Category Archives: Hacking

Russian Hackers Read Obama’s Unclassified Emails, Officials Say

Russian Hackers Read Obama’s Unclassified Emails, Officials Say

WASHINGTON — Some of President Obama’s email correspondence was swept up by Russian hackers last year in a breach of the White House’s unclassified computer system that was far more intrusive and worrisome than has been publicly acknowledged, according to senior American officials briefed on the investigation.

The hackers, who also got deeply into the State Department’s unclassified system, do not appear to have penetrated closely guarded servers that control the message traffic from Mr. Obama’s BlackBerry, which he or an aide carries constantly.

But they obtained access to the email archives of people inside the White House, and perhaps some outside, with whom Mr. Obama regularly communicated. From those accounts, they reached emails that the president had sent and received, according to officials briefed on the investigation.

White House officials said that no classified networks had been compromised, and that the hackers had collected no classified information. Many senior officials have two computers in their offices, one operating on a highly secure classified network and another connected to the outside world for unclassified communications.

But officials have conceded that the unclassified system routinely contains much information that is considered highly sensitive: schedules, email exchanges with ambassadors and diplomats, discussions of pending personnel moves and legislation, and, inevitably, some debate about policy.

Officials did not disclose the number of Mr. Obama’s emails that were harvested by hackers, nor the sensitivity of their content. The president’s email account itself does not appear to have been hacked. Aides say that most of Mr. Obama’s classified briefings — such as the morning Presidential Daily Brief — are delivered orally or on paper (sometimes supplemented by an iPad system connected to classified networks) and that they are usually confined to the Oval Office or the Situation Room.

Still, the fact that Mr. Obama’s communications were among those hit by the hackers — who are presumed to be linked to the Russian government, if not working for it — has been one of the most closely held findings of the inquiry. Senior White House officials have known for months about the depth of the intrusion.

“This has been one of the most sophisticated actors we’ve seen,” said one senior American official briefed on the investigation.

Others confirmed that the White House intrusion was viewed as so serious that officials met on a nearly daily basis for several weeks after it was discovered. “It’s the Russian angle to this that’s particularly worrisome,” another senior official said.

While Chinese hacking groups are known for sweeping up vast amounts of commercial and design information, the best Russian hackers tend to hide their tracks better and focus on specific, often political targets. And the hacking happened at a moment of renewed tension with Russia — over its annexation of Crimea, the presence of its forces in Ukraine and its renewed military patrols in Europe, reminiscent of the Cold War.

Inside the White House, the intrusion has raised a new debate about whether it is possible to protect a president’s electronic presence, especially when it reaches out from behind the presumably secure firewalls of the executive branch.

Mr. Obama is no stranger to computer-network attacks: His 2008 campaign was hit by Chinese hackers. Nonetheless, he has long been a frequent user of email, and publicly fought the Secret Service in 2009 to retain his BlackBerry, a topic he has joked about in public. He was issued a special smartphone, and the list of those he can exchange emails with is highly restricted.

When asked about the investigation’s findings, the spokeswoman for the National Security Council, Bernadette Meehan, said, “We’ll decline to comment.” The White House has also declined to provide any explanations about how the breach was handled, though the State Department has been more candid about what kind of systems were hit and what it has done since to improve security. A spokesman for the F.B.I. declined to comment.

Officials who discussed the investigation spoke on the condition of anonymity because of the delicate nature of the hacking. While the White House has refused to identify the nationality of the hackers, others familiar with the investigation said that in both the White House and State Department cases, all signs pointed to Russians.

On Thursday, Secretary of Defense Ashton B. Carter revealed for the first time that Russian hackers had attacked the Pentagon’s unclassified systems, but said they had been identified and “kicked off.” Defense Department officials declined to say if the signatures of the attacks on the Pentagon appeared related to the White House and State Department attacks.

The discovery of the hacking in October led to a partial shutdown of the White House email system. The hackers appear to have been evicted from the White House systems by the end of October. But they continued to plague the State Department, whose system is much more far-flung. The disruptions were so severe that during the Iranian nuclear negotiations in Vienna in November, officials needed to distribute personal email accounts, to one another and to some reporters, to maintain contact.

Earlier this month, officials at the White House said that the hacking had not damaged its systems and that, while elements had been shut down to mitigate the effects of the attack, everything had been restored.

One of the curiosities of the White House and State Department attacks is that the administration, which recently has been looking to name and punish state and nonstate hackers in an effort to deter attacks, has refused to reveal its conclusions about who was responsible for this complex and artful intrusion into the government. That is in sharp contrast to Mr. Obama’s decision, after considerable internal debate in December, to name North Korea for ordering the attack on Sony Pictures Entertainment, and to the director of national intelligence’s decision to name Iranian hackers as the source of a destructive attack on the Sands Casino.

This month, after CNN reported that hackers had gained access to sensitive areas of the White House computer network, including sections that contained the president’s schedule, the White House spokesman, Josh Earnest, said the administration had not publicly named who was behind the hack because federal investigators had concluded that “it’s not in our best interests.”

By contrast, in the North Korea case, he said, investigators concluded that “we’re more likely to be successful in terms of holding them accountable by naming them publicly.”

But the breach of the president’s emails appeared to be a major factor in the government secrecy. “All of this is very tightly held,” one senior American official said, adding that the content of what had been breached was being kept secret to avoid tipping off the Russians about what had been learned from the investigation.

Mr. Obama’s friends and associates say that he is a committed user of his BlackBerry, but that he is careful when emailing outside the White House system.

“The frequency has dropped off in the last six months or so,” one of his close associates said, though this person added that he did not know if the drop was related to the hacking.

Mr. Obama is known to send emails to aides late at night from his residence, providing them with his feedback on speeches or, at times, entirely new drafts. Others say he has emailed on topics as diverse as his golf game and the struggle with Congress over the Iranian nuclear negotiations.

George W. Bush gave up emailing for the course of his presidency and did not carry a smartphone. But after Mr. Bush left office, his sister’s email account was hacked, and several photos — including some of his paintings — were made public.

The White House is bombarded with cyberattacks daily, not only from Russia and China. Most are easily deflected.

The White House, the State Department, the Pentagon and intelligence agencies put their most classified material into a system called Jwics, for Joint Worldwide Intelligence Communications System. That is where top-secret and “secret compartmentalized information” traverses within the government, to officials cleared for it — and it includes imagery, data and graphics. There is no evidence, senior officials said, that this hacking pierced it.

Baltimore Police used secret technology to track cellphones in thousands of case

Baltimore Police used secret technology to track cellphones in thousands of cases

Baltimore police often surveil cellphones amid US secrecy

The Baltimore Police Department has an agreement with the U.S. government to withhold certain information about secretive cellphone surveillance technology from the public and the courts.

By

The Baltimore Police Department has used an invasive and controversial cellphone tracking device thousands of times in recent years while following instructions from the FBI to withhold information about it from prosecutors and judges, a detective revealed in court testimony Wednesday.

The testimony shows for the first time how frequently city police are using a cell site simulator, more commonly known as a “stingray,” a technology that authorities have gone to great lengths to avoid disclosing.

The device mimics a cellphone tower to force phones within its range to connect. Police use it to track down stolen phones or find people.

Related:  See How This Spying Technoloyg, Stingray, works.

FBI Stingray device technology listening cell phones
FBI Stingray device

Until recently, the technology was largely unknown to the public. Privacy advocates nationwide have raised questions whether there has been proper oversight of its use.

Baltimore has emerged in recent months as a battleground for the debate. In one case last fall, a city detective said a nondisclosure agreement with federal authorities prevented him from answering questions about the device. The judge threatened to hold him in contempt if he didn’t provide information, and prosecutors withdrew the evidence.

The nondisclosure agreement, presented for the first time in court Wednesday, explicitly instructs prosecutors to drop cases if pressed on the technology, and tells them to contact the FBI if legislators or judges are asking questions.

Detective Emmanuel Cabreja, a member of the Police Department’s Advanced Technical Team, testified that police own a Hailstorm cell site simulator — the latest version of the stingray — and have used the technology 4,300 times since 2007.

Cabreja said he had used it 600 to 800 times in less than two years as a member of the unit.

Nate Wessler, an attorney with the American Civil Liberties Union, said 4,300 uses is “huge number.” He noted that most agencies have not released data.

The Florida Department of Law Enforcement says its officers have used the device about 1,800 times. Police in Tallahassee say they have used it more than 250 times; police in Tacoma, Wash., 170 times.

Former U.S. Judge Brian L. Owsley, a law professor at Indiana Tech, said he was “blown away” by the Baltimore figure and the terms of the nondisclosure agreement. “That’s a significant amount of control,” he said.

Agencies have invoked the nondisclosure agreement to keep information secret. At a hearing last year, a Maryland State Police commander told state lawmakers that “Homeland Security” prevented him from discussing the technology.

Wessler said the secrecy is upending the system of checks and balances built into the criminal justice system.

“In Baltimore, they’ve been using this since 2007, and it’s only been in the last several months that defense attorneys have learned enough to start asking questions,” he said. “Our entire judicial system and constitution is set up to avoid a ‘just trust us’ system where the use of invasive surveillance gear is secret.”

Cabreja testified Wednesday during a pretrial hearing in the case of Nicholas West, 21, and Myquan Anderson, 17. West and Anderson were charged in October 2013 with armed carjacking, armed robbery, theft and other violations stemming from an attack on a man in Federal Hill.

Cabreja took what he said was a copy of the nondisclosure agreement to court. It was dated July 2011 and bore the signatures of then-Police Commissioner Frederick H. Bealefeld III and then-State’s Attorney Gregg Bernstein.

Defense attorney Joshua Insley asked Cabreja about the agreement.

“Does this document instruct you to withhold evidence from the state’s attorney and Circuit Court, even upon court order to produce?” he asked.

“Yes,” Cabreja said.

Cabreja did not comply with a defense subpoena to produce the device in court. He said he was barred from doing so by the nondisclosure agreement.

An FBI spokesman declined to comment on the technology or the document.

The signatories to the document agree that disclosing the existence of the stingray would “reveal sensitive technological capabilities possessed by the law enforcement community and may allow individuals who are the subject of investigation … to avoid detection.”

They agree that “disclosure of this information could result in the FBI’s inability to protect the public from terrorism and other criminal activity” by rendering the technology useless for investigations.

The signatories agree that if they receive a public records request or an inquiry from judges or legislators, they will notify the FBI immediately to allow “sufficient time for the FBI to intervene.”

Cabreja testified Wednesday that his unit received information about a stolen cellphone. He said detectives obtained a court order to get the phone’s general location using cellphone towers from a cellphone company.

With that information, detectives ventured out to the Waverly neighborhood with the Hailstorm. The device is portable and can be used from a moving vehicle. Cabreja likened it to a metal detector for cellphone signals.

The device forces cellphones to connect to it. In this case, it was a Verizon phone, so identifying information from every Verizon customer in the area was swept up.

Cabreja said the data was collected but “not seen.” Detectives were interested only in the target phone.
Cabreja said the device allows police to make a stronger signal emanate from the phone to help them find it.

“It, on screen, shows me directional arrows and signal strength, showing me the phone’s direction,” he testified.

The detectives traced the phone to a group home and knocked on the door. They told the woman who answered that they were conducting a general criminal investigation and asked to come inside, Cabreja said, and the woman agreed.

Seven detectives entered the home, he said. They used the Hailstorm to make the phone ring before anyone knew why they were really there.

Amid growing questions about the stingray, details of the technology have been trickling out of some jurisdictions, and it is now relatively easy to find descriptions online of what it does.

Insley, the defense attorney, called it the “worst-kept secret,” and questioned why local police continue to be gagged.

Cabreja took notes with him to court that he said came from a discussion last week in which the FBI coached him on what to say in court.

The talking points included: “Data is not retained.”
Cabreja did not refuse to answer any of Insley’s questions, but he said his answers were constrained by the nondisclosure agreement.

Defense attorneys and privacy advocates express concern about the scope of the stingray’s powers, and whether the courts are equipped to provide proper oversight of the police who use it. They argue that the use of the device amounts to a search and requires a warrant.

Baltimore police obtain court orders under the state’s “pen register” statute. Insley says that law authorizes police to capture only the numbers that are called or received by a phone, not the more detailed metadata and location information the stingray collects.

He said those orders also require a lower standard of proof than a search warrant, and judges are not aware of what they are authorizing.

“They’re basically duping these judges into signing authorizations to use stingrays,” Insley said. “If they can increase the signal strength of your phone or make it ring, they can pretty much make it do anything.”

But prosecutors say the language in the orders authorizes real-time GPS location, and Cabreja testified that police only use the stingray to find “target” phones and not to spy on the innocent.

In Maryland U.S. District Court last fall, an argument about the stingray device was cut short when the suspects took plea deals. And on Wednesday, following Cabreja’s testimony, prosecutors and defense attorneys entered into plea negotiations instead of debating the merits of the stingray further.

In cases where the stingray becomes a sticking point, Wessler said, “defense attorneys are being able to get really good deals for their clients, because the FBI is so insistent on hiding all of these details.”

“There are likely going to be a lot of defense attorneys in Baltimore who may have an opportunity to raise these issues,” Wessler said. “They are on notice now that their clients may have some arguments to make in these cases.”

ISIS hackers seize control of France’s TV5Monde network in ‘unprecedented’ attack

ISIS hackers seize control of France’s TV5Monde network in ‘unprecedented’ attack

Still unable to broadcast anything but pre-recorded programs  after “unprecedented” cyber attack as French government denounces “act of terrorism”

Hackers claiming allegiance to the Islamic State of Iraq and the Levant (Isil) on Thursday seized control of TV5Monde, France‘s international TV network, knocking out its 11 channels, website and social media accounts in an attack the government dubbed an “act of terrorism”.

TV5Monde was still struggling to regain control of its channels on Thursday morning, forced to broadcast only pre-recorded programmes after what its director called an “unprecedented attack in the history of television” in which its systems were “severely damaged”. It was back to normal operations by 8pm on Thursday night.

Yves Bigot, the network’s chief, said he was shaken when a black screen appeared across the entire network at around 10pm local time on Wednesday night.

“When we discovered the sense of the message appearing on our social media and our websites, it both allowed us to understand what was happening and obviously worried us,” he told RTL radio.

At the same time, a group calling itself CyberCaliphate issued a message on the website of TV5Monde, which broadcasts to 200 countries, stating: “I am IS” – another term for Isil.

Technicians later pulled this down and posted an “under maintenance” sign.

The French government on Thursday denounced the cyberattack as an “act of terrorism”. Manuel Valls, the prime minister, said the cyber strike was an “unacceptable attack on the freedom of information and expression”.

Fleur Pellerin, the culture minister, said: “I offer all my support and solidarity to the team at TV5Monde, victims of an obvious terrorist act.”

She said she would convene a crisis meeting with “representatives from the broadcast media and perhaps the written press” on Friday to look at ways of preventing a repeat of such an attack.

French Interior Minister Bernard Cazeneuve (L), Culture minister Fleur Pellerin (C) and Foreign Affairs Minister Laurent Fabius talk to the press after visiting French television network TV5Monde headquarters (AFP/Getty)

Bernard Cazeneuve, the interior minister, said an investigation had been launched into the channel hacking, adding:”We are facing determined terrorists and we are determined to fight them.”

The hackers posted documents on TV5Monde’s Facebook page purporting to be the identity cards and CVs of relatives of French soldiers involved in anti-Isil operations, along with threats against the troops.

“Soldiers of France, stay away from the Islamic State! You have the chance to save your families, take advantage of it,” read one message. “The CyberCaliphate continues its cyberjihad against the enemies of Islamic State,” it went on.

A French police officer stands guard in front of the main entrance of French television network TV5Monde headquarters (AFP/Getty)

TV5Monde was due to launch on Thursday a new channel dedicated to French “art de vivre”. Mr Bigot said he doubted the attack was timed to coincide with this at it would have required weeks of preparation.

It occurred on the day that France’s Senate published a report revealing that almost half of European jihadists known to have travelled to territory held by Isil are French. Some 1,500 French nationals are thought to have travelled to the area.

France has moved to strengthen its cyber security in the wake of the January terrorist attacks in Paris by gunmen claiming links to Isil and al-Qaida in Yemen. Afterwards, the defence minister said hackers had targeted some 19,000 French websites.

Isil has claimed complex hackings before – a group with the same name hacked Newsweek’s Twitter feed in February – but this appears to be its most spectacular act of cyber warfare to date.

When the attack was over Fleur Pellerin, the culture minister, warned other French media to remain “vigilant”, saying they could not rule out “similar powerful attacks happening that are already planned”.

How the U.S. thinks Russians hacked the White House

How the U.S. thinks Russians hacked the White House

By Evan Perez and Shimon Prokupecz, CNN

Washington (CNN)Russian hackers behind the damaging cyber intrusion of the State Department in recent months used that perch to penetrate sensitive parts of the White House computer system, according to U.S. officials briefed on the investigation.

While the White House has said the breach only affected an unclassified system, that description belies the seriousness of the intrusion. The hackers had access to sensitive information such as real-time non-public details of the president’s schedule. While such information is not classified, it is still highly sensitive and prized by foreign intelligence agencies, U.S. officials say.

The White House in October said it noticed suspicious activity in the unclassified network that serves the executive office of the president. The system has been shut down periodically to allow for security upgrades.

The FBI, Secret Service and U.S. intelligence agencies are all involved in investigating the breach, which they consider among the most sophisticated attacks ever launched against U.S. government systems. ​The intrusion was routed through computers around the world, as hackers often do to hide their tracks, but investigators found tell-tale codes and other markers that they believe point to hackers working for the Russian government.

National Security Council spokesman Mark Stroh didn’t confirm the Russian hack, but he did say that “any such activity is something we take very seriously.”

“In this case, as we made clear at the time, we took immediate measures to evaluate and mitigate the activity,” he said. “As has been our position, we are not going to comment on [this] article’s attribution to specific actors.”

Neither the U.S. State Department nor the Russian Embassy immediately responded to a request for comment.

Ben Rhodes, President Barack Obama’s deputy national security adviser, said the White House’s use of a separate system for classified information protected sensitive national security-related items from being obtained by hackers.

“We do not believe that our classified systems were compromised,” Rhodes told CNN’s Wolf Blitzer on Tuesday.

“We’re constantly updating our security measures on our unclassified system, but we’re frankly told to act as if we need not put information that’s sensitive on that system,” he said. “In other words, if you’re going to do something classified, you have to do it on one email system, one phone system. Frankly, you have to act as if information could be compromised if it’s not on the classified system.”

To get to the White House, the hackers first broke into the State Department, investigators believe.

The State Department computer system has been bedeviled by signs that despite efforts to lock them out, the Russian hackers have been able to reenter the system. One official says the Russian hackers have “owned” the State Department system for months and it is not clear the hackers have been fully eradicated from the system.

As in many hacks, investigators believe the White House intrusion began with a phishing email that was launched using a State Department email account that the hackers had taken over, according to the U.S. officials.

Director of National Intelligence James Clapper, in a speech at an FBI cyberconference in January, warned government officials and private businesses to teach employees what “spear phishing” looks like.

“So many times, the Chinese and others get access to our systems just by pretending to be someone else and then asking for access, and someone gives it to them,” Clapper said.

The ferocity of the Russian intrusions in recent months caught U.S. officials by surprise, leading to a reassessment of the cybersecurity threat as the U.S. and Russia increasingly confront each other over issues ranging from the Russian aggression in Ukraine to the U.S. military operations in Syria.

The attacks on the State and White House systems is one reason why Clapper told a Senate hearing in February that the “Russian cyberthreat is more severe than we have previously assessed.”

The revelations about the State Department hacks also come amid controversy over formerSecretary of State Hillary Clinton’s use of a private email server to conduct government business during her time in office. Critics say her private server likely was even less safe than the State system. The Russian breach is believed to have come after Clinton departed State.

But hackers have long made Clinton and her associates targets.

The website The Smoking Gun first reported in 2013 that a hacker known as Guccifer had broken into the AOL email of Sidney Blumenthal, a friend and advisor to the Clintons, and published emails Blumenthal sent to Hillary Clinton’s private account. The emails included sensitive memos on foreign policy issues and were the first public revelation of the existence of Hillary Clinton’s private email address​ now at the center of controversy: hdr22@clintonemail.com. The address is no longer in use.

Facebook accused of tracking all users even if they delete accounts or ask never to be followed

Facebook accused of tracking all users even if they delete accounts or ask never to be followed

Network tracks its users so that it can give them more tailored advertising

ANDREW GRIFFIN

A new report claims that Facebook secretly installs tracking cookies on users’ computers, allowing them to follow users around the internet even after they’ve left the website, deleted their account and requested to be no longer followed.

Academic researchers said that the report showed that the company was breaking European law with its tracking policies. The law requires that users are told if their computers are receiving cookies except for specific circumstances.

Facebook’s tracking — which it does so that it can tailor advertising — involves putting cookies or small pieces of software on users’ computers, so that they can then be followed around the internet. Such technology is used by almost every website, but European law requires that users are told if they are being given cookies or being tracked. Companies don’t have to tell users if the cookies are required to connect to a service or if they are needed to give the user information that they have specifically requested.

But Facebook’s tracking policy allows it to track users if they have simply been to a page on the company’s domain, even if they weren’t logged in. That includes pages for brands or events, which users can see whether or not they have an account.

Facebook disputes the accusations of the report, it told The Independent.

“This report contains factual inaccuracies,” a Facebook spokesperson said. “The authors have never contacted us, nor sought to clarify any assumptions upon which their report is based. Neither did they invite our comment on the report before making it public.

“We have explained in detail the inaccuracies in the earlier draft report (after it was published) directly to the Belgian DPA, who we understand commissioned it, and have offered to meet with them to explain why it is incorrect, but they have declined to meet or engage with us. However, we remain willing to engage with them and hope they will be prepared to update their work in due course”.

The report does not have any legal standing, and was written by independent academics.

With respect to its European data, Facebook is regulated by the Irish Data Protection Commissioner, who checks that Facebook is acting within the EU’s Data Protection Directive. As part of that regulation, Facebook is regularly audited.

Facebook has a page on its site that gives users’ information about cookies and how they are used on the network. The company makes clear that cookies are used for the purposes of advertising and other functions, and that users can opt out of such tracking if they wish to.

Private Emails Reveal Ex-Clinton Aide’s Secret Spy Network

Private Emails Reveal Ex-Clinton Aide’s Secret Spy Network

Hillary Clinton
Hillary Clinton testifies before a Congressional Committee on the Benghazi attacks.

Emails disclosed by a hacker show a close family friend was funneling intelligence about the crisis in Libya directly to the Secretary of State’s private account starting before the Benghazi attack.

by Jeff Gerth, ProPublica, and Sam Biddle, Gawker

Starting weeks before Islamic militants attacked the U.S. diplomatic outpost in Benghazi, Libya, longtime Clinton family confidante Sidney Blumenthal supplied intelligence to then Secretary of State Hillary Clinton gathered by  a secret network that included a former CIA clandestine service officer, according to hacked emails from Blumenthal’s account.

The emails, which were posted on the internet in 2013, also show that Blumenthal and another close Clinton associate discussed contracting with a retired Army special operations commander to put operatives on the ground near the Libya-Tunisia border while Libya’s civil war raged in 2011.

Blumenthal’s emails to Clinton, which were directed to her private email account, include at least a dozen detailed reports on events on the deteriorating political and security climate in Libya as well as events in other nations. They came to light after a hacker broke into Blumenthal’s account and have taken on new significance in light of the disclosure that she conducted State Department and personal business exclusively over an email server that she controlled and kept secret from State Department officials and which only recently was discovered by congressional investigators.

The contents of that account are now being sought by a congressional inquiry into the Benghazi attacks. Clinton has handed over more than 30,000 pages of her emails to the State Department, after unilaterally deciding which ones involved government business; the State Department has so far handed almost 900 pages of those over to the committee. A Clinton spokesman told Gawker and ProPublica (which are collaborating on this story) that she has turned over all the emails Blumenthal sent to Clinton.

The dispatches from Blumenthal to Clinton’s private email address were posted online after Blumenthal’s account was hacked in 2013 by Romanian hacker Marcel-Lehel Lazar, who went by the name Guccifer. Lazar also broke into accounts belonging to George W. Bush’s sister, Colin Powell, and others. He’s now serving a seven-year sentence in his home country and was charged in a U.S. indictment last year.

The contents of the memos, which have recently become the subject of speculation in the right-wing media, raise new questions about how Clinton used her private email account and whether she tapped into an undisclosed back channel for information on Libya’s crisis and other foreign policy matters.

Blumenthal, a New Yorker staff writer in the 1990s, became a top aide to President Bill Clinton and worked closely with Hillary Clinton during the fallout from the Whitewater investigation into the Clinton family.  She tried to hire him when she joined President Obama’s cabinet in 2009, but White House Chief of Staff Rahm Emanuel reportedly nixed the idea on the grounds Blumenthal was a divisive figure whose attacks on Obama during the Democratic primary had poisoned his relationship with the new administration.

It’s unclear who tasked Blumenthal, known for his fierce loyalty to the Clintons, with preparing detailed intelligence briefs. It’s also not known who was paying him, or where the operation got its money. The memos were marked “confidential” and relied in many cases on “sensitive” sources in the Libyan opposition and Western intelligence and security services. Other reports focused on Egypt, Germany, and Turkey.

Indeed, though they were sent under Blumenthal’s name, the reports appear to have been gathered and prepared by Tyler Drumheller, a former chief of the CIA’s clandestine service in Europe who left the agency in 2005. Since then, he has established a consulting firm called Tyler Drumheller, LLC.

He has also been affiliated with a firm called DMC Worldwide, which he co-founded with Washington, D.C., attorney Danny Murray and former general counsel to the U.S. Capitol Police John Caulfield. DMC Worldwide’s now-defunct website describes it at as offering “innovative security and intelligence solutions to global risks in a changing world.”

In one exchange in March 2013, Blumenthal emailed Drumheller, “Thanks. Can you send Libya report.” Drumheller replied, “Here it is, pls do not share it with Cody. I don’t want moin speculating on sources. It is on the Maghreb and Libya.”

Cody is Cody Shearer, a longtime Clinton family operative—his brother was an ambassador under Bill Clinton and his now-deceased sister is married to Clinton State Department official Strobe Talbott—who was in close contact with Blumenthal. While it’s not entirely clear from the documents, “Moin” may refer to the nickname of Mohamed Mansour El Kikhia, a member of the Kikhia family, a prominent Libyan clan with ties to the Libyan National Transition Council. (An email address in Blumenthal’s address book, which was also leaked, wasassociated with his Facebook page.)

There’s no indication in Blumenthal’s emails whether Clinton read or replied to them before she left State on February 1, 2013, but he was clearly part of a select group with knowledge of the private clintonemail.com address, which was unknown to the public until

Gawker published it this year. They do suggest that she interacted with Blumenthal using the account after she stepped down. “H: got your message a few days ago,” reads the subject line of one email from Blumenthal to Clinton on February 8, 2013; “H: fyi, will continue to send relevant intel,” reads another.

The memos cover a wide array of subjects in extreme detail, from German Prime Minister Angela Merkel’s conversations with her finance minister about French president Francois Hollande–marked “THIS INFORMATION COMES FROM AN EXTREMELY SENSITIVE SOURCE”—to the composition of the newly elected South Korean president’s transition team.

At least 10 of the memos deal in whole or in part with internal Libyan politics and the government’s fight against militants, including the status of the Libyan oil industry and the prospects for Western companies to participate.

One memo was sent on August 23, 2012, less than three weeks before Islamic militants stormed the diplomatic outpost in Benghazi. It cites “an extremely sensitive source” who highlighted a string of bombings and kidnappings of foreign diplomats and aid workers in Tripoli, Benghazi and Misrata, suggesting they were the work of people loyal to late Libyan Prime Minister Muammar Gaddafi.

While the memo doesn’t rise to the level of a warning about the safety of U.S. diplomats, it portrays a deteriorating security climate. Clinton noted a few days after the Benghazi attack, which left four dead and 10 people injured, that U.S. intelligence officials didn’t have advance knowledge of the threat.

On September 12, 2012, the day after the Benghazi attack, Blumenthal sent a memo that cited a “sensitive source” saying that the interim Libyan president, Mohammed Yussef el Magariaf, was told by a senior security officer that the assault was inspired by an anti-Muslim video made in the U.S., as well as by allegations from  Magariaf’s political opponents that he had CIA ties.

Blumenthal followed up the next day with an email titled “Re: More Magariaf private reax.” It said Libyan security officials believed an Islamist radical group called the Ansa al Sharia brigade had prepared the attack a month in advance and “took advantage of the cover” provided by the demonstrations against the video.

An October 25, 2012 memo says that Magariaf and the Libyan army chief of staff agree that the “situation in the country is becoming increasingly dangerous and unmanageable” and “far worse” than Western leaders realize.

Blumenthal’s email warnings, of course, followed a year of Libyan hawkishness on the part of Clinton. In February of 2011, she told the UN Human Rights Council in Geneva that “it is time for Gaddafi to go.” The next month, after having described Russian reluctance over military intervention as “despicable,” Clinton met with rebel leaders in Paris and drummed up support for a no-fly zone while in Cairo. On March 17, 2011, the UN Security Council voted to back Libyan rebels against Gaddafi.

It’s this buildup, which Clinton still proudly recalled in her 2014 memoir, that Blumenthal appears to join in on 2011. In addition to the intel memos, his emails also disclose that he and his associates worked to help the Libyan opposition, and even plotted to insert operatives on the ground using a private contractor.

A May 14, 2011 email exchange between Blumenthal and Shearer shows that they were negotiating with Drumheller to contract with someone referred to as “Grange” and “the general” to place send four operatives on a week-long mission to Tunis, Tunisia, and “to the border and back.” Tunisia borders Libya and Algeria.

“Sid, you are doing great work on this,” Drumheller wrote to Blumenthal. “It is going to be around $60,000, coverting r/t business class airfare to Tunis, travel in country to the border and back, and other expenses for 7–10 days for 4 guys.”

After Blumenthal forwarded that note to Shearer, he wrote back questioning the cost of the operation. “Sid, do you think the general has to send four guys. He told us three guys yesterday, a translator and two other guys. I understand the difficulty of the mission and realize that K will be repaid but I am going to need an itemized budget for these guys.”

“The general” and “Grange” appear to refer to David L. Grange, a major general in the Army who ran a secret Pentagon special operations unit before retiring in 1999. Grange subsequently founded Osprey Global Solutions, a consulting firm and government contractor that offers logistics, intelligence, security training, armament sales, and other services. The Osprey Foundation, which is a nonprofit arm of Osprey Global Solutions, is listed as one of the State Department’s “global partners” in a 2014 report from the Office of Global Partnerships.’

Among the documents in the cache released by Lazar is an August 24, 2011, memorandum of understanding between Osprey Global Solutions and the Libyan National Transition Council—the entity that took control in the wake of Qadaffi’s execution—agreeing that Osprey will contract with the NTC to “assist in the resumption of access to its assets and operations in country” and train Libyan forces in intelligence, weaponry, and “rule-of-land warfare.” The document refers to meetings held in Amman, Jordan between representatives of Osprey and a Mohammad Kikhia, who represented the National Transition Council.

Five months later, according to a document in the leak, Grange wrote on Osprey Global letterhead to Assistant Secretary of State Andrew Shapiro, introducing Osprey as a contractor eager to provide humanitarian and other assistance in Libya. “We are keen to support the people of Libya under the sponsorship of the Ministry of Finance and the Libyan Stock Exchange,” Grange wrote. Shapiro is a longtime Clinton loyalist; he served on her Senate staff as foreign policy advisor.

Another document in the cache, titled “Letter_for_Moin,” is an appeal from Drumheller to then-Libyan Prime Minister Ali Zeidan offering the services of Tyler Drumheller LLC, “to develop a program that will provide discreet confidential information allowing the appropriate entities in Libya to address any regional and international challenges.”

The “K” who was, according to Shearer’s email, to be “repaid” for his role in the Tunisia operation appears to be someone named Khalifa al Sherif, who sent Blumenthal several emails containing up-to-the-minute information on the civil war in Libya, and appears to have been cited as a source in several of the reports.

Contacted by ProPublica and Gawker, Drumheller’s attorney and business partner Danny Murray confirmed that Drumheller “worked” with Blumenthal and was aware of the hacked emails, but declined to comment further.

Shearer said only that “the FBI is involved and told me not to talk. There is a massive investigation of the hack and all the resulting information.” The FBI declined to comment.

Blumenthal, Grange, and Kikhia all did not respond to repeated attempts to reach them. Nick Merrill, a spokesman for Clinton had no comment on Blumenthal’s activities with Drumheller.

Whatever Blumenthal, Shearer, Drumheller, and Grange were up to in 2011, 2012, and 2013 on Clinton’s behalf, it appears that she could have used the help: According to State Department personnel directories, in 2011 and 2012—the height of the Libya crisis—State didn’t have a Libyan desk officer, and the entire Near Eastern Magreb Bureau, which which covers Algeria, Tunisia, Morocco and Libya, had just two staffers. Today, State has three Libyan desk officers and 11 people in the Near Eastern Magreb Bureau. A State Department official wouldn’t say how many officers were on the desk in 2011, but said there was always “at least one” officer and “sometimes many more, working on Libya.”

Reached for comment, a State Department public affairs official who would only speak on background declined to address questions about Blumenthal’s relationship to Clinton, whether she was aware of the intelligence network, and who if anyone was paying Blumenthal. Asked about the Tunisia-Libya mission, the official replied, “There was a trip with the secretary in October of 2011, but there was also a congressional delegation in April, 2011. There were media reports about both of these at the time.” Neither trip involved travelling via Tunis.

Secret Service testing drones, how to disrupt their flying

Secret Service testing drones, how to disrupt their flying

 

Secret Service Drones

WASHINGTON (AP) — Mysterious, middle-of-the-night drone flights by the U.S. Secret Service during the next several weeks over parts of Washington — usually off-limits as a strict no-fly zone — are part of secret government testing intended to find ways to interfere with rogue drones or knock them out of the sky, The Associated Press has learned.

A U.S. official briefed on the plans said the Secret Service was testing drones for law enforcement or protection efforts and to look for ways, such as signal jamming, to thwart threats from civilian drones. The drones were being flown between 1 a.m. and 4 a.m. The official spoke on condition of anonymity because this person was not authorized to publicly discuss the plans. The Secret Service has said details were classified.

Some consumer-level drones, which commonly carry video cameras, are powerful enough to carry small amounts of explosives or a grenade.

The challenge for the Secret Service is quickly detecting a rogue drone flying near the White House or the president’s location, then within moments either hacking it to seize control over its flight or jamming its signal to send it off course or make it crash.

The Secret Service has said only that it will openly test drones over Washington, but it declined to provide details such as when it will fly, how many drones, over what parts of the city, for how long and for what purposes. It decided to tell the public in advance about the tests out of concern that people who saw the drones might be alarmed, particularly in the wake of the drones spotted recently over Paris at night. Flying overnight also diminishes the chances that radio jamming would accidentally affect nearby businesses, drivers, pedestrians and tourists.

It is illegal under the U.S. Communications Act to sell or use signal jammers except for narrow purposes by government agencies.

Depending on a drone’s manufacturer and capabilities, its flight-control and video-broadcasting systems commonly use the same common radio frequencies as popular Wi-Fi and Bluetooth technologies. Jamming by the Secret Service — depending on how powerfully or precisely it works — could disrupt nearby Internet networks or phone conversations until it’s turned off. Testing in the real-world environment around the White House would reveal unexpected effects on jamming efforts from nearby buildings, monuments or tall trees.

Signals emanating from an inbound drone — such as coming from a video stream back to its pilot — could allow the Secret Service to detect and track it.

Federal agencies generally need approval to jam signals from the U.S. telecommunications advisory agency, the Commerce Department’s National Telecommunications and Information Administration. That agency declined to tell the AP whether the Secret Service sought permission because it said such requests are not routinely made public.

The Federal Aviation Administration has confirmed it formally authorized the Secret Service to fly the drones and granted it a special waiver to fly them over Washington. The agency declined to provide specifics about the secret program.

In January, a wayward quadcopter drone, piloted by an off-duty U.S. intelligence employee, landed on the White House lawn. At the time, the Secret Service said the errant landing appeared to be accidental and was not considered a security threat.

The agency had been looking at security issues surrounding drones before the January crash, but the crash of that drone led the agency to focus more attention on security issues surrounding small, unmanned aircraft that can be hard to detect. Previously published reports have disclosed that the Secret Service already uses jammers in presidential and vice presidential motorcades to disrupt signals that might detonate hidden remotely triggered improvised explosive devices.

Researchers with the Homeland Security Department’s science and technology directorate are working on strategies to interdict an unauthorized drone flying inside security areas. The research arm of DHS is trying to balance security concerns of the small, hard-to-detect devices, with the burgeoning commercial use and interests of hobbyists. Likewise, the National Telecommunications and Information Administration said last week it’s studying how the U.S. can resolve privacy risks with increasing use of drones.

The Homeland Security Department hosted a two-day meeting last month with industry officials, law enforcement and academics to discuss balancing security and commercial interests and establishing security practices. Days later, the Secret Service, which is part of the Homeland Security Department, distributed a three-sentence press release saying it will “conduct a series of exercises involving unmanned aircraft systems, in the coming days and weeks.”

Trying to keep drones out of a secure area can be tricky.

There are basically three ways to stop a drone, said Jeremy Gillula, a staff technologist at the Electronic Frontier Foundation: block the radio signals linking the drone to its controller, hack the aircraft’s control signals and trick it into believing it is somewhere else, or physically disable it.

Some drone manufacturers program a “geo fence” — location coordinates their drones treat as off-limits and refuse to fly past — into the drone’s programming. Police could physically knock a drone out of the air with a projectile or use a net to catch it.

“If it were me that would actually be the first thing I would think about doing,” Gillula said. “You would have to basically encase the White House in this net. It sure wouldn’t look pretty, but in some ways it would be the most effective way.”

Serious FREAK flaw could undermine the Web’s encryption

Serious FREAK flaw could undermine the Web’s encryption

The vulnerability affects the widely used Secure Sockets Layer protocol and its successor, Transport Layer Security

By

identity theft crime internet

Experts are warning of a serious security flaw that has apparently gone undetected for years and can weaken encrypted connections between computers and websites, potentially undermining security across the Internet.

The flaw, which has been dubbed FREAK, affects the widely used Secure Sockets Layer protocol and its successor, Transport Layer Security, and can allow an attacker to intercept supposedly encrypted traffic as it moves between clients and servers.

The flaw affects many popular websites, as well as programs including Apple’s Safari browser and Google’s Android mobile OS, security experts say. Applications that use a version of OpenSSL prior to 1.0.1k are also vulnerable to the bug, detailed in this advisory.

An Apple spokesman said Tuesday that software updates for iOS and OS X will be released next week. Google said it has distributed a patch to its partners that will protect Android’s connection to vulnerable websites.

The problem stems from export restrictions imposed by the U.S. government in the early 1990s, which prohibited software makers from shipping products with strong encryption overseas, wrote Ed Felten, professor of computer science and public affairs at Princeton University.

That meant some companies shipped a version of their products with weaker encryption keys for use overseas. When the law was changed and it became legal to export stronger encryption, “the export mode feature was not removed from the protocol because some software still depended on it,” Felten wrote.

The vulnerability that has come to light now essentially allows attackers to downgrade the security of connections from strong encryption to that of the weaker, export-grade encryption.

Servers and devices that use OpenSSL, an open-source encryption program, are vulnerable, including many Google and Apple devices, embedded systems and other products, according to an advisory. Servers or clients that accept the RSA_EXPORT cipher suites are at risk. FREAK stands for Factoring attack on RSA-EXPORT Keys.

The keys can be downgraded by performing a man-in-the-middle attack that interferes with the set-up process of an encrypted connection. Although there are defenses in the SSL/TLS protocol to prevent such tampering, they can be worked around. The weaker, 512-bit key can be revealed using today’s powerful computers, and the data traffic can then be decrypted.

Today’s protocols use longer encryption keys, and the standard is 2,048-bit RSA. The 512-bit keys were considered secure two decades ago, but an attacker could recover the key they need quite easily today using a public cloud service.

“Back in the ’90s, that would have required a heavy-duty computation, but today it takes about seven hours on Amazon EC2 and costs about $100,” Felten wrote.

Companies are moving fast to fix the issue. Akamai, a content delivery network that supports a high number of websites, said it has distributed a fix for its network.

However, some clients may still be vulnerable, wrote Bill Brenner of Akamai.

“We can’t fix those clients, but we can avoid the problem by disabling export ciphers,” he wrote. “Because this is a client side issue, we’ve reached out to our customers and are working with them to make this change.”

The vulnerability was discovered by Karthikeyan Bhargavan of INRIA, a French science and technology research institute, and by Microsoft Research. A technical paper describing FREAK is due to be presented at the IEEE’s Security and Privacy conference in San Jose, California, in May.

FCC Vote: Regulate the Internet and Your Service!

FCC Vote: Regulate the Internet and Your Service!

Eleventh-hour drama for net neutrality

By Julian Hattem

A Democrat on the Federal Communications Commission wants to see changes that could narrow the scope of new net neutrality rules set for a vote on Thursday.

Mignon Clyburn, one of three Democrats on the FCC, has asked Chairman Tom Wheeler to roll back some of his provisions before the full commission votes on them, FCC officials said.

The request — which Wheeler has yet to respond to — puts the chairman in the awkward position of having to either roll back his proposals, or defend the tough rules and convince Clyburn to back down.

It’s an ironic spot for Wheeler, who for months was considered to be favoring weaker rules than those pushed for by his fellow Democrats, before he reversed himself and backed tougher restrictions on Internet service providers.

Clyburn’s objections complicate the highly anticipated vote and add an extra bit of drama to the already high tensions on the five-member commission.

Wheeler will need the votes of both Clyburn and Democratic Commissioner Jessica Rosenworcel to pass the rules, since the two Republicans on the commission are expected to vote against anything he proposes.

Clyburn’s changes would leave in place the central and most controversial component of Wheeler’s rules — the notion that broadband Internet service should be reclassified so that it can be treated as a telecommunications service under Title II of the Communications Act, similar to utilities like phone lines.

Proponents of net neutrality have said such a move is the surest way to prevent Internet service providers from interfering with people’s access to the Web.

However, she wants to eliminate a new legal category of “broadband subscriber access services,” created as an additional point of legal authority for the FCC to monitor the ways companies hand off traffic on the back end of the Internet.

Those deals, known as “interconnection” arrangements, became a point of contention last year, when Netflix accused Comcast and other companies of erecting “Internet tolls” before easily passing Web traffic from one network to another.

The initial plan sought by Wheeler would allow the FCC to investigate and take action against deals that are “not just and reasonable,” according to a fact sheet released by the commission earlier this month.

Eliminating the new legal category could make it trickier for the FCC to police those arrangements, said officials with the agency, who were granted anonymity in order to speak freely about the ongoing negotiations.

Other FCC officials have previously said that the broader act of reclassifying broadband Internet service would, in and of itself, give the commission enough power to oversee interconnection deals. That opinion has been backed up by lawyers at Google, among others, who made the argument to FCC officials last week.

Matt Wood, the policy director at the pro-net neutrality organization Free Press, disagreed with officials who thought the change could weaken the rule. Clyburn’s edit might actually make the rules stronger by getting rid of “unnecessary baggage” in Wheeler’s early draft, he said.

Clyburn’s changes also would replace a new standard for Internet service providers’ conduct, which was meant to act as a catchall rule for any future behavior that might abuse consumers. That standard would be swapped out with potentially narrower language from 2010 rules that prevented “unreasonable discrimination.” A federal court tossed out those 2010 rules early last year, setting the stage for the FCC to write new rules.

The full text of the rules will not be revealed to the public until after the FCC’s vote on Thursday morning.

Clyburn declined to discuss specific changes she was supporting on Tuesday.

“This is a process that is an interaction with all five members of the commission and their offices,” she said after remarks at a policy forum hosted by Comptel, a trade group.

“I will just say that I am attempting to strike a balance and whatever you hear, whether it’s accurate or not, is a reflection of my enthusiastic willingness to do so.”

In a speech at the Federal Communications Bar Association last week, the commissioner said that she was “pleased” with the initial draft but also hinted that she might need some fixes to strike that balance between “strong” protections for consumers and “clarity” for investors.

“Some have expressed concerns about allowing private rights of action in court, failing to consider the impact on smaller [Internet service providers], that including interconnection goes too far or that the case-by-case approach does not go far enough, and that the new conduct rule may not be as strong as the previous unreasonable discrimination rule,” she said.

The requested changes come as FCC lawyers are spending hours poring over the text of the rules.

In keeping with FCC procedural rules, the four other commissioners got their first look at the rules just two and a half weeks ago outside of Wheeler’s office. Now they are scrambling to make edits ahead of the vote on Thursday morning.