Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Spy Agency. Show all posts

US Spies Lag Rivals in Gathering Data That is Concealed From Plain Sight


As the alarms start to go off globally about the spread of the covid virus in China, official authorities in Washington are now concerned about the threat the virus may pose in America. In regards to this, they have turned to U.S. intelligence for insight. 

Although, according to a recent congressional review of classified reports from December 2019 and January 2020, the most prevalent early warnings did not come from spies or intercepts. Instead, officials relied on citizen journalists, reporting public, and diplomatic cables, as well as analysis from medical professionals – some instances of the so-called open-source intelligence (OSINT). 

Predicting the next potential pandemic or the next government to fall will require better utilization of open-source materials, the review noted. 

In a review conducted by Democrats on the House Intelligence Committee, the authors wrote, “There is little indication that the Intelligence Community’s exquisite collection capabilities were generating information that was valuable to policymakers.” 

This echoes what numerous current and former intelligence officials are increasingly alerting of, i.e. As opponents like China boost their efforts, the $90 billion U.S. spy infrastructure is falling behind because it has not embraced gathering open-source intelligence. 

Traditional Intelligence is Still Prevalent 

While open-source intelligence has become an important tactic in recent times, this does not budge the relevance of conventional intelligence. Spy agencies have unique powers in order to penetrate global communications and cultivate agents. For instance, when the Biden administration made the intelligence conclusions indicating Russian President Vladimir Putin intended to invade Ukraine public, they achieved a high-profile accomplishment. 

Nonetheless, officials and professionals have raised concerns over the fact that the U.S. did not invest sufficient people or finance in analyzing publicly available data. They as well claim that the U.S. did not efficiently utilize advanced technologies in order to yield critical insights. 

Commercial satellite images, social media, and other web data have increased the ability of private enterprises and unbiased analysts to disclose state secrets. And there are rising concerns in Washington about Beijing's influence over popular apps like TikTok, as it is well known that Beijing has stolen or gained control over vast amounts of data on Americans. 

"Open source is really a bellwether for whether the intelligence community can protect the country […] We collectively as a nation aren't preparing a defense for the ammunition that our adversaries are stockpiling," says Kristin Wood, a former senior official at the CIA, currently a chief executive at the Grist Mill Exchange, a commercial data platform. 

Barriers Concerning Open-Source 

Intelligence agencies have noted several barriers in regard to open-source intelligence. Some are technological. For instance, access to unclassified internet or open data sources is frequently difficult for officers working on classified networks. Concerns about civil liberties and upholding First Amendment rights are also present. 

While some experts also raise questions about whether agencies are held back by the reflexive belief that top-secret information is far more valuable. 

Rep. Jim Himes, a Connecticut Democrat, and longtime Intelligence Committee member says that he believed there is needed to be “some cultural change inside places like the CIA where people are doing what they’re doing for the excitement of stealing critical secrets as opposed to reviewing social media pages.” 

Open-Source Capability of the U.S. 

According to Frederick Kagan, a senior authority at the American Institute who looks after the creation of those reports, “There is a lot of open-source capability that the U.S. intelligence community can pretty much rely on to be there […] What it needs to do is figure out how to leverage that ecosystem instead of trying to buy it.” 

Of the 18 U.S. intelligence agencies, most of them utilize open-source programs, from the CIA’s Open-Source Enterprise to a 10-person program in the Department of Homeland Security’s intelligence arm. 

Although, the top officials do acknowledge the lack of consistency across those programs in the way they analyze open-source information or how they use and share it. In regards to the same, Avril Haines, the U.S. director of national intelligence has said, “We’re not paying enough attention to each other and so we’re not learning the lessons that different parts of the (intelligence community) are learning, and we’re not scaling solutions, and we’re not taking advantage of some of the outside expertise and information and work that could be taken advantage of.”  

Chinese Airlines Hacked by Foreign Spy Services

 

The Chinese government claimed on November 1, 2021, via official media, that foreign spy services had infiltrated various airlines and stolen passenger travel details. According to reports, such a pronouncement by the Chinese government is unprecedented. 

Authorities from China's Ministry of State Security, the country's civilian intelligence, security, and secret police agency, revealed the hacking effort the week before. The hacking activity was uncovered in January 2020 when one of China's airlines disclosed a security vulnerability to MSS officers. 

Investigators claimed they traced the breaches to a proprietary malware used by the attackers to steal passenger information and data from the very first victim. Following an inquiry, it was discovered that other airlines had been infiltrated in the same way. 

“After an in-depth investigation, it was confirmed that the attacks were carefully planned and secretly carried out by an overseas spy intelligence agency,” the MSS said in a press release distributed via state news channels. 

The MSS did not officially assign responsibility for the operation to any foreign organization or government. Two Chinese security firms, Qihoo 360 and QiAnxin, produced papers in March 2020 alleging the US Central Intelligence Agency of hacking Chinese enterprises, especially airlines, however the claims referred to past actions spanning between September 2008 and June 2019. 

The news statement is noteworthy in and of itself, given the Chinese government usually never discloses attacks carried out by foreign state-sponsored hackers. 

This is in stark contrast to how Western nations and commercial cyber-security providers handle similar crises. When a big security breach occurs, western security firms hurry to investigate and publish public blog articles about the assault, with government authorities issuing a formal statement and attribution weeks or months later. When it concerns the Middle Kingdom, things are quite the reverse. 

Following the major two reports from Qihoo 360 and QiAnxin in March 2020, this reporter contacted numerous Chinese security businesses and unaffiliated security researchers to enquire about how the Chinese state conducts international cyber-espionage assaults and the ensuing investigations and attribution. 

Several individuals, including officials from two large Chinese cybersecurity organizations, have stated that Chinese security firms routinely identify assaults involving foreign state actors, including the US.

Researchers Uncovered Russian Spy Agencies Targeting Slovak Government

 

For months, the Slovak government has been targeted by a cyber-espionage group associated with a Russian intelligence agency, Slovak security companies ESET and IstroSec stated this week. The Slovak internet security firm ESET develops anti-virus and firewall products. With headquarters in Bratislava, Slovakia, ESET earned the award for the most successful Slovakian company in 2008, 2009, and 2010. 

Additional revelations targetting the Slovak Government including the Cobalt Strike Infrastructure operation employed by the attackers were provided by the companies. Dukes, Nobelium, and APT29 are the organizations that are held responsible for the attacks. These are affiliated with the Russian Foreign Intelligence Service (SVR). Their activities date back to 2008, typically targeting government networks in NATO and European countries, research institutes, and think tanks. 

The SVR hackers are believed to have spear-phished senior government officials using publicly available information, community threat intelligence sources (VirusTotal), and their investigations. The security firms IstroSec and ESET claimed that the SVR targeted the Slovak officials through spear-phishing campaigns. 

Researchers at the Def Con conference reported that SVR operators sent spear-phishing attacks to Slovak diplomats in the form of emails posing as the National Security Authority (NBU) of Slovak to infect their systems. The ISO/IMG attachment in the email looked like a Word document. 

IstroSec researchers have described how the SVR command-and-control servers used during these assaults have been uncovered. The ISOC report stresses certain C&C servers used by SVR also had papers directed against the government representatives in the Czech Republic. 

Furthermore, European diplomats in 13 countries have been targeted by the group, as stated by the security firm ESET. All the cyberattacks in these events employed the same strategy, according to ESET: email -> ISO disk image -> LNK shortcut file -> Cobalt Strike backdoor. Volexity and Microsoft have previously described this tactic in their respective reports. 

Cobalt Strike is an Adversary Simulations and Red Team Operations Software. It has been used by numerous Pen-testers and red staff and sophisticated actors like APT19, APT29, APT32, Leviathan, The Cobalt Group, and FIN6, and it costs $3,500 per year per user for a commercial tool. 

As part of its malware attack on iOS devices, the Russian cyber espionage group employed a huge variety of tactics against them. One such attack has exploited a zero-day Safari iOS flaw to steal information and data of diplomats that read their emails on their iPhones. 

Local authorities, for instance, the computer security incident response committee, were notified of the incidents and outcomes. The study includes the collected compromise signs such as hashes and IP addresses.

Cyber Threat U.S. Spy Agency Collaborates with Private Sector to Counter Threat

 

The U.S. National Security Agency, which is renowned globally for its secrecy, on Tuesday opened its arms to the private sector with the aim of strengthening relations and learning about hacking campaigns from the U.S. firms that are repeatedly targeted by hacking groups. 

"I think it is really important for NSA to take a stance where we are engaging and figuring out how to make the environment more secure and everyone is learning from the lessons of the past," he said at a media roundtable,” said NSA Director of Cybersecurity Rob Joyce.

The U.S. law denies NSA from accessing American computer networks, so the agency hopes that increasing partnerships with defense, technology, and telecommunications companies will provide insights the agency can’t get on its own, he further added. However, he denied disclosing the name of the companies the NSA is working with and didn’t expand on what information private companies would share with the agency. 

The NSA’s publicity tour comes after a series of high-profile hacks over the last year, including a massive cyberattack that penetrated numerous federal agencies and another that crippled a major U.S. gas pipeline. 

The center, which started in January 2020, is unique in the NSA's history because it is located in a nondescript office park in suburban Maryland next to defense contractors, including Northrop Grumman Corp., Raytheon Technologies Corp., and General Dynamics Corp., and is across the street from NSA headquarters. But the center doesn’t have the same barbed wire fencing and armed guards as the NSA. 

U.S. officials admitted the lack of total visibility on the cyber threat due to legal restrictions that prevent the NSA and other federal spy agencies from collecting data on domestic computer networks. Foreign hackers know about the controls, former U.S. officials say, so they often stage attacks on U.S. based servers. 

"U.S. companies will also be benefitted from the NSA's vast experience and analytical capability. Cybersecurity is a team sport and NSA is really just stepping up to play its position. Providing services to the defense industrial base and national security systems and a large U.S. market share is what we focus on from a selection criteria," said Morgan Adamski, chief of the center.

UK spymasters suspect Russia is using Kaspersky to spy on people

 

British Intelligence service is reportedly worried that Kaspersky Antivirus offered by Barclays to its customers may be being used by Russian Intelligence agency to spy, according to The Financial Times.

An unnamed official told The Financial Times that GCHQ, British intelligence agency has concerns over widespread distribution of Kaspersky in the UK.

Intelligence officials fear that this might allow Russia to gather intelligence from the computers of Government employees members of the military who are customers of the Bank and have downloaded the software.

The Financial Times added that "No evidence suggests that any data of Barclays customers have been compromised by use of Kaspersky software on their computers."

However, the bank said they were planning to end the deal with Kaspersky for commercial reasons that doesn't have any connection with the GCHQ concerns.

Kaspersky denied the allegations and said the company does not have inappropriate ties with any government.

"No credible evidence has been presented publicly by anyone or any organization. The accusations of any inappropriate ties with the Russian government are based on false allegations and inaccurate assumptions, including the claims about Russian regulations and policies impacting the company." Kaspersky said.

Earlier this year, US Spymasters and FBI chief said that they do not trust software from Russian antivirus company Kaspersky.

- Christina
 

Canadian Spy agency with help of NSA tracked passengers who used free airport WiFi


Image Credits: Kaspersky
Here is another example why public WiFI networks pose a potential risk to your data.

A report from CBC News based on newly leaked secret document by former U.S. security contractor Edward Snowden reveals that Canadian spy agency was spying on the passengers who used free WiFi service in airports.

The Communications Security Establishment Canada (CSEC) is prohibited from spying on Canadians without a warrant.  However, they have collected metadata about all travelers passing through Airport including Canadians.

The document presented to the CBC shows the captured information from travelers' devices was then helped the spy agency to track them for a week or more as their wireless devices connected to any other Wi-FI hot spots in locations around Canada and event at US airports.

According to CBC, the leaked document suggests that operation was a trial run of a new software developed by CSEC with the help US's National security Agency(NSA).

Two largest Canadian airports - Toronto and Vancouver - and Boingo, a largest independent WiFi services supplier at other airports, have denied the involvement in providing any information of WiFi users.