Category Archives: FBI CIA MI5 KGB

FBI charges Chinese national with distributing malware used in OPM hack attack

The malware has been linked to both the data breach of the US Office of Personnel Management as well as the Anthem breach.

The FBI has filed charges against a Chinese malware broker named Yu Pingan, alleging that he provided hackers with malware, including the Sakula trojan, to breach multiple computer networks belonging to companies in the US

The FBI alleges that Yu, also known as “GoldSun,” conspired with two unnamed hackers from around April 2011 through around January 2014 to maliciously target a group of US companies’ computer networks.

The complaint filed does not name which companies were targeted but notes that the different companies were headquartered in San Diego, California; Massachusetts; Los Angeles, California; and Arizona.

The rarely-used Sakula malware has been linked to both the 2014 breach of the US Office of Personnel Management as well as the 2015 breach of the health insurance firm Anthem.

The Anthem breach impacted 78.8 million current and former customers of the company, while the OPM hack affected more than 22 million records of Americans who had applied for security clearance to work for the government.

FBI investigate US political party hacks, Russian ties

Is Russia at the heart of the alleged intrusion into Democratic Congressional Campaign Committee systems?

cyber-war-button-finger image www.intelagencies.com

The FBI is reportedly investigating a cyber attack levied against computer systems at the Democratic Congressional Campaign Committee (DCCC) which may have ties to Russian hackers.

According to Reuters, the cyber attack against the DCCC may also be linked to a recent attack against the Democratic National Committee (DNC).

The attack against the DNC led to tens of thousands of internal party emails being leaked to the public, as well as the resignation of DNC chair Debbie Wasserman Schultz.

The threat actors responsible have been linked to Russia due to hints in the code, however, nothing has been confirmed. Reports suggest that US intelligence agencies hold Vladmir Putin’s government responsible for the leak, of which Russian cyber criminals claimed to be the source.

Accusations have been made that the attack was launched in order to meddle with the upcoming presidential election. Russia has dismissed these claims as “absurd” bordering on “stupid.”

The DCCC attack may have taken place to steal information about donors, according to Reuters sources. As the DCCC raises money for Democrats running for Representative seats, knowing who is funding these campaigns — and grabbing information including email addresses and credit card data — could prove politically valuable.

The DCCC attack, which may have begun as early as June, included the use of a fraudulent website which mimicked the true DCCC donation website. Cash intended for campaigns then ended up to the malicious domain instead.

According to people familiar with the matter, the IP address of the fake website was similar to the one used by the alleged Russian hackers responsible for the DNC data breach.

FBI Director of National Intelligence James Clapper said on Thursday the agency was not ready to “make the call on attribution” as to who was responsible for the DNC hack, and there is no word on an investigation into the attack on the DCCC.

Confirmed_Profile_2_300_250

Henry Sapiecha

FBI head insists that Apple hack request be complied with

apple logo white on black-image www.intelagencies.com usa country flag image www.intelagencies.com

fbi_logo-blue-image www.intelagencies.com

The director of the US Federal Bureau of Investigation has defended his legal fight with Apple over encryption, saying the case involving the San Bernardino shooter’s iPhone was “quite narrow” and not intended to set a precedent.

In the latest volley of an escalating war of words between the US authorities and the world’s most valuable company, James Comey made an emotional appeal to Apple and the US public in a blog post on specialist legal site Lawfare.

More

On this story

On this topic

IN US Politics & Policy

“We can’t look the survivors in the eye, or ourselves in the mirror, if we don’t follow this lead,” he said. “We don’t want to break anyone’s encryption or set a master key loose on the land.”

The FBI director wrote that the tension between privacy and safety “should not be resolved by corporations that sell stuff for a living. It also should not be resolved by the FBI, which investigates for a living.”

Instead, he continued, the matter should be settled “by the American people” and called for a “long conversation” on the matter.

Mr Comey’s blog post comes ahead of Apple’s legal response later this week to a case that began last Tuesday when a judge in California ordered the iPhone maker to create tools that would help the FBI unlock a device used by Syed Rizwan Farook before he killed 14 people in December.

Tim Cook, Apple’s chief executive, has refused to comply with the order, calling the demand for what he called a “back door” into the iPhone an “over-reach” by the authorities that has “chilling implications” for its customers’ privacy. Several other Silicon Valley companies, including Google and Facebook, have supported Apple’s position.

On Friday the US Department of Justice and Apple traded blows over both the intent behind the order and the handling of the investigation. The DoJ accused Apple of putting concerns about its “marketing strategy” ahead of its legal obligations and said Mr Cook had made “numerous mischaracterisations” of the government’s case.

Apple executives denied that allegation and implied that the FBI had bungled an opportunity to gain access to data stored on Farook’s iPhone, by changing the iCloud password in the hours after he was killed in a shootout with officers.

That password reset prevented the iPhone from sending its data to Apple’s servers through an automatic back-up, where it could be accessed by the company and the FBI through a standard legal process.

You need JavaScript active on your browser in order to see this video.

No video

The FBI on Saturday denied wrongdoing in that situation, saying the iCloud reset was a “logical next step” in its investigation and “does not impact Apple’s ability to assist with the court order”.

“It is unknown whether an additional iCloud back-up of the phone after that date — if one had been technically possible — would have yielded any data,” the FBI said.

Mr Comey on Sunday night attempted to step over the row about the iCloud back-up and appealed to the broader principles at stake in what he called a “heartbreaking” case of terrorism.

“The San Bernardino litigation isn’t about trying to set a precedent or send any kind of message. It is about the victims and justice,” he wrote in his post, which does not directly mention Apple or the iPhone by name.

Apple must file its legal response to the judicial order by Friday, which is also the day the company holds its annual shareholder meeting at its Cupertino headquarters.

One survey late last week showed that US public opinion is finely balanced on the issue. An online poll of 1,093 US adults by SurveyMonkey found that 51 per cent agreed with the FBI while 49 per cent took Apple’s side. Even among iPhone owners, a narrow majority backed the FBI in the dispute.

dfi7v

Henry Sapiecha

FBI probes ‘mr.grey’ and 1.2 billion stolen web credentials

hacker image on dark screen www.intelagencies.com

That hacker was identified based on data from a cybersecurity firm. Photo: Rob Young

A hacker who once advertised having access to user account information for websites like Facebook and Twitter has been linked through a Russian email address to the theft of a record 1.2 billion internet credentials, the FBI said in court documents.

That hacker, known as “mr.grey”, was identified based on data from a cybersecurity firm that announced in August 2014 that it had determined an alleged Russian crime ring was responsible for stealing information from more than 420,000 websites, the documents said.

The papers, made public last week by a federal court in Wisconsin in the US, provide a window into the Federal Bureau of Investigation’s probe of what would amount to the largest collection of stolen user names and passwords.

The court papers were filed in support of a search warrant the FBI sought in December 2014 and that was executed a month later related to email records

The FBI investigation was prompted by last year’s announcement by Milwaukee-based cybersecurity firm Hold Security that it obtained information that a Russian hacker group it dubbed CyberVor had stolen the 1.2 billion credentials and more than 500 million email addresses.

The FBI subsequently found lists of domain names and utilities that investigators believe were used to send spam, the documents said.

The FBI also discovered an email address registered in 2010 contained in the spam utilities for a “mistergrey”, documents show.

A search of Russian hacking forums by the FBI found posts by a “mr.grey”, who in November 2011 wrote that if anyone wanted account information for users of Facebook, Twitter and Russian-based social network VK, he could locate the records.

Alex Holden, Hold Security’s chief information security officer, said this message indicated mr.grey likely operated or had access to a database that amassed stolen data from computers via malware and viruses.

Facebook and Twitter declined comment. The FBI declined to comment, and US Justice Department had no immediate comment.

The probe appears to be distinct from another investigation linked to Hold Security’s reported discovery that 420,000 websites, including one for a JPMorgan Chase & Co corporate event, were targeted by the Russian hackers.

In a case spilling out of the discovery of the JPMorgan breach, US prosecutors this month charged three men with engaging in a cyber criminal enterprise that stole personal information from more than 100 million people.

Prosecutors accused two Israelis, Gery Shalon and Ziv Orenstein, and one American, Joshua Samuel Aaron, of being involved in a variety of schemes fueled by hacking JPMorgan and 11 other companies.

An indictment in Atlanta federal court against Shalon and Aaron names as a defendant an unidentified hacker believed to be in Russia.

Reuters

OOO

Henry Sapiecha

FBI: Surveillance flights by the book, rarely track phones

FILE - In this May 26, 2015, file photo, a small plane flies near Manassas Regional Airport in Manassas, Va. The plane is among a fleet of surveillance aircraft by the FBI, which are primarily used to target suspects under federal investigation. The FBI assured Congress on June 17, in an unusual, confidential briefing that its plane surveillance program is a by-the-books operation short on high-definition cameras, with some planes equipped with binoculars. (AP Photo/Andrew Harnik)

FILE – In this May 26, 2015, file photo, a small plane flies near Manassas Regional Airport in Manassas, Va. The plane is among a fleet of surveillance aircraft by the FBI, which are primarily used to target suspects under federal investigation. The FBI assured Congress on June 17, in an unusual, confidential briefing that its plane surveillance program is a by-the-books operation short on high-definition cameras, with some planes equipped with binoculars. (AP Photo/Andrew Harnik)

In this May 26, 2015, file photo, a small plane flies near Manassas Regional Airport in Manassas, Va. The plane is among a fleet of surveillance aircraft by the FBI, which are primarily used to target suspects under federal investigation. (AP Photo/Andrew Harnik)

The FBI assured Congress in an unusual, confidential briefing that its plane surveillance program is a by-the-books operation short on high-definition cameras — with some planes equipped with binoculars — and said only five times in five years has it tracked cellphones from the sky.The FBI would not openly answer some questions about its planes, which routinely orbit major U.S. cities and rural areas. Although the FBI has described the program as unclassified and not secret, it declined to disclose during an unclassified portion of a Capitol Hill briefing any details about how many planes it flies or how much the program costs. In a 2009 budget document, the FBI said it had 115 planes in its fleet.

The briefing Wednesday to Senate staff was the first effort in recent years — if ever — to impose oversight for the FBI’s 30-year aerial surveillance program that gives support to specific, ongoing investigations into counterterrorism, espionage and criminal cases and ground surveillance operations. While it withheld some details, it offered assurances that the planes are not intended to perform mass surveillance or bulk intelligence collection. However, there is still no formal oversight regimen for the program.

The briefing came two weeks after the FBI confirmed to The Associated Press for the first time its wide-scale use of the aircraft, after the AP traced at least 50 planes registered to fake companies back to the FBI. The AP investigation identified more than 100 flights in 11 states over a 30-day period this spring. The planes since June 1 have flown more than two-dozen times over at least seven states, including parts of Texas, Georgia and the Pacific Northwest.

The ubiquity of the flights, combined with few details about the surveillance equipment aboard the planes, raised civil liberties concerns over Americans’ privacy.

The AP had reported that, in rare circumstances, the FBI equipped the planes with technology capable of tracking thousands of cellphones using a device known as a “cell-site simulator.” These can trick pinpointed cellphones into revealing identification numbers of subscribers, including those not suspected of a crime.

The FBI said that technology has been used on its surveillance aircraft only five times since 2010, according to one Senate staffer present at the briefing. The FBI would not say how often it has used the technology in ground surveillance operations.

Staffers shared details with the AP on condition of anonymity because they were not authorized to speak publicly about them.

The FBI said 85 percent of the aircraft have commercially available infrared still and video cameras. The remaining 15 percent use binoculars for surveillance missions. The FBI said there were only eight high-definition cameras in the fleet, though it would like to have that technology for more of its planes.

The FBI, like the Drug Enforcement Administration, said it hides its aircraft behind fake companies so that it can discreetly conduct surveillance and protect the safety of the pilots. The FBI said most surveillance flights — some 64 percent — are part of national security investigations. It was unclear over what time period those flights took place.

Senate Judiciary Chairman Chuck Grassley, R-Iowa, pressed for answers about the FBI’s aerial surveillance program after The Washington Post reported in May that an FBI surveillance plane was used over Baltimore during rioting that erupted following the death of 25-year-old Freddie Gray, who sustained grievous injuries while in police custody. In that instance, the FBI was helping local police with aerial support.

Despite government concerns that publicity about the planes might impede surveillance, the number of flights has remained consistent since the AP first reported on the program, according to an AP review of flight records and radar data. Flights since June 2 have occurred a few times each day over cites across the United States, including San Francisco, Phoenix and Orange County, California. They are generally flown without a warrant, which the FBI says is consistent with the law.

Two senators proposed changing that Wednesday.

Sen. Dean Heller, a Nevada Republican, and Sen. Ron Wyden, an Oregon Democrat who has been outspoken about government surveillance, introduced a bill that would limit what the federal government can record from the skies and require a warrant to conduct surveillance from planes and drones.

“Technology has made it possible to conduct round-the-clock aerial surveillance. The law needs to keep up,” Wyden said in a statement. “Clear rules for when and how the federal government can watch Americans from the sky will provide critical certainty for the government, and help the unmanned aircraft industry reach its potential as an economic powerhouse in Oregon and the United States.”

The FBI said it does not comment on pending legislation, but maintained that a warrant was not necessary for the type of surveillance being conducted from its planes.

Courts are grappling with balancing constitutional protections against evolving technologies, as laws have not kept pace with technological advancements.

Among other reasons, the surveillance planes were exposed as belonging to the FBI because one of its fake companies shared a post office box with the Justice Department, creating a link between the companies and the FBI through publicly available Federal Aviation Administration records.

The FBI told Senate staffers it was working with the FAA to restore some cover to preserve operational security, but it did not plan to spend the money required to operate under “deep cover.”

ooo

Henry Sapiecha

FBI investigates possible China military involvement in cyber attack

hacking hackers chinese registry.com

The FBI is investigating possible Chinese military involvement in a cyber hack at Register.com, which manages more than 1.4m website addresses for businesses around the world.

Hackers, who appear to have stolen network and employee passwords, have accessed Register’s network for about a year, said people familiar with the probe. But the breach, which the company reported to the FBI but not to customers or investors, is not known to have caused disruptions or resulted in any theft of client data.

That has bolstered investigators’ belief that the hackers are state-sponsored rather than criminals intent on making money from credit card data or social security information.

Although the investigative trail has pointed to Chinese military involvement, it is unclear what China would want to accomplish by hacking the site. Some current and former law enforcement officials said, however, that the hack could be aimed at obtaining the ability to undermine large parts of internet infrastructure.

That would enable hackers to redirect traffic to unintended websites, steal data, access email accounts associated with those sites, or cause web pages to crash, among other consequences.

The Chinese defence ministry did not respond to a request for comment.

The Register.com threat reflects the growing danger of state-sponsored cyber hacks, which are more difficult to prosecute than criminal attacks. In 2014 in an unprecedented move, the Justice Department indicted five members of the Chinese military for hacking into several US companies to steal trade secrets but it is doubtful that they will ever be apprehended.

Register.com is a unit of Web.com, whose companies cater to businesses large and small as well as doctors’ practices. In addition to managing web addresses, known as domain names, they also host websites and provide ecommerce and email services, so they have access to a site’s files, credit card data and other information.

Other subsidiaries of parent company Web.com such as Network Solutions, the third largest internet registrar in the world with more than 4.5m domain names, could also be vulnerable, people familiar with the case said. In 2013, Network Solutions suffered a breach that caused a temporary outage at Linkedin.com, but the networking site is no longer a client.

The Securities and Exchange Commission has provided guidance on cyber breaches, urging publicly traded companies to disclose hacks if they are “material” events, but it is often left to companies to decide whether a cyber attack is “material.”

Web.com, which is publicly traded, has not specifically disclosed the breach in SEC filings, but expanded its description of cyber security risks in its 2014 annual report.

“We may not be able to remedy these problems in a timely manner, or at all,” it said in the February filing. “Because techniques used by outsiders to obtain unauthorised network access or to sabotage systems change frequently and generally are not recognised until launched against a target, we may be unable to anticipate these techniques or implement adequate preventive measures.”

A Web.com spokesman declined to comment on specific breaches but said the company had built up security protocols and tools to constantly monitor and mitigate threats. He added that the company was not aware of a “loss of any customer data resulting from an attack on any Web.com system.”

He acknowledged that Web.com clients have been targeted by hackers using “phishing” emails that encourage a user to click on what appears to be a legitimate message in an attempt to steal information.

“Despite our efforts to mitigate the impacts of customer infections through product improvements and user education, phishing and spear phishing activities remain a serious problem,” the spokesman said.

There are no federal standards for reporting cyber breaches and state laws vary, with most rules focusing on ensuring that companies disclose anything affecting an individual’s personal information like healthcare records and social security numbers but little else. Proposals in Congress to establish federal reporting standards also focus on personal information.

That means companies in sectors where breaches do not expose such data but instead are focused on stealing intellectual property, trade secrets or other business-oriented information are not required to report breaches and often do not.

In many attacks on defence and industrial sector targets, hackers have been linked to the Chinese military and have remained in company networks for several years because the companies cannot get rid of them, but the breaches remain undisclosed to the public, according to people familiar with those cases.

ooo

Henry Sapiecha

CIA LEAK DISCLOSES WHO GETS SPECIAL ATTENTION WITH SECURITY ISSUES AT AIRPORTS

Unattended Bag Prompts Evacuation Of O'Hare Terminal

A new leaked CIA document from WikiLeaks reveals a few government secrets that could be useful for travelers this holiday season. In it, the CIA explains how to avoid a secondary screening at the airport if you’re traveling abroad.

The basic tips: Don’t bring too many new items in your luggage (sorry, Christmas gifts); don’t be nervous and visibly sweating; don’t change your itinerary within a day of your flight; don’t be weird about passport screening procedures; and make sure your luggage isn’t disproportionate to your purported reasons for your trip, which could mean how it’s packed or how fancy the stuff on the inside is.

The documents also contains security procedures from around the globe, shining a light on what other countries look for in a passenger profile. Turkish accents in Iraq get you an almost automatic screening. In Israel, lone male travelers with backpacks often get secondary screening, while lone travelers from China elicit concerns of illegal immigration from Chilean authorities.

In addition, Austria and Singapore have Russian agent watch lists at the ready, and Colombia is on the lookout for Iranian and Venezuelan spies. Portugal keeps an eye out for travels from Western Africa and any of its former colonies, fearing illegal immigration. Cambodia fears terrorists from around the Arab world, while Saudi Arabia is suspect of travellers from Iraq, Iran, Libya, Palestine, and Syria. And in the Seychelles, there’s plenty of fear of Nigerian drug trafficking.

Read the whole report here.

large loan application banners image www.money-au (9)

Henry Sapiecha

Retired HEAD OF FBI Tells ALL “Illuminati, Satanism, Pedophile Rings” VIDEO REVEALS ALL

Henry Sapiecha

FBI warns of data-eating, ‘destructive’ malware in wake of Sony attack

The FBI began a probe into the Sony hack on Monday.

FBI Logo image www.intelagencies.com

The US Federal Bureau of Investigation has warned businesses that hackers have used malicious software to launch destructive attacks in the United States, following a devastating cyber attack last week at Sony Pictures Entertainment.

The five-page, confidential “flash” warning issued to businesses late on Monday (US time) provided some technical details about the malicious software that was used in the attack, though it did not name the victim.

An FBI spokesman declined comment when asked if the software had been used against the California-based unit of Sony.

The FBI occasionally issues “flash” warnings to provide businesses with details about emerging cyber threats to help them defend against new types of attacks. It does not name the victims of those attacks in those reports.

The report said that the malware overrides data on hard drives of computers which can make them inoperable and shut down networks.

It is extremely difficult and costly, if not impossible, to recover hard drives that have been attacked with the malware, according to the report, which was distributed to security professionals at US companies.

On Monday, several of Sony Pictures’ big upcoming movies, including Fury and Annie, appeared to have been leaked and distributed online, in a development believed to be linked to last week’s hack.

The company then hired security company Madiant to investigate the breach as the FBI began a probe.

Reuters

Henry Sapiecha