Snowden Continues to Expose Allied Cyber Tactics

Russian Espionage

NSA whistleblower and Putin poster boy Edward Snowden apparently released yet another document, this one exposing UK cyber spying techniques allegedly used by the GCHQ.

The document, according to The Intercept lists multiple tools that the UK intelligence agency used to spy on social media accounts, interrupt or modify communication and even modify online polls.

Tools like:

  • UNDERPASS – Change outcome of online polls
  • SILVERLORD – Disruption of video-based websites hosting extremist content
  • ANGRY PIRATE – Permanently disables a target’s account on a computer
  • PREDATORS FACE – Targeted Denial Of Service against Web Servers
  • And several others.

The release again leaves me scratching my head.

From ancient times countries spied on each other, even their allies. Only the most naive would assume this practice has magically stopped in the online age. I do love how shocked governments appeared in the media when they found out that the NSA was snooping on them, what a joke.

And in this case, several of these tools listed sound like they are more geared towards fighting or countering online use of enemy communications possibly by Islamic militants.

One would have to ask, does this release from Snowden make the people of the UK or the US safer from government snooping, or more likely would it tell enemy nations exactly what tools have been and will be used against them?

Again with Snowden one would have to ask, is he a champion of internet privacy or simply just a traitor to the US and her allies, exposing tools and techniques used against foreign nations and in the war on terror?

With Snowden pushing for an extension of his stay in Russia, it would seem the later would be correct.

Advertisements

Iranian Hackers Target US Military Personnel via Social Media

People trust and share way too much on social media sites, and unfortunately this extends to government employees and military troops around the world. Iranian hackers have taken advantage of this and for the last three years have been targeting high ranking officials worldwide by attacking social media accounts using social engineering.

Social Engineering means to attempt to gain access or information from someone by pretending to be someone else or by physiologically manipulating someone to trick them into doing something they normally wouldn’t. Hackers use these techniques to gain account login information, access to a physical location or confidential data, or to gain information that could be used in future attacks.

According to the security firm iSight Partners in Dallas, Iranian hackers pretending to be members of US News media and defense contractors have social engineered high ranking officials via sites like Facebook, Linked-In, YouTube and Twitter since 2011. The firm has tracked the attacks for six months and have been amazed at the depth and persistence of the hackers:

It is such a complex and broad-reaching, long-term espionage campaign for the Iranians, what they lack in technical sophistication, they make up in creativity and persistence,” said iSight Senior Vice President Tiffany Jones.

The targets included a US Navy Admiral and other high ranking officials from the US and also Israel, UK, Iraq, Saudi Arabia and Syria.

People share way to much via social media assuming it is a safe environment. Military personnel and government officials around the globe share where they are, what technology they are working on, unit locations and capabilities, and other seemingly innocent data shared with “friends” that could be a gold mind to cyber espionage and social engineering hackers.

Officials should be very wary of unknown social media contacts pressing them for confidential data or account information. High ranking military personnel or those in top secret positions should not use social media sites as resumes or to share where they are or what they are working on.

Some country’s even prohibit soldiers from posting any pictures of themselves in uniform or discussing any military occupation information on social media sites.

Chinese Hackers help China build J-20 Stealth Fighter with US Tech

China's J-20 Dragon

The Chinese latest J-20 Stealth Fighter comes sporting some of the latest cutting edge technology advances – which were stolen from the US during a cyber espionage campaign.

According to defense officials, starting in 2007 Chinese hackers were involved in a massive, multi-year cyber espionage program dubbed, “Operation Byzantine Hades”, that targeted foreign governments and industry.

At the expense of American companies, Chinese hackers have done wonders for China’s technical capabilities, especially their military research and development. By infiltrating American military subcontractors, and stealing top secret documents, Chinese hackers were able to save millions of dollars and cut decades off of R&D time.

According to an article in the Chinese Global Times,  the following techs used in the J-20 were “obtained” from the F-35:

  • Diverterless supersonic inlet
  • Electro-optical distributed aperture system
  • Electro-optical targeting system
  • AVEN nozzle
  • Fire-control array radar system

Earlier this year the Pentagon also revealed that the designs for the new Terminal High Altitude Area Defense missile systems and the Patriot Advanced Capability-3 (PAC-3) missile defenses had also been compromised.

Some aviation technologist are saying that with the tech upgrades that were stolen from the US, the J-20 might be a better match for our F-22 (which it suspiciously looks like) instead of the F-35. And with their massive production capability, this could really cause a shift in their air power capabilities.

Many reports have surfaced about various problems with the F-35. From cracked bulkheads, to issues with the plane’s Autonomic Logistics Information System. Some experts have even called out the F-35 saying it is a waste of money, unsafe and incapable of performing as billed.

One of the outspoken critics of the F-35 is Pierre Sprey, co-designer of the F-16 and the A-10. Of the F-35 he said, “It’s as if Detroit suddenly put out a car with lighter fluid in the radiator and gasoline in the hydraulic brake lines,” he told me. “That’s how unsafe this plane is. Plopping down a fighter this full of bugs and this untested in the middle of a populated area is just nuts.

This YouTube video by Sprey is also enlightening:

We can’t go back in time and undo what was done, or recover the secrets stolen by the Chinese. All we can hope with the J-20 at this point is that China also copied the F-35’s problems.

 

 

 

Russian “Cyber” Snake attacking Ukrainian Systems

Snake BAE

Everyone is expecting Russia to attack Ukrainian computer systems, but the truth may be that they have been doing so right along. One alleged Russian based cyber espionage tool named “Snake” has been active in the Ukraine and other places (even the US) since 2005.

Snake is named after Ouroboros in Ancient Greek mythology, and it was usually displayed as a snake or a dragon eating its own tail. The inference is that of something that is constantly re-creating itself.

Snake infections have been located in several countries – the US Department of Defense have been breached by an earlier version of the program. But as of 2013, the espionage tool usage seems to be aggressively targeting systems in the Ukraine:

Snake samples

BAE systems have recently released a report on Snake. According to the report, the tool seems to have originated from a nation that could fund sophisticated and expensive attack tools.

Martin Sutherland, Managing Director, BAE Systems Applied Intelligence said, “What this research once more demonstrates, is how organised and well-funded adversaries are using highly sophisticated tools and techniques to target legitimate organisations on a massive scale.”

And, “Although there has been some awareness of the Snake malware for some years, until now the full scale of its capabilities could not be revealed, and the threat it presents is clearly something that needs to be taken much more seriously.”

Snake allows remote access to an infected system, can hide and ex-filtrate pilfered data, seeks to infect other systems, uses stealthy communication techniques, has a rootkit section and can even bypass security features of 64 bit Windows systems.

A couple tell tail clues found during analysis, including time zone information and the language used in some lines of code seem to point to Russia as the tool creator. And with he increased attacks on the Ukraine within the last year makes Russia look even more the culprit.

BAE System’s report covers:

  • How the malware communicates,
  • The distinctive architectures which have evolved over the years,
  • The use of novel tricks to by-pass Windows security,
  • How it hides from traditional defensive tools.

Check out the full report on BAE’s website.