Tag Archives: computer

How the U.S. thinks Russians hacked the White House

How the U.S. thinks Russians hacked the White House

By Evan Perez and Shimon Prokupecz, CNN

Washington (CNN)Russian hackers behind the damaging cyber intrusion of the State Department in recent months used that perch to penetrate sensitive parts of the White House computer system, according to U.S. officials briefed on the investigation.

While the White House has said the breach only affected an unclassified system, that description belies the seriousness of the intrusion. The hackers had access to sensitive information such as real-time non-public details of the president’s schedule. While such information is not classified, it is still highly sensitive and prized by foreign intelligence agencies, U.S. officials say.

The White House in October said it noticed suspicious activity in the unclassified network that serves the executive office of the president. The system has been shut down periodically to allow for security upgrades.

The FBI, Secret Service and U.S. intelligence agencies are all involved in investigating the breach, which they consider among the most sophisticated attacks ever launched against U.S. government systems. ​The intrusion was routed through computers around the world, as hackers often do to hide their tracks, but investigators found tell-tale codes and other markers that they believe point to hackers working for the Russian government.

National Security Council spokesman Mark Stroh didn’t confirm the Russian hack, but he did say that “any such activity is something we take very seriously.”

“In this case, as we made clear at the time, we took immediate measures to evaluate and mitigate the activity,” he said. “As has been our position, we are not going to comment on [this] article’s attribution to specific actors.”

Neither the U.S. State Department nor the Russian Embassy immediately responded to a request for comment.

Ben Rhodes, President Barack Obama’s deputy national security adviser, said the White House’s use of a separate system for classified information protected sensitive national security-related items from being obtained by hackers.

“We do not believe that our classified systems were compromised,” Rhodes told CNN’s Wolf Blitzer on Tuesday.

“We’re constantly updating our security measures on our unclassified system, but we’re frankly told to act as if we need not put information that’s sensitive on that system,” he said. “In other words, if you’re going to do something classified, you have to do it on one email system, one phone system. Frankly, you have to act as if information could be compromised if it’s not on the classified system.”

To get to the White House, the hackers first broke into the State Department, investigators believe.

The State Department computer system has been bedeviled by signs that despite efforts to lock them out, the Russian hackers have been able to reenter the system. One official says the Russian hackers have “owned” the State Department system for months and it is not clear the hackers have been fully eradicated from the system.

As in many hacks, investigators believe the White House intrusion began with a phishing email that was launched using a State Department email account that the hackers had taken over, according to the U.S. officials.

Director of National Intelligence James Clapper, in a speech at an FBI cyberconference in January, warned government officials and private businesses to teach employees what “spear phishing” looks like.

“So many times, the Chinese and others get access to our systems just by pretending to be someone else and then asking for access, and someone gives it to them,” Clapper said.

The ferocity of the Russian intrusions in recent months caught U.S. officials by surprise, leading to a reassessment of the cybersecurity threat as the U.S. and Russia increasingly confront each other over issues ranging from the Russian aggression in Ukraine to the U.S. military operations in Syria.

The attacks on the State and White House systems is one reason why Clapper told a Senate hearing in February that the “Russian cyberthreat is more severe than we have previously assessed.”

The revelations about the State Department hacks also come amid controversy over formerSecretary of State Hillary Clinton’s use of a private email server to conduct government business during her time in office. Critics say her private server likely was even less safe than the State system. The Russian breach is believed to have come after Clinton departed State.

But hackers have long made Clinton and her associates targets.

The website The Smoking Gun first reported in 2013 that a hacker known as Guccifer had broken into the AOL email of Sidney Blumenthal, a friend and advisor to the Clintons, and published emails Blumenthal sent to Hillary Clinton’s private account. The emails included sensitive memos on foreign policy issues and were the first public revelation of the existence of Hillary Clinton’s private email address​ now at the center of controversy: hdr22@clintonemail.com. The address is no longer in use.

Top hacker-turned FBI mole gives dire warning

Top hacker-turned FBI mole gives dire warning

Hector Monsegur, FBI Informant and former 'Anonymous' hacker.
Hector Monsegur, FBI Informant and former ‘Anonymous’ hacker.

“Anonymous” is one of the biggest online vigilante groups. Its members hack into companies and governments computer systems, and they prefer a life in the shadows, wearing masks in protests.

Now, a former top member is breaking his silence.

He helped carry out cyberattacks that caused $50 million in damages. In his first television interview, Hector Monsegur opens up about his arrest, and switching sides, reports “CBS This Morning” co-host Charlie Rose.

“Tinkering with the system and learning how it functioned, I was able to escape,” Monsegur said. “Escape from the current situation we were goin’ through.”

Monsegur said he taught himself everything he knows.

“You know everybody around me were into something, but it wasn’t computers,” he said.

From the moment Monsegur got his hands on a used desktop, he had a passion for computers.

But for the boy raised by his grandmother in this New York City housing project, it was the internet that provided a gateway to something bigger.

“We were poor, so I needed to find a way that would be cheap or free so that I could be able to access the internet without being a burden to my grandmother,” Monsegur said.

According to court documents, at first he stole credit card information, selling the numbers or using them to pay his own bills.

Monsegur eventually adopted the name “Sabu” and joined a mysterious group of hackers about to take off.

“Anonymous is an idea. An idea where we could all be anonymous,” Monsegur said. “We could all work together as a crowd — united — we could rise and fight against oppression.”

As Anonymous grew, Monsegur helped take the movement to a worldwide level.

At the height of the Arab Spring in Tunisia, he hijacked the prime minister’s website, posting a letter in support of protesters.

“It was amazing. I saw finally I was able to do something that contributed to society regardless if I was at home in the Lower East Side, in the projects, behind a computer,” Monsegur said.

Monsegur admitted he was behind thousands of hacks.

While working with Anonymous and his own off-shoot group, Lulzsec, some of his targets included Visa, MasterCard, PayPal, Sony, and the U.S. Senate.

While he recognized that hacking is illegal, Monsegur said he wasn’t worried about getting caught.

“After you’re hacking for so long you reach a point of no return,” he said. “Regardless if you fear that they’re gonna get you one day, it’s too late.”

In June 2011, Monsegur led a brazen attack on the website of InfraGard, an FBI affiliate. Days later, a team of FBI agents showed up at the same apartment where he grew up.

“So he said, ‘Well, we know who you are, we know what you’re doin’, and we also know you have two kids in the house. You make the decision,’ he recalled. “So it’s clear as day they had an understanding that my weakness was the kids.”

He immediately chose to work as an FBI informant to avoid the possibility of serving up to 124 years in prison.

For the next three years — he continued communicating with fellow hackers. Only now, every keystroke was logged. The FBI said he has helped them prevent more than 300 cyberattacks in systems controlled by the military and NASA, for example.

“I was able to intercept attacks that were happening against the government and — share it with the government so they could fix these issues,” Monsegur said.

He also played a key role in the arrests of a group of co-conspirators, seven of whom pleaded guilty, including the FBI’s most wanted cybercriminal Jeremy Hammond.

Some fellow “hacktivists” saw Monsegur’s cooperation as the ultimate betrayal and labeled him a rat.

“It wasn’t a situation where I identified anybody. I didn’t point my fingers at nobody,” he said. “My cooperation entailed logging and providing intelligence. It didn’t mean, ‘Can you please tell me the identity of one of your mates?'”

He insisted the hackers wouldn’t even divulge that information because members in the group remain, as the name suggests, anonymous.

Monsegur’s talent and keen eye highlighted vulnerabilities in the critical systems that keep America online — threats he said still exist.

“In all reality there is no security,” Monsegur said. “Hackers could break right into the airport, the phone systems, obviously, the water supply systems — shut them down.”

While it sounds frightening, Monsegur said it should be an inspiration to the American government to take action and focus on the country’s infrastructure.

“We have a sickening reliance on security contractors, the companies that Edward Snowden worked for,” Monsegur said. “Who will guard the guards, Charlie? Our security, the people we pay for, the people we hire with tax dollars — are not really secure themselves.”

Earlier this year, Monsegur was sentenced to time served.

On the day his cooperation was made public, Anonymous suggested it was indestructible, tweeting: “Anonymous is a hydra, cut off one head and we grow two back.” Monsegur’s family was threatened and he remains cautious.

“If I were to go back I would remain a political hacktivist — activist hacker — however, I would stay away from Anonymous,” he said. “It was just too much publicity.”

Had his youth been different, had he had better opportunities, his skills could have landed him amongst many other tech wunderkinds in Silicon Valley.

“Well, that’s the problem. I didn’t end up in Silicon Valley. I had no connections to the world,” he said. “I guarantee you, though, had I made it to Silicon Valley, had I met you when I was 18, you probably could have pointed me in the right direction. You and I would be having a completely different discussion.”

Sony hit again, employee families threatened, files released

Sony hit again, employee families threatened, files released

Andrea Mandell and Elizabeth Weise, USATODAY
AP SONY HACKED F A ENT FILE USA CA

CULVER CITY, Calif. — Sony staffers received a new email from hackers Friday, this time threatening their families, from the group that calls itself the Guardians of Peace or the “GOP.”

At the same time, someone purporting to be the GOP released another, massive, file dump on Friday, posting them on a sharing site called Pastebin.

“It’s over 100 gigabytes,” said Daniel Tentler, with the security firm Carbon Dynamics. He is dissecting the file.

The posting was titled “Gift of GOP for 3rd day: Financial data of Sony Pictures.”

The file was compressed and it wasn’t immediately clear what it contained. However, whoever posted it claimed it included “many pieces of confidential data” in the accompanying message.

The message also read, “Anyone who loves peace can be our member. Please tell your mind at the email address below if you share our intention.” The email directed readers to a site that gives users anonymous, disposable email addresses.

In a final line,which could mean that Sony will have its private data dripped slowly out into public arena, the message read, “The data to be released next week will excite you more.”

These two secondary assaults come after Sony has spent all week shifting email to new servers, instructing staffers to change passwords, and turning back the clock to old-school time-punch cards in order to process employees’ payment.

All of these efforts were made by Sony to thwart another attack by the GOP (easily confused with the political party). But an email – somewhat garbled in style – that landed in many staffers inboxes on Friday proved Sony’s scramble is so far insufficient.

The email included a warning to all Sony employees who did not assist the GOP that their families could land in harm’s way, according to a person unauthorized to speak publicly about the situation. Sony employees have been instructed to turn off mobile and tablet devices.

“We understand that some of our employees have received an email claiming to be from GOP,” Robert Lawson, a spokesperson for Sony, told USA TODAY. “We are aware of the situation and are working with law enforcement.”

The FBI said they were also aware of the GOP’s latest threat.”The FBI is aware of threatening emails that have been received by some employees at Sony Pictures Entertainment,” said FBI press officer Joshua Campbell in a statement. “We continue to investigate this matter in order to identify the person or group responsible for the recent attack on the Sony Pictures network.”

Sony has had computer security teams working round the clock to rescue what they can from the company’s crippled servers since the initial attack was discovered on Nov. 24.

At the time, company officials had all staffers stay off of email and avoid the company’s internal WiFi network, to maintain security while they tried to rebuild. Some have suggested that the attack is in retaliation for a forthcoming comedy produced by Sony called The Interview. North Korea has denied any involvement.

A new round of emails threatening staff could signal that the attackers didn’t simply commit one of the largest hit-and-run cyber attacks on a U.S. company, but intend to continue toying with the firm as it struggles to get back on its feet.

Read the email in full, per Variety(emphasis added).

I am the head of GOP who made you worry.

Removing Sony Pictures on earth is a very tiny work for our group which is a worldwide organization. And what we have done so far is only a small part of our further plan.It’s your false if you if you think this crisis will be over after some time. All hope will leave you and Sony Pictures will collapse. This situation is only due to Sony Pictures. Sony Pictures is responsible for whatever the result is. Sony Pictues clings to what is good to nobody from the beginning. It’s silly to expect in Sony Pictures to take off us. Sony Pictures makes only useless efforts. One beside you can be our member.

Many things beyond imagination will happen at many places of the world. Our agents find themselves act in necessary places. Please sign your name to object the false of the company at the email address below if you don’t want to suffer damage. If you don’t, not only you but your family will be in danger.

Nobody can prevent us, but the only way is to follow our demand. If you want to prevent us, make your company behave wisely.

Stephen Hawking warns artificial intelligence could be threat to human race

Stephen Hawking warns artificial intelligence could be threat to human race

Steven Hawkings
Steven Hawkings

Stephen Hawking has warned that artificial intelligence could one day “spell the end of the human race.”

Speaking to the BBC, the eminent theoretical physicist said the artificial intelligence developed so far has been useful but expressed fears of creating something that far exceeded human abilities.

“It would take off on its own, and re-design itself at an ever increasing rate,” Hawking said. “Humans, who are limited by slow biological evolution, couldn’t compete, and would be superseded.”

Hawking, who has the motor neuron disease ALS, spoke using a new system developed by Intel and Swiftkey. Their technology, already in use in a smartphone keyboard app, learns how the professor thinks and then proposes words he might want to use next.

“I expect it will speed up my writing considerably,” he said.

Hawking praised the “primitive forms” of artificial intelligence already in use today, though he eschewed drawing a connection to the machine learning that is required for the predictive capabilities of his speaking device.

Hawking’s comments were similar to those made recently by SpaceX and Tesla founder Elon Musk, who called AI a threat to humanity.

“With artificial intelligence, we are summoning the demon,” Musk said during an October centennial celebration of the MIT Aeronautics and Astronautics Department. Musk had earlier sent a tweet saying that AI is “potentially more dangerous than nukes.”

More broadly, Hawking told the BBC that he saw plenty of benefits from the Internet, but cautioned that it, too, had a dark side.

He called the Internet a “command center for criminals and terrorists,” adding, “More must be done by the Internet companies to counter the threat, but the difficulty is to do this without sacrificing freedom and privacy.”

Iran Hackers Target Airlines, Energy, Defense Companies

Iran Hackers Target Airlines, Energy, Defense Companies

cyber-warfare

By Jim Finkle, 

BOSTON (Reuters) – Iranian hackers have infiltrated major airlines, energy companies, and defense firms around the globe over the past two years in a campaign that could eventually cause physical damage, according to U.S. cyber security firm Cylance.

The report comes as governments scramble to better understand the extent of Iran’s cyber capabilities, which researchers say have grown rapidly as Tehran seeks to retaliate for Western cyber attacks on its nuclear program.

“We believe that if the operation is left to continue unabated, it is only a matter of time before the team impacts the world’s physical safety,” Cylance said in an 87-page report on the hacking campaign released on Tuesday.

The California-based company said its researchers uncovered breaches affecting more than 50 entities in 16 countries, and had evidence they were committed by the same Tehran-based group that was behind a previously reported 2013 cyber attack on a U.S. Navy network.

It did not identify the companies targeted, but said they included major aerospace firms, airports and airlines, universities, energy firms, hospitals, and telecommunications operators based in the United States, Israel, China, Saudi Arabia, India, Germany, France, England and others.

Cylance said it had evidence the hackers were Iranian, and added the scope and sophistication of the attacks suggested they had state backing.

A diplomatic representative for Iran told Reuters that Cylance’s claim that that Tehran was behind the campaign was groundless.

“This is a baseless and unfounded allegation fabricated to tarnish the Iranian government image, particularly aimed at hampering current nuclear talks,” said Hamid Babaei, spokesman for Iran’s mission to the United Nations.

Reuters was unable to independently vet the research ahead of its publication. Cylance said it has reported the alleged hacking operation to some victims as well as to the U.S. Federal Bureau of Investigation. An FBI spokesman declined comment.

Cylance’s research provides a new example of how governments may be using cyber technology as a tool for spying and staging attacks on rival states.

Russian and Chinese hackers have been blamed for a variety of corporate and government cyber attacks, while the United States and Israel are believed to have used a computer worm to slow development of Iran’s nuclear program.

Tehran has been investing heavily in its cyber capabilities since 2010, when its nuclear program was hit by the Stuxnet computer virus, widely believed to have been launched by the United States and Israel. Iran has said its nuclear program is intended for the production of civilian electricity, and denies Western accusations it is seeking to build a nuclear bomb.

Cylance Chief Executive Stuart McClure said the Iranian hacking group has so far focused its campaign – dubbed Operation Cleaver – on intelligence gathering, but that it likely has the ability to launch attacks.

He said researchers who succeeded in gaining access to some of the hackers’ infrastructure found massive databases of user credentials and passwords from organizations including energy, transportation, and aerospace companies, as well as universities. He said they also found diagrams of energy plants, screen shots demonstrating control of the security system for a major Middle Eastern energy company, and encryption keys for a major Asian airline.

“If they already have that access, the ability to get access to do real damage is trivial,” he said.

In 2012, cyber attackers damaged some 30,000 computers at Saudi Arabia’s national oil company with a virus known as Shamoon, in one of the most destructive such strikes conducted against a single business. Some U.S. officials have said they believe Iran was behind that attack.

Cylance said its researchers also obtained hundreds of files apparently stolen by the Iranian group from the U.S. Navy’s Marine Corps Intranet (NMCI). U.S. government sources had confirmed that Iran was behind the 2013 NMCI breach, but did not provide further details.

A U.S. defense official said on Monday it took about four months to “maneuver the (NMCI) network” to ensure that it was free of intruders. The official said that while the incident was officially characterized as a “serious intrusion,” no networks were damaged as a result of the breach.

Cylance said that among the companies targeted in Operation Cleaver, 10 were U.S.-based. They included a major airline, natural gas production firm, an automaker, and large defense contractor.

Cylance’s report is the latest to show evidence of Iranian hacking of U.S. interests. Cyber security firm FireEye Inc in May said that an Iranian hacking group called the Ajax Security Team was behind an ongoing series of attacks on U.S. defense companies.

The cyber intelligence firm iSight Partners also reported in May that it had uncovered an unprecedented, three-year campaign in which Iranian hackers had created false social networking accounts and a bogus news website to spy on leaders in the United States, Israel and other countries.

Chinese Hackers Accessed DOD Top-Secret Personnel File Networks

Chinese Hackers Accessed DOD Top-Secret Personnel File Networks

by military.com

WASHINGTON — Chinese hackers broke into the computer networks of the U.S. Office of Personnel Management earlier this year with the intention of accessing the files of tens of thousands of federal employees who had applied for top-secret security clearances, according to The New York Times.

Chinese flagSenior U.S. officials say the hackers gained access to some of the agency’s databases in March before the threat was detected and blocked, the Times reported in an article posted on its website Wednesday night. How far the hackers penetrated the agency’s systems was not yet clear, the newspaper said.

Accusations of hacking by China and counterclaims of such activity by the U.S. government have strained U.S.-Chinese relations. Chinese hacking has been a major theme of U.S.-China discussions this week in Beijing, though both sides have publicly steered clear of the controversy.

SpyingA Chinese government spokesman on Thursday reiterated Beijing’s oft-stated position that it is “resolutely opposed” to Internet hacking and said there were parties who wanted to make China look like a cybersecurity threat.

“Some of the American media and cyber-security firms are making constant efforts to smear China and create the so-called China cyber threat,” Foreign Ministry spokesman Hong Lei said at a regular briefing. “They have never been able to present sufficient evidence. We are deeply convinced that such reports and commentaries are irresponsible and are not worth refuting.”

In May, the Justice Department filed a 31-count indictment against five Chinese military officials operating under hacker aliases and accused them of penetrating computer networks of a half-dozen steel companies and makers of solar and nuclear technology to gain a competitive advantage. The Chinese government denied the allegations and suspended a working group on cyber rules that was to be part of the annual Strategic and Economic Dialogue this week.

The Office of Personnel Management houses personal information for all federal employees. Those applying for security clearances would be expected to provide such information as foreign contacts, previous jobs, past drug use and other personal details, the newspaper reported.

The Times quoted an unidentified senior U.S. official as saying that the attack had been traced to China but that it wasn’t clear whether the hackers were part of the government. A Homeland Security Department official confirmed to the Times that an attack occurred but said no loss of personally identifiable information had been identified.

The Office of Personnel Management oversees a system by which federal employees applying for security clearances enter financial data and other personal information, the Times said, and those who maintain such clearances are required to update their information through that system. Agencies and contractors use the information to investigate employees.

The attack in March was not announced, even though the Obama administration has urged U.S. companies to share information about breaches in security with the government and with consumers, the newspaper reported.

“The administration has never advocated that all intrusions be made public,” Caitlin Hayden, a spokeswoman for the Obama administration, said in a statement to the Times. “We have advocated that businesses that have suffered an intrusion notify customers if the intruder had access to consumers’ personal information. We have also advocated that companies and agencies voluntarily share information about intrusions.”

Hayden said the administration had no reason to believe that personally identifiable information for employees had been compromised.

FBI says BlackShades malware hijacked half a million computers

FBI says BlackShades malware hijacked half a million computers

The FBI described its investigation in criminal complaints unsealed in Manhattan federal court Monday as charges against five individuals were announced.

Law enforcement sources told CBS News the criminal operation allegedly involved stealing information, controlling computers, and exploiting people whose computers were hacked. This investigation was separate from another major hacking case announced today, in which the Justice Department announced charges against five Chinese military hackers for allegedly stealing U.S. trade secrets.

The FBI said the BlackShades Remote Access Tool has been sold since at least 2010 to several thousand users. The agency said one of the program’s co-creators is now cooperating with the government and has provided extensive information.

 

cassidy.jpg
Cassidy Wolf, Miss Teen USA 2013, was targeted by a hacker who used the malware to hijack her computer’s webcam.

 

Among the victims of the malware was Miss Teen USA 2013, Cassidy Wolf. Authorities say a hacker used Wolf’s personal computer webcam to take nude photos of her and threatened to post them online if Wolf didn’t send him more revealing photos. She went to police. The hacker was arrested and sentenced to 18 months in prison.

Acting on an FBI tip, police worldwide have arrested 97 people in 16 countries suspected of developing, distributing or using the malicious software called BlackShades, which allows criminals to gain surreptitious control of personal computers, European law enforcement officials announced Monday.

The malware allows hackers to steal personal information, intercept keystrokes and hijack webcams to make secret recordings of their users. BlackShades also can be used to encrypt and lock a computer’s data files, blocking the rightful owners from regaining access unless they pay a ransom.

French officials said last week’s raids happened after the FBI arrested two BlackShades developers and distributed a list of their international customers who purchased the malware.

Coordination agencies Europol and Eurojust, based in The Hague, Netherlands, said Monday that police in 13 European countries – Austria, Belgium, Britain, Croatia, Denmark, Estonia, Finland, France, Germany, Italy, Moldova, the Netherlands and Switzerland – as well as in the United States, Canada and Chile raided 359 properties and seized cash, firearms, drugs and more than 1,000 data storage devices.

“This case is a strong reminder that no one is safe while using the Internet,” said Koen Hermans, a Eurojust official representing the Netherlands. “It should serve as a warning and deterrent to those involved in the manufacture and use of this software.”

The two European agencies declined to provide country-by-country breakdowns of arrests, details of items seized, or the specific days when last week’s raids occurred.

In Paris, the state prosecutor’s office said French detectives arrested more than two dozen people during May 13 raids and described the global nature of the arrests and searches as an unprecedented “new form of judicial action.” It said those arrested were identified by the FBI as French “citizens who had acquired or used this software.”

In a BlackShades-related related investigation before the latest global arrests, Dutch police earlier this year arrested a 18-year-old man for using the malware to take pictures of women and girls using about 2,000 computers.