Cyber attacks/defence/incdents (merged)

[The Bread Guy]

At a more tactical level ...

Allies to hold training against N. Korea GPS attacks
Yonhap News Agency
2017/07/30 07:00

SEOUL, July 30 (Yonhap) -- South Korea and the United States plan to hold a joint military drill next month against a possible North Korean war operation to jam GPS signals, officials here said Sunday.

The practice will be staged as part of the Ulchi-Freedom Guardian (UFG), an annual combined defense exercise between the allies, aimed at improving their ability to locate and strike the origin of the North's wartime GPS attacks.

"A South Korea-U.S. joint team will be formed at the Korean Air and Space Operations Center headquartered at the Osan Air Base during the UFG in August for the exercise to respond to various scenarios," an Air Force official said.

Taking part in the task will be more than 60 officials from South Korea's Air Force and the U.S. Strategic Command's Joint Space Operations Center (JSpOC), he added ...

More @ link

 

[The Bread Guy]

A bit of Canada's contribution to the fight - shared under the Fair Dealing provisions of the Copyright Act (R.S.C., 1985, c. C-42) ......

White House Says Russia’s Hackers Are Too Good to Be Caught but NSA Partner (Canada) Called Them “Morons”
Sam Biddle, The Intercept
August 2 2017, 1:07 p.m.

The hackers behind the dump of Democratic Party emails in the midst of last year’s presidential race left apparent evidence of their identity — a breadcrumb trail winding from the stolen files back to the Russian government, according to assessments from the U.S. intelligence community. Some of this evidence was there from the beginning, embedded inside the first documents to hit the web, raising a niggling question: Why would diabolically skilled Russian operatives operate so sloppily?

This question has persisted, and last week the White House seized upon it, promulgating the idea that if the Russian government were really behind the attacks, its online agents wouldn’t have left any fingerprints. Russia quickly repeated this claim through its UK embassy.

But a 2011 presentation to the NSA and its foreign partners by Canada’s signals intelligence agency, the Communications Security Establishment, undermines the notion of a foreign hacker so skilled that a victim would never know their identity. The document calls Russian hackers “morons” for routinely compromising the security of a “really well designed” system intended to cover their tracks; for example, the hackers logged into their personal social and email accounts through the same anonymizing system used to attack their targets, comparable to getting an anonymous burner phone for illicit use and then placing calls to your girlfriend, parents, and roommate.

The competence of Russian hackers became a prominent issue once more last Sunday, when the president’s communications director Anthony Scaramucci — since removed from his post but quoting the president directly — said the following to Jake Tapper on CNN:

    “Somebody said to me yesterday, uh, I won’t tell you who, that if the Russians actually hacked this situation and actually spilled out those emails, you would have never seen it, you would have never had any evidence of them, meaning they’re super confident in their deception skills and hacking.”

Seconds later, Scaramucci revealed his anonymous technical source on the matter to have been Donald Trump himself.

It’s one thing to question circumstantial evidence based on the expectation that Russian agents are too competent to leave such clues behind. But ruling out Russia on the basis of unforced errors alone flies in the face of the intelligence community’s experience with online operators from that country.

The CSE presentation, provided by NSA whistleblower Edward Snowden, dates to no earlier than 2011, and describes the agency’s work tracking a set of Russian government-sponsored hackers codenamed MAKERSMARK. The MAKERSMARK team was believed by NSA “with a high level of confidence” to be sponsored by a Russian intelligence agency, according to a separate Snowden document originating with the NSA’s Special Source Operations division. The MAKERSMARK team was armed with a clever technical system to mask members’ identities and the location of their computers, thus (on paper, at least) making it less likely the attacks would be traced back to Russia.

CSE’s account of the Russian actors does not exactly jibe with the White House’s vision of ninja-like computer users. The agency presentation, prepared by a “cyber counter intelligence” agent focused on MAKERSMARK, highlights Russian hackers’ “misuse of operational infrastructure” and “poor OPSEC [operational security] practices,” both of which made it elementary for the Canadians to trace attacks back to their source. The document says Russian hackers were provided with “really well designed” systems with which to launch attacks, but because the execution was so shoddy, “this has not translated into security for MAKERSMARK operators.”

Put more bluntly, the Russian attacks CSE observed were “designed by geniuses” but “implemented by morons,” according to the presentation. MAKERSMARK hackers mixed their recreational internet habits with business, using “personal social networking” like Russia’s supremely popular Vkontakte from MAKERSMARK infrastructure, conducting personal web browsing there, and checking personal webmail accounts. The hackers also used the system for activities that are by definition deeply risky and “attributable,” like exfiltrating stolen data.

“This is not [computer network exploitation] best practices,” the report dryly concludes.

It didn’t help that the MAKERSMARK operators were, according to the presentation, infected by the “Gumblar” botnet that spread across the internet in 2009 in order to steal user credentials, covertly download further malware, and blast “pharmaceutical spam” to new victims. In other words, the hackers were hacked. So thoroughly did Russian hackers on MAKERSMARK expose themselves through sloppiness and poor judgment that Canadian analysts were able to detect their personal “interests” and “hobbies.”

CSE declined to comment on the document, other than to note that, “the document you referenced is dated and should not be considered reflective of the current reality.” Despite this claim, the agency asked The Intercept to redact a significant portion of the presentation on the grounds that it could jeopardize current operations. As well, it’s interesting and worth noting, however, that a 2017 NSA document previously published by The Intercept detailing Russia’s General Staff Main Intelligence Directorate’s (GRU) alleged attempts to infiltrate the American electoral system also flagged those hackers’ mixing of business and personal accounts while conducting their work. A 2016 joint report by the Department of Homeland Security and FBI claimed that GRU and FSB, the contemporary successor to the KGB, worked together to breach the DNC. The NSA did not comment.

All of this is to say that the commander-in-chief, privy to the full corpus of intelligence findings provided by the NSA and its allies in the “Five Eyes” intelligence-sharing alliance, including Canada, didn’t know what he was talking about. This isn’t new: One need only look back to the presidential debate wherein Trump famously remarked that the DNC perpetrator could be a bedridden “400-pound” hacker to know that he hasn’t ever taken this seriously. It’s also possible, given how fantastically impressionable Trump is, that the Too Good to Fail theory is based on something he heard recently — perhaps from Vladimir Putin himself, who in June speculated that the DNC hacker could’ve easily covered their tracks. No matter what, if he had any desire to actually know how sophisticated Russian state hackers are or have been in the past, the evidence is there for him to review.

 

[The Bread Guy]

"Mass GPS Spoofing Attack in Black Sea?" ...* - Alert attached.

A bit more on that from newscientist.com ...

Reports of satellite navigation problems in the Black Sea suggest that Russia may be testing a new system for spoofing GPS, New Scientist has learned. This could be the first hint of a new form of electronic warfare available to everyone from rogue nation states to petty criminals.

On 22 June, the US Maritime Administration filed a seemingly bland incident report. The master of a ship off the Russian port of Novorossiysk had discovered his GPS put him in the wrong spot – more than 32 kilometres inland, at Gelendzhik Airport.

After checking the navigation equipment was working properly, the captain contacted other nearby ships. Their AIS traces – signals from the automatic identification system used to track vessels – placed them all at the same airport. At least 20 ships were affected.

While the incident is not yet confirmed, experts think this is the first documented use of GPS misdirection – a spoofing attack that has long been warned of but never been seen in the wild.

Until now, the biggest worry for GPS has been it can be jammed by masking the GPS satellite signal with noise. While this can cause chaos, it is also easy to detect. GPS receivers sound an alarm when they lose the signal due to jamming. Spoofing is more insidious: a false signal from a ground station simply confuses a satellite receiver. “Jamming just causes the receiver to die, spoofing causes the receiver to lie,” says consultant David Last, former president of the UK’s Royal Institute of Navigation ...

More @ link

 

[Kirkhill]

From Salon - commenting on an article published the The Nation.

http://www.salon.com/2017/08/15/what-if-the-dnc-russian-hack-was-really-a-leak-after-all-a-new-report-raises-questions-media-and-democrats-would-rather-ignore/

TUESDAY, AUG 15, 2017 05:00 AM MST
What if the DNC Russian “hack” was really a leak after all? A new report raises questions media and Democrats would rather ignore
A group of intelligence pros and forensic investigators tell The Nation there was no hack— the media ignores it

DANIELLE RYAN SKIP TO COMMENTS 
TOPICS: CLINTON CAMPAIGN, CLINTON EMAILS, DEMOCRATIC NATIONAL COMMITTEE, DEMOCRATIC PARTY, DNC HACK, DNC LEAK, HILLARY CLINTON, INTELLIGENCE COMMUNITY, JULIAN ASSANGE, LEAKS, PARTNER VIDEO, RUSSIA ELECTION INTERFERENCE, RUSSIA HACK, RUSSIA INVESTIGATION, RUSSIA SCANDAL, RUSSIAN HACKING, THE NATION, WIKILEAKS, POLITICS NEWS, INNOVATION NEWS, TECHNOLOGY NEWS, NEWS


Last week the respected left-liberal magazine The Nation published an explosive article that details in great depth the findings of a new report — authored in large part by former U.S. intelligence officers — which claims to present forensic evidence that the Democratic National Committee was not hacked by the Russians in July 2016. Instead, the report alleges, the DNC suffered an insider leak, conducted in the Eastern time zone of the United States by someone with physical access to a DNC computer.

This report also claims there is no apparent evidence that the hacker known as Guccifer 2.0 — supposedly based in Romania — hacked the DNC on behalf of the Russian government. There is also no evidence, the report’s authors say, that Guccifer handed documents over to WikiLeaks. Instead, the report says that the evidence and timeline of events suggests that Guccifer may have been conjured up in an attempt to deflect from the embarrassing information about Hillary Clinton’s presidential campaign that was released just before the Democratic National Convention. The investigators found that some of the “Guccifer” files had been deliberately altered by copying and pasting the text into a “Russianified” word-processing document with Russian-language settings.

If all this is true, these findings would constitute a massive embarrassment for not only the DNC itself but the media, which has breathlessly pushed the Russian hacking narrative for an entire year, almost without question but with little solid evidence to back it up.

You could easily be forgiven for not having heard about this latest development — because, perhaps to avoid potential embarrassment, the media has completely ignored it. Instead, to this point only a few right-wing sites have seen fit to publish follow-ups.

The original piece, authored by former Salon columnist Patrick Lawrence (also known as Patrick L. Smith) appeared in The Nation on Aug. 9. The findings it details are supported by a group of strongly credentialed and well-respected forensic investigators and former NSA and CIA officials. The group call themselves Veteran Intelligence Professionals for Sanity, or VIPS, and originally came together in 2003 to protest the use of faulty intelligence to justify the invasion of Iraq under President George W. Bush.

As of Aug. 12, the only well-known publications that have followed up on The Nation’s reporting are Breitbart News, the Washington Examiner and New York magazine (which described Lawrence’s article as “too incoherent to even debunk,” and therefore provided no substantial rebuttal). Bloomberg addressed the report in an op-ed by one of its regular columnists.

The silence from mainstream outlets on this is interesting, if for no other reason than the information appears in a highly-regarded liberal magazine with a reputation for vigorous and thorough reporting — not some right-wing fringe conspiracy outlet carrying water for Donald Trump.


Maybe the logic goes that if mainstream journalists leave this untouched, that alone will be enough to discredit it. True believers in the Russian hack narrative can point to Breitbart’s coverage to dismiss this new information without consideration. That is not good enough. Lawrence’s article, and the report behind it, deserves some proper attention.

Let’s back up for a second. Where did this report come from?

As explained by Lawrence, VIPS has been examining available information about the DNC hack and/or leak, but the group lacked access to all the data they needed because intelligence agencies refused to provide it.

One of the VIPS researchers on the DNC case, William Binney — formerly the NSA’s technical director for world geopolitical and military analysis — suggested in an interview with Lawrence that intelligence agencies have been hiding the lack of evidence for Russian hacking behind the claim that they must maintain secrecy to protect NSA programs.

At the same time, other anonymous forensic investigators have been working independently on the DNC case. They recently began sharing their findings via an obscure website called Disobedient Media. One of those anonymous investigators is known as the Forensicator. A man named Skip Folden, an IT executive at IBM for 33 years and a consultant for the FBI, Pentagon and Justice Department, acted as a liaison between VIPS and the Forensicator. Folden and other investigators have examined the evidence, attested to its professionalism, and sent a detailed technical report to the offices of special counsel Robert Mueller and Attorney General Jeff Sessions. VIPS believes this new evidence fills a “critical gap” in the DNC case. In a memorandum sent to President Trump, VIPS questions why the FBI, CIA and NSA neglected to perform any forensic analysis of the Guccifer documents, which were central to the narrative of Russian hacking.

VIPS states two things with what they describe as a high degree of certainty: There was no Russian hack on July 5, and the metadata from Guccifer’s June 15 document release was “synthetically tainted” with “Russian fingerprints.”

How did the group come to the conclusion that it was a leak, not a hack?

Investigators found that 1,976 megabytes of data were downloaded locally on July 5, 2016. The information was downloaded with a memory key or some other portable storage device. The download operation took 87 seconds — meaning the speed of transfer was 22.7 megabytes per second — “a speed that far exceeds an internet capability for a remote hack,” as Lawrence puts it. What’s more, they say, a transoceanic transfer would have been even slower (Guccifer claimed to be working from Romania).

“Based on the data we now have, what we’ve been calling a hack is impossible,” Folden told The Nation.

Further casting doubt on the official narrative is the fact the the DNC’s computer servers were never examined by the FBI. Instead, the agency relied on a report compiled by Crowdstrike, a cybersecurity firm compromised by serious conflicts of interest — the major one being that the firm was paid by the DNC itself to conduct its work. Another is that the firm’s owner is a senior fellow at the Atlantic Council, a think tank known for its hostility toward Russia.



The Intelligence Community Assessment published in January of this year, which claims “high confidence” in the Russian hacking theory, presented no hard evidence. Yet many in the media have relied on it as proof ever since. Ray McGovern, another VIPS member and formerly the chief of the CIA’s Soviet Foreign Policy Branch, called that intelligence assessment a “disgrace” to the profession.

The VIPS report also notes that the timing of events is strangely favorable to Hillary Clinton. It is hard to disagree.

On June 12, 2016, Julian Assange announced that he would publish documents related to Clinton’s campaign on WikiLeaks. Two days later, Crowdstrike, the firm paid by the DNC, suddenly announced the discovery of malware on DNC servers and claimed it had evidence that the Russians were responsible for it. This set in motion the narrative for Russian hacking.

A day after that, Guccifer appeared, took responsibility for the purported June 14 hack and announced that he was a WikiLeaks source, working on behalf of Russia. He then posted the documents which VIPS now claims were altered to make them appear more “Russian.”

On July 5, two weeks later, Guccifer claimed responsibility for another hack — which the VIPS report categorically states can only have been a leak, based on the speed of data transfer.

As Lawrence suggests, this timing was convenient for the Clinton campaign, which could avoid dealing with the contents of the leaks by instead focusing on the sensational story of Russian hacking.

Since we’ve covered what is in the VIPS report, it is equally important to note what this report does not do. It does not claim to know who the leaker was or what his or her motives were. Lawrence is also careful to note that these findings do not prove or disprove any other theories implicating Russia in the 2016 election (such as possible Russian connections to Donald Trump’s family and associates, etc.). This deals purely with the facts surrounding the DNC hack/leak last summer.

Many who have questioned the official version of events have sought to link the murder of Seth Rich to the theory that the DNC suffered a leak, not a hack. Rich, a 27-year-old DNC employee, was shot twice in the back as he walked home from a bar in Washington, five days after the supposed July 5 hack of the DNC’s servers.

Numerous unproven theories have surrounded Rich’s murder. There are those who suggest that Rich had been angered by the DNC’s treatment of Bernie Sanders, decided to leak information which would be damaging to Clinton’s campaign, and was then murdered by Democratic operatives. Others have claimed that perhaps Rich had found evidence of Russian hacking and was murdered by Russian operatives.

There is no evidence for any of these theories — and neither VIPS nor Lawrence in his article attempt to link Rich’s murder to the hack/leak of information from the DNC. (Washington police have said since the night of Rich’s death that he was the victim of an armed robbery attempt that went wrong.) Nonetheless, the emergence of this information may lend credence to those theories for those who want to believe them.

Instead of subjecting the various accounts of what happened last summer to rigorous scrutiny, the media instantly accepted the narrative promoted by the Clinton campaign and U.S. intelligence agencies. It has continued to do so ever since. Now, as new information comes to light, the media has largely acted as if it did not exist.

For the media and mainstream liberals to dismiss the information presented in Lawrence’s article as lacking in evidence would be breathtakingly ironic, given how little evidence they required to build a narrative to suit themselves and absolve Clinton of any responsibility for losing the election.

The authors of this report are highly experienced and well-regarded professionals. That they can be dismissed out of hand or ignored entirely is a sad commentary on the state of the media, which purports to be concerned by the plague of “fake news.”

If these new findings are accurate, those who pushed the Russia hacking narrative with little evidence have a lot to answer for. The Clinton campaign promoted a narrative that has pushed U.S.-Russia relations to the brink at an incredibly dangerous time.

Unlike the cacophony of anonymous sources cited by the media over the past year, these experts are ready to put their names to their assertions. They expect that pundits, politicians and the media will cast doubt on their findings, but say they are “prepared to answer any substantive challenges on their merits.” That is more than any other investigators or intelligence agencies have offered to this point.

Given the seriousness of this new information, the DNC’s official response to The Nation’s story is so lackluster it is almost laughable:

U.S. intelligence agencies have concluded the Russian government hacked the DNC in an attempt to interfere in the election. Any suggestion otherwise is false and is just another conspiracy theory like those pushed by Trump and his administration. It’s unfortunate that The Nation has decided to join the conspiracy theorists to push this narrative.

The clear implication here is that anyone who questions what U.S. intelligence agencies “have concluded” is a conspiracy theorist pushing lies on behalf of Trump or Vladimir Putin. It is clear that the DNC expect the matter to be left at that, with no further inquiry from the media or anyone else.

By the looks of things, that’s exactly what will happen.







Danielle Ryan is an Irish freelance journalist, writing mostly on geopolitics and media. She is based in Budapest, but has also lived in the U.S., Germany and Russia. Follow her on Twitter.
MORE DANIELLE RYAN.

 

[The Bread Guy]

More on what looks like a UKR link to the Russian hacking (hint:  don't take any tea or soup from any Russians, buddy) ...

In Ukraine, a Malware Expert Who Could Blow the Whistle on Russian Hacking
By ANDREW E. KRAMER and ANDREW HIGGINS, NY Times, AUG. 16, 2017

The hacker, known only by his online alias “Profexer,” kept a low profile. He wrote computer code alone in an apartment and quietly sold his handiwork on the anonymous portion of the internet known as the dark web. Last winter, he suddenly went dark entirely.

Profexer’s posts, already accessible only to a small band of fellow hackers and cybercriminals looking for software tips, blinked out in January — just days after American intelligence agencies publicly identified a program he had written as one tool used in Russian hacking in the United States. American intelligence agencies have determined Russian hackers were behind the electronic break-in of the Democratic National Committee.

But while Profexer’s online persona vanished, a flesh-and-blood person has emerged: a fearful man who the Ukrainian police said turned himself in early this year, and has now become a witness for the F.B.I.

“I don’t know what will happen,” he wrote in one of his last messages posted on a restricted-access website before going to the police. “It won’t be pleasant. But I’m still alive.”

It is the first known instance of a living witness emerging from the arid mass of technical detail that has so far shaped the investigation into the election hacking and the heated debate it has stirred. The Ukrainian police declined to divulge the man’s name or other details, other than that he is living in Ukraine and has not been arrested.

There is no evidence that Profexer worked, at least knowingly, for Russia’s intelligence services, but his malware apparently did.

That a hacking operation that Washington is convinced was orchestrated by Moscow would obtain malware from a source in Ukraine — perhaps the Kremlin’s most bitter enemy — sheds considerable light on the Russian security services’ modus operandi in what Western intelligence agencies say is their clandestine cyberwar against the United States and Europe.

It does not suggest a compact team of government employees who write all their own code and carry out attacks during office hours in Moscow or St. Petersburg, but rather a far looser enterprise that draws on talent and hacking tools wherever they can be found.

Also emerging from Ukraine is a sharper picture of what the United States believes is a Russian government hacking group known as Advanced Persistent Threat 28 or Fancy Bear. It is this group, which American intelligence agencies believe is operated by Russian military intelligence, that has been blamed, along with a second Russian outfit known as Cozy Bear, for the D.N.C. intrusion ...

More @ link

 

[MarkOttawa]

Canadian Forces...

Communications and Electronics Association Cyber Symposium...proud to announce the first annual Cyber Symposium.  The objective of the symposium is to bring together leading cyber experts to explore a wide range of topics in this dynamic field...Date: 26 October 2017
Location: Residence Inn, Kingston, Ontario
Theme: Cyber – Government, Academia, Industry – Our Collective Challenge and Opportunity’...

The Association has approached a number of individuals to provide keynote addresses and to act as moderators or panelists.  Invited speakers include Mr. Richard Fadden (confirmed) – former Director of CSIS and Deputy Minister of National Defence, General Jonathan Vance (confirmed) – Chief of the Defence Staff, a representative from US Cyber Command and CEOs from the Council of Canadian Innovators.  The Theme for the Symposium is ‘Cyber – Government, Academia, Industry – Our Collective Challenge and Opportunity’.  Invited speakers along with others will cover topic areas such as:

Summary:

Date: 26 October 2017
Location: Residence Inn, Kingston, Ontario

Theme: Cyber – Government, Academia, Industry – Our Collective Challenge and Opportunity’


    Cyber Security – A National Security Perspective
    The Role of Canada’s Military in Cyber Operations
    Cyber within Coalition Operations
    The Role of DND/CAF and Industry in Driving Cyber Innovation in Canada (An Industry Perspective)
    The New Security Legislation and
    Oversight Framework and Its Impact on Cyber
    Operations
    The Recruitment/Training Challenge for Cyber Organizations
...
https://cmcen.ca/cyber-symposium-oct-2017/

Mark
Ottawa

 

[The Bread Guy]

"Trump administration orders purge of Kaspersky products from U.S. government" (Reuters) - more via Google News here, and from DHS below:

After careful consideration of available information and consultation with interagency partners, Acting Secretary of Homeland Security Elaine Duke today issued a Binding Operational Directive (BOD) directing Federal Executive Branch departments and agencies to take actions related to the use or presence of information security products, solutions, and services supplied directly or indirectly by AO Kaspersky Lab or related entities.

The BOD calls on departments and agencies to identify any use or presence of Kaspersky products on their information systems in the next 30 days, to develop detailed plans to remove and discontinue present and future use of the products in the next 60 days, and at 90 days from the date of this directive, unless directed otherwise by DHS based on new information, to begin to implement the agency plans to discontinue use and remove the products from information systems.

This action is based on the information security risks presented by the use of Kaspersky products on federal information systems. Kaspersky  anti-virus products and solutions provide broad access to files and elevated privileges on the computers on which the software is installed, which can be exploited by malicious cyber actors to compromise those information systems. The Department is concerned about the ties between certain Kaspersky officials and Russian intelligence and other government agencies, and requirements under Russian law that allow Russian intelligence agencies to request or compel assistance from Kaspersky and to intercept communications transiting Russian networks. The risk that the Russian government, whether acting on its own or in collaboration with Kaspersky, could capitalize on access provided by Kaspersky products to compromise federal information and information systems directly implicates U.S. national security.

The Department’s priority is to ensure the integrity and security of federal information systems. Safeguarding federal government systems requires reducing potential vulnerabilities, protecting against cyber intrusions, and anticipating future threats. While this action involves products of a Russian-owned and operated company, the Department will take appropriate action related to the products of any company that present a security risk based on DHS’s internal risk management and assessment process.

DHS is providing an opportunity for Kaspersky to submit a written response addressing the Department’s concerns or to mitigate those concerns. The Department wants to ensure that the company has a full opportunity to inform the Acting Secretary of any evidence, materials, or data that may be relevant. This opportunity is also available to any other entity that claims its commercial interests will be directly impacted by the directive. Further information about this process will be available in a Federal Register Notice.

 

[MarkOttawa]

New release from US Director of National Intelligence on report by US National Counterintelligence and Security Center (NCSC) (Canadian gov't should be taking all this a whole lot more seriously):

2018 Foreign Economic Espionage in Cyberspace

FOR IMMEDIATE RELEASE
July 26, 2018

NCSC Releases 2018 Foreign Economic Espionage in Cyberspace Report

The National Counterintelligence and Security Center (NCSC) today released its 2018 Foreign Economic Espionage in Cyberspace report, which highlights current threats and future trends in foreign intelligence efforts to steal U.S. intellectual property, trade secrets, and proprietary information via cyberspace.

“Our goal in releasing this document is simple: to provide U.S. industry and the public with the latest unclassified information on foreign efforts to steal U.S. trade secrets through cyberspace,” said William R. Evanina, Director of the NCSC. “Building an effective response to this tremendous challenge demands understanding economic espionage as a worldwide, multi-vector threat to the integrity of both the U.S. economy and global trade.”

The report underscores the strategic threat of cyber economic espionage, noting that next generation technologies such as Artificial Intelligence and the Internet-of-Things offer great opportunities, but also introduce new vulnerabilities to U.S. networks for which the cybersecurity community largely remains unprepared.

The report also provides insights into the most pervasive nation-state threat actors – including China, Russia and Iran [emphasis added] – and recent examples of their economic espionage activities in the United States through cyberspace. Despite advances in cybersecurity, the report notes that cyberespionage offers such actors a relatively low-cost, high-yield avenue to obtain a wide spectrum of U.S. intellectual property.

The report also identifies those U.S. industrial sectors and technologies that are of greatest interest to foreign threat actors, including energy, biotechnology, defense, environmental protection, high-end manufacturing, and information and communications technology [emphasis added].

In addition, the report highlights several emerging threats that warrant attention, including:

    Software supply chain infiltration, which has already threatened the U.S. critical infrastructure and is poised to threaten other sectors. According to the report, 2017 represented a watershed year for public reporting of such incidents. There were numerous events involving hackers targeting software supply chains with backdoors for cyber espionage, organizational disruption or demonstrable financial impact.

    Laws in foreign countries, such as those in China and Russia, that can pose an increased intellectual property risk to U.S. companies doing business there. The report notes that China’s 2017 cybersecurity law mandates that foreign companies submit their technology to the Chinese government for national security reviews; and that Russia has dramatically increased its demand of source code reviews – which are overseen by Russian intelligence – to approve of foreign technology sold in their country.

    Foreign technology firms that are subject to foreign state influence or have links to foreign governments with high-threat intelligence services. Citing the examples of Kaspersky Lab and Netcracker Technology Corp., the report notes that such companies often provide services that require access to control points of computer networks they support, presenting opportunities for foreign nations to acquire sensitive information.

The full report is available at www.ncsc.gov. The report was compiled by the NCSC with the support, coordination, and contributions of several agencies across the Intelligence Community.

A center within the Office of the Director of National Intelligence, the NCSC is the nation’s premier source for counterintelligence and security expertise and a trusted mission partner in protecting America against foreign and other adversarial threats.

Download the press release here
https://www.dni.gov/files/NCSC/documents/news/20180724-ncsc-press-release-foreign-econ-esp-cyber.pdf

Download the full report here
https://www.dni.gov/files/NCSC/documents/news/20180724-economic-espionage-pub.pdf

Published in NCSC Newsroom
https://www.dni.gov/index.php/ncsc-newsroom

Mark
Ottawa

 

[Retired AF Guy]

New release from US Director of National Intelligence on report by US National Counterintelligence and Security Center (NCSC) (Canadian gov't should be taking all this a whole lot more seriously):

Mark
Ottawa

You mean like this: National Cyber Security Strategy (Released June 2018)

 

[MarkOttawa]

Retired AF Guy--a relevant tweet--funding per year is pretty pitiful:
https://twitter.com/OpenCanada/status/1010211060576497666

OpenCanada
‏ @OpenCanada

The Canadian government’s pledge to invest $508 million over five years to support its updated #cybersecurity strategy is welcome news, although probably still insufficient given the magnitude of both cyber threats and opportunities.
https://www.opencanada.org/features/better-late-never-updated-cyber-security-strategy-canada/

Mark
Ottawa