Image 01 Image 03
Sign In or RegisterLogout

Cyberwar Tag

Posted by Taryn O'Neill on January 27, 2016 10 Comments
A security breach discovered at a California-based software and hardware company has many officials worried, including U.S. Congressman Will Hurd of Texas. Rep. Hurd expressed his concerns over the breach in a Wall Street Journal op-ed explaining that foreign hackers may "have been reading the encrypted communications of U.S. government agencies for the past three years." Juniper Networks provides network equipment and routers to the U.S. government that are believed to be used by the Defense Department, FBI, Justice Department, and Treasury Department.

Posted by Vijeta Uniyal on November 03, 2015 20 Comments
China has been a global hub for manufacturing counterfeit electronics and consumer goods, but as the Asian giant asserts its dominance in the Asian Pacific and beyond, its defense establishment is using the same approach to modernise its vast armed forces.  Despite its large standing and reserve army, Chinese Armed Forces technologically lags behind US, Russian and NATO forces. China has decided to manufacture ‘counterfeit’ high-end defense technology on a large scale to overcome its existing strategic weakness. According to a recent report published by the US Naval Institute, China is using military espionage and reverse engineering to build a modern army with “cloned weapons.” Using cyber espionage and by making secret deals with US arms buyers, China has managed to obtain advance US weapons technology. China is reportedly also targeting Russia in its quest for high-end military technology. The Chinese often buy single units of Russian advanced military systems on a “trial” basis and reverse-engineer the weaponry to produce a large-scale Chinese version:

Posted by Amy Miller on October 22, 2015 3 Comments
Today, a controversial cybersecurity bill aimed at making it easier for corporations to prevent hacking attacks advanced in the Senate with bipartisan support. The Cybersecurity Information Sharing Act (CISA) in its current form would make it possible for corporations to share information about cyberattacks with each other---or the goverment---without having to worry about fielding privacy-based lawsuits. The bill enjoys bipartisan support in the Senate---and has languished under bipartisan opposition, led by Kentucky Senator and Presidential hopeful Rand Paul. From Reuters:
But many privacy activists and a few lawmakers, including Republican Senator Rand Paul and Democratic Senator Ron Wyden, vehemently oppose it. Several big tech companies also have come out against the measure, arguing that it fails to protect users' privacy and does too little to prevent cyber attacks.

Posted by Amy Miller on October 19, 2015 7 Comments
According to one California-based cybersecurity firm, China is already violating its new cybersecurity agreement with the United States. According to CrowdStrike founder Dmitri Alperovich, his firm has seen "no change in behavior" since President Obama and Chinese President Xi Jinping announced the anti-hacking deal on September 25. CrowdStrike has documented seven attacks against US-based pharmaceutical and tech companies since then, "where the primary benefit of the intrusions seems clearly aligned to facilitate theft of intellectual property and trade secrets, rather than to conduct traditional national security-related intelligence collection." This, of course, is exactly why we signed this anti-hacking agreement to begin with. In addition to national security targets, cyberthieves most commonly target valuable intellectual property. Last month's deal did not (pretend?) to prevent cybersyping for national security purposes; instead, it prohibited "economic espionage," in which a hacker steals information from one company and sells it to a competitor.

Posted by Kemberlee Kaye on August 10, 2015 20 Comments
For the past five years, Chinese cyber spies have been reading the private emails of an undisclosed but presumably large number of top Obama administration officials. A report released Monday from NBC news sites an anonymous U.S. senior intelligence official and a secret document. Evidently, U.S. officials have been aware of the email security breech since April of 2010.

Posted by William A. Jacobson on August 06, 2015 21 Comments
After the Office of Personnel Management Chinese hacking, it seems that almost no government system is secure. Now another example. From NBC News:
U.S. officials tell NBC News that Russia launched a "sophisticated cyberattack" against the Pentagon's Joint Staff unclassified email system, which has been shut down and taken offline for nearly two weeks. According to the officials, the "sophisticated cyber intrusion" occurred sometime around July 25 and affected some 4,000 military and civilian personnel who work for the Joint Chiefs of Staff. Sources tell NBC News that it appears the cyberattack relied on some kind of automated system that rapidly gathered massive amounts of data and within a minute distributed all the information to thousands of accounts on the Internet. The officials also report the suspected Russian hackers coordinated the sophisticated cyberassault via encrypted accounts on social media. The officials say its not clear whether the attack was sanctioned by the Russian government or conducted by individuals. But, given the scope of the attack, "It was clearly the work of a state actor," the officials say.

Posted by Amy Miller on July 22, 2015 7 Comments
The federal government has finally decided how to publicly handle an OPM data breach that compromised over 20 million federal employee records this past June. Rather, they've decided what they aren't going to do about it. Citing concerns over national security, the Obama Administration has decided that they will not publicly blame China for the hack, even though conventional wisdom (and a fair amount of now-public evidence) suggests that they were responsible. Officials fear that coming out in an official capacity against Beijing will compromise what evidence investigators have been able to assemble. More from WaPo:
“We have chosen not to make any official assertions about attribution at this point,” said a senior administration official, despite the widely held conviction that Beijing was responsible. The official cited factors including concern that making a public case against China could require exposing details of the United States’ own espionage and cyberspace capabilities. The official was among several who spoke on the condition of anonymity to describe internal deliberations.

Posted by Amy Miller on July 09, 2015 7 Comments
Early last month, the news hit that the federal government's Office of Personnel Management (OPM) had been hacked, compromising the records of millions of federal employees. It was one of the largest thefts of government data ever recorded, and caused a panic amongst current and federal employees. In the wake of the breach, many experts said that the hack was likely worse than had been reported; it looks like they were right---to the tune of 21.5 million victims. Via Fox News:
Hackers swiped Social Security numbers from 21.5 million people -- as well as fingerprint records and other information from background check investigations -- in the massive breach earlier this year of federal personnel files, the government acknowledged Thursday. The Office of Personnel Management included the findings in a statement Thursday on the investigation into a pair of major hacks believed carried out by China. "The team has now concluded with high confidence that sensitive information, including the Social Security Numbers (SSNs) of 21.5 million individuals, was stolen from the background investigation databases," the agency said of the second breach, which affected background investigation files.
21.5 million is a big number. This makes it feel huge:

Posted by Amy Miller on June 18, 2015 22 Comments
The OPM mega-breach has created a nice bipartisan coalition in Congress---against the bureaucrats who allegedly did nothing to stop it. This week, members of Congress called for the resignation of OPM chief Katherine Archuleta after testimony revealed that security protecting OPM's databases is so inadequate that some believe the systems should be shut down entirely. During a 2-hour hearing before the House Oversight Committee, Chairman Jason Chaffetz (R-Utah) let loose on Archuleta, calling the breach "most devastating cyberattack in our nation's history" and demanding to know why OPM was seemingly ambivalent about how vulnerable its systems were to attack. Via Ars Technica:
House Oversight Chairman Jason Chaffetz (R-Utah) told Archuleta and OPM Chief Information Officer Donna Seymour, "You failed utterly and totally." He referred to OPM's own inspector general reports and hammered Seymour in particular for the 11 major systems out of 47 that had not been properly certified as secure—which were not contractor systems but systems operated by OPM's own IT department. "They were in your office, which is a horrible example to be setting," Chaffetz told Seymour. In total, 65 percent of OPM's data was stored on those uncertified systems. Chaffetz pointed out in his opening statement that for the past eight years, according to OPM's own Inspector General reports, "OPM's data security posture was akin to leaving all your doors and windows unlocked and hoping nobody would walk in and take the information."

Posted by Amy Miller on June 04, 2015 14 Comments
US officials suspect hackers in China are responsible for a cyber attack on the Office of Personnel Management's (OPM) computer systems that left the personal information of almost four million current and former federal government employees exposed. The breach, which was detected back in April, is now being described as one of the largest thefts of government data ever seen. DHS concluded back in May that the information had indeed been compromised and stolen, but so far neither OPM of the FBI have indicated exactly whose records have been exposed. More from WaPo:
“Certainly, OPM is a high value target,” said OPM Chief Information Officer Donna Seymour, in an interview. “We have a lot of information about people, and that is something that our adversaries want.” With that understanding, she said, within the last year “OPM has undertaken an aggressive effort to update our cybersecurity posture, adding numerous tools and capabilities to our networks. As a result of adding these tools, we were able to detect this intrusion into our networks.” “Protecting our federal employee data from malicious cyber incidents is of the highest priority at OPM,” said the agency’s director, Katherine Archuleta, in a statement.

Posted by Amy Miller on January 12, 2015 11 Comments
Hackers claiming a connection with the Islamic State have taken control of two social media accounts owned by the U.S. Central Command. Via the Washington Free Beacon:
“ISIS is already here, we are in your PCs, in each military base. With Allah’s permission we are in CENTCOM now,” said one tweet sent from CENTCOM’s account. The apparent hack came as President Obama addressed the nation regarding cyber security. He is expected to propose two pieces of cyber security legislation and to address the effort in his upcoming State of the Union address. The hackers subsequently tweeted images of spreadsheets containing the home addresses, phone numbers, and email addresses of dozens of current and former senior U.S. military officers. “AMERICAN SOLDIERS, WE ARE COMING WATCH YOUR BACK,” one tweet stated.
The hackers have also posted to PasteBin sensitive and personal information they claim they obtained by breaking in to mobile devices. A search of the Google cache reveals the tweets posted to CENTCOM's now-suspended Twitter account: Twitter Centcom Hack We know everything

Posted by William A. Jacobson on January 02, 2015 12 Comments
Despite widespread media and social media claims that the North Koreans were not behind the Sony hack, the U.S. government stands by the assertion that North Korea is the culprit. Obama signed an executive Order today imposing sanctions, as The Washington Post reports:
President Obama, while vacationing in Hawaii, signed an executive order authorizing the sanctions, saying the repressive government was trying to stifle freedom of speech by American artists and businesses. The Treasury Department imposed financial measures on 10 North Korean officials and three government agencies. They include the country’s main intelligence agency, believed to have orchestrated major cyber operations, as well as agencies responsible for weapons deals and military research and development. The newly sanctioned officials include those operating out of Namibia, Iran, Syria and China....

Posted by William A. Jacobson on December 21, 2014 11 Comments
Hijacking someone's Twitter account and putting up stupid pictures or political statements might reasonably be called cyber-vandalism, and a criminal one at that. Like this: rothschild-hacked-old But the Sony hack allegedly by North Korea which led to terrorist threats against movie theaters and a national self-censorhip? Is that really all it was, "cyber-vandalism"? According to Obama, yes, Obama: North Korea hack ‘cyber-vandalism,’ not ‘act of war’:
President Obama said in an interview broadcast Sunday that he does not think a recent North Korean cyberattack against Sony Pictures Entertainment was "an act of war." "No, I don't think it was an act of war," Obama said on CNN's "State of the Union." "I think it was an act of cyber-vandalism that was very costly, very expensive. We take it very seriously. We will respond proportionately."

Posted by William A. Jacobson on December 19, 2014 38 Comments
The speculation as to who the U.S. government thinks was behind the Sony hack is over. The FBI now is on record blaming North Korea, via NBC News:
The FBI on Friday formally accused the North Korean government of the hacking attack that led Sony Pictures Entertainment to cancel the movie "The Interview." "North Korea's actions were intended to inflict significant harm on a U.S. business and suppress the right of American citizens to express themselves," the bureau said in a statement. "Such acts of intimidation fall outside the bounds of acceptable state behavior." U.S. officials had said privately earlier in the week that they suspected North Korea. The FBI said Friday that technical analysis had revealed links to North Korean-developed malware, including lines of code and encryption algorithms.
Here is the full FBI statement (via Business Insider):

Posted by William A. Jacobson on July 15, 2014 31 Comments
How expansive is electronic espionage? Israeli Prime Minister Benjamin Netanyahu reportedly does not have a computer in his office, does not use email and does not have a private phone. I read a while ago that he even uses hand signals in some situations, although I can't find the link now. There's every reason to believe many major national intelligence agencies have similar capabilities, they just don't have Edward Snowdens willing or able to walk off with the proof. You know, imprisoned or dead families could be the consequence elsewhere. So frustrated with U.S. snooping is Germany that it is considering going to old school typewriters, via The Guardian, Germany 'may revert to typewriters' to counter hi-tech espionage:
German politicians are considering a return to using manual typewriters for sensitive documents in the wake of the US surveillance scandal. The head of the Bundestag's parliamentary inquiry into NSA activity in Germany said in an interview with the Morgenmagazin TV programme that he and his colleagues were seriously thinking of ditching email completely. Asked "Are you considering typewriters" by the interviewer on Monday night, the Christian Democrat politican Patrick Sensburg said: "As a matter of fact, we have – and not electronic models either". "Really?", the surprised interviewer checked. "Yes, no joke", Sensburg responded.
While typewriters might be harder to spy on, they hardly are foolproof, as the U.S. Embassy in Moscow discovered back in the day (1986): Soviets Bug Typewriters in U.S. Embassy * * * Soviets Bug Typewriters in U.S. Embassy sounds More on the typewriter espionage here:

Posted by Bruce Carroll on July 13, 2014 3 Comments
In May, the Obama Administration announced a crackdown of Chinese cyber espionage. The grand jury indictments charged five Chinese People’s Liberation Army members with hacking the computers of a number of U.S. businesses and organizations. Now the U.S. government alleges that Boeing was the target in a new round of Chinese cyber spying.
Su Bin, the owner of a Chinese aviation-technology company with an office in Canada, conspired with two unidentified individuals in China to break into the computer networks of U.S. companies to get information related to military projects, according to charges unsealed yesterday in federal court in Los Angeles. Su advised the two others in China on what data to target, according to the charges. Su’s alleged co-conspirators claimed to have stolen 65 gigabytes of data from Boeing related to the C-17 military cargo plane, according to the criminal complaint. They also allegedly sought data related to other aircraft, including Lockheed Martin’s F-22 and F-35 fighter jets.
As was the case with the indictments in May, there appears to be direct evidence linking Su Bin and the Chinese government.
Accessibility by WAH