US/1; ATTN: US/12; HST/2; TJ/2
Most people use social media like Facebook and Twitter to share
photos of friends and family, chat with friends and strangers about
random and amusing diversions, or follow their favorite websites, bands
and television shows.
But what does the US military use those same networks for? Well, we
can't tell you: That's "classified," a CENTCOM spokesman recently
informed Raw Story.
One use that's confirmed, however, is the manipulation of social
media through the use of fake online "personas" managed by the military.
Recently the US Air Force had solicited private sector vendors for
something called "persona management software." Such a technology would
allow single individuals to command virtual armies of fake, digital
"people" across numerous social media portals.
These "personas" were to have detailed, fictionalized backgrounds,
to make them believable to outside observers, and a sophisticated
identity protection service was to back them up, preventing suspicious
readers from uncovering the real person behind the account. They even
worked out ways to game geolocating services, so these "personas" could
be virtually inserted anywhere in the world, providing ostensibly live
commentary on real events, even while the operator was not really
present.
When Raw Story first reported on the contract for this software, it was
unclear what the Air Force wanted with it or even if it had been
acquired. The potential for misuse, however, was abundantly clear.
A fake virtual army of people could be used to help create the
impression of consensus opinion in online comment threads, or manipulate
social media to the point where valuable stories are suppressed.
Ultimately, this can have the effect of causing a net change to the public's opinions and understanding of key world events.
Wired.com published an article how US spies are making investments
in the Company In-Q-Tel in order to monitor your blogs and read your
tweets.
In-Q-Tel, the investment arm of the CIA and the wider intelligence
community, is putting cash into Visible Technologies, a software firm
that specializes in monitoring social media. It's part of a larger
movement within the spy services to get better at using "open source
intelligence" - information that's publicly available, but often hidden
in the flood of TV shows, newspaper articles, blog posts, online videos
and radio reports generated every day.
Visible crawls over half a million web 2.0 sites a day, scraping
more than a million posts and conversations taking place on blogs,
online forums, Flickr, YouTube, Twitter and Amazon. (It doesn't touch
closed social networks, like Facebook, at the moment.) Customers get
customized, real-time feeds of what's being said on these sites, based
on a series of keywords.
"That's kind of the basic step - get in and monitor," says company senior vice president Blake Cahill.
Then Visible "scores" each post, labeling it as positive or
negative, mixed or neutral. It examines how influential a conversation
or an author is. ("Trying to determine who really matters," as Cahill
puts it.) Finally, Visible gives users a chance to tag posts, forward
them to colleagues and allow them to response through a web interface.
In-Q-Tel says it wants Visible to keep track of foreign social
media, and give spooks "early-warning detection on how issues are
playing internationally," spokesperson Donald Tighe tells Danger Room.
Of course, such a tool can also be pointed inward, at domestic
bloggers or tweeters. Visible already keeps tabs on web 2.0 sites for
Dell, AT&T and Verizon. For Microsoft, the company is monitoring the
buzz on its Windows 7 rollout. For Spam-maker Hormel, Visible is
tracking animal-right activists' online campaigns against the company.
"Anything that is out in the open is fair game for collection," says
Steven Aftergood, who tracks intelligence issues at the Federation of
American Scientists. But "even if information is openly gathered by
intelligence agencies it would still be problematic if it were used for
unauthorized domestic investigations or operations. Intelligence
agencies or employees might be tempted to use the tools at their
disposal to compile information on political figures, critics,
journalists or others, and to exploit such information for political
advantage. That is not permissible even if all of the information in
question is technically 'open source.'"
Visible chief executive officer Dan Vetras says the CIA is now an
"end customer," thanks to the In-Q-Tel investment. And more government
clients are now on the horizon. "We just got awarded another one in the
last few days," Vetras adds.
Tighe disputes this - sort of. "This contract, this deal, this
investment has nothing to do with any agency of government and this
company," he says. But Tighe quickly notes that In-Q-Tel does have "an
interested end customer" in the intelligence community for Visibile.
And if all goes well, the company's software will be used in pilot
programs at that agency. "In pilots, we use real data. And during the
adoption phase, we use it real missions."
Neither party would disclose the size of In-Q-Tel's investment in
Visible, a 90-person company with expected revenues of about $20 million
in 2010. But a source familiar with the deal says the In-Q-Tel cash
will be used to boost Visible's foreign languages capabilities, which
already include Arabic, French, Spanish and nine other languages.
Visible has been trying for nearly a year to break into the
government field. In late 2008, the company teamed up with the
Washington, DC, consulting firm Concepts & Strategies, which has
handled media monitoring and translation services for U.S. Strategic
Command and the Joint Chiefs of Staff, among others. On its website,
Concepts & Strategies is recruiting "social media engagement
specialists" with Defense Department experience and a high proficiency
in Arabic, Farsi, French, Urdu or Russian. The company is also looking
for an "information system security engineer" who already has a "Top
Secret SCI [Sensitive Compartmentalized Information] with NSA Full Scope
Polygraph" security clearance.
The intelligence community has been interested in social media for
years. In-Q-Tel has sunk money into companies like Attensity, which
recently announced its own web 2.0-monitoring service. The agencies have
their own, password-protected blogs and wikis - even a MySpace for
spooks. The Office of the Director of National Intelligence maintains an
Open Source Center, which combs publicly available information,
including web 2.0 sites. Doug Naquin, the Center's Director, told an
audience of intelligence professionals in October 2007 that "we're
looking now at YouTube, which carries some unique and honest-to-goodness
intelligence.... We have groups looking at what they call 'citizens
media': people taking pictures with their cell phones and posting them
on the internet. Then there's social media, phenomena like MySpace and
blogs."
But, "the CIA specifically needs the help of innovative tech firms
to keep up with the pace of innovation in social media. Experienced IC
[intelligence community] analysts may not be the best at detecting the
incessant shift in popularity of social-networking sites. They need help
in following young international internet user-herds as they move their
allegiance from one site to another," Lewis Shepherd, the former senior
technology officer at the Defense Intelligence Agency, says in an
e-mail. "Facebook says that more than 70 percent of its users are
outside the U.S., in more than 180 countries. There are more than 200
non-U.S., non-English-language microblogging Twitter-clone sites today.
If the intelligence community ignored that tsunami of real-time
information, we'd call them incompetent."
CONTINUE READING This and MORE HERE...
Tuesday, February 12, 2013
Sunday, February 10, 2013
Thursday, February 7, 2013
Pierluigi Paganini - Operation Beebus, another chinese cyber espionage campaign
- OPEN SOURCE
US/1; ATTN: US/12; HST/2; TJ/2
by paganinip on February 7th, 2013
In this period many other attacks have been linked to China such as the cyber espionage campaign against NYT and Washington Post, this time the hackers demonstrated particular interest in the design of Unmanned Aerial Vehicles (UAVs) and other robotic aircraft.
FireEye named the last campaign ‘Operation Beebus’ from the name of an initial sample in this campaign (MD5: 7ed557921ac60dfcb295ebabfd972301), which was originally submitted to VirusTotal on April 12, 2011
The schema adopted for the attack is a basic spear phishing, the hackers in fact uses both email and drive-by downloads to targeted victims exploiting common vulnerabilities in PDF and DOC files to install a Trojan backdoor.
Last March FireEye registered suspicious activities against its clients operating in aerospace and defense sector, continuous waves of attacks that are repeated over time.
GET /s/asp?XAAAAM4w5jmIa_kMZlr67o8jettxsYA8dZgeNAHes-Nn5p-6AFUD6yncpz5AL6wAAA==p=1 HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; ) Accept: */* Host: 68.96.31.136 where the IP address 68.96.31.136 was another C2 node reported by Dell SecureWorks as hosting the HTran proxy infrastructure. Dell’s security team reported that the authors of the malware were Chinese and it dated malware creation back to 2003, Dell Securwork post on the agent states:
“HTran (aka HUC Packet Transmit Tool) is a rudimentary connection bouncer, designed to redirect TCP traffic destined for one host to an alternate host. The source code copyright notice indicates that HTran was authored by “lion”, a well-known Chinese hacker and member of “HUC”, the Honker Union of China. The purpose of this type of tool is to disguise either the true source or destination of Internet traffic in the course of hacking activity.FireEye recorded 261 separate attacks on its clients in 2012, 123 of which were on UAV or UAS (Unmanned Aerial Systems) vendors.
Source code can be readily found on the Internet:
http://read.pudn.com/downloads199/sourcecode/windows/935255/htran.cpp__.htm
In total the C&C had reached 214 servers with 60 unique IP addresses, a large investment in time and effort.
The attackers identified by FireEye used the same techniques and tools of the RSA attack, according to McAfee, one of the major tools used by these hackers was the use of obfuscated or encrypted HTML comments embedded in otherwise benign websites, in order to indirectly control compromised endpoints.
“Obfuscated/encrypted HTML comments has been also widely reported in the media as associated with the nation state group called “Comment Group” or “Comment Team,” which is believed to be associated with the Chinese government.“
Darien Kindlund, senior staff scientist at FireEye declared:
“We have enough evidence that points heavily in that direction” “We knew this was being done on behalf of a nation state,” “we believe the attack was largely successful.”It ‘clear that to deal with the phenomenon of cyber espionage requires a structured approach, the threat has grown in complexity in recent years and in many cases the attackers were able to evade the main security mechanisms for long periods.
On the one hand therefore be thought of a new model of dynamic defense which however cannot be separated by a major level of awareness of users, in majority of cases the exposure is caused by wrong human behavior.
You must know the threat to mitigate it.
Pierluigi Paganini
Sunday, February 3, 2013
WSJ-CI - Exclusive: Eric Schmidt Unloads on China in New Book
- OPEN SOURCE
US/1; ATTN:
By Tom Gara
Corporate Intelligence reviewed preliminary galleys of Schmidt’s new book, “The New Digital Age,” (Random House) which debuts in April. And Schmidt’s views on China stand out the strongest amid often predictable techno-utopian views of the future.
Some of these views are both cliched and camera-ready . He imagines that soon an “illiterate Maasai cattle herder in the Serengeti” will use a smartphone to “inquire the day’s market prices and crowd-source the whereabouts of any nearby predators.”
Other parts of the book are a much darker take on how authoritarians, extremists and rogues of all varieties are becoming just as empowered as that Maasai herdsman. And the good guys, whoever they are, have yet to work out how to properly defend themselves.
The new book is co-written by Jared Cohen, a 31-year old former State Department big shot who now runs Google Ideas, the search giant’s think tank.
The Schmidt and Cohen partnership has at least one other impressive credit to its name. The two wrote a long essay,“The Digital Disruption,” published in November 2010. In its opening paragraph, it predicted that “governments will be caught off-guard when large numbers of their citizens, armed with virtually nothing but cell phones, take part in mini-rebellions that challenge their authority.”
A month later, a wave of popular uprisings began across the Arab world. As the Egyptian revolution kicked off in January 2011, Cohen, so the story goes, was not only in Cairo: he shared dinner with Google executive and high-profile activist Wael Ghonim just hours before he was snatched from the streets by security forces.
With the Arab uprisings rolling onward, “The New Digital Age” picks up where that previous essay left off, taking a big-picture view on how everything from individual identities to corporate strategy, terrorism and statecraft will change as information seeps ever deeper. And in this all-Internet world, China, the book says again and again, is a dangerous and menacing superpower.
China, Schmidt and Cohen write, is “the world’s most active and enthusiastic filterer of information” as well as “the most sophisticated and prolific” hacker of foreign companies. In a world that is becoming increasingly digital, the willingness of China’s government and state companies to use cyber crime gives the country an economic and political edge, they say.
“The disparity between American and Chinese firms and their tactics will put both the government and the companies of the United States as a distinct disadvantage,” because “the United States will not take the same path of digital corporate espionage, as its laws are much stricter (and better enforced) and because illicit competition violates the American sense of fair play,” they claim.
“This is a difference in values as much as a legal one.”
The U.S. is far from an angel, the book acknowledges. From high-profile cases of cyber-espionage such as the Stuxnet virus that targeted Iranian nuclear facilities, to exports of surveillance software and technology to states with bad human rights records, there is plenty at home to criticize.
And those criticisms will become louder and more politically resonant, Schmidt and Cohen claim, as the distinctions between states that support freedom online and those that suppress it become clearer. The pair even speculate that the Internet could eventually fracture into pieces, some controlled by an alliance of states that are relatively tolerant and free, and others by groupings that want their citizens to take part in a less rowdy and open online life. Companies doing business with the latter could find themselves shunned from the former, the book suggests.
In this roundabout way the pair come close, on occasion, to suggesting western governments follow China’s lead and form closer relationships between state policy and corporate activity.
Take the equipment and software that comprises the Internet. Most of the world’s IT systems were once based almost entirely on Western infrastructure, but as Chinese firms get more competitive, that is changing, and not necessarily for the better, they say:
In the future superpower supplier nations will look to create their spheres of online influence around specific protocols and products, so that their technologies form the backbone of a particular society and their client states come to rely on certain critical infrastructure that the superpower alone builds, services and controls.Chinese telecom equipment companies, rapidly gaining market share around the world, are at the front lines of the expansion this sphere of influence, they say: “Where Huawei gains market share, the influence and reach of China grow as well”. And while western vendors like Cisco Systems CSCO +1.26% and Ericsson are not state controlled, the will likely become closer to their governments in the future, Schmidt and Cohen say:
There will come a time when their commercial and national interests align and contrast with China — say, over the abuse of their products by an authoritarian state — and they will coordinate their efforts with their governments on both diplomatic and technical levels.But for all the advantages China gains from its approach to the Internet, Schmidt and Cohen still seem to think its hollow political center is unsustainable. “This mix of active citizens armed with technological devices and tight government control is exceptionally volatile,” they write, warning this could lead to “widespread instability.”
In the longer run, China will see “some kind of revolution in the coming decades,” they write.
Update: Looking for more Schmidt? See our next post - The Future According To Eric: 7 Points
Check out the rest of the WSJ’s Corporate Intelligence blog here, or follow @wsjcorpintel, or our editor, @tomgara
CONTINUE READING This Story and MORE HERE...
Subscribe to:
Posts (Atom)