Iranian Hackers Target US Military Personnel via Social Media

People trust and share way too much on social media sites, and unfortunately this extends to government employees and military troops around the world. Iranian hackers have taken advantage of this and for the last three years have been targeting high ranking officials worldwide by attacking social media accounts using social engineering.

Social Engineering means to attempt to gain access or information from someone by pretending to be someone else or by physiologically manipulating someone to trick them into doing something they normally wouldn’t. Hackers use these techniques to gain account login information, access to a physical location or confidential data, or to gain information that could be used in future attacks.

According to the security firm iSight Partners in Dallas, Iranian hackers pretending to be members of US News media and defense contractors have social engineered high ranking officials via sites like Facebook, Linked-In, YouTube and Twitter since 2011. The firm has tracked the attacks for six months and have been amazed at the depth and persistence of the hackers:

It is such a complex and broad-reaching, long-term espionage campaign for the Iranians, what they lack in technical sophistication, they make up in creativity and persistence,” said iSight Senior Vice President Tiffany Jones.

The targets included a US Navy Admiral and other high ranking officials from the US and also Israel, UK, Iraq, Saudi Arabia and Syria.

People share way to much via social media assuming it is a safe environment. Military personnel and government officials around the globe share where they are, what technology they are working on, unit locations and capabilities, and other seemingly innocent data shared with “friends” that could be a gold mind to cyber espionage and social engineering hackers.

Officials should be very wary of unknown social media contacts pressing them for confidential data or account information. High ranking military personnel or those in top secret positions should not use social media sites as resumes or to share where they are or what they are working on.

Some country’s even prohibit soldiers from posting any pictures of themselves in uniform or discussing any military occupation information on social media sites.

Advertisements

Army chooses New (Old) Camouflage Pattern

Looks like the Army has chosen a new camouflage pattern to replace the much maligned and disliked UCP (Universal Camouflage Pattern). Well at least they have unofficially chosen one – “Scorpion”.

It took the Army about two years of testing to discover that their current issue UCP camo just isn’t up to snuff. During testing that ended in 2009 it was found that the camo performed miserably when compared to the Marine’s digital camo and the ever popular Multi-cam.

camouflage rating1

And believe it or not it seems that the Army has been trying to find a replacement ever since. Just last week the Army announced that it would field a “family” of camouflage patterns – A dark woodland pattern, a light desert pattern and one in between. But so far no official word yet, other than there were still more tests to go.

They have some pretty interesting digital patterns to choose from. Marine digital MARPAT (Marine Pattern – Desert and Woodland) was one of their top choices and from the people that I have talked to, it works very well in the field.

They also liked Multicam, but it seems that the costs to field it would be to high.

Though not mentioned, I am curious how the new “organic” digital patterns from A-TACS would have fared on the test. The A-TACS FG woodland camo is amazing:

a-tacs camo

I also noticed that they tested Syrian, French and Iraqi patterns but somehow German Flecktarn didn’t even make the list. It works extremely well in dark woodland environments:

flecktarn

So what did they choose?

Well, according to Military.com, the Sergeant Major of the Army is telling all the senior Sergeants that the Army will be transitioning to the “Scorpion” pattern.

What is Scorpion?

Believe it or not it is a pattern that the Army has already owned for 12 years and looks very similar to, drum roll please…

Multicam!

scorpion

Apparently it was created by Crye (the creator of Multicam) for the OFW program, but uses a slightly different pattern. In doing so, one could assume that the pattern would test out very similar to Multicam.

So there you have it, several years of testing and it looks like the Army is going to use a pattern that they already own!

DARPA unveils “Hack Proof” Mini-Quad Copter

DARPA’s has unveiled a “hack proof” UAV that demonstrated that a non-compromisable drone could be developed.

The mini-quadcopter is the creation of their High-Assurance Cyber Military Systems (HACMS) program, and one of many DARPA devices displayed to the Pentagon on Wednesday according to DefenseTech.

There are numerous reports of drones malfunctioning or possibly even hacked by attacking their GPS guidance system.

Basically DARPA understands the risks of Drones being hacked or mission compromised and is looking for new ways to protect these valuable assets.

Enter DARPA’s HACMS (Hack-ems? Hack MS?? Gotta love government acronyms) division. According to DARPA’s website, “The goal of the HACMS program is to create technology for the construction of high-assurance cyber-physical systems, where high assurance is defined to mean functionally correct and satisfying appropriate safety and security properties.

And in this case, DARPA unveiled a hardened software system and pared it with a mini-Quad copter to see if they could create a non-hackable platform.

The software is designed to make sure a hacker cannot take over control of a UAS. The software is mathematically proven to be invulnerable to large classes of attack,” Kathleen Fischer, HACMS program manager said.

Of course all in the cyber security realm will scoff at the idea of being “unhackable”, but in it’s defense, the mini-copter was able to hold off a “Red Team” – a group of hackers that pretend to be bad guys and test systems looking for holes.

The control software wasn’t necessarily created with mini-UAV’s in mind, but larger military grade drone platforms. And that is not all, in the future it may not just be used for drones.

Soon you may see this same tech released as an Open Source project and used to create hardened network routers and even possibly solve security problems associated with BYOD or employees bringing in their mobile wireless devices for network connectivity.

Pretty impressive indeed!

US Formally Charges Chinese Military Officials for Hacking

Today the United States Department of Justice announced a formal indictment against individual Chinese military officials for hacking into US companies.

For years China has turned to hacking to close the technology gap between them and other nations. Termed “cyber-espionage”, Chinese hackers targeted hi-tech US companies and stole confidential research and development data.

From the Chinese side it is a very lucrative form of industrial espionage, it costs them very little to do and they have recovered millions if not billions of dollars of research data and have significantly reduced their R&D time.

The US apparently has had enough and is preparing a formal court case against them – For what it is worth.

“This is a tactic that the United States government categorically denounces. This case should serve as a wake-up call to the seriousness of the ongoing cyberthreat,” Attorney General Eric Holder said.

The chances that China will admit to hacking or turn over anyone involved are very slim. They have already denied the accusations as false, but I guess you need to start somewhere.