Posts Tagged ‘cyber’

MI5 boss Andrew Parker warns of ‘intense’ terror threat

October 19, 2017

BBC News

MI5 chief Andrew Parker: ‘Over 3,000 extremists in the UK’
Video:
http://www.bbc.com/news/uk-41655488

The UK’s intelligence services are facing an “intense” challenge from terrorism, the head of MI5 has warned.

Andrew Parker said there was currently “more terrorist activity coming at us, more quickly” and that it can also be “harder to detect”.

The UK has suffered five terror attacks this year, and he said MI5 staff had been “deeply affected” by them.

He added that more than 130 Britons who travelled to Iraq and Syria to fight with so-called Islamic State had died.

MI5 was running 500 live operations involving 3,000 individuals involved in extremist activity in some way, he said.

Speaking in London, Mr Parker said the tempo of counter-terrorism operations was the highest he had seen in his 34-year career at MI5.

Twenty attacks had been foiled in the last four years, including seven in the last seven months, he said – all related to what he called Islamist extremism.

The five attacks that got through this year included a suicide bomb attack after an Ariana Grande concert at Manchester Arena in May, killing 22.

Five people were also killed in April during an attack near the Houses of Parliament, while eight people were killed when three attackers drove a van into pedestrians on London Bridge and launched a knife attack in Borough Market.

A man then drove a van into a crowd of worshippers near a mosque in north London in June, while a homemade bomb partially exploded in tube train at Parsons Green station last month, injuring 30 people.

In some cases, individuals like Khuram Butt – who was behind the London Bridge attack – were well known to MI5 and had been under investigation by the security services.

People leaving flowers in Manchester city centre one week after the Manchester Arena attack
People left flowers in Manchester city centre after the Manchester Arena attack. PA photo

Mr Parker was asked what was the point of MI5 surveillance when someone who had made “no secret of his affiliations with jihadist extremism” had then been allowed to go on to launch a deadly attack.

He said the risk from each individual was assessed on a “daily and weekly basis” and then prioritised “accordingly”.

“One of the main challenges we’ve got is that we only ever have fragments of information, and we have to try to assemble a picture of what might happen, based on those fragments.”

He said the likelihood was that when an attacked happened, it would be carried out by someone “that we know or have known” – otherwise it would mean they had been looking “in completely the wrong place”.

And he said staff at MI5 were deeply affected on a “personal and professional” level when they did happen.

“They are constantly making tough professional judgements based on fragments of intelligence; pinpricks of light against a dark and shifting canvas.”

‘Not the enemy’

Mr Parker said they were trying to “squeeze every drop of learning” from recent incidents.

In the wake of attacks in the UK, there had been some, including some in the Home Office, who questioned whether the counter-terrorist machine – featuring all three intelligence agencies and the police, and with MI5 at its heart – was functioning as effectively as previously thought.

However, there was no indication of a fundamental change in direction in his remarks, with a focus on the scale of the threat making stopping all plots impossible.

“We have to be careful that we do not find ourselves held to some kind of perfect standard of 100%, because that is not achievable,” he said.

“Attacks can sometimes accelerate from inception through planning to action in just a handful of days.

“This pace, together with the way extremists can exploit safe spaces online, can make threats harder to detect and give us a smaller window to intervene.”

Troops from the Syrian Democratic Force (SDF) marching past a ruined building in Raqqa, Syria
Many Britons still fighting in Syria and Iraq may not now return, Andrew Parker said. Reuters photo

He renewed the call for more co-operation from technology companies.

Technology was “not the enemy,” he added, but said companies had a responsibility to deal with the side effects and “dark edges” created by the products they produced.

In particular, he pointed to online purchasing of goods – such as chemicals – as well as the presence of extremist content on social media and encrypted communications.

Assassination risk

He said more than 800 individuals had left the UK for Syria and Iraq.

Some had then returned, often many years ago, and had been subject to risk assessment. Mr Parker revealed at least 130 had been killed in conflict.

Fewer than expected had returned recently, he said, adding that those who were still in Syria and Iraq may not now attempt to come back because they knew they might be arrested.

Mr Parker stressed that international co-operation remained vital and revealed there was a joint operational centre for counter-terrorism based in the Netherlands, where security service officers from a range of countries worked together and shared data.

This had led to 12 arrests in Europe, he added.

In terms of state threats, Mr Parker said the range of clandestine activity conducted by foreign states – including Russia – went from aggressive cyber-attack, through to traditional espionage and the risk of assassination of individuals.

However, he said the UK had strong defences against such activity.

http://www.bbc.com/news/uk-41655488

Related:

Advertisements

Iran to blame for cyber-attack on MPs’ emails – British intelligence

October 14, 2017

By 

Evidence points to Iran, says unpublished report, after initial suspicion of Russia and North Korea dismissed

The houses of parliamentThe emails of dozens MPs were hacked, partly as the result of weak passwords, according to a parliamentary spokesman. Photograph: Xinhua/Barcroft Images

Iran is being blamed for a cyber-attack in June on the email accounts of dozens of MPs, according to an unpublished assessment by British intelligence. Disclosure of the report, first revealed by the Times but independently verified by the Guardian, comes at an awkward juncture. Donald Trump made it clear on Friday that he wants to abandon the Iran nuclear deal. But European leaders, including Theresa May, want to retain it.

Initial suspicion for the attack fell on Russia, but this has now been discounted. The evidence amassed is pinpointing Iran, according to the assessment. A spokesperson for the National Cyber Security Centre, the government body responsible for helping to counter attacks, said: “It would be inappropriate to comment further while inquiries are ongoing.”

The cyber-attack on parliament on June 23 hit the accounts of dozens of MPs, including Theresa May, the prime minister. and senior ministers. The network affected is used by every MP for interactions with constituents.

A security source told the Guardian at the time: “It was a brute-force attack. It appears to have been state-sponsored. The nature of cyber-attacks means it is notoriously difficult to attribute an incident to a specific actor.”

MPs contacted by the Guardian said the immediate suspicion had fallen upon foreign governments such as Russia and North Korea, both of which have been accused of orchestrating previous hacking attempts in the UK. The attackers sought to gain access to accounts protected by weak passwords. The parliamentary digital services team said they had made changes to accounts to block out the hackers. A spokesman said those whose emails were compromised had used weak passwords, despite advice to the contrary.

Conservative MP Andrew Bridgen said at the time that such an attack “absolutely” could leave some people open to blackmail. “Constituents want to know the information they send to us is completely secure,” he said.

Liam Fox, the international trade secretary, connected the news to reports that cabinet ministers’ passwords were for sale online. “We know that our public services are attacked, so it is not at all surprising that there should be an attempt to hack into parliamentary emails,” he said. “And it’s a warning to everybody, whether they are in parliament or elsewhere, that they need to do everything possible to maintain their own cybersecurity.”

https://www.theguardian.com/world/2017/oct/14/iran-to-blame-for-cyber-attack-on-mps-emails-british-intelligence

Russia Has Turned Kaspersky Software Into Tool for Spying

October 11, 2017

Searches exploited popular Russian-made antivirus software to seek classified material, officials say

WASHINGTON—The Russian government used a popular antivirus software to secretly scan computers around the world for classified U.S. government documents and top-secret information, modifying the program to turn it into an espionage tool, according to current and former U.S. officials with knowledge of the matter.

The software, made by the Moscow-based company Kaspersky Lab, routinely scans files of computers on which it is installed looking for viruses and other malicious software. But in an adjustment to its normal operations…

 https://www.wsj.com/articles/russian-hackers-scanned-networks-world-wide-for-secret-u-s-data-1507743874
.
Related:
.

North Korea Hacked South Korea’s War Plans

October 10, 2017

AFP

© AFP/File | A Seoul lawmaker says North Korean hackers stole details of South Korean-US exercises

SEOUL (AFP) – North Korean computer hackers have stolen hundreds of classified military documents from South Korea including detailed wartime operational plans involving its US ally, a report said Tuesday.Rhee Cheol-Hee, a lawmaker for the ruling Democratic party, said the hackers had broken into the South’s military network last September and gained access to 235 gigabytes of sensitive data, the Chosun Ilbo daily reported.

Among the leaked documents was Operational Plans 5015 for use in case of war with the North and including procedures for “decapitation” attacks on leader Kim Jong-Un, the paper quoted Rhee as saying.

Rhee, a member of parliament’s defence committee, could not be reached for comment but his office said he had been quoted correctly.

The report comes amid heightened fears of conflict on the Korean peninsula, fuelled by US President Donald Trump’s continued threats of military action against Pyongyang to tame its weapons ambitions.

In his latest tweet over the weekend, Trump reiterated that diplomatic efforts with North Korea have consistently failed, adding that “only one thing will work”.

Citing Seoul’s defence ministry, Rhee said that 80 percent of the leaked documents had yet to be identified.

But the contingency plan for the South’s special forces was stolen, he said, as well as details about annual joint military drills with the US and information on key military facilities and power plants.

A ministry spokesman declined to confirm the report, citing intelligence matters.

In May the ministry said North Korea had hacked into Seoul’s military intranet but did not say what had been leaked.

Pyongyang has a 6,800-strong unit of trained cyber-warfare specialists, according to the South Korean government. It has been accused of launching high-profile cyber-attacks including the 2014 hacking of Sony Pictures.

The Chosun Ilbo story was the second report Tuesday of military-related cyber-attacks in the Asia-Pacific.

Australia’s government said separately an unidentified defence contractor had been hacked and a “significant amount of data” stolen.

There were 47,000 cyber-incidents in the last 12 months, a 15 percent increase from the previous year, Minister for Cyber Security Dan Tehan said in Canberra as he launched a report by the Cyber Security Centre.

The defence contractor was exploited via an internet-facing server, with the cyber-criminals using remote administrative access to remain in its network, the report said.

The Australian newspaper reported that the hacker was based in China but Tehan told the Australian Broadcasting Corporation that “we don’t know and we cannot confirm exactly who the actor was”.

Related articles

Defending UK ‘digital homeland’ from cyber attack as important as spying and counter terrorism, says new GCHQ director

October 9, 2017

GCHQ CREDIT: BARRY BATCHELOR/PA

Protecting Britain from hacking and cyber attacks is as important as spying and preventing terrorism, the new head of GCHQ has said.

Defending the “digital homeland” must become a key part of the work of Britain’s electronic spy agency, Jeremy Fleming says in his most extensive public comments since becoming head of the agency earlier this year.

The growing task of defending Britain’s online life and commerce means an increasingly prominent role for an agency that has traditionally taken a backseat to MI5 and MI6.

Writing in the Telegraph, he says the top secret, Cheltenham-based agency must step out of the shadows of nearly a century of secrecy to better keep people safe and free online.

His comments come after a series of high profile cyber attacks, including May’s WannaCry ransomware outbreak that caused chaos to the NHS.

Jeremy Fleming was appointed director of GCHQ earlier this year

Concerns over the UK’s national cyber security have also been raised by a string of allegedly Russian-backed cyber operations targeting political parties and MPs across Europe.

Mr Fleming, said: “If GCHQ is to continue to help the keep the country safe was we prepare for our second century, then protecting the digital homeland – keeping our citizens safe and free online – must become and remain as much part of our mission as our global intelligence reach and our round-the-clock efforts against terrorism.”

His comments come as the Government is reviewing national security policy in the wake of increased terrorism, cyber attacks and Russian activity.

First look inside GCHQ: The home of Britain's spy network
First look inside GCHQ: The home of Britain’s spy network

01:02

Mr Fleming joined GCHQ in April after a career at the Security Service, MI5.

The Government last year launched the National Cyber Security Centre (NCSC), a high-profile offshoot from GCHQ drawing on the agency’s expertise to protect the nation’s online life.

Mr Fleming said his staff were “protecting the nation from those who want to use the internet to cause harm”.

“We all derive great benefit from the ease and speed of connecting across the planet: access to knowledge, reduced costs of communication and commerce, and from the additional security provided by default encryption.

“It’s also true to say that hostile states, terrorists and criminals use the same features to undermine our national security, attack our interests and, increasingly, to commit crime.”

In its first year, the NCSC tackled 600 significant cyber attacks on bodies ranging from key national institutions to large and small businesses.

The WannaCry outbreak affected dozens of NS trusts, while in June email accounts were targeted in an attack on parliamentary networks.

GCHQ celebrates its centenary in 2019, but the work of its technical experts, engineers, analysts, translators and codebreakers has been kept secret throughout its history.

Mr Fleming said the agency’s new role would require a higher profile, collaborating more openly with industry.

He said: “All of this can feel deeply challenging for a GCHQ that by necessity has worked in the shadows. It remains the case that much of what we do must remain secret. But the success of the NCSC demonstrates that we are more effective, a better employer and more trusted if we are more transparent, more visible and take advantage of the internet to drive change.”

http://www.telegraph.co.uk/news/2017/10/08/defending-uk-digital-homeland-cyber-attack-important-spying/

Prague hackers’ congress to address ‘financial freedom’

October 6, 2017

AFP

.

© GETTY IMAGES NORTH AMERICA/AFP | Freeing up finance, one crypto currency at a timePRAGUE (AFP) – 

A hackers’ congress launched in Prague on Friday will discuss new cryptocurrencies and other tools to combat the erosion of financial freedom around the world, organisers said.

“Technology will allow users to shake off economic dependence on the state and achieve financial and personal freedom,” co-organiser Martin Sip said in a statement at the start of the three-day event.

Organisers cited the anonymous cryptocurrencies Monero and Zcash, crypto-markets and decentralised exchange offices as examples of tools that could boost financial freedom.

Amir Taaki, a British-Iranian hacker and expert on the bitcoin cryptocurrency, told reporters in Prague that the western world was going through a social crisis rooted in its economic system.

“Today, most of the work that people do in their lives has absolutely no meaning and no purpose whatsoever,” said Taaki, who founded Britcoin, Britain’s bitcoin exchange.

“What is guiding this mechanistic system that uses human beings as objects is… a system of financial enslavement,” he said, adding that the system wielded “a really sinister form of social control”.

“Our task is to… challenge this system of hierarchy and the state to restore back people’s sense of autonomy and free life.”

“We have to find new forms of economic organisation… (and) bitcoin is the biggest tool that we have to challenge the power of the central banks today.”

Wearing a cap, sunglasses and a mask at Prague’s Institute of Cryptoanarchy, which is hosting the congress, a hacker nicknamed Smuggler said freedom suffers in a financial system dominated by central banks.

“We’re living in a world where we don’t really have money in the sense that we can just transact, but we always have money with permission,” he said.

Earlier this week, reports said the US-based investment bank Goldman Sachs was looking into ways to trade bitcoin to meet client demand.

This would mean a breakthrough as large banks have so far avoided trading in bitcoin due to its reputation as a conduit for illicit activity.

But financial companies have been active in the development of “blockchain,” the underlying technology of bitcoin, which is seen as a potentially major breakthrough.

Bitcoin reached the psychologically important milestone of trading at $5,000 on September 1. It has been retreating since then, trading at $4,375 on October 2.

Russian Hackers Stole NSA Data on U.S. Cyber Defense

October 5, 2017

The breach, considered the most serious in years, could enable Russia to evade NSA surveillance and more easily infiltrate U.S. networks

The National Security Agency campus in Fort Meade, Md. An NSA contractor took highly sensitive data from the complex and put it on his home computer, from which it was stolen by hackers working for the Russian government, people familiar with the matter said.
The National Security Agency campus in Fort Meade, Md. An NSA contractor took highly sensitive data from the complex and put it on his home computer, from which it was stolen by hackers working for the Russian government, people familiar with the matter said.PHOTO: PATRICK SEMANSKY/ASSOCIATED PRESS
.

WASHINGTON—Hackers working for the Russian government stole details of how the U.S. penetrates foreign computer networks and defends against cyberattacks after a National Security Agency contractor removed the highly classified material and put it on his home computer, according to multiple people with knowledge of the matter.

The hackers appear to have targeted the contractor after identifying the files through the contractor’s use of a popular antivirus software made by Russia-based Kaspersky Lab, these people said.

The theft, which hasn’t been disclosed, is considered by experts to be one of the most significant security breaches in recent years. It offers a rare glimpse into how the intelligence community thinks Russian intelligence exploits a widely available commercial software product to spy on the U.S.

The incident occurred in 2015 but wasn’t discovered until spring of last year, said the people familiar with the matter.

The stolen material included details about how the NSA penetrates foreign computer networks, the computer code it uses for such spying and how it defends networks inside the U.S., these people said.

Having such information could give the Russian government information on how to protect its own networks, making it more difficult for the NSA to conduct its work. It also could give the Russians methods to infiltrate the networks of the U.S. and other nations, these people said.

The breach is the first known incident in which Kaspersky software is believed to have been exploited by Russian hackers to conduct espionage against the U.S. government. The company, which sells its antivirus products in the U.S., had revenue of more than half a billion dollars in Western Europe and the Americas in 2016, according to International Data Corp. By Kaspersky’s own account it has more than 400 million users world-wide.

The revelation comes as concern over Russian infiltration of American computer networks and social media platforms is growing amid a U.S. special counsel’s investigation into whether Donald Trump’s presidential campaign sought or received assistance from the Russian government. Mr. Trump denies any impropriety and has called the matter a “witch hunt.”

Intelligence officials have concluded that a campaign authorized by the highest levels of the Russian government hacked into state election-board systems and the email networks of political organizations to damage the candidacy of Democratic presidential nominee Hillary Clinton.

A spokesman for the NSA didn’t comment on the security breach. “Whether the information is credible or not, NSA’s policy is never to comment on affiliate or personnel matters,” he said. He noted that the Defense Department, of which the NSA is a part, has a contract for antivirus software with another company, not Kaspersky.

In a statement, Kaspersky Lab said it “has not been provided any information or evidence substantiating this alleged incident, and as a result, we must assume that this is another example of a false accusation.”

Kremlin spokesman Dmitry Peskov in a statement didn’t address whether the Russian government stole materials from the NSA using Kaspersky software. But he criticized the U.S. government’s decision to ban the software from use by U.S. agencies as “undermining the competitive positions of Russian companies on the world arena.”

The Kaspersky incident is the third publicly known breach at the NSA involving a contractor’s access to a huge trove of highly classified materials. It prompted an official letter of reprimand to the agency’s director, Adm. Michael Rogers, by his superiors, people familiar with the situation said.

National Security Agency Director Michael Rogers.
National Security Agency Director Michael Rogers. PHOTO: SAUL LOEB/AGENCE FRANCE-PRESSE/GETTY IMAGES

Adm. Rogers came into his post in 2014 promising to staunch leaks after the disclosure that NSA contractor Edward Snowden the year before gave classified documents to journalists that revealed surveillance programs run by the U.S. and allied nations.

The Kaspersky-linked incident predates the arrest last year of another NSA contractor, Harold Martin, who allegedly removed massive amounts of classified information from the agency’s headquarters and kept it at his home, but wasn’t thought to have shared the data.

Mr. Martin pleaded not guilty to charges that include stealing classified information. His lawyer has said he took the information home only to get better at his job and never intended to reveal secrets.

The name of the NSA contractor in the Kaspersky-related incident and the company he worked for aren’t publicly known. People familiar with the matter said he is thought to have purposely taken home numerous documents and other materials from NSA headquarters, possibly to continue working beyond his normal office hours.

The man isn’t believed to have wittingly worked for a foreign government, but knew that removing classified information without authorization is a violation of NSA policies and potentially a criminal act, said people with knowledge of the breach.

It is unclear whether he has been dismissed from his job or faces charges. The incident remains under federal investigation, said people familiar with the matter.

Kaspersky software once was authorized for use by nearly two dozen U.S. government agencies, including the Army, Navy and Air Force, and the departments of Defense, State, Homeland Security, Energy, Veterans Affairs, Justice and Treasury.

The headquarters of the Russian cybersecurity company Kaspersky Lab.
The headquarters of the Russian cybersecurity company Kaspersky Lab. PHOTO: SAVOSTYANOV SERGEI/TASS/ZUMA PRESS

NSA employees and contractors never had been authorized to use Kaspersky software at work. While there was no prohibition against these employees or contractors using it at home, they were advised not to before the 2015 incident, said people with knowledge of the guidance the agency gave.

For years, U.S. national security officials have suspected that Kaspersky Lab, founded by a computer scientist who was trained at a KGB-sponsored technical school, is a proxy of the Russian government, which under Russian law can compel the company’s assistance in intercepting communications as they move through Russian computer networks.

Kaspersky said in its statement: “As a private company, Kaspersky Lab does not have inappropriate ties to any government, including Russia, and the company has never helped, nor will help, any government in the world with its cyberespionage efforts.”

Suspicions about the company prompted the Department of Homeland Security last month to take the extraordinary step of banning all U.S. government departments and agencies from using Kaspersky products and services. Officials determined that “malicious cyber actors” could use the company’s antivirus software to gain access to a computer’s files, said people familiar with the matter.

The government’s decision came after months of intensive discussions inside the intelligence community, as well as a study of how the software works and the company’s suspected connections to the Russian government, said people familiar with the events. They said intelligence officials also were concerned that given the prevalence of Kaspersky on the commercial market, countless people could be targeted, including family members of senior government officials, or that Russia could use the software to steal information for competitive economic advantage.

“The risk that the Russian government, whether acting on its own or in collaboration with Kaspersky, could capitalize on access provided by Kaspersky products to compromise federal information and information systems directly implicates U.S. national security,” the DHS said Sept. 13 in announcing the government ban.

All antivirus software scans computers looking for malicious code, comparing what is on the machine to a master list housed at the software company. But that scanning also gives makers of the software an inventory of what is on the computer, experts say.

“It’s basically the equivalent of digital dumpster diving,” said Blake Darché, a former NSA employee who worked in the agency’s elite hacking group that targets foreign computer systems.

Kaspersky is “aggressive” in its methods of hunting for malware, Mr. Darché said, “in that they will make copies of files on a computer, anything that they think is interesting.” He said the product’s user license agreement, which few customers probably read, allows this.

“You’re basically surrendering your right to privacy by using Kaspersky software,” said Mr. Darché, who is chief security officer for Area 1, a computer security company.

“We aggressively detect and mitigate malware infections no matter the source and we have been proudly doing it for 20 years,” the company said in its statement. “We make no apologies for being aggressive in the battle against malware and cybercriminals.”

U.S. investigators believe the contractor’s use of the software alerted Russian hackers to the presence of files that may have been taken from the NSA, according to people with knowledge of the investigation. Experts said the software, in searching for malicious code, may have found samples of it in the data the contractor removed from the NSA.

But how the antivirus system made that determination is unclear, such as whether Kaspersky technicians programed the software to look for specific parameters that indicated NSA material. Also unclear is whether Kaspersky employees alerted the Russian government to the finding.

Kaspersky Lab Chief Executive Eugene Kaspersky. The company said it never would help ‘any government in the world with its cyberespionage efforts.’
Kaspersky Lab Chief Executive Eugene Kaspersky. The company said it never would help ‘any government in the world with its cyberespionage efforts.’ PHOTO: SHARIFULIN VALERY/TASS/ZUMA PRESS

Investigators did determine that, armed with the knowledge that Kaspersky’s software provided of what files were suspected on the contractor’s computer, hackers working for Russia homed in on the machine and obtained a large amount of information, according to the people familiar with the matter.

The breach illustrates the chronic problem the NSA has had with keeping highly classified secrets from spilling out, former intelligence personnel say. They say they were rarely searched while entering or leaving their workplaces to see if they were carrying classified documents or removable storage media, such as a thumb drive.

The incident was considered so serious that it was given a classified code name and set off alarms among top national security officials because it demonstrated how the software could be used for spying. Members of Congress also were informed, said people familiar with the matter.

Then-Defense Secretary Ash Carter and then-Director of National Intelligence James Clapper pushed President Barack Obama to remove Adm. Rogers as NSA head, due in part to the number of data breaches on his watch, according to several officials familiar with the matter.

The NSA director had fallen out of White House favor when he traveled to Bedminster, N.J., last November to meet with president-elect Donald Trump about taking a job in his administration, said people familiar with the matter. Adm. Rogers didn’t notify his superiors, an extraordinary step for a senior military officer, U.S. officials said.

Adm. Rogers wasn’t fired for a number of reasons, including a pending restructuring of the NSA that would have been further complicated by his departure, according to people with knowledge of internal deliberations. An NSA spokesman didn’t comment on efforts to remove Adm. Rogers.

Write to Gordon Lubold at Gordon.Lubold@wsj.com and Shane Harris at shane.harris@wsj.com

https://www.wsj.com/articles/russian-hackers-stole-nsa-data-on-u-s-cyber-defense-1507222108

German spy agencies want right to destroy stolen data and ‘hack back’

October 5, 2017

Reuters

ByAndrea Shalal

BERLIN (Reuters) – Top German intelligence officials on Thursday urged lawmakers to give them greater legal authority to “hack back” in the event of cyber attacks from foreign powers.

Hans-Georg Maassen, head of the BfV domestic intelligence agency, told the parliamentary oversight committee it should be possible to destroy data stolen from German servers and moved to foreign servers to prevent it from being misused.

He said it would also make sense to “infect” foreign servers with software that would enable greater surveillance of any operations directed against German cyber targets, or to extract data, much as human agents are recruited for counter-espionage.

 Image result for BfV domestic intelligence agency, logo

“In the real world, it would be like turning a foreign intelligence agent and getting them to work for us … Something like this should be possible in the cyber world too,” Maassen told the committee in its first public hearing.

“These are ‘hack back’ instruments, but they are below the threshold of destroying or incapacitating a foreign server,” Maassen said.

German officials have blamed APT28, a Russian hacker group said linked to Moscow, for the May 2015 hack of the German lower house of parliament, the Bundestag, and other cyber attacks aimed at political groups, individuals or institutions.

They issued repeated warnings about the possibility that Moscow could seek to influence or disrupt the Sept. 24 German election, although officials have since said they did not see any major push by Russia to do so.

Maassen said it was possible Russia decided the political cost was too great after the backlash that ensued in the United States after a similar effort there.

Russia denies seeking to influence any foreign elections.

LACKING LEGAL AUTHORITY

Germany’s BND foreign intelligence agency already has the expertise, but not the legal authority, to destroy foreign servers, its chief Bruno Kahl told the committee.

Once the source of attack had been carefully investigated and identified, it could make sense to “shut down the source of such an attack and not have to retreat and give the job of going back in and taking care of business,” Kahl said.

In the end, however, such decisions had to be made by politicians, Kahl said.

Christof Gramm, head of Germany’s MAD military counter-espionage agency, said there were questions of domestic and international law to address before empowering the agencies to take such actions.

“This all has to be worked out. There are international boundaries. We’re not just talking about national law,” Gramm told the committee near the end of a three-hour session.

He said if such powers were granted, it would be up to the military’s cyber command to carry out such actions, not the MAD.

Maassen said authorities needed access to streaming data from foreign servers – for instance of videos showing beheadings – to track radicalization of possible Islamist attackers.

He also called for broader powers to track communications between Germany and Raqqa, the Syrian city still under Islamic State control, noting that current law only allowed the tracking of individual communications, not broader flows.

Reporting by Andrea Shalal and Sabine Siebold; Editing by Richard Balmforth

Russians posed as Muslim organization to sway US voters

September 28, 2017

By Chris Perez
The New York Post

No automatic alt text available.

The Russian government tried to influence the 2016 presidential election by masquerading as an authentic US Muslim organization on social media and posting incendiary memes about Hillary Clinton — while simultaneously using other accounts to send Islamophobic messages to right-wing users, a report says.

Sources tell The Daily Beast that the Kremlin-backed internet trolls created a fake Facebook group called “United Muslims of America” and then used it to stir the proverbial pot for months.

While the Russians’ use of imposter accounts is well noted, this is one of the first known instances where they impersonated an actual organization.

The real “United Muslims of America” is a California-based nonprofit that claims to have promoted interfaith dialogue and political participation for more than 30 years. It is “not functional” at the moment, though, and is in the middle of an organizational rebuild.

The group has hosted events with numerous members of Congress in the past — including Democrats Andre Carson and Eric Swalwell. The lawmakers are both members of the House intelligence committee that is currently investigating President Trump’s ties to Russia.

“Unfortunately, it appears that the United Muslims of America is one of many organizations that was unfairly targeted by Russia in their attempt to influence the 2016 Presidential election,” Carson told the Daily Beast.

While using the imposter UMA account, the Russian trolls reportedly posted countless messages and memes aimed at smearing Clinton’s name, as well as other politicians.

One claimed that the Democratic nominee “created, funded and armed” al-Qaeda and ISIS, while another said John McCain was the true founder of the Islamic State.

The account also posted a photo showing a whitewashed, blood-drenched Moammar Gadhafi — which applauded him for not having a “Rothschild-owned central bank.”

Another post, which was watermarked with the UMA logo, falsely alleged that Osama bin Laden had been a “CIA agent.”

“Russia knows no ends and no limits to which groups they would masquerade as to carry out their objectives,” Swalwell told the Daily Beast.

Throughout the campaign, much of the content that was posted on the account remained apolitical — but the influx of fake news was likely enough to sway voters.

Positive portrayals of Islam were ultimately aimed at Muslim audiences, while the Islamophobic messages were meant for right-wing users.

One post from August 2016 promoted an anti-immigrant rally in Idaho, saying: “We must stop taking in Muslim refugees!”

A message from June 2016, following the deadly Orlando nightclub massacre, asked people to attend an event titled, “Support Hillary. Save American Muslims!”

According to the Daily Beast, the fake UMA page wrote that Clinton was “the only presidential candidate who refuses to ‘demonize’ Islam after the Orlando nightclub shooting.” It added that “with such a person in White House (sic) America will easily reach the bright multicultural future.”

Sources told the outlet that the Russian government also used the account to buy Facebook advertisements to reach its target audiences.

In order to hide their operation, the trolls reportedly used the URL “Facebook.com/MuslimAmerica” — as opposed to the real UMA’s URL, which is “Facebook.com/UnitedMuslimsofAmericaUMA.”

They wound up amassing more than 260,000 followers before the account was eventually deactivated by Facebook last month as part of the company’s public acknowledgement of Russia’s network activity.

The Daily Beast managed to uncover some of its content, including a number of posts that were made on Instagram and Twitter.

The Russians reportedly used the handles “muslims_in_usa” and “muslim_voice” to promote political rallies for Muslims and post more inflammatory memes. The accounts have since been suspended, as well.

.
http://nypost.com/2017/09/27/russians-posed-as-muslim-organization-to-sway-us-voters/
.
Related:
.

Facebook, Twitter, Google called on to meet US intelligence committees — “Russia had a campaign to sow discord in the U.S.”

September 28, 2017

Three social media companies have been asked to testify at two US committees investigating Russian interference in the US election. The request has come as details emerge of an alleged campaign to sow discord in the US.

Symbolbild Soziale Netze (picture-alliance/dpa/Lei)

Facebook, Twitter and Alphabet, the parent company of Google, on Wednesday were invited to public hearings of the US House and Senate Intelligence committees as part of their investigations into possible Russian meddling in the 2016 election campaign that saw the election of US President Donald Trump.

The House Intelligence Committee plans to hold a hearing in October and the Senate Intelligence Committee on November 1. It was unclear whether the companies would accept the invitations.

Read more: Facebook reveals alleged Russia-funded political ad campaign in US

A joint statement from Democrats Representative Adam Schiff and Republican Representative Mike Conaway said the open hearing aimed “to better understand how Russia used online tools and platforms to sow discord in and influence our election.”

“Congress and the American people need to hear this important information directly from these companies,” the lawmakers added.

Members of the Senate panel confirmed the invitations under the condition of anonymity.

 No automatic alt text available.

Fake news and propaganda

Read more: 21 US states targeted by Russian hackers, no votes changed

Both panels have investigated how Russian groups could have used social media platforms and online ads to influence the 2016 election by spreading fake news and propaganda, and whether they were aided by people in the United States.

Republican Senator James Lankford, who received classified information about Russian meddling as a member of the Senate Intelligence Committee, said on Wednesday that Russia continued to sow discord in US domestic affairs.

Lankford said over the weekend Russian internet trolls stoked tensions on the issue of NFL players kneeling during the national anthem.

Read more: Donald Trump slams NFL kneeling protest as ‘disgraceful’

The Daily Beast, citing unnamed sources, reported on Wednesday that a fake Facebook group named “United Muslims of America” was linked to the Russian government and that it pushed false claims about US politicians, including Democratic presidential candidate Hillary Clinton.

Facebook CEO Mark Zuckerberg gestures during a speech with the Facebook logo in the background (picture-alliance/dpa/K. Nietfeld)Zuckerberg said Facebook did not favor candidates in elections

The group reportedly bought Facebook ads to reach targeted audiences, promoting political rallies aimed at Muslims.

After revelations earlier this month that Facebook sold $100,000 (€€85,000) worth of ads to Russian groups during the election campaign, CNN reported that at least one of those ads referenced Black Lives Matter and was specifically targeted to reach audiences in Ferguson, Missouri and Baltimore, citing unnamed sources.

 

On Wednesday, Facebook’s vice president of public policy, Richard Allan, said the company shutdown tens of thousands of fake accounts ahead of Germany’s election.

 

“Protecting the integrity of our platforms during elections is a huge focus for us and something we are committed to — particularly in the face of hostile and coordinated interventions,” Allan wrote in a Facebook post. “Staying ahead of those who are trying to misuse our service is a constant effort led by our security and integrity teams.”

Media are “anti-Trump,” says Trump

Facebook CEO Mark Zuckerberg said the company will work to make political advertising on its platform more transparent. The social media giant has already met with both committees’ staff as part of their investigations and said it would turn over some 3,000 ads alleged to have been bought by Russian groups during the US election.

In a tweet on Wednesday, Trump accused Facebook, as well as major television networks and The New York Times and The Washington Post newspapers, of being “anti-Trump.”

It’s an accusation Zuckerberg rejected in a Facebook post, writing that the platform worked to ensure “free and fair elections” and did not favor particular candidates.

“Trump says Facebook is against him. Liberals say we helped Trump,” Zuckerberg said in his post. “Both sides are upset about ideas and content they don’t like. That’s what running a platform for all ideas looks like.”

aw/sms (AFP, AP, Reuters)

http://www.dw.com/en/facebook-twitter-google-called-on-to-meet-us-intelligence-committees/a-40717107

Image may contain: one or more people

Russian Little Green Men invaded Crimea and parts of the eastern Ukraine in 2014. How did the American intelligence community fail to warn us? Now it seems Facebook was part of a Russian plan to sow discord in the US. What does American intelligence know?