Monthly Archives: October 2017

Malcolm Turnbull and Benjamin Netanyahu witness MOU on defence industry co-operation Australia & Israel

Jerusalem: The prime ministers of Australia and Israel have shared a warm bearhug and pledged deeper cooperation on cyber-security in the fight against global terror threats.

Mr Turnbull arrived in Jerusalem on Monday afternoon, local time, on a trip that had been delayed and truncated by the political fallout from the High Court’s dual citizenship ruling.

But there was no ill feeling on show at Benjamin Netanyahu’s headquarters, where he was welcomed by the Israeli prime minister pronouncing him “mishpacha” – family.

“Malcolm you are a true friend of Israel,” Mr Netanyahu said. “Our two nations understand each other in the deepest sense… and your personal commitment to Israel is absolutely clear.”

Mr Turnbull said it was a “long schlepp” from Australia but “it feels like family”.

“We are all fighting together against militant Islamist terrorism,” he said. “It’s a threat to Israel, it’s a threat to Australia and it’s a threat to all who value and cherish freedom.”

After two hours of meetings, including a one-on-one discussion then an official bilateral, the men witnessed the signing of a new memorandum of understanding on defence industry co-operation.

Mr Turnbull said they had spoken at length on the Islamist terror threat, and the role of technology in both enabling and fighting against it.

The prime ministers of Australia and Israel shared a warm bearhug and pledged deeper cooperation on cyber-security Photo: Dan Peled

Technology has “empowered individuals who seek to do us harm”, he said, and cyber security was more important than ever.

Israel is considered a cyber warfare superpower, alongside the US, Russia, China and the UK.

It accounts for 10 per cent of global sales of computer and network security technology.

But it also has significant offensive powers.

In October it emerged that in 2015 an Israeli security agency hacked into Russian antivirus firm Kaspersky, which enabled it to watch Russian spies as they worked to infiltrate sensitive US networks.

Israel was reported to have used cyber weapons to spy on the Iran nuclear negotiations in 2014 and 2015.

And Israel was reportedly behind the Stuxnet virus, dubbed the world’s first digital weapon, which was used to disrupt Iran’s uranium enrichment plants.

Last year Mr Turnbull announced a $230 million cyber security strategy, which would include an offensive capability to launch pre-emptive attacks on ‘cyber raiders’.

Mr Turnbull said Monday’s agreement would lead to closer collaboration between the two countries on cyber security.

“It is vitally important that we work more closely together, more of the time, to keep our people safe from terrorism,” he said.

A particular problem was the encrypted apps that terrorists used to communicate in secret, he said.

“We look forward to deeper collaboration on defence, particularly in the cyber domain,” he said.

After the meeting Mr Turnbull told media the two men had also discussed the Iran nuclear deal, which Israel opposes but Australia supports.

It has recently come under pressure from the US, where president Trump has disavowed but so far not scrapped the agreement.

Mr Turnbull said Australia “absolutely understand Israel’s very real concerns and anxieties about Iran moving to a nuclear weapons capability but we are not persuaded that moving away from the agreement … would be beneficial in preventing that type of proliferation.”

Asked on the state of domestic politics, Mr Turnbull denied it was in a state of turmoil after the High Court decision.

“The business of government goes on,” he said. “It’s business as usual.”

Asked if he’d had enough with politics, Mr Turnbull responded “I’ve never had more fun in my life.”

Henry Sapiecha

New USA Federal Requirements On Cellphone Surveillance

WASHINGTON (AP) — Federal law enforcement officials will be routinely required to get a search warrant before using secretive and intrusive cellphone-tracking technology under a new Justice Department policy announced Thursday.

The policy represents the first effort to create a uniform legal standard for federal authorities using equipment known as cell-site simulators, which tracks cellphones used by suspects.

It comes amid concerns from privacy groups and lawmakers that the technology, which is now widely used by local police departments, is infringing on privacy rights and is being used without proper accountability.

“The policy is really designed to address our practices, and to really try to promote transparency and consistency and accountability — all while being mindful of the public’s privacy interest,” Deputy Attorney General Sally Yates told reporters in announcing the policy change.

The policy applies only to federal agencies within the Justice Department and not, as some privacy advocates had hoped, to state and local law enforcement whose use of the equipment has stirred particular concern and scrutiny from local judges.

The technology — also known as a Stingray, a suitcase-sized device — can sweep up basic cellphone data from a neighborhood by tricking phones in the area to believe that it’s a cell tower, allowing it to identify unique subscriber numbers. The data is then transmitted to the police, helping them determine the location of a phone without the user even making a call or sending a text message.

The equipment used by the Justice Department does not collect the content of communications.

Even as federal law enforcement officials tout the technology as a vital tool to catch fugitives and kidnapping suspects, privacy groups have raised alarms about the secrecy surrounding its use and the collection of cellphone information of innocent bystanders who happen to be in a particular neighborhood or location.

In creating the new policy the Justice Department was mindful of those concerns and also sought to address inconsistent practices among different federal agencies and offices, Yates said.

“We understand that people have a concern about their private information, and particularly folks who are not the subjects or targets of investigations,” Yates said.

The new policy requires a warrant in most cases, except for emergencies like an immediate national security threat, as well as unspecified “exceptional circumstances.” The warrant applications are to set out how the technology will be used.

In addition, authorities will be required to delete data that’s been collected once they have the information they need, and are expected to provide training to employees.

The policy could act as a blueprint for state and local law enforcement agencies in developing their own regulations. But it’s unclear how broad an impact Thursday’s announcement will have, since it does not directly affect local police agencies unless they’re working alongside federal authorities on a case or relying on their assistance.

Use of the technology has spread widely among local police departments, who have been largely mum about their use of the technology and hesitant to disclose details — often withholding materials or heavily censoring documents that they do provide.

Local departments have faced scrutiny from judges about how they deploy the equipment, though agencies have often insisted that non-disclosure agreements with the FBI limit what they can say.

The FBI has said that while specific capabilities of the equipment are considered sensitive, it did not intend for the agreements to prevent the police from disclosing to a court that the equipment was used in a particular case. Yates said she expected the FBI to revise any such agreements to be more transparent.

The American Civil Liberties Union called the policy a good first step, but expressed disappointment that it did not cover federal agencies outside the Justice Department or local police who use federal funds to purchase the surveillance equipment. It called on the Justice Department to close remaining loopholes, such as the one allowing for warrantless surveillance under undefined “exceptional circumstances.”

“After decades of secrecy in which the government hid this surveillance technology from courts, defense lawyers, and the American public, we are happy to see that the Justice Department is now willing to openly discuss its policies,” ACLU lawyer Nathan Freed Wessler said in a statement.

Nate Cardozo, a staff attorney with the Electronic Frontier Foundation, a privacy group, praised the policy as an important step, though he said he suspected Justice Department attorneys saw “the writing on the wall” and recognized that judges would increasingly begin requiring warrants.

Though the policy does not require local police to follow the lead of federal agencies, “this is going to let the air out of state law enforcement’s argument that a warrant shouldn’t be required.”

“We think that given the power of cell-site simulators and the sort of information that they can collect — not just from the target but from every innocent cellphone user in the area — a warrant based on probable cause is required by the Fourth Amendment,” Cardozo said.

Henry Sapiecha

NYPD Has Used Cell Tracking Technology around 1,000 Times Since 2008

The New York Police Department has used secretive cellphone tracking technology more than 1,000 times since 2008, according to data released Thursday by the New York Civil Liberties Union.

A cell-site simulator, also known as a Stingray, is a suitcase-sized device that can sweep up basic cellphone data from a neighborhood by tricking phones into believing it’s a cell tower, allowing it to identify unique subscriber numbers. The data are then transmitted to the police, helping them determine the location of a phone without the user even making a call or sending a text message.

Police records show the technology has helped catch suspects in kidnappings, rapes, robberies, assaults and murders. Missing people have been discovered. In some cases, no arrest was made or the phone was located but had been ditched. Officers with warrant squads, robbery squads and homicide units all used the technology, according to the records.

Federal law enforcement in September said it would be routinely required to get a search warrant before using the technology — a first effort to create a uniform legal standard for federal authorities. But the policy applies only to federal agencies within the Justice Department and not, as some privacy advocates had hoped, to state and local law enforcement whose use of the equipment has stirred particular concern and scrutiny from local judges. The NYPD would be required to get a warrant if the investigation was a joint effort with federal officials.

The NYPD said it has no written policy for use of the technology, according to the records released by the NYCLU, but general practice is to obtain a “pen register order” — a court order with a lower standard than a warrant.

Larry Byrne, the deputy commissioner of the police department’s legal bureau, said police only use the Stingray technology to retrieve cellphone numbers of calls to and from a particular phone, not the content of those communications. He said it was used only after a detective, appearing alongside an assistant district attorney, persuaded a state judge to grant the court order.

The civil liberties union urged the department to create a strict policy on use of the technology and to obtain a warrant.

“New Yorkers have very real concerns about the NYPD’s adoption of intrusive surveillance technology,” NYCLU Senior Staff Attorney Mariko Hirose said in a statement. “The NYPD should at minimum obtain warrants before using Stingrays to protect the privacy of innocent people.”

The police have already been adhering to the higher legal standard used by federal law enforcement when applying for a court order, even though state law requires the police present less, said Byrne, who added his office would put the policy in writing.

“Our practice is consistent with what the FBI and the other federal agencies now do,” he said.

The NYCLU requested documents under the Freedom of Information Law and received the first round of information that it asked for in November. Last year, the NYCLU released records showing the Erie County sheriff’s office used Stingrays 47 times in the past four years and indicating that the office obtained a pen register order only once, the agency said.

www.crimefiles.net

www.policesearch.net

www.freephonelink.net

Henry Sapiecha

FBI Couldn’t Access Almost 7K Devices Because Of Encryption

The FBI hasn’t been able to retrieve data from more than half of the mobile devices it tried to access in less than a year, FBI Director Christopher Wray said Sunday, turning up the heat on a debate between technology companies and law enforcement officials trying to recover encrypted communications.

In the first 11 months of the fiscal year, federal agents were unable to access the content of more than 6,900 mobile devices, Wray said in a speech at the International Association of Chiefs of Police conference in Philadelphia.

“To put it mildly, this is a huge, huge problem,” Wray said. “It impacts investigations across the board—narcotics, human trafficking, counterterrorism, counterintelligence, gangs, organized crime, child exploitation.”

The FBI and other  have long complained about being unable to unlock and recover evidence from cellphones and other devices seized from suspects even if they have a warrant, while technology companies have insisted they must protect customers’ digital privacy.

The long-simmering debate was on display in 2016, when the Justice Department tried to force Apple to unlock an encrypted cellphone used by a gunman in a terrorist attack in San Bernardino, California. The department eventually relented after the FBI said it paid an unidentified vendor who provided a tool to unlock the phone and no longer needed Apple’s assistance, avoiding a court showdown.

The Justice Department under President Donald Trump has suggested it will be aggressive in seeking access to encrypted information from . But in a recent speech, Deputy Attorney General Rod Rosenstein stopped short of saying exactly what action it might take.

“I get it, there’s a balance that needs to be struck between encryption and the importance of giving us the tools we need to keep the public safe,” Wray said.

In a wide-ranging speech to hundreds of police leaders from across the globe, Wray also touted the FBI’s partnerships with local and federal law enforcement agencies to combat terrorism and violent crime.

“The threats that we face keep accumulating, they are complex, they are varied,” Wray said, describing threats from foreign terror organizations and homegrown extremists.

Wray also decried a potential “blind spot” for intelligence gathering if Congress doesn’t reauthorize an intelligence surveillance law set to expire at the end of the year. The Foreign Intelligence Surveillance Act allows the government to collect information about militants, people suspected of cybercrimes or proliferation of weapons of mass destruction, and other foreign targets outside the United States. Intelligence and law enforcement officials say the act is vital to national security.

A section of the act permits the government, under the oversight of the Foreign Intelligence Surveillance Court, to target non-Americans outside the United States.

“If it doesn’t get renewed or reauthorized, essentially in the form that it already is, we’re about to get another blind spot,” Wray said

Henry Sapiecha

ASIO restructuring strategy and resources in the face of cyber threat

The country’s intelligence agency has aligned its resources to focus on the growing threat of cyber espionage targeting ‘a range’ of Australian interests.

In the wake of accusations from United States intelligence agencies that Russia hacked into Democratic Party emails, thus helping Donald Trump to election victory last year, a report from Australia’s intelligence agency said the country’s national security resources are focused on preventing foreign threat actors from “targeting a range of Australian interests”.

In its 2016-17 Annual Report [PDF], the Australian Security Intelligence Organisation (ASIO) explained that Australia continued to be a target of espionage and foreign interference, noting in particular that foreign intelligence services sought access to privileged and/or classified information on Australia’s alliances and partnerships; the country’s position on international diplomatic, economic, and military issues; as well as energy and mineral resources, and innovations in science and technology-related fields.

ASIO called the threat from espionage and foreign interference to Australian interests “extensive, unrelenting, and increasingly sophisticated”.

“Foreign intelligence services are targeting a range of Australian interests, including clandestine acquisition of intellectual property, science and technology, and commercially sensitive information,” the report explains.

“Foreign intelligence services are also using a wider range of techniques to obtain intelligence and clandestinely interfere in Australia’s affairs, notably including covert influence operations in addition to the tried and tested human-enabled collection, technical collection, and exploitation of the internet and information technology.”

During the reported period, ASIO said it identified foreign powers clandestinely seeking to shape the opinions of members of the Australian public, media organisations, and government officials, motivated by the appeal of “advancing their country’s own political objectives”.

As highlighted by ASIO, rapid technological change continued to provide people who are engaging in activities that threaten Australia’s security with new tools to conceal their activities from security and law enforcement agencies. In particular, ASIO said the use of encrypted communications by security intelligence targets was — and still is — an area of particular concern.

“Australia continues to be a target of espionage through cyber means; the cyber threat is persistent, sophisticated, and not limited by geography,” ASIO warned.

“Increasingly, foreign states have acquired, or are in the process of acquiring, cyber espionage capabilities designed to satisfy strategic, operational, and commercial intelligence requirements.”

Watching carefully the area of investment flows, ASIO said that while Australia’s open and transparent economy, which invites foreign investment, is a welcome and important contributor to Australia’s national wealth, it is not without national security risks.

“For example, foreign intelligence services are interested in accessing bulk data sets and privileged public or private sector information, including Australian intellectual property. Developing and implementing effective mitigation strategies for these issues is critical to reducing the threat to an acceptable level,” the report says.

Another emerging issue of potential national security concern to ASIO is the lack of diversity of ownership within certain infrastructure sectors.

The agency also said that the number of cybersecurity incidents either detected or reported within Australia represents a fraction of the total threat the country legitimately faces.

While technology provided security and law enforcement agencies with new opportunities to identify activities of security concern, ASIO said building and maintaining technical collection capabilities to stay ahead of the threats proved to be resource intensive.

“Transforming existing agency information and communications technology infrastructure to effectively exploit new capabilities, manage the large volume and variety of data available, and to be adapted easily to new technologies is a major challenge, and one that will require significant, ongoing investment,” the agency wrote.

“In addition to technological challenges in the operating environment, we faced heightened threats to our staff, facilities, and information.”

ASIO said such challenges required the diversion of resources to “ensure the security and effectiveness” of the agency’s operations.

Throughout the period, ASIO said it worked closely with Australia’s national security partner agencies, which included work to progress shared national security objectives through joint agency bodies such as the federal, state, and territory Joint Counter Terrorism Teams (JCTT), the National Threat Assessment Centre (NTAC), the Jihadist Network Mapping and Targeting Unit, and the Australian Cyber Security Centre (ACSC).

Similarly, work with international peers was maintained with over 350 partner agencies in 130 countries, ASIO explained.

The intelligence agency specifically worked with counter-terrorism prosecution in New South Wales, Victoria, and Queensland, providing assistance and evidence on telecommunications intercepts, physical surveillance, listening, and tracking devices.

“In 2016-17, we continued to work closely with telecommunications companies regarding the security risks associated with the use of certain companies in their supply chains and risks arising from foreign ownership arrangements,” the report says.

“We provided sensitive briefings to the Australian government and the telecommunications sector to outline the threat and, where possible, recommended appropriate mitigation measures.”

ASIO said that through its work with ACSC, it regularly observed cyber espionage activity targeting Australia.

“Foreign state-sponsored adversaries targeted the networks of the Australian government, industry, and individuals to gain access to information and progress other intelligence objectives,” the agency wrote.

“ASIO provided support to the ACSC’s investigations of these harmful activities as well as the centre’s work to remediate compromised systems. The number of countries pursuing cyber espionage programs is expected to increase … as technology evolves, there will be an increase in the sophistication and complexity of attacks.”

It isn’t just foreign threats on ASIO’s radar, with the agency noting it remained alert to, and investigated threats from, malicious insiders.

“Those trusted employees and contractors who deliberately breach their duty to maintain the security of privileged information,” ASIO explained. “These investigations continued to be complex, resource-intensive, and highly sensitive.”

In-house, ASIO said it also worked to build an enterprise technology program to enable the agency to “excel in using technology and data” to achieve its purpose.

“Given the increasing opportunities and challenges brought about by rapid advances in technology, it is imperative that ASIO is a ‘data-enabled organisation’, connected to its partners, accountable to the people, innovative in its approach, and sustainable for the long term,” the report says.

From July 2018, Australia’s new Home Affairs ministry will be responsible for ASIO, Australian Federal Police, Border Force, Australian Criminal Intelligence Commission, Austrac, and the office of transport security. It will see Attorney-General George Brandis hand over some national security responsibility to Minister for Immigration and Border Protection Peter Dutton.

Of the ministerial changes and the recommendations of the 2017 Independent Intelligence Review, ASIO Director-General of Security Duncan Lewis said he believes the new measures will play an important role in strengthening the agency’s strategic direction, effectiveness, and coordination of Australia’s national security and intelligence efforts, at a time when “the nation is facing complex, long-term threats” to its security.

Henry Sapiecha

Call for stricter access to Medicare cards after numbers sold on dark web

Australians could be handed greater control over who can access their Medicare card details amid fears the information can be too easily obtained.

An independent report, released on Saturday, has suggested tighter security following a review ordered by the federal government in July after a small batch of card numbers were sold on the dark web.

Medicare healthcare cards in Sydney, Wednesday, Jan. 21, 2015. The Federal government has indicated there could be further changes to planned Medicare reforms after dumping a controversial GP rebate. (AAP Image/Joel Carrett) NO ARCHIVING

It noted that while there had been no risk to patients’ health records as a result of the sale, Medicare card numbers are susceptible to theft for identity fraud and other “illicit activities”.

Illegally obtained Medicare details can also be used to fraudulently make claims and access taxpayer-funded health services.

The report has recommended that doctors and other health professionals be required to get consent from patients – either in writing or verbally – before accessing their Medicare numbers.

“In addition to providing patients with more control, this would also increase consumer awareness about how their Medicare information is used and shared,” it said.

The federal government is also being urged to phase out the ability to access Medicare numbers over the phone.

Roughly 580,000 calls are made to the Department of Human Services requesting card access, but security checks aren’t as robust as the online portal.

“The information required in the provider security check to access a Medicare card number could be accessible by someone other than the provider,” the report found.

While the review panel didn’t see any evidence of fraudulent requests for Medicare numbers over the phone, it “remains concerned about the potential risks presented by the channels”.

It recommends that, while phasing it out, conditions for the release or confirmation of card information by phone should be strengthened with additional security questions to whoever is calling in the request.

The panel – led by Peter Shergold, former secretary of the Department of Prime Minister and Cabinet – stopped short of calling for mandatory identity checks whenever someone uses their Medicare card, but suggested health professionals be required to take “reasonable steps” to confirm a patient’s identity when they are first treated.

It has also recommended that Australians be able to request an audit log of people who have sought access to their card number through the online portal, and that batch requests for numbers over the web be limited to 50 numbers at a time day – a dramatic reduction in the existing 500 record limit.

Last financial year, about 10.2 million searches for Medicare card numbers were made via the online service.

Human Services Minister Alan Tudge and Health Minister Greg Hunt welcomed the report and promised the government will respond by the end of the year.

AAP  www.scamsfakes.com    www.newcures.info

Henry Sapiecha

Data stolen in Australian defence contractor hack

Secret F-35, P-8, C-130 data stolen in Australian defence contractor hack

Around 30 gigabytes of ITAR-restricted aerospace and commercial data was exfiltrated by an unknown malicious actor during the months-long ‘Alf’s Mystery Happy Fun Time’ attack.

In November 2016, the Australian Signals Directorate (ASD) was alerted by a “partner organisation” that an attacker had gained access to the network of a 50-person aerospace engineering firm that subcontracts to the Department of Defence.

Restricted technical information on the F-35 Joint Strike Fighter, the P-8 Poseidon maritime patrol aircraft, the C-130 transport aircraft, the Joint Direct Attack Munition (JDAM) smart bomb kit, and “a few Australian naval vessels” was among the sensitive data stolen from a small Australian defence contractor in 2016.

The secret information was restricted under the International Traffic in Arms Regulations (ITAR), the US system designed to control the export of defence- and military-related technologies, according to Mitchell Clarke, an incident response manager at the ASD who worked on the case.

One document was a wireframe diagram of “one of the navy’s new ships”. A viewer could “zoom in down to the captain’s chair and see that it’s, you know, 1 metre away from nav chair”, Clarke said.

The data theft was first reported on Tuesday as part of the 2017 Threat Report from the Australian Cyber Security Centre (ACSC). Little information was given at the time. The victim was described as a “small Australian company with contracting links to national security projects”. The attacker had “sustained access to the network for an extended period of time” and had stolen a “significant amount of data”.

Clarke provided significantly more detail in his presentation to the national conference of the Australian Information Security Association (AISA) in Sydney on Wednesday.

ASD named this advanced persistent threat (APT) actor “APT ALF”, after a character in the long-running Australian TV soap opera Home and Away.

The attacker had in fact been in the network since at least mid July 2016, with data exfiltration starting around two weeks later. ASD refers to the three months between the attacker gaining access, and the ASD becoming aware of it, as “Alf’s Mystery Happy Fun Time”.

The attacker would have had little trouble gaining access.

The victim’s network was small. One person managed all IT-related functions, and they’d only been in the role for nine months. High staff turnover was typical.

There was no protective DMZ network, no regular patching regime, and a common Local Administrator account password on all servers. Hosts had many internet-facing services.

Access was initially gained by exploiting a 12-month-old vulnerability in the company’s IT Helpdesk Portal, which was mounting the company’s file server using the Domain Administrator account. Lateral movement using those same credentials eventually gave the attacker access to the domain controller and the remote desktop server, and to email and other sensitive information.

“This isn’t uncommon,” Clarke said. “Only about 12 months old, if you look at government, that’s not that out of date, unfortunately.”

The attacker needn’t have bothered with that, however. The ASD’s investigation found that internet-facing services still had their default passwords, admin::admin and guest::guest.

An important aspect of this incident is that a small company, with resources that were clearly inadequate given the sensitivity of the data they held, still managed to obtain and hold ITAR certification.

According to Clarke, an application for ITAR certification is usually only “two or three pages”, and asks only basic questions about organisations’ security posture.

“One of the learning outcomes from this particular case study for at least the Australian government is that we need to find a way to start to be a little bit more granular in our contracting to mandate what type of security controls are required,” Clarke said.

“That’s not for my team to answer, but that’s going to be an outcome of this sort of thing.”

Clarke emphasised the importance of following best practices to secure networks, including the ASD’s Essential Eight strategies to mitigate cybersecurity incidents.

USA Air Force’s Mini Crypto Chip Keeps Data Out Of Enemy Hands

When Airmen are active in the field, securing a line of communication is essential to keep sensitive intelligence away from enemy forces. To help navigate this digital world, the U.S. Air Force has created the new Mini Crypto chip to fortify communications and data between military systems.

“We think (Mini Crypto chip) will really help forward-deployed warfighters secure sensors, or communications devices, in areas where risk of interception is high, and still protect sensitive data, without burdening folks on the front lines with extra equipment or steps to safeguard the encryption device,” says Heidi Beason, the Mini Crypto program manager at the Air Force Life Cycle Management Center, Cryptologic and Cyber System Division, Joint Base-San Antonio, Texas.

At its core, the chip is an independent encryption engine that is small, lightweight, and creates its own session-based “key.” It has a power requirement of 400 milliwatts, “meaning it can be installed on equipment carried by one-person parties operating as scouts and forward air controllers.”

Once a session key is established between the sender and receiver, the key is used to read messages after the encryption process. The key management system boosts data protection and ticks off the National Security Agency check list, which is the highest standards for encryption.

“Communications devices all have a processor, where a message is formatted for transmission,” says Mini Crypto Deputy Program Manager Christopher Edsall.

“In the case of a computer, it’s the (central processing unit). Mini Crypto is located after the processing center, but before the transmission center, which is usually a radio. Another Mini Crypto chip is installed at the receiver end, after the receiving antennae, but before the CPU. The second Mini Crypto chip decrypts the received message as it comes through the radio where the unencrypted message is processed, and then it is displayed or heard,” Edsall adds.

The chip’s encryption creates a resource-intensive decryption process, according to Edsall. If the enemy does manage to make the data readable, the amount of time taken forfeits the information’s usefulness.

According to Beason, two years of program development led to the Mini Crypto chip design we see today. After a quick turnaround of concept, development, and testing, the device is now ready for production.

State-sponsored hackers turn on each other

State-funded hackers are not only stealing from you but also fighting amongst themselves

Researchers have revealed that nation-state hacking groups are not only dedicated to striking targets issued to them, but also to fighting each other.

On Wednesday, Kaspersky Labs researchers presented their findings at the Virus Bulletin conference in Woburn, MA, claiming that sophisticated threat actors are proactively targeting other groups in a land-grab for victim data, as well as a means to copy each others’ tools and probe each other’s infrastructure.

Also known as SIGINT, or the “fourth-party collection practice of spying on a spy spying on someone else,” according to the Global Research & Analysis Team (GReAT), such attacks are most likely to be launched by nation-state sponsored groups in order to target less sophisticated groups and foreign rivals.

There are two main approaches to this internal warfare that groups tend to take. The first, a “passive” model, involves intercepting each others’ data and communication — for example, when commands are issued to a slave system via a command-and-control (C&C) server. Kaspersky says that such attacks, when conducted properly, can be “almost impossible to detect.”

The “active” approach, however, involves infiltrating a hacking group’s infrastructure. While more likely to be detected, these attacks can result in the theft of victim information, tools, and a deep insight into how other threat actors operate.

A common tactic used by state-sponsored groups against each other is the installation of backdoors into C&C infrastructure, which creates persistence. Kaspersky discovered two such examples in wild, one of which in the NetTraveler malicious server, used to target activists in Asia by a Chinese group.

The second was found in the C&C infrastructure employed by Crouching Yeti also known as Energetic Bear, a Russian-speaking threat group which has been linked to attacks against the industrial industry.

However, the team was not able to trace the groups that engineered the backdoors.

Another tactic employed is the surveillance of malicious websites. In 2016, a Korean-speaking state-sponsored group dubbed DarkHotel hosted malicious scripts for another group called ScarCruft, which targeted Russian, Chinese, and South Korean victims.

“The DarkHotel operation dates from April 2016, while the ScarCruft attacks were implemented a month later, suggesting that ScarCruft may have observed the DarkHotel attacks before launching its own,” the team says.

Sometimes, however, threat groups decide to play nice and share, rather than steal.

Kaspersky found that a server belonging to the Magnet of Threats, a group from the Middle East, also hosted implants and malicious tools used by hacking groups Regin, Equation Group, Turla, ItaDuke, Animal Farm, and Careto — English, Russian, French and Spanish-speaking communities, respectively.

Sharing sophisticated tools and data does have a downside — as it was this server which led to the discovery of the Equation Group, later revealed to be linked to the US National Security Agency (NSA).

The constant theft, copying, and internal battles between state-sponsored groups are making the role of security researcher more difficult as time goes on. Without clear “signatures” of each group, tracking who is responsible for what can be very difficult, and without being cautious, could attribute attacks from different countries and groups incorrectly.

“Attribution is hard at the best of times as clues are rare and easily manipulated, and now we also have to factor in the impact of threat actors hacking each other,” said Juan Andres Guerrero-Saade, Principal Security Researcher at Kaspersky. “As more groups leverage each other’s toolkits, victims, and infrastructure, insert their own implants or adopt the identity of their victim to mount further attacks, where will that leave threat hunters trying to build a clear, accurate picture?”

Henry Sapiecha