Sean Gallagher
How they did it (and will likely try again): GRU hackers vs. US elections
In a recent press briefing, Deputy Attorney General Rod Rosenstein announced that the grand jury assembled by Special Counsel Robert Mueller had returned an indictment against 12 officers of Russia's Main Intelligence Directorate of the Russian General Staff (better known as Glavnoye razvedyvatel'noye upravleniye, or GRU).
Facebook scraped call, text message data for years from Android phones
Recently, a New Zealand man was looking through the data Facebook had collected from him in an archive he had pulled down from the social networking site. While scanning the information Facebook had stored about his contacts, Dylan McKay discovered something distressing: Facebook also had about two years' worth of phone call metadata from his Android phone, including names, phone numbers, and the length of each call made or received. Facebook uses phone-contact data as part of its friend recommendation algorithm.
Millions of comments sent to FCC through bulk system used fake email addresses
Federal Communications Commission Chairman Ajit Pai actually allowed the weight of public comments on the FCC's proposed changes to network neutrality regulations to sway (or confirm) his position, he seems to have given more credence to the "opinions" of spam-generating software "bots" than actual citizens, researchers have found. Leah Figueroa, lead data engineer at the data analytics software company Gravwell, presented a detailed analysis of the public comments submitted to the FCC regarding network neutrality.
More, cheaper, bigger, faster: The defense and cyber strategy of Donald Trump
Since Election Day, President-elect Donald Trump has taken an inordinate interest in some of the minutia of defense policy. His tweets (particularly about the F-35 Joint Strike Fighter and the Air Force One presidential aircraft replacement program) have sent shockwaves through the defense industry. The same is true of the cyber realm—particularly in his treatment of the intelligence community that currently dominates the US' cyber-defense capabilities.
The one thing that is certain is that Trump wants more muscle in both departments, urging an increase in the number of troops, ships, planes, and weapons deployed by the Department of Defense; the end of defense budget sequestration; and an expansion of the US nuclear and ballistic missile defense arsenal. And he has also pledged a new focus on offensive "cyber" capabilities, as outlined by his campaign, "to deter attacks by both state and non-state actors and, if necessary, to respond appropriately." That sort of aggressive posture is not a surprise. But the policies that will drive the use of those physical and digital forces are still a bit murky. Considering the position Trump has taken regarding the North Atlantic Treaty Organization (NATO) and his attitudes toward Russia, Trump's statements may hint at a desire for a Fortress America—armed to the teeth and going it alone in every domain of conflict.
WikiLeaks founder Assange’s Internet “intentionally severed by state party”
WikiLeaks announced via its Twitter account that WikiLeaks founder Julian Assange's Internet connection had been cut off, blaming a "state party" for the outage. Assange, who has been ensconced in the Ecuadorian embassy in London since he sought asylum there over four years ago to avoid extradition, has been "detained in absentia" by the Swedish government for questioning on allegations of rape. Other lesser allegations have been dropped because they have passed the time allowed by Sweden's statute of limitations. The announcement comes after the postponement of an interview of Assange by Swedish authorities at the Ecuadorian embassy by Ecuador's Attorney General's office. The interview was pushed back by Ecuador until November 17 "to make it possible for Assange's lawyer to attend." WikiLeaks also announced that it had "activated the appropriate contingency plans" in response to the communication outage.
That plan may be related to other posts made from the WikiLeaks account overnight referring to three "precommitments"—one regarding the UK's Foreign & Commonwealth Office (UK FOS), one labeled "John Kerry," and one labeled "Ecuador." The posts included long alphanumeric strings that may have been encryption keys for files already prepositioned on the Internet. "Precommitment" is a term often associated with the concept of a "dead man's switch"—an automated response to an attack that would otherwise leave the target unable to respond, usually intended as a deterrent. It's possible that Assange made arrangements for a "dead man's switch" release of content about the UK Foreign Office, Ecuador and Secretary of State John Kerry that were intended to prevent them from taking action against him at the embassy. If the code associated with the three "precommitments" are in fact cryptographic keys, then that "dead man's switch" has been activated by Wikileaks.
Former Justice official: US' own electoral meddling leaves little room for complaint
Even if the Russian government was behind the hack of the Democratic National Committee (DNC) and various other political organizations and figures, the US government's options under international law are extremely limited, according to Jack Goldsmith, a Harvard law professor and former US assistant attorney general. Goldsmith, who served at the Justice Department during the administration of George W. Bush and resigned after a dispute over the legal justifications for "enhanced interrogation" techniques, spoke about the DNC hack during a Yale University panel.
"Assuming that the attribution is accurate," Goldsmith said, "the US has very little basis for a principled objection." In regard to the theft of data from the DNC and others, Goldsmith said that "it's hard to say that it violates international law, and the US acknowledges that it engages in the theft of foreign political data all the time." As far as the publication of the stolen data in a way intended to interfere with the US presidential election, Goldsmith noted that the US has a long history of interference in other countries' politics. "Misinformation campaigns are a core element of what the [Central Intelligence Agency] has done" since it was created, he said.
FBI report: Clinton had limited knowledge of classified data procedures
On Sept 2, the Federal Bureau of Investigations published a 58-page redacted memorandum on the investigation of the mishandling of classified information by former Secretary of State Hillary Clinton. The memo includes details from Clinton's interview with the FBI and a summary of other interviews the FBI conducted during the yearlong investigation. During her three-and-a-half-hour interview with FBI investigators, Hillary Clinton said that she had used a personal e-mail account "out of convenience" because she only wanted to carry a single mobile device—and the State Department would not allow her to connect a work device to her personal e-mail. She said she had no recollection of anyone voicing concerns over the arrangement. But the FBI investigation found records of an exchange with former Secretary of State Colin Powell on the topic, where he warned her of the risks and told her how he had "gotten around it."
The FBI report shows that Clinton generally allowed others to make decisions about how to support her Blackberry habit and that the private mail server she used was run largely at the direction of former President Bill Clinton's staff. And while the FBI did not find that Clinton did anything criminal, the investigation revealed a generally lax approach to security overall by the State Department, Clinton's staff, and Clinton herself. Clinton told the FBI that she "did not pay attention to the level of classification of information and took all classified information seriously," the FBI memo reports. But she was unable to identify the meaning of "(C)" (Confidential) content markings in an e-mail, speculating in the interview that it had something to do with paragraphs that were supposed to be in alphabetical order. She demonstrated a limited understanding of procedures for classification of information—even though she was designated as an Original Classification Authority, someone authorized to set the level of classification on information.
Rep Ted Lieu (D-CA) to FCC: Fix phone network flaw that allows eavesdropping
A documented weakness in Signaling System 7 has been shown to allow widespread interception of phone calls and text messages (SS7 is the public switched telephone network signaling protocol used to set up and route phone calls; it also allows for things like phone number portability). This weakness in SS7 can even undermine the security of encrypted messaging systems such as WhatsApp and Telegram. In an April segment of 60 Minutes, Rep Ted Lieu (D-CA) allowed hackers to demonstrate how they could listen in on his calls. In light of the mass leak of congressional staffers' contact information by hackers, Rep Lieu is now urging the Federal Communications Commission to take action quickly to fix the problem with SS7. The hackers are purportedly tied to Russian intelligence.
"In light of the recent cyber hack at the [Democratic Congressional Campaign Committee] that released cell phone numbers of all Democratic Members of Congress—reportedly conducted by the Russian Government—our foreign adversaries can now acquire cell phone voice and text data of over 180 Congress members with impunity," Rep Lieu wrote in a letter dated August 22. "This problem is particularly acute given reports that Russia is trying to influence elections in America."
How DNC, Clinton campaign attacks fit into Russia’s cyber-war strategy
The well-timed leak of e-mails from the Democratic National Committee, following a long-running breach of the DNC's network, is a masterful piece of information warfare. The leak may only be the beginning of an effort to shape the US presidential election, or it may be a backup plan triggered by the exposure of the long-running breach. But the hacking of the DNC and the direct targeting of Hillary Clinton are only parts of a much larger operation by Russia-based hackers who have breached a number of US government networks.
At a minimum, this suggests that the DNC breach was part of a larger intelligence collection operation. The leaked data from the DNC breach, however, may have been intended to create chaos and uncertainty around the election. But why would the Russian government open that can of worms? It's possible that this fits into a larger Russian strategy aimed at splintering NATO and countering what Russia has seen over the past decade as encroachment by the West on Russia's national interests. This sort of activity fits well into a larger picture of Russian state-sponsored and state-aligned information operations, including destructive cyber-attacks and intelligence collection. And the forensic evidence from the DNC breach fits right in with other recent operations by Russian hackers against US targets.
Facebook tests full-scale solar-powered Internet drone
Facebook's Connectivity Lab announced that the company has for the first time test-flown a full-scale version of Aquila, the solar-powered high-altitude drone that Facebook hopes to use to deliver Internet connectivity to the remotest populated corners of the Earth. The test flight took place June 28. The low-altitude test flight was originally intended only as a 30-minute “functional check” flight. "It was so successful that we ended up flying Aquila for more than 90 minutes—three times longer than originally planned," wrote Jay Parikh, Facebook's vice president of infrastructure engineering.
The goal of Aquila is to provide what has been described as an "atmospheric satellite" capability—the drones will fly for up to three months at a time, orbiting over remote areas and providing connectivity for a circle as much as 60 miles in diameter, using a laser-based network "backbone" and radio signals for local bandwidth. Because of its lift-to-weight ratio, Aquila can fly as slowly as 25 miles per hour in level flight.