Archive

Archive for the ‘USA’ Category

U.S. mining data from 9 leading Internet firms; companies deny knowledge

U.S. mining data from 9 leading Internet firmsThe National Security Agency and the FBI are tapping directly into the central servers of nine leading U.S. Internet companies, extracting audio and video chats, photographs, e-mails, documents, and connection logs that enable analysts to track one target or trace a whole network of associates, according to a top-secret document obtained by The Washington Post.

The program, code-named PRISM, has not been made public until now. It may be the first of its kind. The NSA prides itself on stealing secrets and breaking codes, and it is accustomed to corporate partnerships that help it divert data traffic or sidestep barriers. But there has never been a Google or Facebook before, and it is unlikely that there are richer troves of valuable intelligence than the ones in Silicon Valley.

Equally unusual is the way the NSA extracts what it wants, according to the document: “Collection directly from the servers of these U.S. Service Providers: Microsoft, Yahoo, Google, Facebook, PalTalk, AOL, Skype, YouTube, Apple.”

PRISM was launched from the ashes of President George W. Bush’s secret program of warrantless domestic surveillance in 2007, after news media disclosures, lawsuits and the Foreign Intelligence Surveillance Court forced the president to look for new authority.

Congress obliged with the Protect America Act in 2007 and the FISA Amendments Act of 2008, which immunized private companies that cooperated voluntarily with U.S. intelligence collection. PRISM recruited its first partner, Microsoft, and began six years of rapidly growing collection beneath the surface of a roiling national debate on surveillance and privacy. Late last year, when critics in Congress sought changes in the FISA Amendments Act, the only lawmakers who knew about PRISM were bound by oaths of office to hold their tongues.

The court-approved program is focused on foreign communications traffic, which often flows through U.S. servers even when sent from one overseas location to another. Between 2004 and 2007, Bush administration lawyers persuaded federal FISA judges to issue surveillance orders in a fundamentally new form. Until then the government had to show probable cause that a particular “target” and “facility” were both connected to terrorism or espionage.

In four new orders, which remain classified, the court defined massive data sets as “facilities” and agreed to occasionally certify that the government had reasonable procedures in place to minimize collection of “U.S. persons” data without a warrant.

Several companies contacted by The Post said they had no knowledge of the program and responded only to individual requests for information.

“We do not provide any government organization with direct access to Facebook servers,” said Joe Sullivan, chief security officer for Facebook. “When Facebook is asked for data or information about specific individuals, we carefully scrutinize any such request for compliance with all applicable laws, and provide information only to the extent required by law.”

Source: Washington Post | Read more here

Categories: Intelligence, USA

Pentagon to recruit Russian hackers

An adviser to U.S. President Barack Obama said that the U.S. has a new plan to combat cyberwarfare.

The U.S. government has a plan to put the skills of the best hackers in the world to work fighting terrorism and designing security systems for government agencies. John Arquilla, an adviser to U.S. President Barack Obama’s and the man who coined the term“cyberwarfare” told the UK’s Guardian newspaper that the U.S. Defense Department plans to hire about 100 hackers, primarily Russians for the initiative.

Arquilla accused the Pentagon of wasting billions of dollars on “pointless aircraft carriers, tanks and planes at the expense of nimbler, leaner strategy” of spending on experts. He said that as a result the U.S. has fallen behind other superpowers in the global cyber race.

“We intend to set up something like the English Bletchley Park (where the UK ran decryption operations during World War II),” said Arquilla. “We will hire Russians and Asians. They are definitely the best code crackers in the world. I have already established contact with several very influential hackers. I even brought one to meet the CEO of a major company to evaluate the vulnerability of his information systems. He managed to break into the system in just a few minutes.”

Russian hackers do not rule out the possibility of cooperating with the U.S. government, provided it observes a number of crucial factors.

Said one hacker known as Zeus: “I’ll agree if they offer me a fair salary and good living accommodations. Another important thing is that my activities mustn’t be aimed at Russia. I don’t want to be a traitor. There’s a great deal of advantages in working in the U.S. like opportunities to realize my potential, high living standards and an evolved society.”

Another hacker said that working for the U.S. government is, on the one hand, fairly risky, but on the other hand, a very lucrative and stable business.

“Our task is to make sure those who agree to work for us have all they need. America has always lavishly spent money on the best specialists in the world. That’s why I’m sure we’ll persuade them to cooperate,” Arquilla said.

Source: Izvestia Ru

US military dating website hacked, 170,000 emails leaked

The hacking group LulzSec Reborn claims to have attacked a military dating website.

In its announcement on the pastebin.com website, the group said it has leaked 170,937 military emails from MilitarySingles.com website.

“There are emails such as @us.army.mil ; @carney.navy.mil ; @greatlakes.cnet.navy.mil ; @microsoft.com ; etc.., the hackers said. They also provided links for downloading the data.

Militarysingles.com is a dating website aiming at connecting single soldiers. In response to the attack, the site has enacted a “series of security procedures”, the chief executive of the company said.

“Regardless of whether it was a true or false claim, we are treating it as though it is true just to be safe,” Robert Goebel told the LA Times. He added that the website has a total of 140,000 accounts against almost 171,000 claimed by the hackers. There are doubts the attack took place at all, he added.

At the same time, the group has reported a successful hack of the CSS Corp., a private global information and communications technology company financially backed by several private equity groups, including Goldman Sachs. LulzSec claims to have dumped the whole company’s database, including email addresses, names, usernames, passwords, and IDs. They posted part of the data to Pastebin with a link to download the rest.

LulzSec is an offshoot of the Anonymous hacker collective, suffered a major blow after several of its activists were arrested. The group’s members were implicated by Hector Xavier Monsegur, known by a nickname Sabu, who had cooperated with the FBI.

Despite FBI claiming it has “beheaded” the group, Anonymous announced that this would have no effect as LulzSec “had been dead a long-time.”

Anonymous’ Stratfor hack outs intelligence officials across the world

RT:

The hackers responsible for a Christmas Eve attack on consulting firm Stratfor released more information over the weekend, this time divulging email addresses, log-ins and passwords for thousands of affiliated parties.

Among those affected by the dump of data include hundreds of officials within both the US and UK intelligence communities, as well as the American armed forces. Roughly 19,000 email addresses ending in the domain extension .mil for the US military were published in the leak. John Bumgarner, a cyber-security expert at the US Cyber Consequences Unit, mulled over the data for the UK’s Guardian and said that info on 173 individuals deployed in Iraq were among those published in the latest posting.

Also targeted in the latest leak are 242 staffers with NATO and two men on the who’s who of twentieth-century American politicians: former Vice President Dan Quayle and Henry Kissinger, secretary of state under the Nixon administration.

Stratfor, a Texas-based consulting firm, was victimized by hacktivists believed to be aligned with the online collective Anonymous. On December 24, 2011, initial information on the infiltration was first published to the Web, which has since been punctuated by a sprinkling of other data dumps, including the latest over the weekend. Millions of emails have also been obtained by the group, though the correspondence remains to be revealed to outsiders.

Once made public, however, the rest of the data uncovered in the attack could serve as some serious fodder for lobbying complains against those with ties to Stratfor.

“The Stratfor operation may yield the most revelatory trove of information ever seized by Anonymous,” Barrett Brown, an operative close to the hack, tweeted on Christmas Eve. To the Daily Mail, Brown added that the emails could “provide the smoking gun for a number of crimes of extraordinary importance.”

Broken water pump in Illinois caused by cyber-attack from Russia (NEW YORK DAILY NEWS)

A broken water pump in a rural town near Springfield, Illinois could be the result of the first cyber attack on a public utility in the U.S., top security expert Joe Weiss reported on his blog.

Weiss posted a Nov. 8 report from the The Illinois Statewide Terrorism and Intelligence Center entitled “Public Water District Cyber Intrusion,” that suggests the “burn out of a water pump” could have been a deliberate, full scale security breach into the utility’s computer system from a computer in Russia.

The broken pump was quickly fixed and did not result in any water supply issues, but the incident has led to a deeper investigation, CNN reports.

The report says water district workers noted “glitches” in the system for nearly two months, and on Nov. 8 an employee noticed problems with the control systems.

“An information technology services and computer repair company checked the system logs and determined the computer had been hacked into from a computer located in Russia,” Weiss said on his blog.

Although cyber-attacks on a utility’s control systems had previously been unknown in the U.S., last week’s alleged attack sounded an alarm to those concerned about vulnerability of America’s civil infrastructures to terrorism.

Experts said the reported water-pump attack highlights the risk that hackers can infiltrate the Supervisory Control and Data Acquisition (SCADA) systems that control critical utilities from railroads and dams to chemical plants and nuclear reactors.

“Many (SCADA systems) are old and vulnerable,” said cyber policy expert Lani Kass. “There are no financial incentives for the utility owners to replace and secure these systems and the costs would be high.”

Disputing Weiss’ claims that the water-pump incident was a deliberate attack, government officials have not tied the incident to terrorism, and the Department of Homeland Security is downplaying any dangers.

“At this time there is no credible corroborated data that indicates a risk to critical infrastructure entities or a threat to public safety,” DHS spokesman Peter Boogaard said in a statement.

“This is just one of many events that occur almost on a weekly basis,” said Sean McGurk, former director of the National Cybersecurity and Communications Integration Center. “While it may be nice to speculate that it was caused by a nation-state or actor, it may be the unintended consequence of maintenance,” he told CNN.

Meanwhile, the incident coincides with expansion of a project in the Pentagon that contracts cyber-experts to “hack” into computer systems to pinpoint security weaknesses in U.S. defense programs.

Intelligence Advanced Research Projects Activity (IARPA)

IARPA Overview

 

The Three Strategic Thrusts (Offices)

 

  • Smart Collection: dramatically improve the value of collected data
    • Innovative modeling and analysis approaches to identify where to look and what to collect
    • Novel approaches to access
  • Incisive Analysis: maximizing insight from the information we collect, in a timely fashion
    • Advanced tools and techniques that can handle large volumes of multiple and disparate sources of information
    • Innovative approaches (e.g., using virtual worlds, shared workspaces) that dramatically improve the productivity of analysts
    • Methods that incorporate socio-cultural and linguistic factors into the analytic process
  • Safe and Secure Operations: countering new capabilities of our adversaries that could threaten our ability to operate effectively in a networked world
    • Assure the confidentiality, integrity and availability of our cyber systems
    • Quantum information science and technology

Quantum Science and Information Technology

  • Major milestones:
    • Demonstrate interacting logical qubits
    • Execute quantum circuits with thousands of operations
    • Optimize error correction codes for different qubit types
  • A scientific-scale quantum computer
    • Has several logical qubits & sustains several thousands of operations
    • Will let us ask and answer fundamental questions about quantum computing
    • Should inspire new quantum applications
  • Investment areas:
    • Development of robust qubit technology
  • Trapped ions, neutral atoms, photons, Josephson junctions, quantum dots, etc.
  • Faster and more accurate qubit initialization, measurement & manipulation, and qubit-qubit interactions
  • Supporting technologies
  • Better materials, device fabrication, detectors, etc.

IARPA Wants to Build “Data Eye in the Sky” For Analyzing Internet Activity

Government Aims to Build a ‘Data Eye in the Sky’ (New York Times):

More than 60 years ago, in his “Foundation” series, the science fiction novelist Isaac Asimov invented a new science — psychohistory — that combined mathematics and psychology to predict the future.

Now social scientists are trying to mine the vast resources of the Internet — Web searches and Twitter messages, Facebook and blog posts, the digital location trails generated by billions of cellphones — to do the same thing.

The most optimistic researchers believe that these storehouses of “big data” will for the first time reveal sociological laws of human behavior — enabling them to predict political crises, revolutions and other forms of social and economic instability, just as physicists and chemists can predict natural phenomena.

“This is a significant step forward,” said Thomas Malone, the director of the Center for Collective Intelligence at the Massachusetts Institute of Technology. “We have vastly more detailed and richer kinds of data available as well as predictive algorithms to use, and that makes possible a kind of prediction that would have never been possible before.”

The government is showing interest in the idea. This summer a little-known intelligence agency began seeking ideas from academic social scientists and corporations for ways to automatically scan the Internet in 21 Latin American countries for “big data,” according to a research proposal being circulated by the agency. The three-year experiment, to begin in April, is being financed by the Intelligence Advanced Research Projects Activity, or Iarpa (pronounced eye-AR-puh), part of the office of the director of national intelligence.

The automated data collection system is to focus on patterns of communication, consumption and movement of populations. It will use publicly accessible data, including Web search queries, blog entries, Internet traffic flow, financial market indicators, traffic webcams and changes in Wikipedia entries.

It is intended to be an entirely automated system, a “data eye in the sky” without human intervention, according to the program proposal. The research would not be limited to political and economic events, but would also explore the ability to predict pandemics and other types of widespread contagion, something that has been pursued independently by civilian researchers and by companies like Google.

Some social scientists and advocates of privacy rights are deeply skeptical of the project, saying it evokes queasy memories of Total Information Awareness, a post-9/11 Pentagon program that proposed hunting for potential attackers by identifying patterns in vast collections of public and private data: telephone calling records, e-mail, travel data, visa and passport information, and credit card transactions.

“I have Total Information Awareness flashbacks when things like this happen,” said David Price, an anthropologist at St. Martin’s University in Lacey, Wash., who has written about cooperation between social scientists and intelligence agencies. “On the one hand it’s understandable for a nation-state to want to track things like the outbreak of a pandemic, but I have to wonder about the total automation of this and what productive will come of it.”

*IARPA – Intelligence Advanced Research Projects Activity