The first global cyber war has begun

Moderators: Elvis, DrVolin, Jeff

Re: The first global cyber war has begun

Postby 82_28 » Mon Oct 26, 2015 6:41 pm

I looked into TOR just to "test it out" -- see if it worked back when it was announced, god how many years ago by now? Even though it was DARPA funded and shit, I just wanted to see. I never got it to work and lost interest. So I found RI and other sites on the Light Web in order to sell my great cache of weapons, drugs and children.

Anybody want a rocket launcher? CHEAP. Warranty still applies. $1000 OBO.

Really who gives a fuck anymore? There's literally nothing we can do without the web. But I will say there are layers to it and I won't use no DARPA shit. I'd like DARPA to bring back Napster though. That'd be rad.
There is no me. There is no you. There is all. There is no you. There is no me. And that is all. A profound acceptance of an enormous pageantry. A haunting certainty that the unifying principle of this universe is love. -- Propagandhi
User avatar
82_28
 
Posts: 11194
Joined: Fri Nov 30, 2007 4:34 am
Location: North of Queen Anne
Blog: View Blog (0)

Re: The first global cyber war has begun

Postby Grizzly » Mon Oct 26, 2015 9:18 pm

decentralization cannot happen fast enough (any way to have RI decentralized ?)
I couldn't figure out, where to put this as it could very well go under simultaneous topics ...

Russian Ships Near Data Cables Are Too Close for U.S. Comfort
http://mobile.nytimes.com/2015/10/26/wo ... 2&referer=

By DAVID E. SANGER and ERIC SCHMITT
October 25, 2015

WASHINGTON — Russian submarines and spy ships are aggressively operating near the vital undersea cables that carry almost all global Internet communications, raising concerns among some American military and intelligence officials that the Russians might be planning to attack those lines in times of tension or conflict.

The issue goes beyond old worries during the Cold War that the Russians would tap into the cables — a task American intelligence agencies also mastered decades ago. The alarm today is deeper: The ultimate Russian hack on the United States could involve severing the fiber-optic cables at some of their hardest-to-access locations to halt the instant communications on which the West’s governments, economies and citizens have grown dependent.

While there is no evidence yet of any cable cutting, the concern is part of a growing wariness among senior American and allied military and intelligence officials over the accelerated activity by Russian armed forces around the globe. At the same time, the internal debate in Washington illustrates how the United States is increasingly viewing every Russian move through a lens of deep distrust, reminiscent of relations during the Cold War.

Inside the Pentagon and the nation’s spy agencies, the assessments of Russia’s growing naval activities are highly classified and not publicly discussed in detail. American officials are secretive about what they are doing both to monitor the activity and to find ways to recover quickly if cables are cut. But more than a dozen officials confirmed in broad terms that it had become the source of significant attention in the Pentagon.


Looks like China is hotting up, too:
“The more we do to you, the less you seem to believe we are doing it.”

― Joseph mengele
User avatar
Grizzly
 
Posts: 4722
Joined: Wed Oct 26, 2011 4:15 pm
Blog: View Blog (0)

Re: The first global cyber war has begun

Postby Grizzly » Mon Oct 26, 2015 9:34 pm

Grizzly » Mon Oct 26, 2015 9:18 pm wrote:decentralization cannot happen fast enough (any way to have RI decentralized ?)
I couldn't figure out, where to put this as it could very well go under simultaneous topics ...

Russian Ships Near Data Cables Are Too Close for U.S. Comfort
http://mobile.nytimes.com/2015/10/26/wo ... 2&referer=

By DAVID E. SANGER and ERIC SCHMITT
October 25, 2015

WASHINGTON — Russian submarines and spy ships are aggressively operating near the vital undersea cables that carry almost all global Internet communications, raising concerns among some American military and intelligence officials that the Russians might be planning to attack those lines in times of tension or conflict.

The issue goes beyond old worries during the Cold War that the Russians would tap into the cables — a task American intelligence agencies also mastered decades ago. The alarm today is deeper: The ultimate Russian hack on the United States could involve severing the fiber-optic cables at some of their hardest-to-access locations to halt the instant communications on which the West’s governments, economies and citizens have grown dependent.

While there is no evidence yet of any cable cutting, the concern is part of a growing wariness among senior American and allied military and intelligence officials over the accelerated activity by Russian armed forces around the globe. At the same time, the internal debate in Washington illustrates how the United States is increasingly viewing every Russian move through a lens of deep distrust, reminiscent of relations during the Cold War.

Inside the Pentagon and the nation’s spy agencies, the assessments of Russia’s growing naval activities are highly classified and not publicly discussed in detail. American officials are secretive about what they are doing both to monitor the activity and to find ways to recover quickly if cables are cut. But more than a dozen officials confirmed in broad terms that it had become the source of significant attention in the Pentagon.


Looks like China is hotting up, too:


[]Obama Sends Destroyer To Chinese Islands, China Vows Military Response
Tyler Durden's picture
Submitted by Tyler Durden on 10/26/2015 16:26 -0400

China Reuters SPY Vladimir Putin



inShare28


For anyone who might still be somehow unaware, the US is currently in a superpower staring match with both Russia and China. The conflict in Syria has put Moscow back on the geopolitical map (so to speak), creating an enormous amount of tension with Washington whose regional allies have been left to look on in horror as Russian airstrikes and an Iranian ground incursion dash hopes of ousting President Bashar al-Assad.

Meanwhile, in The South China Sea, Beijing has built 3,000 acres of new sovereign territory atop reefs in the Spratlys and although the reclamation effort itself isn’t unique, the scope of it most certainly is and Washington’s friends in the South Pacific are crying foul.

Beijing has continually insisted that it doesn’t intend to use the islands as military outposts, but the construction of runways and ports seems to tell a different story and so, Washington felt compelled to check things out over the summer by sending a Poseidon spy plane complete with a CNN crew to the area. Once the PLA spotted the plane the situation escalated quickly with the Chinese Navy telling US pilots to “Go Now!”

After that, an intense war of words developed with Defense Secretary Ash Carter insisting that the US would sail and fly anywhere it pleased and Beijing assuring the US that sailing within 12 nautical miles of the islands would prompt a harsh response from the PLA.

For weeks, the US was rumored to have been planning a freedom of navigation exercise in the Spratlys which, as we’ve pointed out several times this month, amounts to sailing by the islands just to see if China will shoot.

Now, according to CNN, Obama has given the green light and the ships may sail within 24 hours:

Just in: @USNavy prepared to sail w/i 12mi of China's manmade islands in #SouthChinaSea "w/i 24hrs", has POTUS approval -Def. Official

— Jim Sciutto (@jimsciutto) October 26, 2015

And more from FT:

The US navy is poised to start freedom of navigation operations in the South China Sea in a high-stakes effort to push back against Chinese territorial claims over artificial islands in the disputed waters.



In a move that will enrage Beijing, the USS Lassen, a guided-missile destroyer, will sail inside the 12-nautical mile zones of two man-made islands — Subi and Mischief reefs — that China has built in the contested Spratly Island chain. A senior US defence official said it would sail through the area in the early hours of Tuesday morning.



China has repeatedly warned that it would not tolerate any effort to violate what it considers its territory. Earlier this month, a senior Chinese naval officer said the People’s Liberation Army would hand a “head-on blow” to any foreign forces that violated Chinese sovereignty. His comments came after the Financial Times reported that the US was poised to launch its operations.



The manoeuvre will mark the first time since 2012 that the US navy has sailed through the 12-nautical mile zone surrounding any islands claimed by China. It is aimed at demonstrating that Washington does not recognise any territorial claims over artificial islands in the South China Sea.

It's also worth noting that should the US manage to get away with this without sparking a shooting [/qoute]
“The more we do to you, the less you seem to believe we are doing it.”

― Joseph mengele
User avatar
Grizzly
 
Posts: 4722
Joined: Wed Oct 26, 2011 4:15 pm
Blog: View Blog (0)

Re: The first global cyber war has begun

Postby cptmarginal » Wed Aug 17, 2016 12:38 pm

https://www.washingtonpost.com/world/na ... story.html

Powerful NSA hacking tools have been revealed online

By Ellen Nakashima August 16 at 6:52 PM

Some of the most powerful espionage tools created by the National Security Agency’s elite group of hackers have been revealed in recent days, a development that could pose severe consequences for the spy agency’s operations and the security of government and corporate computers.

A cache of hacking tools with code names such as Epicbanana, Buzzdirection and Egregiousblunder appeared mysteriously online over the weekend, setting the security world abuzz with speculation over whether the material was legitimate.

The file appeared to be real, according to former NSA personnel who worked in the agency’s hacking division, known as Tailored Access Operations (TAO).

“Without a doubt, they’re the keys to the kingdom,” said one former TAO employee, who spoke on the condition of anonymity to discuss sensitive internal operations. “The stuff you’re talking about would undermine the security of a lot of major government and corporate networks both here and abroad.”

Said a second former TAO hacker who saw the file: “From what I saw, there was no doubt in my mind that it was legitimate.”

The file contained 300 megabytes of information, including several “exploits,” or tools for taking control of firewalls in order to control a network, and a number of implants that might, for instance, exfiltrate or modify information.

The exploits are not run-of-the-mill tools to target everyday individuals. They are expensive software used to take over firewalls, such as Cisco and Fortinet, that are used “in the largest and most critical commercial, educational and government agencies around the world,” said Blake Darche, another former TAO operator and now head of security research at Area 1 Security.

The software apparently dates back to 2013 and appears to have been taken then, experts said, citing file creation dates, among other things.

“What’s clear is that these are highly sophisticated and authentic hacking tools,” said Oren Falkowitz, chief executive of Area 1 Security and another former TAO employee.

Several of the exploits were pieces of computer code that took advantage of “zero-day” or previously unknown flaws or vulnerabilities in firewalls, which appear to be unfixed to this day, said one of the former hackers.

The disclosure of the file means that at least one other party — possibly another country’s spy agency — has had access to the same hacking tools used by the NSA and could deploy them against organizations that are using vulnerable routers and firewalls. It might also see what the NSA is targeting and spying on. And now that the tools are public, as long as the flaws remain unpatched, other hackers can take advantage of them, too.

The NSA did not respond to requests for comment.

“Faking this information would be monumentally difficult, there is just such a sheer volume of meaningful stuff,” Nicholas Weaver, a computer security researcher at the University of California at Berkeley, said in an interview. “Much of this code should never leave the NSA.”

The tools were posted by a group calling itself the Shadow Brokers using file-sharing sites such as BitTorrent and DropBox.

As is typical in such cases, the true identity of whoever put the tools online remains hidden. Attached to the cache was an “auction” note that purported to be selling a second set of tools to the highest bidder: “!!! Attention government sponsors of cyber warfare and those who profit from it !!!! How much you pay for enemies cyber weapons?”

The group also said that if the auction raised 1 million bitcoins — equivalent to roughly $500 million — it would release the second file to the world.

The auction “is a joke,” Weaver said. “It’s designed to distract. It’s total nonsense.” He said that “bitcoin is so traceable that a Doctor Evil scheme of laundering $1 million, let alone $500 million, is frankly lunacy.”

One of the former TAO operators said he suspected that whoever found the tools doesn’t have everything. “The stuff they have there is super-duper interesting, but it is by far not the most interesting stuff in the tool set,” he said. “If you had the rest of it, you’d be leading off with that, because you’d be commanding a much higher rate.”

TAO, a secretive unit that helped craft the digital weapon known as Stuxnet, has grown in the past decade or so from several hundred to more than 2,000 personnel at the NSA’s Fort Meade, Md., headquarters. The group dates to the early 1990s. Its moniker, Tailored Access Organization, suggests a precision of technique that some officials have likened to brain surgery. Its name also reflects how coding whizzes create exquisite tools from scratch, in the same way a fine tailor takes a bolt of wool and fashions a bespoke suit — only the computer geeks more often work in jeans and T-shirts. “We break out the Nerf guns and have epic Nerf gun fights,” one of the former hackers said.

Some former agency employees suspect that the leak was the result of a mistake by an NSA operator, rather than a successful hack by a foreign government of the agency’s infrastructure.

When NSA personnel hack foreign computers, they don’t move directly from their own covert systems to the targets’, fearing that the attack would be too easy to trace. They use a form of proxy server called a “redirector” that masks the hackers’ origin. They use one or more such servers to make it difficult to trace a hack.

“NSA is often lurking undetected for years on the . . . [proxy hops] of state hackers,” former agency contractor Edward Snowden tweeted Tuesday. “This is how we follow their operations.”

At the same time, other spy services, like Russia’s, are doing the same thing to the United States.

It is not unprecedented for a TAO operator to accidentally upload a large file of tools to a redirector, one of the former employees said. “What’s unprecedented is to not realize you made a mistake,” he said. “You would recognize, ‘Oops, I uploaded that set’ and delete it.”

Critics of the NSA have suspected that the agency, when it discovers a software vulnerability, frequently does not disclose it, thereby putting at risk the cybersecurity of anyone using that product. The file disclosure shows why it’s important to tell software-makers when flaws are detected, rather than keeping them secret, one of the former agency employees said, because now the information is public, available for anyone to employ to hack widely used Internet infrastructure.

Snowden, Weaver and some of the former NSA hackers say they suspect Russian involvement in the release of the cache, though no one has offered hard evidence. They say the timing — in the wake of high-profile disclosures of Russian government hacking of the Democratic National Committee and other party organizations — is notable.

Tweeted Snowden: “Circumstantial evidence and conventional wisdom indicates Russian responsibility.” He said that the disclosure “is likely a warning that someone can prove U.S. responsibility for any attacks that originated from this” redirector or malware server by linking it to the NSA.

“This could have significant foreign policy consequences,” he said in another tweet. “Particularly if any of those operations targeted U.S. allies” or their elections.

“Accordingly,” he tweeted, “this may be an effort to influence the calculus of decision-makers wondering how sharply to respond to the DNC hacks.”

In other words, he tweeted, it looks like “somebody sending a message” that retaliating against Russia for its hacks of the political organizations “could get messy fast.”
The new way of thinking is precisely delineated by what it is not.
cptmarginal
 
Posts: 2741
Joined: Tue Apr 10, 2007 8:32 pm
Location: Gordita Beach
Blog: View Blog (0)

Re: The first global cyber war has begun

Postby cptmarginal » Wed Aug 17, 2016 12:46 pm

I just noticed that seemslikeadream already posted this here:

The Criminal N.S.A.

Didn't turn up in my search results for "Epicbanana" :o
cptmarginal
 
Posts: 2741
Joined: Tue Apr 10, 2007 8:32 pm
Location: Gordita Beach
Blog: View Blog (0)

Re: The first global cyber war has begun

Postby seemslikeadream » Wed Aug 17, 2016 12:55 pm

thanks for posting I had forgot about this thread
Mazars and Deutsche Bank could have ended this nightmare before it started.
They could still get him out of office.
But instead, they want mass death.
Don’t forget that.
User avatar
seemslikeadream
 
Posts: 32090
Joined: Wed Apr 27, 2005 11:28 pm
Location: into the black
Blog: View Blog (83)

Re: The first global cyber war has begun

Postby DrEvil » Wed Aug 17, 2016 5:20 pm

82_28 » Tue Oct 27, 2015 12:41 am wrote:I looked into TOR just to "test it out" -- see if it worked back when it was announced, god how many years ago by now? Even though it was DARPA funded and shit, I just wanted to see. I never got it to work and lost interest. So I found RI and other sites on the Light Web in order to sell my great cache of weapons, drugs and children.

Anybody want a rocket launcher? CHEAP. Warranty still applies. $1000 OBO.

Really who gives a fuck anymore? There's literally nothing we can do without the web. But I will say there are layers to it and I won't use no DARPA shit. I'd like DARPA to bring back Napster though. That'd be rad.


Didn't see this until now, but I assume you know that the Internet itself was created by DARPA.
Why are you still here? :wink:
"I only read American. I want my fantasy pure." - Dave
User avatar
DrEvil
 
Posts: 3971
Joined: Mon Mar 22, 2010 1:37 pm
Blog: View Blog (0)

Re: The first global cyber war has begun

Postby seemslikeadream » Thu Aug 18, 2016 12:04 am

‘Auction’ of NSA tools sends security companies scrambling

FILE - In his June 6, 2013 file photo, the National Security Agency (NSA) campus in Fort Meade, Md. The leak of what purports to be a National Security Agency hacking tool kit has set the information security world atwitter — and sent major companies rushing to update their defenses. Experts across the world are still examining what amount to electronic lock picks. Here’s what they’ve found so far. (Patrick Semansky, File/Associated Press)
By Raphael Satter | AP August 17 at 9:00 PM
PARIS — The leak of what purports to be a National Security Agency hacking tool kit has set the information security world atwitter — and sent major companies rushing to update their defenses.

Experts across the world are still examining what amount to electronic lock picks. Here’s what they’ve found so far.

WHAT’S IN THE RELEASE?

The tool kit consists of a suite of malicious software intended to tamper with firewalls, the electronic defenses protecting computer networks. The rogue programs appear to date back to 2013 and have whimsical names like EXTRABACON or POLARSNEEZE. Three of them — JETPLOW, FEEDTROUGH and BANANAGLEE — have previously appeared in an NSA compendium of top secret cyber surveillance tools .

The auctioneers claim the tools were stolen from the Equation Group, the name given to a powerful collective of hackers exposed by antivirus firm Kaspersky Lab in 2015. Others have linked the Equation Group to the NSA’s hacking arm, although such claims are extraordinarily hard to settle with any certainty.

The leaked tools “share a strong connection” with the Equation Group, Kaspersky said in a blog post late Tuesday. The Moscow-based company said the two used “functionally identical” encryption techniques.

The leaked tools also appear to be powerful, according to a running analysis maintained by Richmond, Virginia-headquartered Risk Based Security. The group said several of the vulnerabilities targeted by the malware — including one affecting Cisco firewalls — were previously unknown, a sign of a sophisticated actor.

Security and networking companies scrambled to investigate the flaws exposed by the auction. Cisco Systems, Inc. issued an urgent update to its software late Wednesday. Fortinet, Inc., a Sunnyvale, California-based security company, also said it was investigating.

Nicholas Weaver, a researcher at the International Computer Science Institute in Berkeley, California, said that the news was terrible for the NSA no matter the circumstances behind the leak because companies like Cisco guard critical U.S. infrastructure.

“If the NSA discovered breach in 2013 and never told Cisco/Fortinet, this is VERY BAD,” he said in a message posted to Twitter . “If they didn’t know, this is VERY BAD.”

The NSA has not returned repeated messages seeking comment.

WHO IS BEHIND THE LEAK?

The documents have been leaked as part of a surreal online auction by a group calling itself “Shadow Brokers.” Their madcap, Borat-like manifesto rails against the “Wealthy Elite” and the group’s name appears to be a nod to the “Mass Effect” series of video games, where an elusive Shadow Broker traffics in sensitive information.

Few take the name or the manifesto at face value. Many have floated the possibility of Russian involvement, a theory that received unexpected support when NSA leaker Edward Snowden endorsed it on Twitter.

In a series of messages, Snowden wondered aloud whether the server the data was stolen from might be linked to a U.S. attempt to influence a foreign election. That would be a politically charged development in the context of recent allegations that Russia is trying to tamper with America’s presidential campaign.

The leak looks like a warning that any attempt to point the finger at Moscow over alleged electoral interference “could get messy fast,” Snowden tweeted. He did not return messages seeking further comment.

Comae Technologies founder Matt Suiche said the theory of a disgruntled insider couldn’t be ruled out.

In a blog post , Suiche said he’d been contacted by a former NSA analyst who pointed out that the tools leaked online normally resided on a segregated network and that the way they were named suggests the data was copied direct from the source. Suiche cautioned it was just a theory.

“We’ll never know,” he said in a message to AP.

Repeated emails and online messages seeking comment from the Shadow Brokers went unreturned.

HOW DOES THE AUCTION WORK?

Shadow Brokers have already published much of the data they claim to have. The rest — “the best files” — will be released, they claim, to whoever wins the auction.

The content of the files is secret, the group said in its announcement. So too is the length of the auction, which it said would end, in its signature broken English, “when we feel is time to end.”

Many dismiss the auction as a stunt.

Tech News Alerts
Breaking news about technology and tech companies.
Sign up
Hopeful bidders have been invited to send bitcoins — the borderless electronic currency — but as of late Wednesday the address specified by the group had only gathered 1.72 bitcoins, or $981.

It’s more than pocket change. But the group’s stated goal is 1,000,000 bitcoins, or $570 million.

___

This story has been corrected to show the reference should be to a former NSA analyst, not a former NSA hacker.

https://www.washingtonpost.com/business ... story.html
Mazars and Deutsche Bank could have ended this nightmare before it started.
They could still get him out of office.
But instead, they want mass death.
Don’t forget that.
User avatar
seemslikeadream
 
Posts: 32090
Joined: Wed Apr 27, 2005 11:28 pm
Location: into the black
Blog: View Blog (83)

Re: The first global cyber war has begun

Postby Harvey » Thu Aug 18, 2016 4:31 am

Simplest explanation, TAO crowdfunding campaign? Motive, means and opportunity covered.

Some other naive questions:

What happens to bitcoin value/popularity/desirability/legality/regulation behind this (if anything)?

Which security (firewall) vendors lose share price and which gain?

Regarding the above implied allegation by Snowden, which countries might have experienced election interference from the US? If true, would it be reasonable to assume that the 'hackers' also have data to support this allegation?

Or was the allegation that government agencies have been hacking US elections?
And while we spoke of many things, fools and kings
This he said to me
"The greatest thing
You'll ever learn
Is just to love
And be loved
In return"


Eden Ahbez
User avatar
Harvey
 
Posts: 4165
Joined: Mon May 09, 2011 4:49 am
Blog: View Blog (20)

Re: The first global cyber war has begun

Postby American Dream » Sat Oct 22, 2016 11:18 am

https://motherboard.vice.com/read/twitt ... net-attack

Twitter, Reddit, Spotify Were Collateral Damage In Major Internet Attack

Written by
LORENZO FRANCESCHI-BICCHIERAI
STAFF WRITER
October 21, 2016 // 10:48 AM EST



Twitter, Reddit, Github, Spotify, and many others were knocked offline intermittently on Friday morning as a result of a cyberattack on a large internet infrastructure provider.

The popular websites became the collateral damage of a “global” Distributed Denial of Service or DDoS attack on Dyn, a company that provides core internet services for those popular websites. The attack mainly targeted Dyn’s Domain Name System (DNS) management services infrastructure on the East Coast of the United States, as the company explained in a statement.

Read more: Criminal Hackers Have Launched a ‘Turf War’ Over the Internet of Shit

DNS is essentially the internet’s phone book. When you type Twitter.com on your browser DNS servers turn that URL into an IP address and serve you the site’s content. Due to the fact that Dyn provides DNS management services to a lot of companies on the internet, the attack spread beyond the company and knocked offline other parts of the internet, as collateral damage.

“We are a major DNS service provider," Doug Madory, director of internet analysis at Dyn, told Motherboard. “When a DNS service provider gets attacked then parts of the DNS system stop working and people can’t access websites.”

Madory also said that there was “no doubt” that Dyn was the primary target of the attack.

Image

At this point, it’s unclear who’s behind the attack or the what were their motives. But as security journalist Brian Krebs noted, Dyn’s researcher Madory teamed up with him on research investigating the “sometimes blurry lines between certain DDoS mitigation firms and the cybercriminals apparently involved in launching some of the largest DDoS attacks the Internet.”

Krebs, however, noted that there’s no data to clearly link Dyn’s previous work with the attack on Friday.

The attack on Dyn came a few weeks after criminals used a massive botnet made of Internet of Things devices infected with malware to target Krebs himself, forcing him to take down his website. At this point, it’s unclear if the DDoS on Dyn was carried out with that botnet, which is powered by malware known as Mirai, but some were already speculating that was the case.

“When a DNS service provider gets attacked then parts of the DNS system stop working and people can’t access websites.”
Marshal Webb, the chief technology officer of BackConnect, an anti-DDoS firm that was also investigated by Krebs and Madory, explained that Mirai has capabilities to target and overwhelm DNS servers.

“Someone has probably achieved hegemony with the Mirai source and slapped DYN to either hit them directly or a customer downstream,” Webb told Motherboard in an online chat. “Nothing else would have enough legitimate devices to saturate DNS queries.”

At around 9:45 am ET, Dyn reported that all services were “restored to normal.” But as of this time, no one knows exactly who was behind the attacks or how they did it, and Dyn said they had no other details to provide.

UPDATE, 10/21/2016, 5:15 p.m. ET: A botnet of hacked Internet of Things devices powered by the malware Mirai is at least in part responsible for the outages, according to an internet backbone provider and a security company.
American Dream
 
Posts: 19946
Joined: Sat Sep 15, 2007 4:56 pm
Location: Planet Earth
Blog: View Blog (0)

Re: The first global cyber war has begun

Postby Luther Blissett » Thu Nov 17, 2016 7:21 pm

Of course this pales in comparison to what is already known about all of us with the quantum computing power at the Intelligence Community Comprehensive National Cybersecurity Initiative Data Center in Utah, but this one is actually on the books:

Britain has passed the 'most extreme surveillance law ever passed in a democracy'
The law forces UK internet providers to store browsing histories -- including domains visited -- for one year, in case of police investigations.

It's 2016 going on 1984.

The UK has just passed a massive expansion in surveillance powers, which critics have called "terrifying" and "dangerous".

The new law, dubbed the "snoopers' charter", was introduced by then-home secretary Theresa May in 2012, and took two attempts to get passed into law following breakdowns in the previous coalition government.

Four years and a general election later -- May is now prime minister -- the bill was finalized and passed on Wednesday by both parliamentary houses.

But civil liberties groups have long criticized the bill, with some arguing that the law will let the UK government "document everything we do online".

It's no wonder, because it basically does.

The law will force internet providers to record every internet customer's top-level web history in real-time for up to a year, which can be accessed by numerous government departments; force companies to decrypt data on demand -- though the government has never been that clear on exactly how it forces foreign firms to do that that; and even disclose any new security features in products before they launch.

Not only that, the law also gives the intelligence agencies the power to hack into computers and devices of citizens (known as equipment interference), although some protected professions -- such as journalists and medical staff -- are layered with marginally better protections.

In other words, it's the "most extreme surveillance law ever passed in a democracy," according to Jim Killock, director of the Open Rights Group.

The bill was opposed by representatives of the United Nations, all major UK and many leading global privacy and rights groups, and a host of Silicon Valley tech companies alike. Even the parliamentary committee tasked with scrutinizing the bill called some of its provisions "vague".

And that doesn't even account for the three-quarters of people who think privacy, which this law almost entirely erodes, is a human right.

There are some safeguards, however, such as a "double lock" system so that the secretary of state and an independent judicial commissioner must agree on a decision to carry out search warrants (though one member of the House of Lords disputed that claim).

A new investigatory powers commissioner will also oversee the use of the powers.

Despite the uproar, the government's opposition failed to scrutinize any significant amendments and abstained from the final vote. Killock said recently that the opposition Labour party spent its time "simply failing to hold the government to account".

But the government has downplayed much of the controversy surrounding the bill. The government has consistently argued that the bill isn't drastically new, but instead reworks the old and outdated Regulation of Investigatory Powers Act (RIPA). This was brought into law in 2000, to "legitimize" new powers that were conducted or ruled on in secret, like collecting data in bulk and hacking into networks, which was revealed during the Edward Snowden affair.

Much of those activities were only possible thanks to litigation by one advocacy group, Privacy International, which helped push these secret practices into the public domain while forcing the government to scramble to explain why these practices were legal.

The law will be ratified by royal assent in the coming weeks.
The Rich and the Corporate remain in their hundred-year fever visions of Bolsheviks taking their stuff - JackRiddler
User avatar
Luther Blissett
 
Posts: 4990
Joined: Fri Jan 02, 2009 1:31 pm
Location: Philadelphia
Blog: View Blog (0)

Re: The first global cyber war has begun

Postby seemslikeadream » Fri Dec 30, 2016 10:09 pm

it has begun to get bizarre
Mazars and Deutsche Bank could have ended this nightmare before it started.
They could still get him out of office.
But instead, they want mass death.
Don’t forget that.
User avatar
seemslikeadream
 
Posts: 32090
Joined: Wed Apr 27, 2005 11:28 pm
Location: into the black
Blog: View Blog (83)

Re: The first global cyber war has begun

Postby Searcher08 » Sat Dec 31, 2016 12:45 pm

Hackers Don’t Have to Be Human Anymore. This Bot Battle Proves It

Nathaniel Wood for WIRED

Last night, at the Paris Hotel in Las Vegas, seven autonomous bots proved that hacking isn’t just for humans.

The Paris ballroom played host to the Darpa Cyber Grand Challenge, the first hacking contest to pit bot against bot—rather than human against human. Designed by seven teams of security researchers from across academia and industry, the bots were asked to play offense and defense, fixing security holes in their own machines while exploiting holes in the machines of others. Their performance surprised and impressed some security veterans, including the organizers of this $55 million contest—and those who designed the bots.

During the contest, which played out over a matter of hours, one bot proved it could find and exploit a particularly subtle security hole similar to one that plagued the world’s email systems a decade ago—the Crackaddr bug. Until yesterday, this seemed beyond the reach of anything other than a human. “That was astounding,” said Mike Walker, the veteran white-hat hacker who oversaw the contest. “Anybody who does vulnerability research will find that surprising.”

In certain situations, the bots also showed remarkable speed, finding bugs far quicker than a human ever could. But at the same time, they proved that automated security is still very flawed. One bot quit working midway through the contest. Another patched a hole but, in the process, crippled the machine it was supposed to protect. All the gathered researchers agreed that these bots are still a very long way from grasping all the enormously complex bugs a human can.

According to preliminary and unofficial results, the $2 million first place prize will go to Mayhem, a bot fashioned inside startup ForAllSecure, which grew out of research at Carnegie Mellon. This was the bot that quit working. But you shouldn’t read that as an indictment of last night’s contest. On the contrary. It shows that these bots are a little smarter than you might expect.
The Challenge

The problem, of course, is that software is littered with security holes. This is mostly because programmers are humans who make mistakes. Inevitably, they’ll let too much data into a memory register, allow outside code to run in the wrong place, or overlook some other tiny flaw in their own code that offers attackers a way in. Traditionally, we needed other humans—reverse engineers, white-hat hackers—to find and patch these holes. But increasingly, security researchers are building automated systems that can work alongside these human protectors.

As more and more devices and online services move into our everyday lives, we need this kind of bot. Those human protectors are far from plentiful, and the scope of their task is expanding. So, Darpa, the visionary research arm of the US Defense Department, wants to accelerate the evolution of automated bug hunters. The agency spent about $55 million preparing for this contest, and that’s before you factor in the $3.75 million in prize money. It designed and built the event’s enormously complex playing field—a network of supercomputers and software the contestants competed to hack—and it constructed a way of looking inside this vast network, a sweeping “visualization” that can actually show what’s happening as the seven contestants race to find, patch, and exploit security holes in those seven supercomputers. It’s basically Tron.

The idea wasn’t just for the contest to spur the development of the competing new security systems, but to inspire other engineers and entrepreneurs toward the same goal. “A Grand Challenge is about starting technology revolutions,” Mike Walker told me earlier this summer. “That’s partially through the development of new technology, but it’s also about bringing a community to bear on the problem.”

LW3A8514.jpg
As their bot, Xandra, competes in the Cyber Grand Challenge, researchers from the University of Virginia and the Ithaca, New York company GrammaTech gather in the ballroom of the Paris hotel. Nathaniel Wood for WIRED

Held each year in Las Vegas, the Defcon security conference has long included a hacking contest called Capture the Flag. But last night’s contest wasn’t Capture the Flag. The contestants were machines, not humans. And with its Tron-like visualization—not to mention the two color commentators that called the action like it was a sporting event—Darpa provided a very different way of experiencing a hacking contest. Several thousand people packed into the Paris ballroom. The crowd was typical Defcon: much facial hair, ponytails, and piercings, plus the odd Star Trek uniform. But what they saw was something new.
Rematch with the Past

The seven teams loaded their autonomous systems onto the seven supercomputers late last week, and sometime Thursday morning, Darpa set the contest in motion. Each supercomputer launched software that no one outside Darpa had ever seen, and the seven bots looked for holes. Each bot aimed to patch the holes on its own machine, while working to prove it could exploit holes on others. Darpa awarded points not just for finding bugs, but for keeping services up and running.

To show that no one else had access to the seven supercomputers—that the bots really were competing on their own—Darpa erected its network so that an obvious air gap sat between the machines and the rest of the ballroom. Then, every so often, a robotic arm would grab a Blue-Ray disc from the supercomputer side and move it across the gap. This disc included all the data needed to show what was happening inside the machines, and after the arm fed this into a system on the other side of the gap, Darpa’s Tron-like visualization appeared on the giant TV looming over the arena.
wired_how-darpa-made-hacking-into-a-video-game-8.jpg
Related Video

How Darpa Is Making Hacking Into a Spectator Sport

Darpa planted countless security holes on the seven machines. But some were particularly intriguing. As the curtain went up on the contest, Darpa’s color commentators—astrophysicist turned TV host Hakeem Oluseyi and a white-hat hacker known only as Visi—revealed that some were modeled on infamous security holes from the Internet’s earlier days. This included the Heartbleed bug (discovered in 2014), the bug exploited by the SQL Slammer worm (2003), and the Crackaddr bug (also 2003). Darpa called them rematch challenges.
Game Theory

The competition was divided into rounds—96 in all. Each round, Darpa launched a new set of services for the bots to both defend and attack. In the earliest rounds, Mayhem, the bot created by the team from Carnegie Mellon, edged into the lead, trailed closely by Rubeus, built by defense contractor Raytheon.

Rubeus played a particularly aggressive game. It seemed intent on exploiting holes in the other six machines. “It’s throwing against absolutely everything,” Visi said at one point. And this seemed rather successful. But its competitor, Mayhem, had a certain knack for protecting its own services and, crucially, for keeping them up and running. As the game progressed, the two bots took turns at the top of the leader board.

But then, several rounds in, Rubeus stumbled and dropped in the rankings. In patching a hole in its own machine, it accidentally hampered the machine’s performance. That’s the danger of applying a patch—both during a hacking contest and in the real world. In this case, the patch didn’t just slow down the service that needed patching; it slowed down all other services running on the machine. As Visi put it, the bot had launched a denial-of-service attack against its own system.

The bot had launched a denial-of-service attack against its own machine.

By contrast, Mayhem seemed to take a more conservative and considered approach. As team leader Alex Rebert later told me, if the bot found a hole in its own machine, it wouldn’t necessarily decide to patch, in part because patches can slow a service down, but also because it can’t patch without temporarily taking the service offline. Through a kind of statistical analysis, the bot weighed the costs and the benefits of patching and the likelihood that another bot would actually exploit the hole, and only then would it decide whether the patch made sense and would give it more points than it would lose.
Crackaddr Cracked

In round 30, Rubeus was smart enough to remove the patch that was causing its own machine so much trouble, and its performance rebounded. But it continued to trail Mayhem as well as Mechaphish, a bot designed by a team from the University of California, Santa Barbara.

Mechaphish sat in last place for the early rounds—probably because it patched every hole it found. Unlike Mayhem, it was light on game theory, as team member Yan Shoshitaishvili later told me. But as the game continued, Mechaphish started climbing the leader board. It seemed to have a knack for finding particularly complex or subtle bugs. Certainly, it was the only bot that proved it could exploit the bug modeled on Crackaddr.

This exploit was so impressive because it fingered a bug that isn’t always there. Before exploiting the hole, the bot must first send a series of commands to create the hole. Basically, it must find the right route among an enormous array of possibilities. That number is so large, the bot can’t try them all. It must somehow hone in on a method that will actually work. It must operate with a certain subtlety—mimicking a very human talent.

But despite Mechaphish’s human flair, Mayhem remained in the lead.
The Unintended Bug

Then, in round 52, Mayhem quit working. For some reason, it could no longer submit patches or attempt exploits against other machines. And it remained dormant through round 60. And round 70.

As the game continued, others bots showed a surprising knack for the task at hand. At one point, Xandra—a bot designed by a team from the University of Virginia and a company called GrammaTech—exploited a bug that Darpa didn’t even know was there. And a second bot, Jima, designed by a two person team from Idaho, successfully patched the bug.

And yet, Mayhem stayed atop the leader board. It was still top after round 80. And it was top after round 90—even though it remained dormant. And then just as suddenly, in round 95, it started working again. In round 96, it won the contest—at least according to preliminary results.

Its play in the first 50 rounds was so good, its game theory so successful, that the other bots couldn’t catch up. Over the remaining rounds, Mayhem’s patches continued to provide defense, and though it wasn’t able to patch additional holes or exploit new holes in other machines, enough of its services continued to run as they should—in part because it had often decided not to patch. Mayhem didn’t just patch and exploit security holes. It weighed the benefits of patching and exploiting against the costs. It was smart.
User avatar
Searcher08
 
Posts: 5887
Joined: Thu Dec 20, 2007 10:21 am
Blog: View Blog (0)

Re: The first global cyber war has begun

Postby seemslikeadream » Wed Jun 21, 2017 11:49 am

ANDY GREENBERG
SECURITY

06.20.1706:00 AM

HOW AN ENTIRE NATION BECAME RUSSIA'S TEST LAB FOR CYBERWAR


The clocks read zero when the lights went out.

It was a Saturday night last December, and Oleksii Yasinsky was sitting on the couch with his wife and teenage son in the living room of their Kiev apartment. The 40-year-old Ukrainian cybersecurity researcher and his family were an hour into Oliver Stone’s film Snowden when their building abruptly lost power.
“The hackers don’t want us to finish the movie,” Yasinsky’s wife joked. She was referring to an event that had occurred a year earlier, a cyberattack that had cut electricity to nearly a quarter-million Ukrainians two days before Christmas in 2015. Yasinsky, a chief forensic analyst at a Kiev digital security firm, didn’t laugh. He looked over at a portable clock on his desk: The time was 00:00. Precisely midnight.
Yasinsky’s television was plugged into a surge protector with a battery backup, so only the flicker of images onscreen lit the room now. The power strip started beeping plaintively. Yasinsky got up and switched it off to save its charge, leaving the room suddenly silent.


He went to the kitchen, pulled out a handful of candles and lit them. Then he stepped to the kitchen window. The thin, sandy-blond engineer looked out on a view of the city as he’d never seen it before: The entire skyline around his apartment building was dark. Only the gray glow of distant lights reflected off the clouded sky, outlining blackened hulks of modern condos and Soviet high-rises.
Noting the precise time and the date, almost exactly a year since the December 2015 grid attack, Yasinsky felt sure that this was no normal blackout. He thought of the cold outside—close to zero degrees Fahrenheit—the slowly sinking temperatures in thousands of homes, and the countdown until dead water pumps led to frozen pipes.
That’s when another paranoid thought began to work its way through his mind: For the past 14 months, Yasinsky had found himself at the center of an enveloping crisis. A growing roster of Ukrainian companies and government agencies had come to him to analyze a plague of cyberattacks that were hitting them in rapid, remorseless succession. A single group of hackers seemed to be behind all of it. Now he couldn’t suppress the sense that those same phantoms, whose fingerprints he had traced for more than a year, had reached back, out through the internet’s ether, into his home.
The Cyber-Cassandras said this would happen. For decades they warned that hackers would soon make the leap beyond purely digital mayhem and start to cause real, physical damage to the world. In 2009, when the NSA’s Stuxnet malware silently accelerated a few hundred Iranian nuclear centrifuges until they destroyed themselves, it seemed to offer a preview of this new era. “This has a whiff of August 1945,” Michael Hayden, former director of the NSA and the CIA, said in a speech. “Somebody just used a new weapon, and this weapon will not be put back in the box.”

Now, in Ukraine, the quintessential cyberwar scenario has come to life. Twice. On separate occasions, invisible saboteurs have turned off the electricity to hundreds of thousands of people. Each blackout lasted a matter of hours, only as long as it took for scrambling engineers to manually switch the power on again. But as proofs of concept, the attacks set a new precedent: In Russia’s shadow, the decades-old nightmare of hackers stopping the gears of modern society has become a reality.
And the blackouts weren’t just isolated attacks. They were part of a digital blitzkrieg that has pummeled Ukraine for the past three years—a sustained cyber­assault unlike any the world has ever seen. A hacker army has systematically undermined practically every sector of Ukraine: media, finance, transportation, military, politics, energy. Wave after wave of intrusions have deleted data, destroyed computers, and in some cases paralyzed organizations’ most basic functions. “You can’t really find a space in Ukraine where there hasn’t been an attack,” says Kenneth Geers, a NATO ambassador who focuses on cybersecurity.
In a public statement in December, Ukraine’s president, Petro Poroshenko, reported that there had been 6,500 cyberattacks on 36 Ukrainian targets in just the previous two months. International cybersecurity analysts have stopped just short of conclusively attributing these attacks to the Kremlin, but Poroshenko didn’t hesitate: Ukraine’s investigations, he said, point to the “direct or indirect involvement of secret services of Russia, which have unleashed a cyberwar against our country.” (The Russian foreign ministry didn’t respond to multiple requests for comment.)
To grasp the significance of these assaults—and, for that matter, to digest much of what’s going on in today’s larger geopolitical disorder—it helps to understand Russia’s uniquely abusive relationship with its largest neighbor to the west. Moscow has long regarded Ukraine as both a rightful part of Russia’s empire and an important territorial asset—a strategic buffer between Russia and the powers of NATO, a lucrative pipeline route to Europe, and home to one of Russia’s few accessible warm-water ports. For all those reasons, Moscow has worked for generations to keep Ukraine in the position of a submissive smaller sibling.
But over the past decade and a half, Moscow’s leash on Ukraine has frayed, as popular support in the country has pulled toward NATO and the European Union. In 2004, Ukrainian crowds in orange scarves flooded the streets to protest Moscow’s rigging of the country’s elections; that year, Russian agents allegedly went so far as to poison the surging pro-Western presidential candidate Viktor Yushchenko. A decade later, the 2014 Ukrainian Revolution finally overthrew the country’s Kremlin-­backed president, Viktor Yanukovych (a leader whose longtime political adviser, Paul Manafort, would go on to run the US presidential campaign of Donald Trump). Russian troops promptly annexed the Crimean Peninsula in the south and invaded the Russian-­speaking eastern region known as Donbass. Ukraine has since then been locked in an undeclared war with Russia, one that has displaced nearly 2 million internal refugees and killed close to 10,000 Ukrainians.
“Russia will never accept a sovereign, independent Ukraine. Twenty-­five years since the Soviet collapse, Russia is still sick with this imperialistic syndrome.”
From the beginning, one of this war’s major fronts has been digital. Ahead of Ukraine’s post-revolution 2014 elections, a pro-­Russian group calling itself CyberBerkut—an entity with links to the Kremlin hackers who later breached Democratic targets in America’s 2016 presidential election—rigged the website of the country’s Central Election Commission to announce ultra-right presidential candidate Dmytro Yarosh as the winner. Administrators detected the tampering less than an hour before the election results were set to be declared. And that attack was just a prelude to Russia’s most ambitious experiment in digital war, the barrage of cyberattacks that began to accelerate in the fall of 2015 and hasn’t ceased since.
Yushchenko, who ended up serving as Ukraine’s president from 2005 to 2010, believes that Russia’s tactics, online and off, have one single aim: “to destabilize the situation in Ukraine, to make its government look incompetent and vulnerable.” He lumps the blackouts and other cyberattacks together with the Russian disinformation flooding Ukraine’s media, the terroristic campaigns in the east of the country, and his own poisoning years ago—all underhanded moves aimed at painting Ukraine as a broken nation. “Russia will never accept Ukraine being a sovereign and independent country,” says Yushchenko, whose face still bears traces of the scars caused by dioxin toxicity. “Twenty-­five years since the Soviet collapse, Russia is still sick with this imperialistic syndrome.”
But many global cybersecurity analysts have a much larger theory about the endgame of Ukraine’s hacking epidemic: They believe Russia is using the country as a cyberwar testing ground—a laboratory for perfecting new forms of global online combat. And the digital explosives that Russia has repeatedly set off in Ukraine are ones it has planted at least once before in the civil infrastructure of the United States.
One Sunday morning in October 2015, more than a year before Yasinsky would look out of his kitchen window at a blacked-out skyline, he sat near that same window sipping tea and eating a bowl of cornflakes. His phone rang with a call from work. He was then serving as the director of information security at StarLightMedia, Ukraine’s largest TV broadcasting conglomerate. During the night, two of StarLight’s servers had inexplicably gone offline. The IT administrator on the phone assured him that the servers had already been restored from backups.

But Yasinsky felt uneasy. The two machines had gone dark at almost the same minute. “One server going down, it happens,” Yasinsky says. “But two servers at the same time? That’s suspicious.”
Resigned to a lost weekend, he left his apartment and took the 40-minute metro ride to StarLightMedia’s office. When he got there, Yasinsky and the company’s IT admins examined the image they’d kept of one of the corrupted servers. Its master boot record, the deep-seated, reptile-brain portion of a computer’s hard drive that tells the machine where to find its own operating system, had been precisely overwritten with zeros. This was especially troubling, given that the two victim servers were domain controllers, computers with powerful privileges that could be used to reach into hundreds of other machines on the corporate network.

Yasinsky printed the code and laid the papers across his kitchen table and floor. He'd been in information security for 20 years, but he’d never analyzed such a refined digital weapon.
Yasinsky quickly discovered the attack was indeed far worse than it had seemed: The two corrupted servers had planted malware on the laptops of 13 StarLight employees. The infection had triggered the same boot-record overwrite technique to brick the machines just as staffers were working to prepare a morning TV news bulletin ahead of the country’s local elections.

Nonetheless, Yasinsky could see he’d been lucky. Looking at StarLight’s network logs, it appeared the domain controllers had committed suicide prematurely. They’d actually been set to infect and destroy 200 more PCs at the company. Soon Yasinsky heard from a competing media firm called TRK that it had been less fortunate: That company lost more than a hundred computers to an identical attack.

Yasinsky managed to pull a copy of the destructive program from StarLight’s network. Back at home, he pored over its code. He was struck by the layers of cunning obfuscation—the malware had evaded all antivirus scans and even impersonated an antivirus scanner itself, Microsoft’s Windows Defender. After his family had gone to sleep, Yasinsky printed the code and laid the papers across his kitchen table and floor, crossing out lines of camouflaging characters and highlighting commands to see its true form. Yasinsky had been working in information security for 20 years; he’d managed massive networks and fought off crews of sophisticated hackers before. But he’d never analyzed such a refined digital weapon.

“With every step forward, it became clearer that our Titanic had found its iceberg. The deeper we looked, the bigger it was.”
Beneath all the cloaking and misdirection, Yasinsky figured out, was a piece of malware known as KillDisk, a data-destroying parasite that had been circulating among hackers for about a decade. To understand how it got into their system, Yasinsky and two colleagues at StarLight obsessively dug into the company’s network logs, combing them again and again on nights and weekends. By tracing signs of the hackers’ finger­prints—some compromised corporate YouTube accounts, an administrator’s network login that had remained active even when he was out sick—they came to the stomach-turning realization that the intruders had been inside their system for more than six months. Eventually, Yasinsky identified the piece of malware that had served as the hackers’ initial foothold: an all-­purpose Trojan known as BlackEnergy.
Soon Yasinsky began to hear from colleagues at other companies and in the government that they too had been hacked, and in almost exactly the same way. One attack had hit Ukrzaliznytsia, Ukraine’s biggest railway company. Other targets asked Yasinsky to keep their breaches secret. Again and again, the hackers used BlackEnergy for access and reconnaissance, then KillDisk for destruction. Their motives remained an enigma, but their marks were everywhere.

“With every step forward, it became clearer that our Titanic had found its iceberg,” says Yasinsky. “The deeper we looked, the bigger it was.”
Even then, Yasinsky didn’t know the real dimensions of the threat. He had no idea, for instance, that by December 2015, BlackEnergy and KillDisk were also lodged inside the computer systems of at least three major Ukrainian power companies, lying in wait.

CURT MERLO
At first, Robert Lee blamed the squirrels.

It was Christmas Eve 2015—and also, it so happened, the day before Lee was set to be married in his hometown of Cullman, Alabama. A barrel-chested and bearded redhead, Lee had recently left a high-level job at a three-letter US intelligence agency, where he’d focused on the cybersecurity of critical infrastructure. Now he was settling down to launch his own security startup and marry the Dutch girlfriend he’d met while stationed abroad.
As Lee busied himself with wedding preparations, he saw news headlines claiming that hackers had just taken down a power grid in western Ukraine. A significant swath of the country had apparently gone dark for six hours. Lee blew off the story—he had other things on his mind, and he’d heard spurious claims of hacked grids plenty of times before. The cause was usually a rodent or a bird—the notion that squirrels represented a greater threat to the power grid than hackers had become a running joke in the industry.
The next day, however, just before the wedding itself, Lee got a text about the purported cyberattack from Mike Assante, a security researcher at the SANS Institute, an elite cybersecurity training center. That got Lee’s attention: When it comes to digital threats to power grids, Assante is one of the most respected experts in the world. And he was telling Lee that the Ukraine blackout hack looked like the real thing.
The hackers had spread through the power companies’ networks and eventually compromised a VPN used for remote access.

Just after Lee had said his vows and kissed his bride, a contact in Ukraine messaged him as well: The blackout hack was real, the man said, and he needed Lee’s help. For Lee, who’d spent his career preparing for infrastructure cyberattacks, the moment he’d anticipated for years had finally arrived. So he ditched his own reception and began to text with Assante in a quiet spot, still in his wedding suit.
Lee eventually retreated to his mother’s desktop computer in his parents’ house nearby. Working in tandem with Assante, who was at a friend’s Christmas party in rural Idaho, they pulled up maps of Ukraine and a chart of its power grid. The three power companies’ substations that had been hit were in different regions of the country, hundreds of miles from one another and unconnected. “This was not a squirrel,” Lee concluded with a dark thrill.

By that night, Lee was busy dissecting the KillDisk malware his Ukrainian contact had sent him from the hacked power companies, much as Yasinsky had done after the StarLightMedia hack months before. (“I have a very patient wife,” Lee says.) Within days, he’d received a sample of the BlackEnergy code and forensic data from the attacks. Lee saw how the intrusion had started with a phishing email impersonating a message from the Ukrainian parliament. A malicious Word attachment had silently run a script on the victims’ machines, planting the BlackEnergy infection. From that foothold, it appeared, the hackers had spread through the power companies’ networks and eventually compromised a VPN the companies had used for remote access to their network—including the highly specialized industrial control software that gives operators remote command over equipment like circuit breakers.

The same group that snuffed out the lights for nearly a quarter-­million Ukrainians had infected American electric utilities with the very same malware.
Looking at the attackers’ methods, Lee began to form a notion of who he was up against. He was struck by similarities between the blackout hackers’ tactics and those of a group that had recently gained some notoriety in the cybersecurity world—a group known as Sandworm. In 2014 the security firm FireEye had issued warnings about a team of hackers that was planting BlackEnergy malware on targets that included Polish energy firms and Ukrainian government agencies; the group seemed to be developing methods to target the specialized computer architectures that are used for remotely managing physical industrial equipment. The group’s name came from references to Dune found buried in its code, terms like Harkonnen and Arrakis, an arid planet in the novel where massive sandworms roam the deserts.
No one knew much about the group’s intentions. But all signs indicated that the hackers were Russian: FireEye had traced one of Sandworm’s distinctive intrusion techniques to a presentation at a Russian hacker conference. And when FireEye’s engineers managed to access one of Sandworm’s unsecured command-and-control servers, they found instructions for how to use BlackEnergy written in Russian, along with other Russian-language files.

Most disturbing of all for American analysts, Sandworm’s targets extended across the Atlantic. Earlier in 2014, the US government reported that hackers had planted BlackEnergy on the networks of American power and water utilities. Working from the government’s findings, FireEye had been able to pin those intrusions, too, on Sandworm.

For Lee, the pieces came together: It looked like the same group that had just snuffed out the lights for nearly a quarter-­million Ukrainians had not long ago infected the computers of American electric utilities with the very same malware.

It had been just a few days since the Christmas blackout, and Assante thought it was too early to start blaming the attack on any particular hacker group—not to mention a government. But in Lee’s mind, alarms went off. The Ukraine attack represented something more than a faraway foreign case study. “An adversary that had already targeted American energy utilities had crossed the line and taken down a power grid,” Lee says. “It was an imminent threat to the United States.”

On a cold, bright day a few weeks later, a team of Americans arrived in Kiev. They assembled at the Hyatt, a block from the golden-domed Saint Sophia Cathedral. Among them were staff from the FBI, the Department of Energy, the Department of Homeland Security, and the North American Electric Reliability Corporation, the body responsible for the stability of the US grid, all part of a delegation that had been assigned to get to the bottom of the Ukrainian blackout.

The Feds had also flown Assante in from Wyoming. Lee, a hotter head than his friend, had fought with the US agencies over their penchant for secrecy, insisting that the details of the attack needed to be publicized immediately. He hadn’t been invited.

On that first day, the suits gathered in a sterile hotel conference room with the staff of Kyivoblenergo, the city’s regional power distribution company and one of the three victims of the power grid attacks. Over the next several hours, the Ukrainian company’s stoic execs and engineers laid out the blow-by-blow account of a comprehensive, almost torturous raid on their network.

“The message was, ‘I’m going to make you feel this everywhere.’ These attackers must have seemed like they were gods.”
As Lee and Assante had noticed, the malware that infected the energy companies hadn’t contained any commands capable of actually controlling the circuit breakers. Yet on the afternoon of December 23, Kyivoblenergo employees had watched helplessly as circuit after circuit was opened in dozens of substations across a Massachusetts-sized region, seemingly commanded by computers on their network that they couldn’t see. In fact, Kyivoblenergo’s engineers determined that the attackers had set up their own perfectly configured copy of the control software on a PC in a faraway facility and then had used that rogue clone to send the commands that cut the power.
Once the circuit breakers were open and the power for tens of thousands of Ukrainians had gone dead, the hackers launched another phase of the attack. They’d overwritten the firmware of the substations’ serial-to-­ethernet converters—tiny boxes in the stations’ server closets that translated internet protocols to communicate with older equipment. By rewriting the obscure code of those chunks of hardware—a trick that likely took weeks to devise—the hackers had permanently bricked the devices, shutting out the legitimate operators from further digital control of the breakers. Sitting at the conference room table, Assante marveled at the thoroughness of the operation.

The hackers also left one of their usual calling cards, running KillDisk to destroy a handful of the company’s PCs. But the most vicious element of the attack struck the control stations’ battery backups. When the electricity was cut to the region, the stations themselves also lost power, throwing them into darkness in the midst of their crisis. With utmost precision, the hackers had engineered a blackout within a blackout.
“The message was, ‘I’m going to make you feel this everywhere.’ Boom boom boom boom boom boom boom,” Assante says, imagining the attack from the perspective of a bewildered grid operator. “These attackers must have seemed like they were gods.”

That night, the team boarded a flight to the western Ukrainian city of Ivano-Frankivsk, at the foot of the Carpathian Mountains, arriving at its tiny Soviet-­era airport in a snowstorm. The next morning they visited the headquarters of Prykarpattyaoblenergo, the power company that had taken the brunt of the pre-Christmas attack.
The power company executives politely welcomed the Americans into their modern building, under the looming smokestacks of the abandoned coal power plant in the same complex. Then they invited them into their boardroom, seating them at a long wooden table beneath an oil painting of the aftermath of a medieval battle.

Before their eyes, phantom hands clicked through dozens of breakers—each serving power to a different swath of the region—and one by one by one, turned them cold.
The attack they described was almost identical to the one that hit Kyivoblenergo: BlackEnergy, corrupted firmware, disrupted backup power systems, KillDisk. But in this operation, the attackers had taken another step, bombarding the company’s call centers with fake phone calls—possibly to delay any warnings of the power outage from customers or simply to add another layer of chaos and humiliation.
There was another difference too. When the Americans asked whether, as in Kiev, cloned control software had sent the commands that shut off the power, the Prykarpattyaoblenergo engineers said no, that their circuit breakers had been opened by another method. That’s when the company’s technical director, a tall, serious man with black hair and ice-blue eyes, cut in. Rather than try to explain the hackers’ methods to the Americans through a translator, he offered to show them, clicking Play on a video he’d recorded himself on his battered iPhone 5s.


The 56-second clip showed a cursor moving around the screen of one of the computers in the company’s control room. The pointer glides to the icon for one of the breakers and clicks a command to open it. The video pans from the computer’s Samsung monitor to its mouse, which hasn’t budged. Then it shows the cursor moving again, seemingly of its own accord, hovering over a breaker and attempting again to cut its flow of power as the engineers in the room ask one another who’s controlling it.

The hackers hadn’t sent their blackout commands from automated malware, or even a cloned machine as they’d done at Kyivoblenergo. Instead, the intruders had exploited the company’s IT helpdesk tool to take direct control of the mouse movements of the stations’ operators. They’d locked the operators out of their own user interface. And before their eyes, phantom hands had clicked through dozens of breakers—each serving power to a different swath of the region—and one by one by one, turned them cold.

In August 2016, eight months after the first Christmas blackout, Yasinsky left his job at StarLightMedia. It wasn’t enough, he decided, to defend a single company from an onslaught that was hitting every stratum of Ukrainian society. To keep up with the hackers, he needed a more holistic view of their work, and Ukraine needed a more coherent response to the brazen, prolific organization that Sandworm had become. “The light side remains divided,” he says of the balkanized reaction to the hackers among their victims. “The dark side is united.”
So Yasinsky took a position as the head of research and forensics for a Kiev firm called Information Systems Security Partners. The company was hardly a big name. But Yasinsky turned it into a de facto first responder for victims of Ukraine’s digital siege.

Not long after Yasinsky switched jobs, almost as if on cue, the country came under another, even broader wave of attacks. He ticks off the list of casualties: Ukraine’s pension fund, the country’s treasury, its seaport authority, its ministries of infrastructure, defense, and finance. The hackers again hit Ukraine’s railway company, this time knocking out its online booking system for days, right in the midst of the holiday travel season. As in 2015, most of the attacks culminated with a KillDisk-style detonation on the target’s hard drive. In the case of the finance ministry, the logic bomb deleted terabytes of data, just as the ministry was preparing its budget for the next year. All told, the hackers’ new winter onslaught matched and exceeded the previous year’s—right up to its grand finale.

On December 16, 2016, as Yasinsky and his family sat watching Snowden, a young engineer named Oleg Zaychenko was four hours into his 12-hour night shift at Ukrenergo’s transmission station just north of Kiev. He sat in an old Soviet-­era control room, its walls covered in beige and red floor-to-ceiling analog control panels. The station’s tabby cat, Aza, was out hunting; all that kept Zaychenko company was a television in the corner playing pop music videos.

The 20th and final circuit switched off and the lights in the control room went out, along with the computer and TV.
He was filling out a paper-and-pencil log, documenting another uneventful Saturday evening, when the station’s alarm suddenly sounded, a deafening continuous ringing. To his right Zaychenko saw that two of the lights indicating the state of the transmission system’s circuits had switched from red to green—in the universal language of electrical engineers, a sign that it was off.

The technician picked up the black desk phone to his left and called an operator at Ukrenergo’s headquarters to alert him to the routine mishap. As he did, another light turned green. Then another. Zaychenko’s adrenaline began to kick in. As he hurriedly explained the situation to the remote operator, the lights kept flipping: red to green, red to green. Eight, then 10, then 12.
As the crisis escalated, the operator ordered Zaychenko to run outside and check the equipment for physical damage. At that moment, the 20th and final circuit switched off and the lights in the control room went out, along with the computer and TV. Zaychenko was already throwing a coat over his blue and yellow uniform and sprinting for the door.

The transmission station is normally a vast, buzzing jungle of electrical equipment stretching over 20 acres, the size of more than a dozen football fields. But as Zaychenko came out of the building into the freezing night air, the atmosphere was eerier than ever before: The three tank-sized transformers arrayed alongside the building, responsible for about a fifth of the capital’s electrical capacity, had gone entirely silent. Until then Zaychenko had been mechanically ticking through an emergency mental checklist. As he ran past the paralyzed machines, the thought entered his mind for the first time: The hackers had struck again.
This time the attack had moved up the circulatory system of Ukraine’s grid. Instead of taking down the distribution stations that branch off into capillaries of power lines, the saboteurs had hit an artery. That single Kiev transmission station carried 200 megawatts, more total electric load than all the 50-plus distribution stations knocked out in the 2015 attack combined. Luckily, the system was down for just an hour—hardly long enough for pipes to start freezing or locals to start panicking—before Ukrenergo’s engineers began manually closing circuits and bringing everything back online.

But the brevity of the outage was virtually the only thing that was less menacing about the 2016 blackout. Cybersecurity firms that have since analyzed the attack say that it was far more evolved than the one in 2015: It was executed by a highly sophisticated, adaptable piece of malware now known as "CrashOverride," a program expressly coded to be an automated, grid-killing weapon.

Lee’s critical infrastructure security startup, Dragos, is one of two firms that have pored through the malware's code; Dragos obtained it from a Slovakian security outfit called ESET. The two teams found that, during the attack, CrashOverride was able to “speak” the language of the grid’s obscure control system protocols, and thus send commands directly to grid equipment. In contrast to the laborious phantom-mouse and cloned-PC techniques the hackers used in 2015, this new software could be programmed to scan a victim’s network to map out targets, then launch at a preset time, opening circuits on cue without even having an internet connection back to the hackers. In other words, it's the first malware found in the wild since Stuxnet that's designed to independently sabotage physical infrastructure.
“In 2015 they were like a group of brutal street fighters. In 2016, they were ninjas.”

And CrashOverride isn’t just a one-off tool, tailored only to Ukrenergo’s grid. It’s a reusable and highly adaptable weapon of electric utility disruption, researchers say. Within the malware’s modular structure, Ukrenergo’s control system protocols could easily be swapped out and replaced with ones used in other parts of Europe or the US instead.

Marina Krotofil, an industrial control systems security researcher for Honeywell who also analyzed the Ukrenergo attack, describes the hackers’ methods as simpler and far more efficient than the ones used in the previous year’s attack. “In 2015 they were like a group of brutal street fighters,” Krotofil says. “In 2016, they were ninjas.” But the hackers themselves may be one and the same; Dragos’ researchers have identified the architects of CrashOverride as part of Sandworm, based on evidence that Dragos is not yet ready to reveal.

For Lee, these are all troubling signs of Sandworm’s progress. I meet him in the bare-bones offices of his Baltimore-based critical infrastructure security firm, Dragos. Outside his office window looms a series of pylons holding up transmission lines. Lee tells me that they carry power 18 miles south, to the heart of Washington, DC.

For the first time in history, Lee points out, a group of hackers has shown that it’s willing and able to attack critical infrastructure. They’ve refined their techniques over multiple, evolving assaults. And they’ve already planted BlackEnergy malware on the US grid once before. “The people who understand the US power grid know that it can happen here,” Lee says.

To Sandworm’s hackers, Lee says, the US could present an even more convenient set of targets should they ever decide to strike the grid here. US power firms are more attuned to cybersecurity, but they are also more automated and modern than those in Ukraine—which means they could present more of a digital “attack surface.” And American engineers have less experience with manual recovery from frequent blackouts.
“Tell me what doesn’t change dramatically when key cities across half of the US don’t have power for a month.”
No one knows how, or where, Sandworm’s next attacks will materialize. A future breach might target not a distribution or transmission station but an actual power plant. Or it could be designed not simply to turn off equipment but to destroy it. In 2007 a team of researchers at Idaho National Lab, one that included Mike Assante, demonstrated that it’s possible to hack electrical infrastructure to death: The so-called Aurora experiment used nothing but digital commands to permanently wreck a 2.25-megawatt diesel generator. In a video of the experiment, a machine the size of a living room coughs and belches black and white smoke in its death throes. Such a generator is not all that different from the equipment that sends hundreds of megawatts to US consumers; with the right exploit, it’s possible that someone could permanently disable power-generation equipment or the massive, difficult-to-replace transformers that serve as the backbone of our transmission system. “Washington, DC? A nation-state could take it out for two months without much issue,” Lee says.

In fact, in its analysis of CrashOverride, ESET found that the malware may already include one of the ingredients for that kind of destructive attack. ESET’s researchers noted that CrashOverride contains code designed to target a particular Siemens device found in power stations—a piece of equipment that functions as a kill-switch to prevent dangerous surges on electric lines and transformers. If CrashOverride is able to cripple that protective measure, it might already be able to cause permanent damage to grid hardware.

An isolated incident of physical destruction may not even be the worst that hackers can do. The American cybersecurity community often talks about “advanced persistent threats”—sophisticated intruders who don’t simply infiltrate a system for the sake of one attack but stay there, silently keeping their hold on a target. In his nightmares, Lee says, American infrastructure is hacked with this kind of persistence: transportation networks, pipelines, or power grids taken down again and again by deep-rooted adversaries. “If they did that in multiple places, you could have up to a month of outages across an entire region,” he says. “Tell me what doesn’t change dramatically when key cities across half of the US don’t have power for a month.”
It’s one thing, though, to contemplate what an actor like Russia could do to the American grid; it’s another to contemplate why it would. A grid attack on American utilities would almost certainly result in immediate, serious retaliation by the US. Some cybersecurity analysts argue that Russia’s goal is simply to hem in America’s own cyberwar strategy: By turning the lights out in Kiev—and by showing that it’s capable of penetrating the American grid—Moscow sends a message warning the US not to try a Stuxnet-style attack on Russia or its allies, like Syrian dictator Bashar al-Assad. In that view, it’s all a game of deterrence.
“It would be hard to say we’re not vulnerable. Anything connected to something else is vulnerable.”
But Lee, who was involved in war-game scenarios during his time in intelligence, believes Russia might actually strike American utilities as a retaliatory measure if it ever saw itself as backed into a corner—say, if the US threatened to interfere with Moscow’s military interests in Ukraine or Syria. “When you deny a state’s ability to project power, it has to lash out,” Lee says.

People like Lee have, of course, been war-gaming these nightmares for well over a decade. And for all the sophistication of the Ukraine grid hacks, even they didn’t really constitute a catastrophe; the lights did, after all, come back on. American power companies have already learned from Ukraine’s victimization, says Marcus Sachs, chief security officer of the North American Electric Reliability Corporation. After the 2015 attack, Sachs says, NERC went on a road show, meeting with power firms to hammer into them that they need to shore up their basic cybersecurity practices and turn off remote access to their critical systems more often. “It would be hard to say we’re not vulnerable. Anything connected to something else is vulnerable,” Sachs says. “To make the leap and suggest that the grid is milliseconds away from collapse is irresponsible.”

But for those who have been paying attention to Sandworm for almost three years, raising an alarm about the potential for an attack on the US grid is no longer crying wolf. For John Hultquist, head of the team of researchers at FireEye that first spotted and named the Sandworm group, the wolves have arrived. “We’ve seen this actor show a capability to turn out the lights and an interest in US systems,” Hultquist says. Three weeks after the 2016 Kiev attack, he wrote a prediction on Twitter and pinned it to his profile for posterity: “I swear, when Sandworm Team finally nails Western critical infrastructure, and folks react like this was a huge surprise, I’m gonna lose it.”

CURT MERLO
The headquarters of Yasinsky’s firm, Information Systems Security Partners, occupies a low-lying building in an industrial neighborhood of Kiev, surrounded by muddy sports fields and crumbling gray high-rises—a few of Ukraine’s many lingering souvenirs from the Soviet Union. Inside, Yasinsky sits in a darkened room behind a round table that’s covered in 6-foot-long network maps showing nodes and connections of Borgesian complexity. Each map represents the timeline of an intrusion by Sandworm. By now, the hacker group has been the consuming focus of his work for nearly two years, going back to that first attack on StarLightMedia.

Yasinsky says he has tried to maintain a dispassionate perspective on the intruders who are ransacking his country. But when the blackout extended to his own home four months ago, it was “like being robbed,” he tells me. “It was a kind of violation, a moment when you realize your own private space is just an illusion.”
Yasinsky says there’s no way to know exactly how many Ukrainian institutions have been hit in the escalating campaign of cyberattacks; any count is liable to be an underestimate. For every publicly known target, there’s at least one secret victim that hasn’t admitted to being breached—and still other targets that haven’t yet discovered the intruders in their systems.

“They’re testing out red lines, what they can get away with. You push and see if you’re pushed back. If not, you try the next step.”
When we meet in ISSP’s offices, in fact, the next wave of the digital invasion is already under way. Behind Yasinsky, two younger, bearded staffers are locked into their keyboards and screens, pulling apart malware that the company obtained just the day before from a new round of phishing emails. The attacks, Yasinsky has noticed, have settled into a seasonal cycle: During the first months of the year, the hackers lay their groundwork, silently penetrating targets and spreading their foothold. At the end of the year, they unleash their payload. Yasinsky knows by now that even as he’s analyzing last year’s power grid attack, the seeds are already being sown for 2017’s December surprises.

Bracing for the next round, Yasinsky says, is like “studying for an approaching final exam.” But in the grand scheme, he thinks that what Ukraine has faced for the past three years may have been just a series of practice tests.
He sums up the attackers’ intentions until now in a single Russian word: poligon. A training ground. Even in their most damaging attacks, Yasinsky observes, the hackers could have gone further. They could have destroyed not just the Ministry of Finance’s stored data but its backups too. They probably could have knocked out Ukrenergo’s transmission station for longer or caused permanent, physical harm to the grid, he says—a restraint that American analysts like Assante and Lee have also noted. “They’re still playing with us,” Yasinsky says. Each time, the hackers retreated before accomplishing the maximum possible damage, as if reserving their true capabilities for some future operation.

Many global cybersecurity analysts have come to the same conclusion. Where better to train an army of Kremlin hackers in digital combat than in the no-holds-barred atmosphere of a hot war inside the Kremlin’s sphere of influence? “The gloves are off. This is a place where you can do your worst without retaliation or prosecution,” says Geers, the NATO ambassador. “Ukraine is not France or Germany. A lot of Americans can’t find it on a map, so you can practice there.” (At a meeting of diplomats in April, US secretary of state Rex Tillerson went so far as to ask, “Why should US taxpayers be interested in Ukraine?”)

In that shadow of neglect, Russia isn’t only pushing the limits of its technical abilities, says Thomas Rid, a professor in the War Studies department at King’s College London. It’s also feeling out the edges of what the international community will tolerate. The Kremlin meddled in the Ukrainian election and faced no real repercussions; then it tried similar tactics in Germany, France, and the United States. Russian hackers turned off the power in Ukraine with impunity—and, well, the syllogism isn’t hard to complete. “They’re testing out red lines, what they can get away with,” Rid says. “You push and see if you’re pushed back. If not, you try the next step.”

What will that next step look like? In the dim back room at ISSP’s lab in Kiev, Yasinsky admits he doesn’t know. Perhaps another blackout. Or maybe a targeted attack on a water facility. “Use your imagination,” he suggests drily.
Behind him the fading afternoon light glows through the blinds, rendering his face a dark silhouette. “Cyberspace is not a target in itself,” Yasinsky says. “It’s a medium.” And that medium connects, in every direction, to the machinery of civilization itself.
https://www.wired.com/story/russian-hac ... k-ukraine/
Mazars and Deutsche Bank could have ended this nightmare before it started.
They could still get him out of office.
But instead, they want mass death.
Don’t forget that.
User avatar
seemslikeadream
 
Posts: 32090
Joined: Wed Apr 27, 2005 11:28 pm
Location: into the black
Blog: View Blog (83)

Re: The first global cyber war has begun

Postby seemslikeadream » Fri Jun 23, 2017 11:01 pm

WATCH HACKERS TAKE OVER THE MOUSE OF A POWER-GRID COMPUTER


THE BEST WORK of hackers tends to remain invisible. But when sophisticated intruders broke into the computer networks of regional energy firms in Ukraine in 2015 and cut power to roughly a quarter million people, their tampering didn't go unnoticed. In this rare instance, the staff of one of those electric utilities managed to capture the hackers' handiwork on video, which you can watch above.
Two days before Christmas in 2015, engineers at the Prykkarpatyaoblenergo regional energy company in Western Ukraine found themselves locked out of their PCs. More troubling still, their mouse cursors moved of their own accord. The workers watched as hackers methodically clicked on circuit breakers in their grid operation software, each time opening the breakers and cutting power to another swath of the region.

RELATED STORIES

ANDY GREENBERG
How An Entire Nation Became Russia's Test Lab for Cyberwar

ANDY GREENBERG
'Crash Override': The Malware That Took Down a Power Grid

P.W. SINGER
How America Can Beat Russia in Cyber War, Despite Trump

In the process of reporting our cover story on those blackouts— and the larger cyberwar affecting Ukraine—WIRED obtained a video that one of those engineers shot with his iPhone, recording a "phantom mouse" attack as it happened. The PC shown in the video was a test unit, not actually connected to Prykkarpatyaoblenergo's grid equipment. But hackers used the same attack on every other networked computer connected to the company's live electric-control systems, spurring six-hours of blackouts that extended to the Ukrainian city of Ivano-Frankivsk.
In WIRED's investigation of that breach and another blackout that occurred in Ukraine a year later, we've tracked the evolution of those hackers: How they've graduated to using a digital weapon known as CrashOverride that can trigger Stuxnet-style automated attacks on infrastructure, and how those attacks may just be tests for future operations—perhaps against the United States. Read the full story here.
https://www.wired.com/story/video-hacke ... ter-mouse/
Mazars and Deutsche Bank could have ended this nightmare before it started.
They could still get him out of office.
But instead, they want mass death.
Don’t forget that.
User avatar
seemslikeadream
 
Posts: 32090
Joined: Wed Apr 27, 2005 11:28 pm
Location: into the black
Blog: View Blog (83)

PreviousNext

Return to General Discussion

Who is online

Users browsing this forum: No registered users and 38 guests