 36,405
  • Rate Post
  • Posts: 1,317
Re: Cyber attacks/defence/incdents (merged)
« Reply #20 on: December 19, 2010, 06:57:49 »
'Stuxnet virus set back Iran’s nuclear program by 2 years'
article link
Top German computer consultant tells 'Post' virus was as effective as military strike, a huge success; expert speculates IDF creator of virus.

The Stuxnet virus, which has attacked Iran’s nuclear facilities and which Israel is suspected of creating, has set back the Islamic Republic’s nuclear program by two years, a top German computer consultant who was one of the first experts to analyze the program’s code told The Jerusalem Post on Tuesday.

“It will take two years for Iran to get back on track,” Langer said in a telephone interview from his office in Hamburg, Germany. “This was nearly as effective as a military strike, but even better since there are no fatalities and no full-blown war. From a military perspective, this was a huge success.”

article continues....
                         (Reproduced under the Fair Dealings provisions of the Copyright Act)

 to add related thread:
U.S. sees "huge" cyber threat in the future
« Last Edit: December 19, 2010, 07:04:43 by 57Chevy »

Offline 57Chevy

    widower.

  • Army.ca Veteran
  • *****
  • 36,405
  • Rate Post
  • Posts: 1,317
Re: Cyber attacks/defence/incdents (merged)
« Reply #21 on: December 29, 2010, 16:53:16 »
 Iran's nuclear ambition is dented:

Iran no longer has the capability to create a nuclear weapon on its own, Israel's deputy prime minister, said Wednesday.

The assessment would seem to make military action less likely in the near future and suggests the program has been seriously damaged by sabotage, sanctions or both.

It lends weight to the theory that a highly sophisticated computer worm, called Stuxnet, was inserted last year into Iran's uranium enrichment program and forced the replacement of 1,000 uranium enrichment centrifuges by making them spin too fast and, therefore, break.

Previously, reports had suggested the regime may have been able to build a bomb in about a year.

Moshe Yaalon said Western pressure would force Iran to consider whether its nuclear program was worth pursuing. "I believe that this effort will grow, and will include areas beyond sanctions, to convince the Iranian regime that, effectively, it must choose between continuing to seek nuclear capability and surviving," he told Israeli radio.

"I don't know if it will happen in 2011 or in 2012, but we are talking in terms of the next three years."

Analysts say Stuxnet was so complex it was probably written by a "state actor" rather than an amateur hacker.

article limk

                        (Reproduced under the Fair Dealings provisions of the Copyright Act)


Offline 57Chevy

    widower.

  • Army.ca Veteran
  • *****
  • 36,405
  • Rate Post
  • Posts: 1,317
Re: Cyber attacks/defence/incdents (merged)
« Reply #22 on: January 04, 2011, 21:05:51 »
Canada ill-prepared for attacks on critical energy infrastructure: Study
article link

OTTAWA — Nearly a decade after the 9/11 attacks, Canada still hasn't developed a reliable strategy for protecting such critical energy infrastructure as refineries, power plants and offshore petroleum platforms, according to a new study commissioned by the Defence Department.

Inaction by the federal government has left key energy assets vulnerable to a range of threats, from terrorism and natural disasters to the emerging danger of a cyberattack, says the study quietly released last month but now reported for the first time by Postmedia News.

An attack that disrupts or damages energy infrastructure would not only have major social and economic impacts, but could also stoke "cross-border tensions" with the United States, which looks to Canada as a dependable supplier within increasingly integrated North American energy markets.

"The protection and resilience of critical infrastructure have often been described as major priorities for the government, yet the reality appears rather different from the rhetoric," writes Angela Gendron, a senior fellow at the Canadian Centre of Intelligence and Security Studies at Carleton University in Ottawa. Her study was commissioned by Defence R&D Canada, the research arm of the Department of National Defence.

Canada urgently needs to develop a national plan — and ideally appoint a central body to enforce it — to replace the patchwork of rules and safeguards currently being implemented by provinces and private industry, Gendron warns.

One of the diplomatic cables recently released by WikiLeaks contains a list compiled by the U.S. State Department of infrastructure around the world that Washington considers critical to American security, economic and public-health interests. Canadian sites include the James Bay hydroelectric power project in Quebec, the Seven-Mile dam in British Columbia, AECL's medical isotope-producing nuclear reactor in Chalk River, Ont., and the network of natural-gas pipelines operated by TransCanada Gas of Calgary.

However, Canada has yet to publicly identify the exact sites it considers critical to the nation's interests.

In the wake of the Sept. 11, 2001 attacks, the federal government created the department of Public Safety and Emergency Preparedness to oversee Canada's national-security efforts.

A Public Safety spokesman noted that the department released a national critical-infrastructure strategy in May that paves the way for the federal government and the provinces to develop and test plans for protecting key sectors. The department has made significant progress in implementing the strategy, such as through the publication of a "risk-management guide" for critical sectors, the spokesman said in an emailed statement.

But Gendron says the strategy is too "reactive" and relies too much on the voluntary participation of the private sector, which has been reluctant to share data with the government.

Energy assets in Canada tend to be concentrated in certain regions of the country and, increasingly, integrated with U.S. distribution networks. While that has worked to Canada's economic advantage, it has also made such assets "high-value" targets for an attack and heightened the potential impact of a natural disaster such as an earthquake.

The domino effect of a major network failure can be crippling, a reality that hit home in the summer of 2003, when problems at a power utility in Ohio left about 50 million people in Ontario and eight U.S. states in the dark. The blackout cost about $6 billion in economic losses.

Gendron notes that al-Qaida has called on its recruits to strike any petroleum interests that supply the U.S. as part of an "economic jihad" against the Americans.

"As both a target in its own right and as a means of striking at American oil dependency, which al-Qaida has identified as America's greatest strategic vulnerability, Canada is susceptible to a major attack," writes Gendron, who says such an attack should be considered a "low probability/high impact" risk.

If terrorists strike, it might not be a direct "physical" attack.

"Much of Canada's critical energy infrastructure and processes are today managed remotely from central control rooms which use computers and communications networks to control the flow of energy supplies (gas, oil, electricity) through pipelines or grids," says Gendron.

That makes modern energy networks vulnerable to cyberattacks that can be even more difficult to deter than conventional threats, according to Gendron.

"Sophisticated state-led cyber espionage or warfare is a serious issue but easier to deter when the adversary is a state with an easily identifiable government and location than when cyberattacks are carried out by surrogates, criminals, terrorists and hackers who cannot readily be traced."

                                (Reproduced under the Fair Dealings provisions of the Copyright Act)




Offline 57Chevy

    widower.

  • Army.ca Veteran
  • *****
  • 36,405
  • Rate Post
  • Posts: 1,317
Re: Cyber attacks/defence/incdents (merged)
« Reply #23 on: January 21, 2011, 18:59:47 »
 good deduction Watson  ;D
______________________________
Western power created virus to sabotage Iran's nuclear plans
The Stuxnet computer virus, which was created to sabotage Iran's nuclear program, was built jointly by at least one Western power and the Israeli secret service, a British security expert claims.

Tom Parker, a U.S.-based security researcher who specialized in tracing cyber attacks, spent months analyzing the Stuxnet code and found evidence that the virus was created by two separate organizations. His evidence supported the claims of intelligence sources that it was a joint, two-step operation.

"It was most likely developed by a Western power, and they most likely provided it to a secondary power, which completed the effort," he said.

The malicious software, which was first detected in June last year, was almost certainly designed to make damaging, surreptitious adjustments to the centrifuges used at Natanz, Iran's uranium enrichment site. While Mahmoud Ahmadinejad, Iran's president, played down its impact, he confirmed that the country's nuclear ambitions had suffered setbacks.

Separate investigations by U.S. experts discovered that Stuxnet worked by increasing the speed of uranium centrifuges to breaking point for short periods. At the same time the virus shut off safety monitoring systems, deceiving operators into thinking that all was normal.

Mr Parker said this part of the attack must have been conceived by "some very talented individuals", and the other by a less talented, or more rushed, group of developers.

The element written by the first group, which was activated after Stuxnet reached its target and was known as the "payload", was complex, well designed and effective, according to Mr Parker's analysis. He believed that this was evidence of the involvement of a major Western power or powers because they had both the expertise and access to the nuclear equipment necessary to test the virus.

In contrast, the way Stuxnet was distributed and its "command and control" features, which allowed it to be remotely altered, included many errors and were poorly protected from surveillance.

"It's a bit like spending billions on a space shuttle and then launching it using the remote control from a pounds 15 toy car," said Mr Parker.

His criticisms of Stuxnet's distribution mechanism were supported by other experts, including Nate Lawson, a computer encryption consultant. "Either the authors did not care if the payload was discovered by the public, they weren't aware of these techniques or they had other limitations, such as time," he said.

Ensuring the virus reached Natanz would have required secret co-operation inside the Iranian nuclear program, a field of state espionage in which Israel's Mossad agency was acknowledged as unrivalled.

— Iran was under pressure on Friday to hold a bilateral meeting with the United States on the first day of talks in Istanbul between the six world powers over its disputed nuclear program, a Western official said.


                               (Reproduced under the Fair Dealings provisions of the Copyright Act)


Offline 57Chevy

    widower.

  • Army.ca Veteran
  • *****
  • 36,405
  • Rate Post
  • Posts: 1,317
Re: Cyber attacks/defence/incdents (merged)
« Reply #24 on: January 21, 2011, 19:11:42 »
poorly protected from surveillance.

Of course....it had to be discovered

this part of the attack must have been conceived by "some very talented individuals", and the other by a less talented, or more rushed, group of developers.

The possible intended discovery after the attack makes both parties more talented than you may think

Offline E.R. Campbell

  • Retired, years ago
  • Army.ca Subscriber
  • Army.ca Myth
  • *
  • 456,180
  • Rate Post
  • Posts: 18,073
Re: Cyber attacks/defence/incdents (merged)
« Reply #25 on: January 21, 2011, 19:15:36 »
It's a bit odd, but my guess is that the "first part," the "payload" which was described as being "complex, well designed and effective [and showed the designers had] both the expertise and access to the nuclear equipment necessary to test the virus" was, likely made in Israel. The placing and execution processes, which "included many errors and were poorly protected from surveillance" smacks of the CIA.
It is ill that men should kill one another in seditions, tumults and wars; but it is worse to bring nations to such misery, weakness and baseness
as to have neither strength nor courage to contend for anything; to have nothing left worth defending and to give the name of peace to desolation.
Algernon Sidney in Discourses Concerning Government, (1698)
----------
Like what you see/read here on Army.ca?  Subscribe, and help keep it "on the air!"

Offline Cloud Cover

  • Army.ca Veteran
  • *****
  • 13,230
  • Rate Post
  • Posts: 3,204
Re: Cyber attacks/defence/incdents (merged)
« Reply #26 on: January 21, 2011, 20:37:13 »
It's a bit odd, but my guess is that the "first part," the "payload" which was described as being "complex, well designed and effective [and showed the designers had] both the expertise and access to the nuclear equipment necessary to test the virus" was, likely made in Israel. The placing and execution processes, which "included many errors and were poorly protected from surveillance" smacks of the CIA.
Placing= installation subroutines which seems to mean they buried it into some other application that was known as a certainty to be installed or more likely an update to existing software.
Poorly protected from surveillance- the encryption was probably somehow compromised, perhaps even the key was in the open or the implementation algorithim was dated.
It is likely they they used a telecommunications spyware company to send the payload, similar to what SS8 and the government of the United Arab Emirates tried to do 2 years  ago to encrypted BlackBerry smartphones. [In the case of SS8, while it worked, the spyware rapidly and simultaneously drained the batteries of tens of thousands of BlackBerry's, thus alerting the users to the fact their devices were constantly forwarding data off the device.]     
You're right. I Never  Met A Motherfucker Quite Like You, or someone as smart as you.  Never ever will, either.

Online SeaKingTacco

  • Army.ca Veteran
  • *****
  • 105,705
  • Rate Post
  • Posts: 4,393
  • Door Gunnery- The Sport of Kings!
Re: Cyber attacks/defence/incdents (merged)
« Reply #27 on: January 21, 2011, 20:47:47 »
A while back I had read (can't remember where) an article where it was speculated that stuxnet was introduced to the area of Iran where the enrichment plant is located, embedded in another piece of common software.  Since Iran maintains an air gap around the computers controlling the centrifuge's (that is to say- totally unconnected to the internet or any other network), the perpetrators simply waited for the natural to happen- someone carried it into work on a stick and infected the control system by accident.

An interesting theory, but it sure leaves a lot to chance.

Offline Cloud Cover

  • Army.ca Veteran
  • *****
  • 13,230
  • Rate Post
  • Posts: 3,204
Re: Cyber attacks/defence/incdents (merged)
« Reply #28 on: January 21, 2011, 21:10:24 »
someone carried it into work on a stick and infected the control system by accident.


We've been given free 8GB media cards, USB sticks, wireless mouses, usb reading lights, usb powered personal fans etc by media companies, journalists, law firms, vendors, telecom companies, recruiters and headhunters etc. We generally regift these in places like India and Saudi Arabia :)   

I was once given a coffee mug which in the bottom held a retractable USB cord to plug in to a computer to keep coffee warm [a java java so to speak.]     When our hardware guy took the mug apart it had not one but 2 microphones, a memory card containing key logging software, and some other malware.   We put it back together, ran it through the dishwasher and sent it back to the TRA a Star of David sticker decal inside it.     
You're right. I Never  Met A Motherfucker Quite Like You, or someone as smart as you.  Never ever will, either.

Offline Hamish Seggie

  • Army.ca Fixture
  • *****
  • 209,777
  • Rate Post
  • Posts: 9,583
  • This is my son Michael, KIA Afghanistan 3 Sep 08
Re: Cyber attacks/defence/incdents (merged)
« Reply #29 on: January 21, 2011, 21:30:58 »
This sounds like Tom Clancy stuff....wow...intriguing....

I'm infantry so anything shiny intrigues me.
Freedom Isn't Free   "Never Shall I Fail My Brothers"

“Do everything that is necessary and nothing that is not".

Offline 57Chevy

    widower.

  • Army.ca Veteran
  • *****
  • 36,405
  • Rate Post
  • Posts: 1,317
Re: Cyber attacks/defence/incdents (merged)
« Reply #30 on: January 21, 2011, 21:59:47 »
We've been given free 8GB media cards, USB sticks, wireless mouses, usb reading lights, usb powered personal fans etc

Photo:
How the stuxnet virus spread

                               (Reproduced under the Fair Dealings provisions of the Copyright Act)


spelling
« Last Edit: January 21, 2011, 22:27:25 by 57Chevy »

Offline 57Chevy

    widower.

  • Army.ca Veteran
  • *****
  • 36,405
  • Rate Post
  • Posts: 1,317
Re: Cyber attacks/defence/incdents (merged)
« Reply #31 on: February 17, 2011, 21:57:40 »
U.N: Iran nuke plant recovered from attack
The Iranian nuclear plant at Natanz recovered quickly from a computer attack that led to major equipment breakdown, the U.N. nuclear watchdog says.

The Washington Post said Wednesday it has obtained a draft copy of a report by the International Atomic Energy Agency in Vienna. The report is expected to say production at the Natanz enrichment plant is now above what it was before the attack.

The plant was attacked by a computer worm, Stuxnet, that appears to have been designed to spread harmlessly from computer to computer until it reached machines configured like those at Natanz. IAEA cameras installed at the plant show that about 10 percent of the centrifuges had to be replaced.

"While it has delayed the Iranian centrifuge program at the Natanz plant in 2010 and contributed to slowing its expansion, it did not stop it or even delay the continued buildup of low-enriched uranium," the Institute for Science and International Security said in the report.
                                                    __________________________
More detailed article:
Iran Nuclear Facility Recovers From Cyberattack
                                   (Reproduced under the Fair Dealings provisions of the Copyright Act)

Photo:
The Siemens Simatic S7-300 PLC CPU a target of the virus

Offline Thucydides

  • Army.ca Legend
  • *****
  • 182,525
  • Rate Post
  • Posts: 13,206
  • Freespeecher
Re: Cyber attacks/defence/incdents (merged)
« Reply #32 on: September 16, 2016, 01:12:08 »
While we have been hearing warnings about possible terrorist or other threat attacks against our infrastructure, this is taking cyberwar to a much higher level. Rather than attacking infrastructure through delivering malware (much like SUXNET was used to temporarily cripple Iranian nuclear ambitions, and how "smart grids" and the Internet of Things" is potentially very vulnerable to hacking), this article suggests the very infrastructure of the Internet itself could be targeted for attack. Workarounds if the Internet is crippled could be difficult to impossible depending on the system:

https://www.schneier.com/blog/archives/2016/09/someone_is_lear.html

Quote
Someone Is Learning How to Take Down the Internet

Over the past year or two, someone has been probing the defenses of the companies that run critical pieces of the Internet. These probes take the form of precisely calibrated attacks designed to determine exactly how well these companies can defend themselves, and what would be required to take them down. We don't know who is doing this, but it feels like a large nation state. China or Russia would be my first guesses.

First, a little background. If you want to take a network off the Internet, the easiest way to do it is with a distributed denial-of-service attack (DDoS). Like the name says, this is an attack designed to prevent legitimate users from getting to the site. There are subtleties, but basically it means blasting so much data at the site that it's overwhelmed. These attacks are not new: hackers do this to sites they don't like, and criminals have done it as a method of extortion. There is an entire industry, with an arsenal of technologies, devoted to DDoS defense. But largely it's a matter of bandwidth. If the attacker has a bigger fire hose of data than the defender has, the attacker wins.

Recently, some of the major companies that provide the basic infrastructure that makes the Internet work have seen an increase in DDoS attacks against them. Moreover, they have seen a certain profile of attacks. These attacks are significantly larger than the ones they're used to seeing. They last longer. They're more sophisticated. And they look like probing. One week, the attack would start at a particular level of attack and slowly ramp up before stopping. The next week, it would start at that higher point and continue. And so on, along those lines, as if the attacker were looking for the exact point of failure.

The attacks are also configured in such a way as to see what the company's total defenses are. There are many different ways to launch a DDoS attack. The more attack vectors you employ simultaneously, the more different defenses the defender has to counter with. These companies are seeing more attacks using three or four different vectors. This means that the companies have to use everything they've got to defend themselves. They can't hold anything back. They're forced to demonstrate their defense capabilities for the attacker.

I am unable to give details, because these companies spoke with me under condition of anonymity. But this all is consistent with what Verisign is reporting. Verisign is the registrar for many popular top-level Internet domains, like .com and .net. If it goes down, there's a global blackout of all websites and e-mail addresses in the most common top-level domains. Every quarter, Verisign publishes a DDoS trends report. While its publication doesn't have the level of detail I heard from the companies I spoke with, the trends are the same: "in Q2 2016, attacks continued to become more frequent, persistent, and complex."

There's more. One company told me about a variety of probing attacks in addition to the DDoS attacks: testing the ability to manipulate Internet addresses and routes, seeing how long it takes the defenders to respond, and so on. Someone is extensively testing the core defensive capabilities of the companies that provide critical Internet services.

Who would do this? It doesn't seem like something an activist, criminal, or researcher would do. Profiling core infrastructure is common practice in espionage and intelligence gathering. It's not normal for companies to do that. Furthermore, the size and scale of these probes -- and especially their persistence -- points to state actors. It feels like a nation's military cybercommand trying to calibrate its weaponry in the case of cyberwar. It reminds me of the US's Cold War program of flying high-altitude planes over the Soviet Union to force their air-defense systems to turn on, to map their capabilities.

What can we do about this? Nothing, really. We don't know where the attacks come from. The data I see suggests China, an assessment shared by the people I spoke with. On the other hand, it's possible to disguise the country of origin for these sorts of attacks. The NSA, which has more surveillance in the Internet backbone than everyone else combined, probably has a better idea, but unless the US decides to make an international incident over this, we won't see any attribution.

But this is happening. And people should know.

This essay previously appeared on Lawfare.com.

EDITED TO ADD: Slashdot thread.

EDITED TO ADD (9/15): Podcast with me on the topic.
Dagny, this is not a battle over material goods. It's a moral crisis, the greatest the world has ever faced and the last. Our age is the climax of centuries of evil. We must put an end to it, once and for all, or perish - we, the men of the mind. It was our own guilt. We produced the wealth of the world - but we let our enemies write its moral code.

Offline MilEME09

  • Army.ca Veteran
  • *****
  • 33,050
  • Rate Post
  • Posts: 1,415
Re: Cyber attacks/defence/incdents (merged)
« Reply #33 on: September 16, 2016, 01:29:30 »
It's just like the internet has two planes of existance, the main stream internet as we know it, and then there is the deep, and dark web. There is much online we don't know about, and much to fear about whos lurking in the dark parts of the internet
"We are called a Battalion, Authorized to be company strength, parade as a platoon, Operating as a section"

Offline Thucydides

  • Army.ca Legend
  • *****
  • 182,525
  • Rate Post
  • Posts: 13,206
  • Freespeecher
Re: Cyber attacks/defence/incdents (merged)
« Reply #34 on: October 22, 2016, 13:49:27 »
The massive cyber attack that took down large internet sites on 21 Oct 2016 could well have been a bonnet attack from unsecured devices on the "Internet of Things". The question is still "who" is behind this?

http://www.popularmechanics.com/technology/infrastructure/a23504/mirai-botnet-internet-of-things-ddos-attack/

Quote
Hackers Wrecked the Internet Using DVRs and Webcams
Hackers Took Down A Huge Chunk Of The Internet This Morning
By Eric Limer
Oct 21, 2016

The internet has been on shaky footing for the better part of Friday thanks to a large-scale attack on a company that runs a large portion of crucial internet infrastructure. It's still too early to know exactly who is behind the attack, but experts have begun to pin down which devices are doing the bulk of the work. It's not computers, but devices from the so-called Internet of Things. We're talking smart fridges, web cams, and DVRs. It may sound funny, being attacked by refrigerators, but don't laugh. It's actually horrifying.

The current assault against Dyn is one of the simplest in a hacker's playbook. The distributed denial of service attack (DDoS) doesn't require breaking into a target's computers or finding any secret weakness. Instead, it involves simply pummeling them with so much traffic they can't possibly keep up. Hackers executing a DDoS call upon millions of machines under their control and command them to ask the target for so many things all at once that the target all but melts down under the strain.

If you visualize it, it looks a little like this:

Executing a DDoS is simple, but only if you have millions of computers at your disposals. These computers—often known as "zombies"—are machines that have been compromised by some sort of virus or malware. This malware doesn't totally disable the computer, but just sits there waiting for the order to attack a target, as part of a swarm called a botnet.

Building a botnet can be a painstaking process. There are plenty of vulnerable computers in the world, but also plenty of people who take reasonably good care of their trusty phone or laptop, protecting it from infection. However, over the past five years or so, the Internet of Things has introduced millions upon millions of newly internet-connected devices—like DVRs and cameras and smart fridges and thermostats—that hackers can add to their swarms with terrifying ease.

The potential problem has been bubbling up for months, but reached a peak earlier this month when the source code for something called the "Mirai" botnet was released onto the web. Designed to target the Internet of Things specifically, Mirai can scoop up connected devices and add them to a botnet simply by attempting to log into them with their factory-default username and password. Have you changed the password on your smart fridge lately? I thought not.

HAVE YOU CHANGED THE PASSWORD ON YOUR SMART FRIDGE LATELY? I THOUGHT NOT.

The Mirai code focuses on all kinds of smart devices including cameras to internet-connected fridges, but its bread and butter is DVRs. Of the nearly 500,000 devices known to be compromised by the Mirai malware, some 80 percent of them are DVRs, according to an in-depth investigation of by Level 3 communications.

These infected DVRs, along with a few thousand other gadgets, can drive ludicrous amounts of traffic. Devices compromised by this malware were responsible for a 620Gbps attack against the security website Krebs on Security in September, the biggest DDoS the world had ever seen, at the time. Reports from the security firm Flashpoint, by way of Brian Krebs, suggest that it is a botnet based on exactly this technology that is responsible for today's outages, and Dyn has since confirmed this suspicion to TechCrunch.

Last month, security researcher Bruce Schneier started sounding the alarm that someone or something was carefully probing the internet for weakness. A scary prospect on its own, and one followed shortly thereafter by the full release of the Mirai code for any ne'er-do-well to use. Today's attack, it would seem, is a confluence of these two events: An attacker who has been carefully surveying the internet for weak points is now openly wielding one of the most capable blunt weapons we've ever seen blast the web.

The most terrifying part: This is probably only the beginning.

edit to add:

http://gizmodo.com/todays-brutal-ddos-attack-is-the-beginning-of-a-bleak-f-1788071976

Quote
Today's Brutal DDoS Attack Is the Beginning of a Bleak Future
William Turton

This morning a ton of websites and services, including Spotify and Twitter, were unreachable because of a distributed denial of service (DDoS) attack on Dyn, a major DNS provider. Details of how the attack happened remain vague, but one thing seems certain. Our internet is frightfully fragile in the face of increasingly sophisticated hacks.

Some think the attack was a political conspiracy, like an attempt to take down the internet so that people wouldn’t be able to read the leaked Clinton emails on Wikileaks. Others think it’s the usual Russian assault. No matter who did it, we should expect incidents like this to get worse in the future. While DDoS attacks used to be a pretty weak threat, we’re entering a new era.

DDoS attacks, at the most basic level, work like this. An attacker sends a flurry of packets, essentially just garbage data, to an intended recipient. In this case, the recipient was Dyn’s DNS servers. The server is overwhelmed with the garbage packets, and can’t handle the incoming connections, eventually slowing down significantly or totally shutting down. In the case of Dyn, it was probably a little more complex than this. Dyn almost certainly has advanced systems for DDoS mitigation, and the people who attacked Dyn (whoever they are) were probably using something more advanced than a PC in their mom’s basement.

Recently, we’ve entered into a new DDoS paradigm. As security blogger Brian Krebs notes, the newfound ability to highjack insecure internet of things devices and turn them into a massive DDoS army has contributed to an uptick in the size and scale of recent DDoS attacks. (We’re not sure if an IoT botnet was what took down Dyn this morning, but it would be a pretty good guess.)

We are nevertheless getting a taste of what the new era of DDoS attacks look like, however. As security expert Bruce Schneier explained in a blog post:

Over the past year or two, someone has been probing the defenses of the companies that run critical pieces of the Internet. These probes take the form of precisely calibrated attacks designed to determine exactly how well these companies can defend themselves, and what would be required to take them down. We don’t know who is doing this, but it feels like a large nation state. China or Russia would be my first guesses.

This sort of attack is deeply different than the headline-grabbing DDoS attacks of years past. In 2011, hacker collective Anonymous rose to fame with DDoS attacks that pale in comparison to today’s attack on Dyn. Instead of taking out an individual website for short periods of time, hackers were able to take down a major piece of the internet backbone for an entire morning—not once but twice. That’s huge.

If hackers are more easily able to amass extensive DDoS botnets, that means the internet as we know it becomes more vulnerable. Attacking major internet infrastructure like Dyn has always been a possibility, but if it becomes easier than ever to launch huge DDoS attacks, that means we might be seeing some of our favorite sites have more downtime than usual. These attacks could extend to other major pieces of internet infrastructure, causing even more widespread outages.

This could be the beginning of a very bleak future. If hackers are able to take down the internet at will, what happens next? It’s unclear how long it could take for the folks at Dyn to fix this problem, or if they will ever be able to solve the problem of being hit with a huge DDoS attack. But this new breed of DDoS attacks is a scary problem no matter how you look at it.
« Last Edit: October 22, 2016, 14:42:50 by Thucydides »
Dagny, this is not a battle over material goods. It's a moral crisis, the greatest the world has ever faced and the last. Our age is the climax of centuries of evil. We must put an end to it, once and for all, or perish - we, the men of the mind. It was our own guilt. We produced the wealth of the world - but we let our enemies write its moral code.

Offline milnews.ca

  • Info Curator, Baker & Food Slut
  • Directing Staff
  • Army.ca Relic
  • *
  • 405,005
  • Rate Post
  • Posts: 21,390
    • MILNEWS.ca-Military News for Canadians
“The risk of insult is the price of clarity.” -- Roy H. Williams

The words I share here are my own, not those of anyone else or anybody I may be affiliated with.

Tony Prudori
MILNEWS.ca - Twitter

Offline milnews.ca

  • Info Curator, Baker & Food Slut
  • Directing Staff
  • Army.ca Relic
  • *
  • 405,005
  • Rate Post
  • Posts: 21,390
    • MILNEWS.ca-Military News for Canadians
Re: Cyber attacks/defence/incdents (merged)
« Reply #36 on: June 28, 2017, 07:23:13 »
Statement by CSE on latest attacks ...
Quote
CSE continues to closely monitor the recent global cyber/ransomware attacks. As we have seen in recent attacks, today’s attacks continue to indiscriminately target both organizations and individuals.

Our dynamic cyber defence security systems remain ready to defend Government of Canada systems and help protect against future types of similar attacks.

Working with Shared Services Canada and our other partners, Government of Canada networks continue to be well placed to defend against these types of attacks. Thanks to this work, there is no indication at this time that Government of Canada systems were negatively impacted, and that any information, personal or otherwise, was compromised.

As the situation continues to develop, we remain in close contact with our domestic and international partners ‎to address any developments. In addition, we will ensure all relevant information and guidance that is available to CSE is provided to our partners at Public Safety Canada to relay to the private sector.

As always, CSE would like to use this occasion to remind all Canadians as well as organizations to review and implement our Top 10 IT security actions which will go a long way to protect you or your organization from similar attacks in the future. In addition, please check out this month’s addition of CSE’s Cyber Journal to learn more about ransomware.

Thank you.

Greta Bossenmaier
Chief, Communications Security Establishment
“The risk of insult is the price of clarity.” -- Roy H. Williams

The words I share here are my own, not those of anyone else or anybody I may be affiliated with.

Tony Prudori
MILNEWS.ca - Twitter

Offline milnews.ca

  • Info Curator, Baker & Food Slut
  • Directing Staff
  • Army.ca Relic
  • *
  • 405,005
  • Rate Post
  • Posts: 21,390
    • MILNEWS.ca-Military News for Canadians
Re: Cyber attacks/defence/incdents (merged)
« Reply #37 on: June 29, 2017, 10:05:31 »
A possible NATO Article 5?  This from the SecGen at a NATO news conference yesterday ...
Quote
... The cyber attacks we saw in May but also, we have seen this week just underlines the importance of strengthening our cyber defenses, and that’s exactly what NATO is doing. We are implementing our cyber defense pledge which is ensuring that we are strengthening the cyber defenses of both NATO networks but also helping NATO allies to strengthen their cyber defenses. We exercise more, we share best practices and technology and we also work more and more closely with all allies looking into how we can integrate their capabilities, strengthening NATO’s capability to defend our networks. We have also decided that a cyber attack can trigger Article 5 and we have also decided and we are in the process of establishing cyber as a military domain meaning that we will have land, air, sea and cyber as military domains. All of this highlights the advantage of being an alliance of 29 allies because we can work together, strengthen each other and and learn from each other ...
“The risk of insult is the price of clarity.” -- Roy H. Williams

The words I share here are my own, not those of anyone else or anybody I may be affiliated with.

Tony Prudori
MILNEWS.ca - Twitter

Offline milnews.ca

  • Info Curator, Baker & Food Slut
  • Directing Staff
  • Army.ca Relic
  • *
  • 405,005
  • Rate Post
  • Posts: 21,390
    • MILNEWS.ca-Military News for Canadians
Re: Cyber attacks/defence/incdents (merged)
« Reply #38 on: July 13, 2017, 07:08:35 »
"Mass GPS Spoofing Attack in Black Sea?" ...
Quote
An apparent mass and blatant, GPS spoofing attack involving over 20 vessels in the Black Sea last month has navigation experts and maritime executives scratching their heads.

The event first came to public notice via a relatively innocuous safety alert* from the U.S. Maritime Administration:

A maritime incident has been reported in the Black Sea in the vicinity of position 44-15.7N, 037-32.9E on June 22, 2017 at 0710 GMT. This incident has not been confirmed. The nature of the incident is reported as GPS interference. Exercise caution when transiting this area.

But the backstory is way more interesting and disturbing. On June 22 a vessel reported to the U.S. Coast Guard Navigation Center:

GPS equipment unable to obtain GPS signal intermittently since nearing coast of Novorossiysk, Russia. Now displays HDOP 0.8 accuracy within 100m, but given location is actually 25 nautical miles off; GPS display…

After confirming that there were no anomalies with GPS signals, space weather or tests on-going, the Coast Guard advised the master that GPS accuracy in his area should be three meters and advised him to check his software updates.

The master replied:

Thank you for your below answer, nevertheless I confirm my GPS equipment is fine.

We run self test few times and all is working good.

I confirm all ships in the area (more than 20 ships) have the same problem.

I personally contacted three of them via VHF, they confirmed the same.

Sometimes, position is correct, sometimes is not.

GPS sometimes looses position or displays inaccurate position (high HDOP).

For few days, GPS gave a position inland (near Gelendyhik aiport) but vessel was actually drifting more than 25 NM from it.

Important: at that time, GPS system considered the position as "Safe within 100m".

See attached.

Then last night, position was correct despite several "lost GPS fixing position" alarm that raised couples seconds only; then signal was back to normal.

Now position is totally wrong again.

See attached pictures that I took on 24 June at 05h45 UTC (30 min ago).

Note: you can also check websites like MarineTraffic and you will probably notice that once in a while all ships in the area are shifting inland next to each other.

I hope this can help.

To back up his report, the master sent photos of his navigation displays, a paper chart showing his actual position and GPS-reported position, and his radar display that showed numerous AIS contacts without corresponding radar returns ...
* - Alert attached.
“The risk of insult is the price of clarity.” -- Roy H. Williams

The words I share here are my own, not those of anyone else or anybody I may be affiliated with.

Tony Prudori
MILNEWS.ca - Twitter

Offline Thucydides

  • Army.ca Legend
  • *****
  • 182,525
  • Rate Post
  • Posts: 13,206
  • Freespeecher
Re: Cyber attacks/defence/incdents (merged)
« Reply #39 on: July 29, 2017, 17:06:50 »
Doing it the old fashioned way: getting Kompromat on key people to gain access and physically stealing the devices for downloading. Given the connections that Debbie Wasserman-Schultz had too the various unsavoury goings on during the Democrat primaries, outside of access to secret and sensitive materials, it isn't difficult to speculate the case officer (wherever he is) has all kinds of dirt on a lot of the Washington political establishment. No wonder the media seems determined to avoid this story at all costs:

http://www.nationalreview.com/article/449983/debbie-wasserman-schultz-pakistani-computer-guys-bank-fraud

Quote
Debbie Wasserman Schultz and the Pakistani IT Scammers
by ANDREW C. MCCARTHY   July 29, 2017 4:00 AM

There’s more than bank fraud going on here. In Washington, it’s never about what they tell you it’s about. So take this to the bank: The case of Imran Awan, Debbie Wasserman Schultz’s mysterious Pakistani IT guy, is not about bank fraud.

Yet bank fraud was the stated charge on which Awan was arrested at Dulles Airport this week, just as he was trying to flee the United States for Pakistan, via Qatar. That is the same route taken by Awan’s wife, Hina Alvi, in March, when she suddenly fled the country, with three young daughters she yanked out of school, mega-luggage, and $12,400 in cash.

By then, the proceeds of the fraudulent $165,000 loan they’d gotten from the Congressional Federal Credit Union had been sent ahead. It was part of a $283,000 transfer that Awan managed to wire from Capitol Hill. He pulled it off — hilariously, if infuriatingly — by pretending to be his wife in a phone call with the credit union. Told that his proffered reason for the transfer (“funeral arrangements”) wouldn’t fly, “Mrs.” Awan promptly repurposed: Now “she” was “buying property.” Asking no more questions, the credit union wired the money . . . to Pakistan.

As you let all that sink in, consider this: Awan and his family cabal of fraudsters had access for years to the e-mails and other electronic files of members of the House’s Intelligence and Foreign Affairs Committees. It turns out they were accessing members’ computers without their knowledge, transferring files to remote servers, and stealing computer equipment — including hard drives that Awan & Co. smashed to bits of bytes before making tracks.

They were fired in February. All except Awan, that is. He continued in the employ of Wasserman Schultz, the Florida Democrat, former DNC chairwoman, and Clinton crony. She kept him in place at the United States Congress right up until he was nabbed at the airport on Monday.

This is not about bank fraud. The Awan family swindles are plentiful, but they are just window-dressing. This appears to be a real conspiracy, aimed at undermining American national security. At the time of his arrest, the 37-year-old Imran Awan had been working for Democrats as an information technologist for 13 years. He started out with Representative Gregory Meeks (D., N.Y.) in 2004. The next year, he landed on the staff of Wasserman Schultz, who had just been elected to the House. Congressional-staff salaries are modest, in the $40,000 range. For some reason, Awan was paid about four times as much. He also managed to get his wife, Alvi, on the House payroll . . . then his brother, Abid Awan . . . then Abid’s wife, Natalia Sova. The youngest of the clan, Awan’s brother Jamal, came on board in 2014 — the then-20-year-old commanding an annual salary of $160,000.

A few of these arrangements appear to have been sinecures: While some Awans were rarely seen around the office, we now know they were engaged in extensive financial shenanigans away from the Capitol. Nevertheless, the Daily Caller’s Luke Rosiak, who has been all over this story, reports that, for their IT “work,” the Pakistani family has reeled in $4 million from U.S. taxpayers since 2009. That’s just the “legit” dough. The family business evidently dabbles in procurement fraud, too. The Capitol Police and FBI are exploring widespread double-billing for computers, other communication devices, and related equipment.

Why were they paid so much for doing so little? Intriguing as it is, that’s a side issue. A more pressing question is: Why were they given access to highly sensitive government information? Ordinarily, that requires a security clearance, awarded only after a background check that peruses ties to foreign countries, associations with unsavory characters, and vulnerability to blackmail. These characters could not possibly have qualified. Never mind access; it’s hard to fathom how they retained their jobs. The Daily Caller has also discovered that the family, which controlled several properties, was involved in various suspicious mortgage transfers. Abid Awan, while working “full-time” in Congress, ran a curious auto-retail business called “Cars International A” (yes, CIA), through which he was accused of stealing money and merchandise. In 2012, he discharged debts in bankruptcy (while scheming to keep his real-estate holdings). Congressional Democrats hired Abid despite his drunk-driving conviction a month before he started at the House, and they retained him despite his public-drunkenness arrest a month after. Beyond that, he and Imran both committed sundry vehicular offenses. In civil lawsuits, they are accused of life-insurance fraud.

Congressional Democrats hired Abid despite his drunk-driving conviction a month before he started at the House, and they retained him despite his public-drunkenness arrest a month after. Democrats now say that any access to sensitive information was “unauthorized.” But how hard could it have been to get “unauthorized” access when House Intelligence Committee Dems wanted their staffers to have unbounded access? In 2016, they wrote a letter to an appropriations subcommittee seeking funding so their staffers could obtain “Top Secret — Sensitive Compartmented Information” clearances. TS/SCI is the highest-level security classification.

Awan family members were working for a number of the letter’s signatories. Democratic members, of course, would not make such a request without coordination with leadership. Did I mention that the ranking member on the appropriations subcommittee to whom the letter was addressed was Debbie Wasserman Schultz?

Why has the investigation taken so long? Why so little enforcement action until this week? Why, most of all, were Wasserman Schultz and her fellow Democrats so indulgent of the Awans?

The probe began in late 2016. In short order, the Awans clearly knew they were hot numbers. They started arranging the fraudulent credit-union loan in December, and the $283,000 wire transfer occurred on January 18. In early February, House security services informed representatives that the Awans were suspects in a criminal investigation. At some point, investigators found stolen equipment stashed in the Rayburn House Office Building, including a laptop that appears to belong to Wasserman Schultz and that Imran was using. Although the Awans were banned from the Capitol computer network, not only did Wasserman Schultz keep Imran on staff for several additional months, but Meeks retained Alvi until February 28 — five days before she skedaddled to Lahore.

Strange thing about that: On March 5, the FBI (along with the Capitol Police) got to Dulles Airport in time to stop Alvi before she embarked. It was discovered that she was carrying $12,400 in cash. As I pointed out this week, it is a felony to export more than $10,000 in currency from the U.S. without filing a currency transportation report. It seems certain that Alvi did not file one: In connection with her husband’s arrest this week, the FBI submitted to the court a complaint affidavit that describes Alvi’s flight but makes no mention of a currency transportation report. Yet far from making an arrest, agents permitted her to board the plane and leave the country, notwithstanding their stated belief that she has no intention of returning.

Many congressional staffers are convinced that they’d long ago have been in handcuffs if they pulled what the Awans are suspected of. Nevertheless, no arrests were made when the scandal became public in February. For months, Imran has been strolling around the Capitol. In the interim, Wasserman Schultz has been battling investigators: demanding the return of her laptop, invoking a constitutional privilege (under the speech-and-debate clause) to impede agents from searching it, and threatening the Capitol Police with “consequences” if they don’t relent. Only last week, according to Fox News, did she finally signal willingness to drop objections to a scan of the laptop by federal investigators.

Her stridency in obstructing the investigation has been jarring. As evidence has mounted, the scores of Democrats for whom the Awans worked have expressed no alarm. Instead, we’ve heard slanderous suspicions that the investigation is a product of — all together now — “Islamophobia.” But Samina Gilani, the Awan brothers’ stepmother, begs to differ. Gilani complained to Virginia police that the Awans secretly bugged her home and then used the recordings to blackmail her. She averred in court documents that she was pressured to surrender cash she had stored in Pakistan. Imran claimed to be “very powerful” — so powerful he could order her family members kidnapped.

We don’t know if these allegations are true, but they are disturbing. The Awans have had the opportunity to acquire communications and other information that could prove embarrassing, or worse, especially for the pols who hired them. Did the swindling staffers compromise members of Congress? Does blackmail explain why were they able to go unscathed for so long? And as for that sensitive information, did the Awans send American secrets, along with those hundreds of thousands of American dollars, to Pakistan? This is no run-of-the-mill bank-fraud case.
Dagny, this is not a battle over material goods. It's a moral crisis, the greatest the world has ever faced and the last. Our age is the climax of centuries of evil. We must put an end to it, once and for all, or perish - we, the men of the mind. It was our own guilt. We produced the wealth of the world - but we let our enemies write its moral code.

Offline milnews.ca

  • Info Curator, Baker & Food Slut
  • Directing Staff
  • Army.ca Relic
  • *
  • 405,005
  • Rate Post
  • Posts: 21,390
    • MILNEWS.ca-Military News for Canadians
Re: Cyber attacks/defence/incdents (merged)
« Reply #40 on: July 29, 2017, 18:37:32 »
At a more tactical level ...
Quote
Allies to hold training against N. Korea GPS attacks
Yonhap News Agency
2017/07/30 07:00


SEOUL, July 30 (Yonhap) -- South Korea and the United States plan to hold a joint military drill next month against a possible North Korean war operation to jam GPS signals, officials here said Sunday.

The practice will be staged as part of the Ulchi-Freedom Guardian (UFG), an annual combined defense exercise between the allies, aimed at improving their ability to locate and strike the origin of the North's wartime GPS attacks.

"A South Korea-U.S. joint team will be formed at the Korean Air and Space Operations Center headquartered at the Osan Air Base during the UFG in August for the exercise to respond to various scenarios," an Air Force official said.

Taking part in the task will be more than 60 officials from South Korea's Air Force and the U.S. Strategic Command's Joint Space Operations Center (JSpOC), he added ...
More @ link
“The risk of insult is the price of clarity.” -- Roy H. Williams

The words I share here are my own, not those of anyone else or anybody I may be affiliated with.

Tony Prudori
MILNEWS.ca - Twitter

Offline milnews.ca

  • Info Curator, Baker & Food Slut
  • Directing Staff
  • Army.ca Relic
  • *
  • 405,005
  • Rate Post
  • Posts: 21,390
    • MILNEWS.ca-Military News for Canadians
Re: Cyber attacks/defence/incdents (merged)
« Reply #41 on: August 08, 2017, 07:37:40 »
A bit of Canada's contribution to the fight - shared under the Fair Dealing provisions of the Copyright Act (R.S.C., 1985, c. C-42) ......
Quote
White House Says Russia’s Hackers Are Too Good to Be Caught but NSA Partner (Canada) Called Them “Morons”
Sam Biddle, The Intercept
August 2 2017, 1:07 p.m.


The hackers behind the dump of Democratic Party emails in the midst of last year’s presidential race left apparent evidence of their identity — a breadcrumb trail winding from the stolen files back to the Russian government, according to assessments from the U.S. intelligence community. Some of this evidence was there from the beginning, embedded inside the first documents to hit the web, raising a niggling question: Why would diabolically skilled Russian operatives operate so sloppily?

This question has persisted, and last week the White House seized upon it, promulgating the idea that if the Russian government were really behind the attacks, its online agents wouldn’t have left any fingerprints. Russia quickly repeated this claim through its UK embassy.

But a 2011 presentation to the NSA and its foreign partners by Canada’s signals intelligence agency, the Communications Security Establishment, undermines the notion of a foreign hacker so skilled that a victim would never know their identity. The document calls Russian hackers “morons” for routinely compromising the security of a “really well designed” system intended to cover their tracks; for example, the hackers logged into their personal social and email accounts through the same anonymizing system used to attack their targets, comparable to getting an anonymous burner phone for illicit use and then placing calls to your girlfriend, parents, and roommate.



The competence of Russian hackers became a prominent issue once more last Sunday, when the president’s communications director Anthony Scaramucci — since removed from his post but quoting the president directly — said the following to Jake Tapper on CNN:

Quote
    “Somebody said to me yesterday, uh, I won’t tell you who, that if the Russians actually hacked this situation and actually spilled out those emails, you would have never seen it, you would have never had any evidence of them, meaning they’re super confident in their deception skills and hacking.”

Seconds later, Scaramucci revealed his anonymous technical source on the matter to have been Donald Trump himself.

It’s one thing to question circumstantial evidence based on the expectation that Russian agents are too competent to leave such clues behind. But ruling out Russia on the basis of unforced errors alone flies in the face of the intelligence community’s experience with online operators from that country.

The CSE presentation, provided by NSA whistleblower Edward Snowden, dates to no earlier than 2011, and describes the agency’s work tracking a set of Russian government-sponsored hackers codenamed MAKERSMARK. The MAKERSMARK team was believed by NSA “with a high level of confidence” to be sponsored by a Russian intelligence agency, according to a separate Snowden document originating with the NSA’s Special Source Operations division. The MAKERSMARK team was armed with a clever technical system to mask members’ identities and the location of their computers, thus (on paper, at least) making it less likely the attacks would be traced back to Russia.

CSE’s account of the Russian actors does not exactly jibe with the White House’s vision of ninja-like computer users. The agency presentation, prepared by a “cyber counter intelligence” agent focused on MAKERSMARK, highlights Russian hackers’ “misuse of operational infrastructure” and “poor OPSEC [operational security] practices,” both of which made it elementary for the Canadians to trace attacks back to their source. The document says Russian hackers were provided with “really well designed” systems with which to launch attacks, but because the execution was so shoddy, “this has not translated into security for MAKERSMARK operators.”



Put more bluntly, the Russian attacks CSE observed were “designed by geniuses” but “implemented by morons,” according to the presentation. MAKERSMARK hackers mixed their recreational internet habits with business, using “personal social networking” like Russia’s supremely popular Vkontakte from MAKERSMARK infrastructure, conducting personal web browsing there, and checking personal webmail accounts. The hackers also used the system for activities that are by definition deeply risky and “attributable,” like exfiltrating stolen data.

“This is not [computer network exploitation] best practices,” the report dryly concludes.

It didn’t help that the MAKERSMARK operators were, according to the presentation, infected by the “Gumblar” botnet that spread across the internet in 2009 in order to steal user credentials, covertly download further malware, and blast “pharmaceutical spam” to new victims. In other words, the hackers were hacked. So thoroughly did Russian hackers on MAKERSMARK expose themselves through sloppiness and poor judgment that Canadian analysts were able to detect their personal “interests” and “hobbies.”

CSE declined to comment on the document, other than to note that, “the document you referenced is dated and should not be considered reflective of the current reality.” Despite this claim, the agency asked The Intercept to redact a significant portion of the presentation on the grounds that it could jeopardize current operations. As well, it’s interesting and worth noting, however, that a 2017 NSA document previously published by The Intercept detailing Russia’s General Staff Main Intelligence Directorate’s (GRU) alleged attempts to infiltrate the American electoral system also flagged those hackers’ mixing of business and personal accounts while conducting their work. A 2016 joint report by the Department of Homeland Security and FBI claimed that GRU and FSB, the contemporary successor to the KGB, worked together to breach the DNC. The NSA did not comment.

All of this is to say that the commander-in-chief, privy to the full corpus of intelligence findings provided by the NSA and its allies in the “Five Eyes” intelligence-sharing alliance, including Canada, didn’t know what he was talking about. This isn’t new: One need only look back to the presidential debate wherein Trump famously remarked that the DNC perpetrator could be a bedridden “400-pound” hacker to know that he hasn’t ever taken this seriously. It’s also possible, given how fantastically impressionable Trump is, that the Too Good to Fail theory is based on something he heard recently — perhaps from Vladimir Putin himself, who in June speculated that the DNC hacker could’ve easily covered their tracks. No matter what, if he had any desire to actually know how sophisticated Russian state hackers are or have been in the past, the evidence is there for him to review.
“The risk of insult is the price of clarity.” -- Roy H. Williams

The words I share here are my own, not those of anyone else or anybody I may be affiliated with.

Tony Prudori
MILNEWS.ca - Twitter

Offline milnews.ca

  • Info Curator, Baker & Food Slut
  • Directing Staff
  • Army.ca Relic
  • *
  • 405,005
  • Rate Post
  • Posts: 21,390
    • MILNEWS.ca-Military News for Canadians
Re: Cyber attacks/defence/incdents (merged)
« Reply #42 on: August 12, 2017, 12:00:05 »
"Mass GPS Spoofing Attack in Black Sea?" ...* - Alert attached.
A bit more on that from newscientist.com ...
Quote
Reports of satellite navigation problems in the Black Sea suggest that Russia may be testing a new system for spoofing GPS, New Scientist has learned. This could be the first hint of a new form of electronic warfare available to everyone from rogue nation states to petty criminals.

On 22 June, the US Maritime Administration filed a seemingly bland incident report. The master of a ship off the Russian port of Novorossiysk had discovered his GPS put him in the wrong spot – more than 32 kilometres inland, at Gelendzhik Airport.

After checking the navigation equipment was working properly, the captain contacted other nearby ships. Their AIS traces – signals from the automatic identification system used to track vessels – placed them all at the same airport. At least 20 ships were affected.

While the incident is not yet confirmed, experts think this is the first documented use of GPS misdirection – a spoofing attack that has long been warned of but never been seen in the wild.

Until now, the biggest worry for GPS has been it can be jammed by masking the GPS satellite signal with noise. While this can cause chaos, it is also easy to detect. GPS receivers sound an alarm when they lose the signal due to jamming. Spoofing is more insidious: a false signal from a ground station simply confuses a satellite receiver. “Jamming just causes the receiver to die, spoofing causes the receiver to lie,” says consultant David Last, former president of the UK’s Royal Institute of Navigation ...
More @ link
“The risk of insult is the price of clarity.” -- Roy H. Williams

The words I share here are my own, not those of anyone else or anybody I may be affiliated with.

Tony Prudori
MILNEWS.ca - Twitter

Offline Chris Pook

  • Army.ca Subscriber
  • Army.ca Legend
  • *
  • 185,110
  • Rate Post
  • Posts: 11,831
  • Wha daur say Mass in ma lug!
Re: Cyber attacks/defence/incdents (merged)
« Reply #43 on: August 16, 2017, 11:13:27 »
From Salon - commenting on an article published the The Nation.

http://www.salon.com/2017/08/15/what-if-the-dnc-russian-hack-was-really-a-leak-after-all-a-new-report-raises-questions-media-and-democrats-would-rather-ignore/

Quote
TUESDAY, AUG 15, 2017 05:00 AM MST
What if the DNC Russian “hack” was really a leak after all? A new report raises questions media and Democrats would rather ignore
A group of intelligence pros and forensic investigators tell The Nation there was no hack— the media ignores it

DANIELLE RYAN SKIP TO COMMENTS 
TOPICS: CLINTON CAMPAIGN, CLINTON EMAILS, DEMOCRATIC NATIONAL COMMITTEE, DEMOCRATIC PARTY, DNC HACK, DNC LEAK, HILLARY CLINTON, INTELLIGENCE COMMUNITY, JULIAN ASSANGE, LEAKS, PARTNER VIDEO, RUSSIA ELECTION INTERFERENCE, RUSSIA HACK, RUSSIA INVESTIGATION, RUSSIA SCANDAL, RUSSIAN HACKING, THE NATION, WIKILEAKS, POLITICS NEWS, INNOVATION NEWS, TECHNOLOGY NEWS, NEWS

 
Last week the respected left-liberal magazine The Nation published an explosive article that details in great depth the findings of a new report — authored in large part by former U.S. intelligence officers — which claims to present forensic evidence that the Democratic National Committee was not hacked by the Russians in July 2016. Instead, the report alleges, the DNC suffered an insider leak, conducted in the Eastern time zone of the United States by someone with physical access to a DNC computer.

This report also claims there is no apparent evidence that the hacker known as Guccifer 2.0 — supposedly based in Romania — hacked the DNC on behalf of the Russian government. There is also no evidence, the report’s authors say, that Guccifer handed documents over to WikiLeaks. Instead, the report says that the evidence and timeline of events suggests that Guccifer may have been conjured up in an attempt to deflect from the embarrassing information about Hillary Clinton’s presidential campaign that was released just before the Democratic National Convention. The investigators found that some of the “Guccifer” files had been deliberately altered by copying and pasting the text into a “Russianified” word-processing document with Russian-language settings.

If all this is true, these findings would constitute a massive embarrassment for not only the DNC itself but the media, which has breathlessly pushed the Russian hacking narrative for an entire year, almost without question but with little solid evidence to back it up.

You could easily be forgiven for not having heard about this latest development — because, perhaps to avoid potential embarrassment, the media has completely ignored it. Instead, to this point only a few right-wing sites have seen fit to publish follow-ups.

The original piece, authored by former Salon columnist Patrick Lawrence (also known as Patrick L. Smith) appeared in The Nation on Aug. 9. The findings it details are supported by a group of strongly credentialed and well-respected forensic investigators and former NSA and CIA officials. The group call themselves Veteran Intelligence Professionals for Sanity, or VIPS, and originally came together in 2003 to protest the use of faulty intelligence to justify the invasion of Iraq under President George W. Bush.

As of Aug. 12, the only well-known publications that have followed up on The Nation’s reporting are Breitbart News, the Washington Examiner and New York magazine (which described Lawrence’s article as “too incoherent to even debunk,” and therefore provided no substantial rebuttal). Bloomberg addressed the report in an op-ed by one of its regular columnists.

The silence from mainstream outlets on this is interesting, if for no other reason than the information appears in a highly-regarded liberal magazine with a reputation for vigorous and thorough reporting — not some right-wing fringe conspiracy outlet carrying water for Donald Trump.


Maybe the logic goes that if mainstream journalists leave this untouched, that alone will be enough to discredit it. True believers in the Russian hack narrative can point to Breitbart’s coverage to dismiss this new information without consideration. That is not good enough. Lawrence’s article, and the report behind it, deserves some proper attention.

Let’s back up for a second. Where did this report come from?

As explained by Lawrence, VIPS has been examining available information about the DNC hack and/or leak, but the group lacked access to all the data they needed because intelligence agencies refused to provide it.

One of the VIPS researchers on the DNC case, William Binney — formerly the NSA’s technical director for world geopolitical and military analysis — suggested in an interview with Lawrence that intelligence agencies have been hiding the lack of evidence for Russian hacking behind the claim that they must maintain secrecy to protect NSA programs.

At the same time, other anonymous forensic investigators have been working independently on the DNC case. They recently began sharing their findings via an obscure website called Disobedient Media. One of those anonymous investigators is known as the Forensicator. A man named Skip Folden, an IT executive at IBM for 33 years and a consultant for the FBI, Pentagon and Justice Department, acted as a liaison between VIPS and the Forensicator. Folden and other investigators have examined the evidence, attested to its professionalism, and sent a detailed technical report to the offices of special counsel Robert Mueller and Attorney General Jeff Sessions. VIPS believes this new evidence fills a “critical gap” in the DNC case. In a memorandum sent to President Trump, VIPS questions why the FBI, CIA and NSA neglected to perform any forensic analysis of the Guccifer documents, which were central to the narrative of Russian hacking.

VIPS states two things with what they describe as a high degree of certainty: There was no Russian hack on July 5, and the metadata from Guccifer’s June 15 document release was “synthetically tainted” with “Russian fingerprints.”

How did the group come to the conclusion that it was a leak, not a hack?

Investigators found that 1,976 megabytes of data were downloaded locally on July 5, 2016. The information was downloaded with a memory key or some other portable storage device. The download operation took 87 seconds — meaning the speed of transfer was 22.7 megabytes per second — “a speed that far exceeds an internet capability for a remote hack,” as Lawrence puts it. What’s more, they say, a transoceanic transfer would have been even slower (Guccifer claimed to be working from Romania).

“Based on the data we now have, what we’ve been calling a hack is impossible,” Folden told The Nation.

Further casting doubt on the official narrative is the fact the the DNC’s computer servers were never examined by the FBI. Instead, the agency relied on a report compiled by Crowdstrike, a cybersecurity firm compromised by serious conflicts of interest — the major one being that the firm was paid by the DNC itself to conduct its work. Another is that the firm’s owner is a senior fellow at the Atlantic Council, a think tank known for its hostility toward Russia.

 

The Intelligence Community Assessment published in January of this year, which claims “high confidence” in the Russian hacking theory, presented no hard evidence. Yet many in the media have relied on it as proof ever since. Ray McGovern, another VIPS member and formerly the chief of the CIA’s Soviet Foreign Policy Branch, called that intelligence assessment a “disgrace” to the profession.

The VIPS report also notes that the timing of events is strangely favorable to Hillary Clinton. It is hard to disagree.

On June 12, 2016, Julian Assange announced that he would publish documents related to Clinton’s campaign on WikiLeaks. Two days later, Crowdstrike, the firm paid by the DNC, suddenly announced the discovery of malware on DNC servers and claimed it had evidence that the Russians were responsible for it. This set in motion the narrative for Russian hacking.

A day after that, Guccifer appeared, took responsibility for the purported June 14 hack and announced that he was a WikiLeaks source, working on behalf of Russia. He then posted the documents which VIPS now claims were altered to make them appear more “Russian.”

On July 5, two weeks later, Guccifer claimed responsibility for another hack — which the VIPS report categorically states can only have been a leak, based on the speed of data transfer.

As Lawrence suggests, this timing was convenient for the Clinton campaign, which could avoid dealing with the contents of the leaks by instead focusing on the sensational story of Russian hacking.

Since we’ve covered what is in the VIPS report, it is equally important to note what this report does not do. It does not claim to know who the leaker was or what his or her motives were. Lawrence is also careful to note that these findings do not prove or disprove any other theories implicating Russia in the 2016 election (such as possible Russian connections to Donald Trump’s family and associates, etc.). This deals purely with the facts surrounding the DNC hack/leak last summer.

Many who have questioned the official version of events have sought to link the murder of Seth Rich to the theory that the DNC suffered a leak, not a hack. Rich, a 27-year-old DNC employee, was shot twice in the back as he walked home from a bar in Washington, five days after the supposed July 5 hack of the DNC’s servers.

Numerous unproven theories have surrounded Rich’s murder. There are those who suggest that Rich had been angered by the DNC’s treatment of Bernie Sanders, decided to leak information which would be damaging to Clinton’s campaign, and was then murdered by Democratic operatives. Others have claimed that perhaps Rich had found evidence of Russian hacking and was murdered by Russian operatives.

There is no evidence for any of these theories — and neither VIPS nor Lawrence in his article attempt to link Rich’s murder to the hack/leak of information from the DNC. (Washington police have said since the night of Rich’s death that he was the victim of an armed robbery attempt that went wrong.) Nonetheless, the emergence of this information may lend credence to those theories for those who want to believe them.

Instead of subjecting the various accounts of what happened last summer to rigorous scrutiny, the media instantly accepted the narrative promoted by the Clinton campaign and U.S. intelligence agencies. It has continued to do so ever since. Now, as new information comes to light, the media has largely acted as if it did not exist.

For the media and mainstream liberals to dismiss the information presented in Lawrence’s article as lacking in evidence would be breathtakingly ironic, given how little evidence they required to build a narrative to suit themselves and absolve Clinton of any responsibility for losing the election.

The authors of this report are highly experienced and well-regarded professionals. That they can be dismissed out of hand or ignored entirely is a sad commentary on the state of the media, which purports to be concerned by the plague of “fake news.”

If these new findings are accurate, those who pushed the Russia hacking narrative with little evidence have a lot to answer for. The Clinton campaign promoted a narrative that has pushed U.S.-Russia relations to the brink at an incredibly dangerous time.

Unlike the cacophony of anonymous sources cited by the media over the past year, these experts are ready to put their names to their assertions. They expect that pundits, politicians and the media will cast doubt on their findings, but say they are “prepared to answer any substantive challenges on their merits.” That is more than any other investigators or intelligence agencies have offered to this point.

Given the seriousness of this new information, the DNC’s official response to The Nation’s story is so lackluster it is almost laughable:

U.S. intelligence agencies have concluded the Russian government hacked the DNC in an attempt to interfere in the election. Any suggestion otherwise is false and is just another conspiracy theory like those pushed by Trump and his administration. It’s unfortunate that The Nation has decided to join the conspiracy theorists to push this narrative.

The clear implication here is that anyone who questions what U.S. intelligence agencies “have concluded” is a conspiracy theorist pushing lies on behalf of Trump or Vladimir Putin. It is clear that the DNC expect the matter to be left at that, with no further inquiry from the media or anyone else.

By the looks of things, that’s exactly what will happen.

 

 

 

Danielle Ryan is an Irish freelance journalist, writing mostly on geopolitics and media. She is based in Budapest, but has also lived in the U.S., Germany and Russia. Follow her on Twitter.
MORE DANIELLE RYAN.
"Wyrd bið ful aræd"

Offline milnews.ca

  • Info Curator, Baker & Food Slut
  • Directing Staff
  • Army.ca Relic
  • *
  • 405,005
  • Rate Post
  • Posts: 21,390
    • MILNEWS.ca-Military News for Canadians
Re: Cyber attacks/defence/incdents (merged)
« Reply #44 on: August 17, 2017, 16:49:20 »
More on what looks like a UKR link to the Russian hacking (hint:  don't take any tea or soup from any Russians, buddy) ...
Quote
In Ukraine, a Malware Expert Who Could Blow the Whistle on Russian Hacking
By ANDREW E. KRAMER and ANDREW HIGGINS, NY Times, AUG. 16, 2017

 The hacker, known only by his online alias “Profexer,” kept a low profile. He wrote computer code alone in an apartment and quietly sold his handiwork on the anonymous portion of the internet known as the dark web. Last winter, he suddenly went dark entirely.

Profexer’s posts, already accessible only to a small band of fellow hackers and cybercriminals looking for software tips, blinked out in January — just days after American intelligence agencies publicly identified a program he had written as one tool used in Russian hacking in the United States. American intelligence agencies have determined Russian hackers were behind the electronic break-in of the Democratic National Committee.

But while Profexer’s online persona vanished, a flesh-and-blood person has emerged: a fearful man who the Ukrainian police said turned himself in early this year, and has now become a witness for the F.B.I.

“I don’t know what will happen,” he wrote in one of his last messages posted on a restricted-access website before going to the police. “It won’t be pleasant. But I’m still alive.”

It is the first known instance of a living witness emerging from the arid mass of technical detail that has so far shaped the investigation into the election hacking and the heated debate it has stirred. The Ukrainian police declined to divulge the man’s name or other details, other than that he is living in Ukraine and has not been arrested.

There is no evidence that Profexer worked, at least knowingly, for Russia’s intelligence services, but his malware apparently did.

That a hacking operation that Washington is convinced was orchestrated by Moscow would obtain malware from a source in Ukraine — perhaps the Kremlin’s most bitter enemy — sheds considerable light on the Russian security services’ modus operandi in what Western intelligence agencies say is their clandestine cyberwar against the United States and Europe.

It does not suggest a compact team of government employees who write all their own code and carry out attacks during office hours in Moscow or St. Petersburg, but rather a far looser enterprise that draws on talent and hacking tools wherever they can be found.

Also emerging from Ukraine is a sharper picture of what the United States believes is a Russian government hacking group known as Advanced Persistent Threat 28 or Fancy Bear. It is this group, which American intelligence agencies believe is operated by Russian military intelligence, that has been blamed, along with a second Russian outfit known as Cozy Bear, for the D.N.C. intrusion ...
More @ link
“The risk of insult is the price of clarity.” -- Roy H. Williams

The words I share here are my own, not those of anyone else or anybody I may be affiliated with.

Tony Prudori
MILNEWS.ca - Twitter

Offline MarkOttawa

  • Army.ca Fixture
  • *****
  • 54,510
  • Rate Post
  • Posts: 5,564
  • Two birthdays
    • Currently posting at Canadian Defence & Foreign Affairs Institute's "3Ds Blog"
Re: Cyber attacks/defence/incdents (merged)
« Reply #45 on: August 17, 2017, 19:17:07 »
Canadian Forces...

Quote
Communications and Electronics Association Cyber Symposium...proud to announce the first annual Cyber Symposium.  The objective of the symposium is to bring together leading cyber experts to explore a wide range of topics in this dynamic field...Date: 26 October 2017
Location: Residence Inn, Kingston, Ontario
Theme: Cyber – Government, Academia, Industry – Our Collective Challenge and Opportunity’...

The Association has approached a number of individuals to provide keynote addresses and to act as moderators or panelists.  Invited speakers include Mr. Richard Fadden (confirmed) – former Director of CSIS and Deputy Minister of National Defence, General Jonathan Vance (confirmed) – Chief of the Defence Staff, a representative from US Cyber Command and CEOs from the Council of Canadian Innovators.  The Theme for the Symposium is ‘Cyber – Government, Academia, Industry – Our Collective Challenge and Opportunity’.  Invited speakers along with others will cover topic areas such as:

Summary:

Date: 26 October 2017
Location: Residence Inn, Kingston, Ontario

Theme: Cyber – Government, Academia, Industry – Our Collective Challenge and Opportunity’


    Cyber Security – A National Security Perspective
    The Role of Canada’s Military in Cyber Operations
    Cyber within Coalition Operations
    The Role of DND/CAF and Industry in Driving Cyber Innovation in Canada (An Industry Perspective)
    The New Security Legislation and
    Oversight Framework and Its Impact on Cyber
    Operations
    The Recruitment/Training Challenge for Cyber Organizations
...
https://cmcen.ca/cyber-symposium-oct-2017/

Mark
Ottawa
Ça explique, mais ça n'excuse pas.

Offline milnews.ca

  • Info Curator, Baker & Food Slut
  • Directing Staff
  • Army.ca Relic
  • *
  • 405,005
  • Rate Post
  • Posts: 21,390
    • MILNEWS.ca-Military News for Canadians
Re: Cyber attacks/defence/incdents (merged)
« Reply #46 on: September 14, 2017, 06:59:15 »
"Trump administration orders purge of Kaspersky products from U.S. government" (Reuters) - more via Google News here, and from DHS below:
Quote
After careful consideration of available information and consultation with interagency partners, Acting Secretary of Homeland Security Elaine Duke today issued a Binding Operational Directive (BOD) directing Federal Executive Branch departments and agencies to take actions related to the use or presence of information security products, solutions, and services supplied directly or indirectly by AO Kaspersky Lab or related entities.

The BOD calls on departments and agencies to identify any use or presence of Kaspersky products on their information systems in the next 30 days, to develop detailed plans to remove and discontinue present and future use of the products in the next 60 days, and at 90 days from the date of this directive, unless directed otherwise by DHS based on new information, to begin to implement the agency plans to discontinue use and remove the products from information systems.

This action is based on the information security risks presented by the use of Kaspersky products on federal information systems. Kaspersky   anti-virus products and solutions provide broad access to files and elevated privileges on the computers on which the software is installed, which can be exploited by malicious cyber actors to compromise those information systems. The Department is concerned about the ties between certain Kaspersky officials and Russian intelligence and other government agencies, and requirements under Russian law that allow Russian intelligence agencies to request or compel assistance from Kaspersky and to intercept communications transiting Russian networks. The risk that the Russian government, whether acting on its own or in collaboration with Kaspersky, could capitalize on access provided by Kaspersky products to compromise federal information and information systems directly implicates U.S. national security.

The Department’s priority is to ensure the integrity and security of federal information systems. Safeguarding federal government systems requires reducing potential vulnerabilities, protecting against cyber intrusions, and anticipating future threats. While this action involves products of a Russian-owned and operated company, the Department will take appropriate action related to the products of any company that present a security risk based on DHS’s internal risk management and assessment process.

DHS is providing an opportunity for Kaspersky to submit a written response addressing the Department’s concerns or to mitigate those concerns. The Department wants to ensure that the company has a full opportunity to inform the Acting Secretary of any evidence, materials, or data that may be relevant. This opportunity is also available to any other entity that claims its commercial interests will be directly impacted by the directive. Further information about this process will be available in a Federal Register Notice.
“The risk of insult is the price of clarity.” -- Roy H. Williams

The words I share here are my own, not those of anyone else or anybody I may be affiliated with.

Tony Prudori
MILNEWS.ca - Twitter