Entries Tagged "intelligence"

Page 13 of 25

Bin Laden Maintained Computer Security with an Air Gap

From the Associated Press:

Bin Laden’s system was built on discipline and trust. But it also left behind an extensive archive of email exchanges for the U.S. to scour. The trove of electronic records pulled out of his compound after he was killed last week is revealing thousands of messages and potentially hundreds of email addresses, the AP has learned.

Holed up in his walled compound in northeast Pakistan with no phone or Internet capabilities, bin Laden would type a message on his computer without an Internet connection, then save it using a thumb-sized flash drive. He then passed the flash drive to a trusted courier, who would head for a distant Internet cafe.

At that location, the courier would plug the memory drive into a computer, copy bin Laden’s message into an email and send it. Reversing the process, the courier would copy any incoming email to the flash drive and return to the compound, where bin Laden would read his messages offline.

I’m impressed. It’s hard to maintain this kind of COMSEC discipline.

It was a slow, toilsome process. And it was so meticulous that even veteran intelligence officials have marveled at bin Laden’s ability to maintain it for so long. The U.S. always suspected bin Laden was communicating through couriers but did not anticipate the breadth of his communications as revealed by the materials he left behind.

Navy SEALs hauled away roughly 100 flash memory drives after they killed bin Laden, and officials said they appear to archive the back-and-forth communication between bin Laden and his associates around the world.

Posted on May 18, 2011 at 8:45 AMView Comments

WikiLeaks Cable about Chinese Hacking of U.S. Networks

We know it’s prevalent, but there’s some new information:

Secret U.S. State Department cables, obtained by WikiLeaks and made available to Reuters by a third party, trace systems breaches—colorfully code-named “Byzantine Hades” by U.S. investigators—to the Chinese military. An April 2009 cable even pinpoints the attacks to a specific unit of China’s People’s Liberation Army.

Privately, U.S. officials have long suspected that the Chinese government and in particular the military was behind the cyber-attacks. What was never disclosed publicly, until now, was evidence.

U.S. efforts to halt Byzantine Hades hacks are ongoing, according to four sources familiar with investigations. In the April 2009 cable, officials in the State Department’s Cyber Threat Analysis Division noted that several Chinese-registered Web sites were “involved in Byzantine Hades intrusion activity in 2006.”

The sites were registered in the city of Chengdu, the capital of Sichuan Province in central China, according to the cable. A person named Chen Xingpeng set up the sites using the “precise” postal code in Chengdu used by the People’s Liberation Army Chengdu Province First Technical Reconnaissance Bureau (TRB), an electronic espionage unit of the Chinese military. “Much of the intrusion activity traced to Chengdu is similar in tactics, techniques and procedures to (Byzantine Hades) activity attributed to other” electronic spying units of the People’s Liberation Army, the cable says.

[…]

What is known is the extent to which Chinese hackers use “spear-phishing” as their preferred tactic to get inside otherwise forbidden networks. Compromised email accounts are the easiest way to launch spear-phish because the hackers can send the messages to entire contact lists.

The tactic is so prevalent, and so successful, that “we have given up on the idea we can keep our networks pristine,” says Stewart Baker, a former senior cyber-security official at the U.S. Department of Homeland Security and National Security Agency. It’s safer, government and private experts say, to assume the worst—that any network is vulnerable.

Two former national security officials involved in cyber-investigations told Reuters that Chinese intelligence and military units, and affiliated private hacker groups, actively engage in “target development” for spear-phish attacks by combing the Internet for details about U.S. government and commercial employees’ job descriptions, networks of associates, and even the way they sign their emails—such as U.S. military personnel’s use of “V/R,” which stands for “Very Respectfully” or “Virtual Regards.”

The spear-phish are “the dominant attack vector. They work. They’re getting better. It’s just hard to stop,” says Gregory J. Rattray, a partner at cyber-security consulting firm Delta Risk and a former director for cyber-security on the National Security Council.

Spear-phish are used in most Byzantine Hades intrusions, according to a review of State Department cables by Reuters. But Byzantine Hades is itself categorized into at least three specific parts known as “Byzantine Anchor,” “Byzantine Candor,” and “Byzantine Foothold.” A source close to the matter says the sub-codenames refer to intrusions which use common tactics and malicious code to extract data.

A State Department cable made public by WikiLeaks last December highlights the severity of the spear-phish problem. “Since 2002, (U.S. government) organizations have been targeted with social-engineering online attacks” which succeeded in “gaining access to hundreds of (U.S. government) and cleared defense contractor systems,” the cable said. The emails were aimed at the U.S. Army, the Departments of Defense, State and Energy, other government entities and commercial companies.

By the way, reading this blog entry might be illegal under the U.S. Espionage Act:

Dear Americans: If you are not “authorized” personnel, but you have read, written about, commented upon, tweeted, spread links by “liking” on Facebook, shared by email, or otherwise discussed “classified” information disclosed from WikiLeaks, you could be implicated for crimes under the U.S. Espionage Act—or so warns a legal expert who said the U.S. Espionage Act could make “felons of us all.”

As the U.S. Justice Department works on a legal case against WikiLeak’s Julian Assange for his role in helping publish 250,000 classified U.S. diplomatic cables, authorities are leaning toward charging Assange with spying under the Espionage Act of 1917. Legal experts warn that if there is an indictment under the Espionage Act, then any citizen who has discussed or accessed “classified” information can be arrested on “national security” grounds.

Maybe I should have warned you at the top of this post.

Posted on April 18, 2011 at 9:33 AMView Comments

How did the CIA and FBI Know that Australian Government Computers were Hacked?

Newspapers are reporting that, for about a month, hackers had access to computers “of at least 10 federal ministers including the Prime Minister, Foreign Minister and Defence Minister.”

That’s not much of a surprise. What is odd is the statement that “Australian intelligence agencies were tipped off to the cyber-spy raid by US intelligence officials within the Central Intelligence Agency and the Federal Bureau of Investigation.”

How did the CIA and the FBI know? Did they see some intelligence traffic and assume that those computers were where the stolen e-mails were coming from? Or something else?

Posted on April 12, 2011 at 6:03 AMView Comments

The CIA and Assassinations

The former CIA general counsel, John A. Rizzo, talks about his agency’s assassination program, which has increased dramatically under the Obama administration:

The hub of activity for the targeted killings is the CIA’s Counterterrorist Center, where lawyers—there are roughly 10 of them, says Rizzo—write a cable asserting that an individual poses a grave threat to the United States. The CIA cables are legalistic and carefully argued, often running up to five pages. Michael Scheuer, who used to be in charge of the CIA’s Osama bin Laden unit, describes “a dossier,” or a “two-page document,” along with “an appendix with supporting information, if anybody wanted to read all of it.” The dossier, he says, “would go to the lawyers, and they would decide. They were very picky.” Sometimes, Scheuer says, the hurdles may have been too high. “Very often this caused a missed opportunity. The whole idea that people got shot because someone has a hunch­I only wish that was true. If it were, there would be a lot more bad guys dead.”

Sometimes, as Rizzo recalls, the evidence against an individual would be thin, and high-level lawyers would tell their subordinates, “You guys did not make a case.” “Sometimes the justification would be that the person was thought to be at a meeting,” Rizzo explains. “It was too squishy.” The memo would get kicked back downstairs.

The cables that were “ready for prime time,” as Rizzo puts it, concluded with the following words: “Therefore we request approval for targeting for lethal operation.” There was a space provided for the signature of the general counsel, along with the word “concurred.” Rizzo says he saw about one cable each month, and at any given time there were roughly 30 individuals who were targeted. Many of them ended up dead, but not all: “No. 1 and No. 2 on the hit parade are still out there,” Rizzo says, referring to “you-know-who and [Ayman al-] Zawahiri,” a top Qaeda leader.

And the ACLU Deputy Legal Director on the interview:

What was most remarkable about the interview, though, was not what Rizzo said but that it was Rizzo who said it. For more than six years until his retirement in December 2009, Rizzo was the CIA’s acting general counsel—the agency’s chief lawyer. On his watch the CIA had sought to quash a Freedom of Information Act lawsuit by arguing that national security would be harmed irreparably if the CIA were to acknowledge any detail about the targeted killing program, even the program’s mere existence.

Rizzo’s disclosure was long overdue—the American public surely has a right to know that the assassination of terrorism suspects is now official government policy ­ and reflects an opportunistic approach to allegedly sensitive information that has become the norm for senior government officials. Routinely, officials insist to courts that the nation’s security will be compromised if certain facts are revealed but then supply those same facts to trusted reporters.

Posted on April 11, 2011 at 6:33 AMView Comments

"Architecture of Fear"

I like the phrase:

Németh said the zones not only affect the appearance of landmark buildings but also reflect an ‘architecture of fear’ as evidenced, for example, by the bunker-like appearance of embassies and other perceived targets.

Ultimately, he said, these places impart a dual message—simultaneously reassuring the public while causing a sense of unease.

And in the end, their effect could be negligible.

“Indeed, overt security measures may be no more effective than covert intelligence techniques,” he said. “But the architecture aims to comfort both property developers concerned with investment risk and residents and tourists with the notion that terror threats are being addressed and that daily life will soon ‘return to normal.'”

My own essay on architecture and security from 2006.

EDITED TO ADD (1/13): Here’s the full paper. And some stuff from the Whole Building Design Guide site. Also see the planned U.S. embassy in London, which includes a moat.

Posted on December 20, 2010 at 5:55 AMView Comments

Unsolicited Terrorism Tips to the U.S. Government

Adding them all up, the U.S. government “receives between 8,000 and 10,000 pieces of information per day, fingering just as many different people as potential threats. They also get information about 40 supposed plots against the United States or its allies daily.”

All of this means that first-time suspects and isolated pieces of information are less likely to be exhaustively investigated. That’s what happened with underwear bomber Umar Farouk Abdulmutallab. Intelligence agencies had heard that a Nigerian was training with al-Qaeda, received information about a Christmas plot, and read a couple of intercepts about someone named Umar Farouk (no last name) before Abdulmutallab’s father walked into a U.S. embassy to report him. No one ever figured out that these seemingly unrelated pieces of intelligence referred to the same plot, so intelligence agencies didn’t pour enough resources into investigating it.

As I wrote in 2007, in my essay: “The War on the Unexpected”:

If you ask amateurs to act as front-line security personnel, you shouldn’t be surprised when you get amateur security.

Posted on November 18, 2010 at 6:13 AMView Comments

Cargo Security

The New York Times writes:

Despite the increased scrutiny of people and luggage on passenger planes since 9/11, there are far fewer safeguards for packages and bundles, particularly when loaded on cargo-only planes.

Well, of course. We’ve always known this. We’ve not worried about terrorism on cargo planes because it isn’t very terrorizing. Packages aren’t people. If a passenger plane blows up, it affects a couple of hundred people. If a cargo plane blows up, it just affects the crew.

Cargo that is loaded on to passenger planes should be subjected to the same level of security as passenger luggage. Cargo that is loaded onto cargo planes should be treated no differently from cargo loaded into ships, trains, trucks, and the trunks of cars.

Of course: now that the media is talking about cargo security, we have to “do something.” (Something must be done. This is something. Therefore, we must do it.) But if we’re so scared that we have to devote resources to this kind of terrorist threat, we’ve well and truly lost.

EDITED TO ADD (10/30): The plot—it’s still unclear how serious it was—wasn’t uncovered by any security screening, but by intelligence gathering:

Intelligence officials were onto the suspected plot for days, officials said. The packages in England and Dubai were discovered after Saudi Arabian intelligence picked up information related to Yemen and passed it on to the U.S., two officials said.

This is how you fight through terrorism: not by defending against specific threats, but through intelligence, investigation, and emergency response.

Posted on October 30, 2010 at 9:41 AMView Comments

Real-Time NSA Eavesdropping

In an article about Robert Woodward’s new book, Obama’s Wars, this is listed as one of the book’s “disclosures”:

A new capability developed by the National Security Agency has dramatically increased the speed at which intercepted communications can be turned around into useful information for intelligence analysts and covert operators. “They talk, we listen. They move, we observe. Given the opportunity, we react operationally,” then-Director of National Intelligence Mike McConnell explained to Obama at a briefing two days after he was elected president.

Eavesdropping is easy. Getting actual intelligence to the hands of people is hard. It sounds as if the NSA has advanced capabilities to automatically sift through massive amounts of electronic communications and find the few bits worth relaying to intelligence officers.

Posted on September 24, 2010 at 1:23 PMView Comments

Details Removed from Book at Request of U.S. Department of Defense

From the AFP:

A publisher has agreed to remove US intelligence details from a memoir by a former army officer in Afghanistan after the Pentagon raised last-minute objections, officials said Friday.

The book, “Operation Dark Heart,” had been printed and prepared for release in August but St. Martin’s Press will now issue a revised version of the spy memoir after negotiations with the Pentagon, US and company officials said.

In an unusual step, the Defense Department has agreed to reimburse the company for the cost of the first printing, spokesman Colonel Dave Lapan told AFP.

The original manuscript “contained classified information which had not been properly reviewed” by the military and US spy agencies, he said.

St. Martin’s press will destroy copies from the first printing with Pentagon representatives observing “to ensure it’s done in accordance with our standards,” Lapan said.

The second, revised edition would be ready by the end of next week, said the author’s lawyer, Mark Zaid.

EDITED TO ADD (9/30): An analysis of the redacted material—obtained by comparing the two versions—is amusing.

Posted on September 23, 2010 at 7:19 AMView Comments

1 11 12 13 14 15 25

Sidebar photo of Bruce Schneier by Joe MacInnis.