Tag Archives: hacking

Russian Hackers Read Obama’s Unclassified Emails, Officials Say

Russian Hackers Read Obama’s Unclassified Emails, Officials Say

WASHINGTON — Some of President Obama’s email correspondence was swept up by Russian hackers last year in a breach of the White House’s unclassified computer system that was far more intrusive and worrisome than has been publicly acknowledged, according to senior American officials briefed on the investigation.

The hackers, who also got deeply into the State Department’s unclassified system, do not appear to have penetrated closely guarded servers that control the message traffic from Mr. Obama’s BlackBerry, which he or an aide carries constantly.

But they obtained access to the email archives of people inside the White House, and perhaps some outside, with whom Mr. Obama regularly communicated. From those accounts, they reached emails that the president had sent and received, according to officials briefed on the investigation.

White House officials said that no classified networks had been compromised, and that the hackers had collected no classified information. Many senior officials have two computers in their offices, one operating on a highly secure classified network and another connected to the outside world for unclassified communications.

But officials have conceded that the unclassified system routinely contains much information that is considered highly sensitive: schedules, email exchanges with ambassadors and diplomats, discussions of pending personnel moves and legislation, and, inevitably, some debate about policy.

Officials did not disclose the number of Mr. Obama’s emails that were harvested by hackers, nor the sensitivity of their content. The president’s email account itself does not appear to have been hacked. Aides say that most of Mr. Obama’s classified briefings — such as the morning Presidential Daily Brief — are delivered orally or on paper (sometimes supplemented by an iPad system connected to classified networks) and that they are usually confined to the Oval Office or the Situation Room.

Still, the fact that Mr. Obama’s communications were among those hit by the hackers — who are presumed to be linked to the Russian government, if not working for it — has been one of the most closely held findings of the inquiry. Senior White House officials have known for months about the depth of the intrusion.

“This has been one of the most sophisticated actors we’ve seen,” said one senior American official briefed on the investigation.

Others confirmed that the White House intrusion was viewed as so serious that officials met on a nearly daily basis for several weeks after it was discovered. “It’s the Russian angle to this that’s particularly worrisome,” another senior official said.

While Chinese hacking groups are known for sweeping up vast amounts of commercial and design information, the best Russian hackers tend to hide their tracks better and focus on specific, often political targets. And the hacking happened at a moment of renewed tension with Russia — over its annexation of Crimea, the presence of its forces in Ukraine and its renewed military patrols in Europe, reminiscent of the Cold War.

Inside the White House, the intrusion has raised a new debate about whether it is possible to protect a president’s electronic presence, especially when it reaches out from behind the presumably secure firewalls of the executive branch.

Mr. Obama is no stranger to computer-network attacks: His 2008 campaign was hit by Chinese hackers. Nonetheless, he has long been a frequent user of email, and publicly fought the Secret Service in 2009 to retain his BlackBerry, a topic he has joked about in public. He was issued a special smartphone, and the list of those he can exchange emails with is highly restricted.

When asked about the investigation’s findings, the spokeswoman for the National Security Council, Bernadette Meehan, said, “We’ll decline to comment.” The White House has also declined to provide any explanations about how the breach was handled, though the State Department has been more candid about what kind of systems were hit and what it has done since to improve security. A spokesman for the F.B.I. declined to comment.

Officials who discussed the investigation spoke on the condition of anonymity because of the delicate nature of the hacking. While the White House has refused to identify the nationality of the hackers, others familiar with the investigation said that in both the White House and State Department cases, all signs pointed to Russians.

On Thursday, Secretary of Defense Ashton B. Carter revealed for the first time that Russian hackers had attacked the Pentagon’s unclassified systems, but said they had been identified and “kicked off.” Defense Department officials declined to say if the signatures of the attacks on the Pentagon appeared related to the White House and State Department attacks.

The discovery of the hacking in October led to a partial shutdown of the White House email system. The hackers appear to have been evicted from the White House systems by the end of October. But they continued to plague the State Department, whose system is much more far-flung. The disruptions were so severe that during the Iranian nuclear negotiations in Vienna in November, officials needed to distribute personal email accounts, to one another and to some reporters, to maintain contact.

Earlier this month, officials at the White House said that the hacking had not damaged its systems and that, while elements had been shut down to mitigate the effects of the attack, everything had been restored.

One of the curiosities of the White House and State Department attacks is that the administration, which recently has been looking to name and punish state and nonstate hackers in an effort to deter attacks, has refused to reveal its conclusions about who was responsible for this complex and artful intrusion into the government. That is in sharp contrast to Mr. Obama’s decision, after considerable internal debate in December, to name North Korea for ordering the attack on Sony Pictures Entertainment, and to the director of national intelligence’s decision to name Iranian hackers as the source of a destructive attack on the Sands Casino.

This month, after CNN reported that hackers had gained access to sensitive areas of the White House computer network, including sections that contained the president’s schedule, the White House spokesman, Josh Earnest, said the administration had not publicly named who was behind the hack because federal investigators had concluded that “it’s not in our best interests.”

By contrast, in the North Korea case, he said, investigators concluded that “we’re more likely to be successful in terms of holding them accountable by naming them publicly.”

But the breach of the president’s emails appeared to be a major factor in the government secrecy. “All of this is very tightly held,” one senior American official said, adding that the content of what had been breached was being kept secret to avoid tipping off the Russians about what had been learned from the investigation.

Mr. Obama’s friends and associates say that he is a committed user of his BlackBerry, but that he is careful when emailing outside the White House system.

“The frequency has dropped off in the last six months or so,” one of his close associates said, though this person added that he did not know if the drop was related to the hacking.

Mr. Obama is known to send emails to aides late at night from his residence, providing them with his feedback on speeches or, at times, entirely new drafts. Others say he has emailed on topics as diverse as his golf game and the struggle with Congress over the Iranian nuclear negotiations.

George W. Bush gave up emailing for the course of his presidency and did not carry a smartphone. But after Mr. Bush left office, his sister’s email account was hacked, and several photos — including some of his paintings — were made public.

The White House is bombarded with cyberattacks daily, not only from Russia and China. Most are easily deflected.

The White House, the State Department, the Pentagon and intelligence agencies put their most classified material into a system called Jwics, for Joint Worldwide Intelligence Communications System. That is where top-secret and “secret compartmentalized information” traverses within the government, to officials cleared for it — and it includes imagery, data and graphics. There is no evidence, senior officials said, that this hacking pierced it.

How the U.S. thinks Russians hacked the White House

How the U.S. thinks Russians hacked the White House

By Evan Perez and Shimon Prokupecz, CNN

Washington (CNN)Russian hackers behind the damaging cyber intrusion of the State Department in recent months used that perch to penetrate sensitive parts of the White House computer system, according to U.S. officials briefed on the investigation.

While the White House has said the breach only affected an unclassified system, that description belies the seriousness of the intrusion. The hackers had access to sensitive information such as real-time non-public details of the president’s schedule. While such information is not classified, it is still highly sensitive and prized by foreign intelligence agencies, U.S. officials say.

The White House in October said it noticed suspicious activity in the unclassified network that serves the executive office of the president. The system has been shut down periodically to allow for security upgrades.

The FBI, Secret Service and U.S. intelligence agencies are all involved in investigating the breach, which they consider among the most sophisticated attacks ever launched against U.S. government systems. ​The intrusion was routed through computers around the world, as hackers often do to hide their tracks, but investigators found tell-tale codes and other markers that they believe point to hackers working for the Russian government.

National Security Council spokesman Mark Stroh didn’t confirm the Russian hack, but he did say that “any such activity is something we take very seriously.”

“In this case, as we made clear at the time, we took immediate measures to evaluate and mitigate the activity,” he said. “As has been our position, we are not going to comment on [this] article’s attribution to specific actors.”

Neither the U.S. State Department nor the Russian Embassy immediately responded to a request for comment.

Ben Rhodes, President Barack Obama’s deputy national security adviser, said the White House’s use of a separate system for classified information protected sensitive national security-related items from being obtained by hackers.

“We do not believe that our classified systems were compromised,” Rhodes told CNN’s Wolf Blitzer on Tuesday.

“We’re constantly updating our security measures on our unclassified system, but we’re frankly told to act as if we need not put information that’s sensitive on that system,” he said. “In other words, if you’re going to do something classified, you have to do it on one email system, one phone system. Frankly, you have to act as if information could be compromised if it’s not on the classified system.”

To get to the White House, the hackers first broke into the State Department, investigators believe.

The State Department computer system has been bedeviled by signs that despite efforts to lock them out, the Russian hackers have been able to reenter the system. One official says the Russian hackers have “owned” the State Department system for months and it is not clear the hackers have been fully eradicated from the system.

As in many hacks, investigators believe the White House intrusion began with a phishing email that was launched using a State Department email account that the hackers had taken over, according to the U.S. officials.

Director of National Intelligence James Clapper, in a speech at an FBI cyberconference in January, warned government officials and private businesses to teach employees what “spear phishing” looks like.

“So many times, the Chinese and others get access to our systems just by pretending to be someone else and then asking for access, and someone gives it to them,” Clapper said.

The ferocity of the Russian intrusions in recent months caught U.S. officials by surprise, leading to a reassessment of the cybersecurity threat as the U.S. and Russia increasingly confront each other over issues ranging from the Russian aggression in Ukraine to the U.S. military operations in Syria.

The attacks on the State and White House systems is one reason why Clapper told a Senate hearing in February that the “Russian cyberthreat is more severe than we have previously assessed.”

The revelations about the State Department hacks also come amid controversy over formerSecretary of State Hillary Clinton’s use of a private email server to conduct government business during her time in office. Critics say her private server likely was even less safe than the State system. The Russian breach is believed to have come after Clinton departed State.

But hackers have long made Clinton and her associates targets.

The website The Smoking Gun first reported in 2013 that a hacker known as Guccifer had broken into the AOL email of Sidney Blumenthal, a friend and advisor to the Clintons, and published emails Blumenthal sent to Hillary Clinton’s private account. The emails included sensitive memos on foreign policy issues and were the first public revelation of the existence of Hillary Clinton’s private email address​ now at the center of controversy: hdr22@clintonemail.com. The address is no longer in use.

Serious FREAK flaw could undermine the Web’s encryption

Serious FREAK flaw could undermine the Web’s encryption

The vulnerability affects the widely used Secure Sockets Layer protocol and its successor, Transport Layer Security

By

identity theft crime internet

Experts are warning of a serious security flaw that has apparently gone undetected for years and can weaken encrypted connections between computers and websites, potentially undermining security across the Internet.

The flaw, which has been dubbed FREAK, affects the widely used Secure Sockets Layer protocol and its successor, Transport Layer Security, and can allow an attacker to intercept supposedly encrypted traffic as it moves between clients and servers.

The flaw affects many popular websites, as well as programs including Apple’s Safari browser and Google’s Android mobile OS, security experts say. Applications that use a version of OpenSSL prior to 1.0.1k are also vulnerable to the bug, detailed in this advisory.

An Apple spokesman said Tuesday that software updates for iOS and OS X will be released next week. Google said it has distributed a patch to its partners that will protect Android’s connection to vulnerable websites.

The problem stems from export restrictions imposed by the U.S. government in the early 1990s, which prohibited software makers from shipping products with strong encryption overseas, wrote Ed Felten, professor of computer science and public affairs at Princeton University.

That meant some companies shipped a version of their products with weaker encryption keys for use overseas. When the law was changed and it became legal to export stronger encryption, “the export mode feature was not removed from the protocol because some software still depended on it,” Felten wrote.

The vulnerability that has come to light now essentially allows attackers to downgrade the security of connections from strong encryption to that of the weaker, export-grade encryption.

Servers and devices that use OpenSSL, an open-source encryption program, are vulnerable, including many Google and Apple devices, embedded systems and other products, according to an advisory. Servers or clients that accept the RSA_EXPORT cipher suites are at risk. FREAK stands for Factoring attack on RSA-EXPORT Keys.

The keys can be downgraded by performing a man-in-the-middle attack that interferes with the set-up process of an encrypted connection. Although there are defenses in the SSL/TLS protocol to prevent such tampering, they can be worked around. The weaker, 512-bit key can be revealed using today’s powerful computers, and the data traffic can then be decrypted.

Today’s protocols use longer encryption keys, and the standard is 2,048-bit RSA. The 512-bit keys were considered secure two decades ago, but an attacker could recover the key they need quite easily today using a public cloud service.

“Back in the ’90s, that would have required a heavy-duty computation, but today it takes about seven hours on Amazon EC2 and costs about $100,” Felten wrote.

Companies are moving fast to fix the issue. Akamai, a content delivery network that supports a high number of websites, said it has distributed a fix for its network.

However, some clients may still be vulnerable, wrote Bill Brenner of Akamai.

“We can’t fix those clients, but we can avoid the problem by disabling export ciphers,” he wrote. “Because this is a client side issue, we’ve reached out to our customers and are working with them to make this change.”

The vulnerability was discovered by Karthikeyan Bhargavan of INRIA, a French science and technology research institute, and by Microsoft Research. A technical paper describing FREAK is due to be presented at the IEEE’s Security and Privacy conference in San Jose, California, in May.

‘Equation’ cyberspies use unrivaled, NSA-style techniques to hit Iran, Russia

‘Equation’ cyberspies use unrivaled, NSA-style techniques to hit Iran, Russia

By

equation cyberspies
A group of cyberspies called Equation that uses similar techniques as the NSA has struck at least 30 countries using never-before-seen malware that infects hard disk drives. Credit: Screenshot courtesy of Kaspersky Labs

The group’s attack on hard-drive firmware is one of the most advanced ever discovered, Kaspersky Lab said.

A cyberespionage group with a toolset similar to ones used by U.S. intelligence agencies has infiltrated key institutions in countries including Iran and Russia.

Kaspersky Lab released a report Monday that said the tools were created by the “Equation” group, which it stopped short of linking to the U.S. National Security Agency.

The tools, exploits and malware used by the group — named after its penchant for encryption — have strong similarities with NSA techniques described in top-secret documents leaked in 2013.

Countries hit the most by Equation include Iran, Russia, Pakistan, Afghanistan, India and China. Targets in those countries included the military, telecommunications, embassies, government, research institutions and Islamic scholars, Kaspersky said.

Kaspersky’s most striking finding is Equation’s ability to infect the firmware of a hard drive, or the low-level code that acts as an interface between hardware and software.

The malware reprograms the hard drive’s firmware, creating hidden sectors on the drive that can only be accessed through a secret API (application programming interface). Once installed, the malware is impossible to remove: disk formatting and reinstalling the OS doesn’t affect it, and the hidden storage sector remains.

“Theoretically, we were aware of this possibility, but as far as I know this is the only case ever that we have seen of an attacker having such an incredibly advanced capability,” said Costin Raiu, director of Kaspersky Lab’s global research and analysis team, in a phone interview Monday.

Drives made by Seagate Technology, Western Digital Technologies, Hitachi, Samsung Electronics and Toshiba can be modified by two of Equation’s hard disk drive malware platforms, “Equationdrug” and “Grayfish.”

The report said Equation has knowledge of the drives that goes way beyond public documentation released by vendors.

Equation knows sets of unique ATA commands used by hard drive vendors to format their products. Most ATA commands are public, as they comprise a standard that ensures a hard drive is compatible with just about any kind of computer.

But there are undocumented ATA commands used by vendors for functions such as internal storage and error correction, Raiu said. “In essence, they are a closed operating system,” he said.

Obtaining such specific ATA codes would likely require access to that documentation, which could cost a lot of money, Raiu said.

The ability to reprogram the firmware of just one kind of drive would be “incredibly complex,” Raiu. Being able to do that for many kinds of drives from many brands is “close to impossible,” he said.

“To be honest, I don’t think there’s any other group in the world that has this capability,” Raiu said.

It appears Equation has been far, far ahead of the security industry. It’s almost impossible to detect this kind of tampering, Raiu said. Reflashing the drive, or replacing its firmware, is also not foolproof, since some types of modules in some types of firmware are persistent and can’t be reformatted, he said.

Given the high value of this exploitation technique, Equation very selectively deployed it.

“During our research, we’ve only identified a few victims who were targeted by this,” Kaspersky’s report said. “This indicates that it is probably only kept for the most valuable victims or for some very unusual circumstances.”

Another of Kaspersky’s intriguing findings is Fanny, a computer worm created in 2008 that was used against targets in the Middle East and Asia.

To infect computers, Fanny used two zero-day exploits — the term for a software attack that uses an unknown software vulnerability — that were also coded into Stuxnet, Kaspersky said. Stuxnet, also a Windows worm, was used to sabotage Iran’s uranium enrichment operations. It is thought to be a joint project between the U.S. and Israel.

It’s unlikely the use of the same zero-days was a coincidence. Kaspersky wrote that the similar use of the vulnerabilities means that the Equation group and the Stuxnet developers are “either the same or working closely together.”

“They are definitely connected,” Raiu said.

Both Stuxnet and Fanny were designed to penetrate “air-gapped” networks, or those isolated from the Internet, Kaspersky said.

The Equation group also used “interdiction” techniques similar to those used by the NSA in order to deliver malicious software to targets.

Kaspersky described how some participants of a scientific conference held in Houston later received a CD-ROM of materials. The CD contained two zero-day exploits and a rarely-seen malware doorstop nicknamed “Doublefantasy.”

It is unknown how the CDs were tampered with or replaced. “We do not believe the conference organizers did this on purpose,” Kaspersky said. But such a combination of exploits and malware “don’t end up on a CD by accident,” it said.

The NSA’s Office of Tailored Access Operations (TAO) specializes in intercepting deliveries of new computer equipment, one of the most successful methods of tapping into computers, wrote Der Spiegel in December 2013, citing a top secret document.

The German publication was one of several that had access to tens of thousands of spy agency documents leaked by former NSA contractor Edward Snowden.

Kaspersky uncovered the trail of the Equation group after investigating a computer belonging to a research institute in the Middle East that appeared to be the Typhoid Mary for advanced malware.

Raiu said the machine had French, Russian and Spanish APT (advanced persistent threat) samples on it among others, showing it had been targeted by many groups. It also had a strange malicious driver, Raiu said, which upon investigation lead to the extensive command-and-control infrastructure used by Equation.

Kaspersky analysts found more than 300 domains connected with Equation, with the oldest one registered in 1996. Some of the domain name registrations were due to expire, so Kaspersky registered around 20 of them, Raiu said.

Most of the domain names aren’t used by Equation anymore, he said. But three are still active. The activity, however, doesn’t lend much of a clue as to what Equation is up to these days, as the group changed its tactics in late 2013.

“Those three [domains] are very interesting,” Raiu said. “We just don’t know what malware is being used.”

Send news tips and comments to jeremy_kirk@idg.com. Follow me on Twitter: @jeremy_kirk

Massive breach at health care company Anthem Inc.

Massive breach at health care company Anthem Inc.

Elizabeth Weise, USATODAY
AP EARNS ANTHEM F FILE USA IN

SAN FRANCISCO – As many as 80 million customers of the nation’s second-largest health insurance company, Anthem Inc., have had their account information stolen, the company said in a statement.

“Anthem was the target of a very sophisticated external cyber attack,” Anthem president and CEO Joseph Swedish said in astatement posted on a website the company created for information about the incident.

The hackers gained access to Anthem’s computer system and got information including names, birthdays, medical IDs, Social Security numbers, street addresses, e-mail addresses and employment information, including income data, Swedish said.

The affected database had records for approximately 80 million people in it, “but we are still investigating to determine how many were impacted. At this point we believe it was tens of millions,” said Cindy Wakefield, an Anthem spokeswoman.

That would make it “the largest health care breach to date,” said Vitor De Souza, a spokesman for Mandiant, the computer security company Anthem has hired to evaluate its systems.

Because no actual medical information appears to have been stolen, the breach would not come under HIPAA rules, the 1996 Health Insurance Portability and Accountability Act, which governs the confidentiality and security of medical information.

No credit card information was obtained, the company said in a statement e-mailed to USA TODAY.

The hackers were probably not interested in medical information about Anthem’s customers, said Tim Eades, CEO of computer security firm vArmour in Mountain View, Calif.

“The personally identifiable information they got is a lot more valuable than the fact that I stubbed my toe yesterday and broke it,” he said.

Both current and former customers were hit, Swedish said.

Anthem has established a website, www.anthemfacts.com, where members can access information about the breach. There is also a toll-free number for current and former members to call, 877-263-7995.

“Anthem’s own associates’ personal information — including my own — was accessed during this security breach. We join in your concern and frustration and I assure you that we are working around the clock to do everything we can to further secure your data,” Swedish said.

Anthem discovered the breach itself last week. “That is very good news, as two-thirds of the time when we respond, the victim was notified by someone else,” said Vitor De Souza, spokesman for FireEye, which owns Mandiant.

Anthem has contacted the FBI and is working with Mandiant, Swedish said.

“The FBI is aware of the Anthem intrusion and is investigating the matter,” said FBI spokesman Joshua Campbell.

“Anthem’s initial response in promptly notifying the FBI after observing suspicious network activity is a model for other companies and organizations facing similar circumstances. Speed matters when notifying law enforcement of an intrusion, as cyber criminals can quickly destroy critical evidence needed to identify those responsible,” he said.

Customers whose information has been stolen should report any suspected instances of identity theft to the FBI’s Internet Crime Complaint Center atwww.ic3.gov, Campbell said.

“The Anthem insurance company breach is another in a long line of breaches that continue to have a deep and disheartening effect on consumer behavior and the smooth flow of commerce both here at home and worldwide,” said Rep. Bennie Thompson, D-Miss., ranking member of the Committee on Homeland Security.

Anthem Inc. was previously known as WellPoint Inc. It was formed when Anthem Insurance Company bought WellPoint Health Networks in 2004.

Anthem has customers in 14 states.

Google publishes third Windows 0-day vulnerability in a month

Google publishes third Windows 0-day vulnerability in a month

by Lucian Constantin

Google office
Google office

Microsoft’s calls for flexible vulnerability disclosure deadlines and released details of another unpatched Windows flaw, leaving users exposed for at least the next 25 days.

The new vulnerability, which was confirmed on Windows 7 and 8.1, might constitute a security feature bypass for the way applications can encrypt their memory so that data can be exchanged between processes running under the same logon session.

“The issue is the implementation in CNG.sys doesn’t check the impersonation level of the token when capturing the logon session id (using SeQueryAuthenticationIdToken) so a normal user can impersonate at Identification level and decrypt or encrypt data for that logon session,” the Google Project Zero researchers said in a description of the flaw. “This might be an issue if there’s a service which is vulnerable to a named pipe planting attack or is storing encrypted data in a world readable shared memory section.”

According to Project Zero, Microsoft was notified of the vulnerability on Oct. 17 and initially planned to fix it during its January Patch Tuesday, three days ago. However, the fix had to be postponed because of compatibility issues.

The Google researchers were unmoved by this and stuck to their 90-day public disclosure deadline, publishing details of the flaw and a proof-of-concept exploit Thursday.

The fix is now expected to be among Microsoft’s scheduled security updates on Feb. 10, although there’s no guarantee that it won’t be further delayed. Of course, Microsoft has the option to release an out-of-band patch at any time, but the company rarely does this and when it does, it’s typically for critical flaws that attackers are actively exploiting.

This is the third unpatched Windows vulnerability that Project Zero researchers have publicly disclosed over the past month because Microsoft could not issue fixes before the 90-day disclosure deadline enforced by Google.

On Sunday, Microsoft publicly denounced Google’s inflexibility with vulnerability disclosure, arguing that researchers should work with affected companies until a fix is produced before going public.

“We believe those who fully disclose a vulnerability before a fix is broadly available are doing a disservice to millions of people and the systems they depend upon,” Chris Betz, senior director with Microsoft’s Security Response Center, said in a blog post at the time.

However, other researchers feel that 90 days is more than enough for a software vendor, especially one the size of Microsoft, to fix a vulnerability.

Microsoft is just “whining” over its own inability to respond to bugs in a timely manner after over a decade of using its dominant position to dictate how vulnerabilities should be handled, said Robert Graham, the CTO of security research firm Errata Security in a blog post Monday. “It’s now Google who sets the industry’s standard for reporting vulnerabilities,” he said.

US Military’s Central Command Twitter Hacked By Cyberattackers Claiming To Represent ISIS

US Military’s Central Command Twitter Hacked By Cyberattackers Claiming To Represent ISIS

A computer screenshot shows the U.S. Central Command Twitter feed after it was apparently hacked by people claiming to be Islamic State sympathizers January 12, 2015. The hackers published apparent intelligence material and what they said were names and addresses of military personnel.   REUTERS/Staff (UNITED STATES - Tags: MILITARY CRIME LAW POLITICS) - RTR4L5BH  

The Twitter account of U.S. Central Command, which oversees U.S. military operations in 20 countries throughout the Middle East and Asia, was hacked Monday by cyberattackers claiming to represent ISIS, who posted a message to American soldiers with the warning “watch your back.”

“ISIS is already here, we are in your PCs, in each military base. With Allah’s permission we are in CENTCOM now,” the attackers wrote.

A Tweet from the hackers included a link to a pastebin post warning they had hacked U.S. cybersecurity interests, and included links to the supposed stolen information. U.S. Central Command’s YouTube account also appears to have been hacked by the same attackers, who posted two YouTube videos appearing to be ISIS propaganda.

ISIS Sympathizers Hijack U.S. Military Social Media Accounts

Upon taking over the accounts, the hackers changed profile and wallpaper images to that of a masked militant with the words “CyberCaliphate” and “i love you isis.”

The messages described the hacks as acts of “CyberJihad” by the “CyberCaliphate,” and were followed up by tweets claiming to reveal secret information hacked from the Pentagon dealing with Korean and Chinese security interests. The attackers also posted lists of emails, addresses, phone and fax numbers belonging to U.S. military officers.

Google searches for some of the documents dumped by the hackers appear to show they were publicly available online prior to the hack.

U.S. Central Command’s Twitter and YouTube accounts were both suspended as of 1:30 p.m.

“We can confirm that the CENTCOM Twitter and YouTube accounts were compromised earlier today,” U.S. Central Command told the Daily Caller in a statement. “We are taking appropriate measures to address the matter. We have no further information to provide at this time.”

The hackers took control of the accounts while President Obama delivered a speech to the Federal Trade Commission about cybersecurity shortly before noon.

“I don’t have a lot of information on this,” White House Press Secretary Josh Earnest told reporters during a press briefing Monday afternoon. “I can tell you this is something we’re obviously looking into and something we take seriously. There’s a pretty significant difference between what is a large data breach and the hacking of a Twitter account. We’re still examining and investigating the extent of this incident.”

U.S. Central Command oversees the U.S. military-led airstrike campaign against ISIS in Iraq and Syria and the training of Iraqi troops in the region, where the Iraqi military is currently engaged in operations to reclaim territory seized by ISIS.

TheDC TheDC4

Follow Giuseppe on Twitter and Facebook

The Charlie Hebdo cartoons that jihadist fanatics don’t want you to see

The Charlie Hebdo cartoons that jihadist fanatics don’t want you to see

Hebdo was killed by Muslim terrorist along with 11 others yesterday  in Paris at his office

charliehebdo

BY: 

“I’d rather die on my feet than live on my knees.” –Stephane “Charb” Charbonnier (1967 – 2015), publisher, Charlie Hebdo.

On Wednesday morning, the French satire magazine Charlie Hebdo was once again targeted by violent jihadists for the crime of depicting in print the image of the Prophet Mohammed.

According to initial reports, three gunmen killed 10 magazine staffers and two police officers who responded to the shooting.

The magazine’s offices were firebombed in 2011 after it initially published cartoons depicting Mohammed, one of a string of attacks retaliating against predominately European publications that dared to “blaspheme.”

Those attacks, like today’s shooting, were brutal and savage attempts to silence speech that their fanatical perpetrators find offensive to their seventh-century worldview and conception of their religion.

The Washington Free Beacon extends its deepest condolences to the staff of Charlie Hebdo, their families, and all of the people of France rocked by this morning’s shooting. We pray the shooters are found and brought to justice.

We also stand in solidarity with all journalists, cartoonists, and social commentators threatened with violence or attacked by censorious fanatics. We feel a fitting tribute to Charb and his publication would be to republish the cartoons for which he gave his life.

charlie hebdo Paris journalist cartoons
Left: a 2011 issue “guest-edited” by Mohammed. The caption reads “100 lashes if you don’t die of laughter.” Right: “Love is stronger than hate.”

 

 

The cover of a 2006 issue containing cartoons that mocked Mohammed. The caption reads “Mohammed overwhelms the fundamentalists.”
The cover of a 2006 issue containing cartoons that mocked Mohammed. The caption reads “Mohammed overwhelmed by fundamentalists.”

 

Just minutes before gunmen broke into the Charlie Hebdo offices in Paris, the magazine tweeted this mockery of “Islamic State” leader Abu Bakr al-Baghdadi:

 

North Korea slams US sanctions in the wake of Sony cyberattack

North Korea slams US sanctions in the wake of Sony cyberattack

Warns it will not weaken their military strength

  • US government has placed sanctions on North Korean defense industry
  • Came after suggestions the nation was involved in Sony cyberhack 
  • State TV ran quote from unnamed officials calling the move hostile
  • They warned the sanctions will not weaken the nation 

North Korea has issued a furious statement slamming the United States for imposing sanctions against its government in the wake of Sony’s cyberattack.

It again denied any role in the breach of tens of thousands of the entertainment firm’s confidential emails and business files.

An unnamed spokesman of North Korea’s foreign ministry on Sunday accused the U.S. of ‘groundlessly’ stirring up hostility toward Pyongyang.

It warned that the new sanctions – leveled against government officials and the nation’s defense industry – would not weaken the country’s military might.

The state-run TV station quoted an official as saying: ‘The policy persistently pursued by the US to stifle the DPRK [North Korea], groundlessly stirring up bad blood towards it, would only harden its will and resolution to defend the sovereignty of the country.

‘The persistent and unilateral action taken by the White House to slap ‘sanctions’ against the DPRK patently proves that it is still not away from inveterate repugnancy and hostility toward the DPRK.’

North Korea has expressed fury over the Sony comedy flick ‘The Interview,’ which depicts the fictional assassination of leader Kim Jong Un.

However, it denied involvement in the cyberattack against Sony, which later escalated to threats of terrorist attacks against movie theaters.

The film was released in limited theaters and online amid fears of a backlash.