Home Tags US intelligence

Tag: US intelligence

We’re spying on you for your own protection, says NSA, FBI

Except we're not, of course, because that would be illegal A new factsheet by the NSA and FBI has laid bare ludicrous contradictions in how US intelligence agencies choose to interpret a law designed to prevent spying on American citizens, but which they use to achieve exactly that end.…

FBI confirms probe of possible collusion between Trump campaign, Russia

FBI director testifies about Trump Tower wiretap, investigation of Trump campaign.

Assange accuses CIA of “historic act of devastating incompetence”

Assange: Cache of cyber weapons was passed around "out of control" by contract hackers.

Nominee for top intelligence post “shocked” by Indian satellite launch

"We’ve seen now 11 nations that have the capacity to launch instruments into space.”

Kaspersky Lab Incident Investigations Head Arrested In Russia For 'Treason'

Security firm says the case doesn't affect its computer incidents investigation operations. Kaspersky Lab confirmed today that one of its top cybersecurity investigators was arrested in December in Russia, reportedly amid charges of treason. News of the arrest of Ruslan Stoyanov, head of Kaspersky Lab's computer incidents investigations unit, as well as Sergei Mikhailov, deputy head of the information security department at the FSB, first came via Kommersant, a Russian economic newspaper, and word later spread to US news media outlets. Stoyanov, who had been with Kaspersky Lab since 2012, led the firm's cybercrime investigation that ultimately led to the 2016 arrests of 50 members of the so-called Lurk cybercrime gang that stole more than $45 million from Russian financial institutions.

The case was said to be Russia's largest-ever crackdown on financial cybercrime. Stoyanov's arrest sent a chill throughout the security research community, with speculation by some that his cybercrime investigative efforts may have somehow gotten a little too close to Russian nation-state hacking efforts. Russian hacking has been in the spotlight since the US intelligence community published an unclassified report that concludes Russia - under the direction of Vladmir Putin - attempted to influence the US presidential election via hacks and leaks of data from the Democratic National Committee and Clinton campaign manager John Podesta. According to Kaspersky Lab, the nature of Stoyanov's arrest predates his employment with the security firm. "The case against this employee does not involve Kaspersky Lab.

The employee, who is Head of the Computer Incidents Investigation Team, is under investigation for a period predating his employment at Kaspersky Lab," the company said in a statement. Stoyanov, a former head of network security for Russian ISP OJSC RTComm.RU, also was with Ministry Of Interior's Moscow-based Cyber Crime Unit in the early 2000s. Security experts say his arrest underscores the sometimes-blurred lines between Russian cybercrime gangs and cyber espionage activity. "I think he flew too close to the sun as his recent investigations more than likely unearthed elements of the Pawn Storm campaign," says Tom Kellermann, CEO fo Strategic Cyber Ventures. "This is a red flag to all security vendors who expose the nexus between the cybercriminal conspiracies and the Russian cyberespionage campaigns." Pawn Storm, aka Fancy Bear and APT 28, was one of the Russian state hacking groups implicated in election-related hacks against the US. Researcher Business As Usual While Kaspersky Lab said it had no information of the "details of the investigation" of Stoyanov and that no official information had been released by the Russian government on the case, the company also maintained that the arrest would not affect its current or future research into Russian cyber activities. The company said that "as an IT security company, Kaspersky Lab is determined to detect and neutralize all forms of malicious programs, regardless of their origin or purpose." For now, Stoyanov is officially suspended from his post at Kaspersky Lab, according to the company. "The work of Kaspersky Lab’s Computer Incidents Investigation Team is unaffected by these developments." Stoyanov in 2015 authored a detailed report for Kaspersky Lab on how Russian financial cybercrime works.

The report notes how the risk of prosecution is low for Russian-speaking cybercriminals: "The lack of established mechanisms for international cooperation also plays into the hands of criminals: for example, Kaspersky Lab experts know that the members of some criminal groups permanently reside and work in Russia’s neighbors, while the citizens of the neighboring states involved in criminal activity often live and operate in the territory of the Russian Federation," he wrote. "Kaspersky Lab is doing everything possible to terminate the activity of cybercriminal groups and encourages other companies and law enforcement agencies in all countries to cooperate," he wrote. Aleks Gostev, chief security expert for Kaspersky Lab's Global Research and Analysis Team, in a tweet today said that Stoyanov "never worked with any APT stuff," dismissing some online speculation that the arrest was somehow related to cyber espionage research. He tweeted that the case wouldn't stop the security firm from its work. Kaspersky Lab is "an international team of experts.
It's impossible to prevent us from releasing data." Related Content:   Kelly Jackson Higgins is Executive Editor at DarkReading.com.
She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ...
View Full Bio More Insights

Kaspersky Lab’s top investigator reportedly arrested in treason probe

reader comments 28 Share this story In a move that stunned some security researchers, a top investigator at Russia's largest antivirus provider, Kaspersky Lab, has been arrested in an investigation into treason, a crime that upon conviction can carry severe sentences. Ruslan Stoyanov Kaspersky Lab Ruslan Stoyanov, the head of Kaspersky Lab's investigations unit, was arrested in December, Russian newspaper Kommersant reported Wednesday.

The paper said that Sergei Mikhailov, a division head of the Russian intelligence service FSB, was also arrested in the same probe.
Stoyanov joined the Moscow-based AV company in 2012 and was chiefly involved in investigating and responding to hacking-related crimes carried out in Russia. His LinkedIn profile shows he served as a major in the cybercrime unit of Russia's Ministry of Interior from 2000 to 2006. "The case against this employee does not involve Kaspersky Lab," company officials wrote in a statement issued following the report. "The employee, who is Head of the Computer Incidents Investigation Team, is under investigation for a period predating his employment at Kaspersky Lab. We do not possess details of the investigation.

The work of Kaspersky Lab's Computer Incidents Investigation Team is unaffected by these developments." In the past 15 months, Stoyanov wrote three posts for Kaspersky Lab's Securelist blog.

All three involved financially motivated crime conducted inside of Russia.
It's not clear what the maximum penalty is for treason in Russia.

The country has reportedly suspended executions, and the last one was in 1996. Word of the arrest almost immediately ignited a flurry of speculation and concerns of a possibly chilling effect the action might have among security researchers.

The charges were filed under Article 275 of Russia's criminal code, an extraordinarily broad statute that opens individuals to treason charges for providing financial, technical, advisory, or other assistance to a foreign state or international organization that's considered hostile to the Russian government.

As coverage from Forbes reported, such assistance could potentially be as simple as furnishing the FBI with information on a botnet. A much more chilling scenario, offered in this post from Lawfare Blog, is that Stoyanov was a source for US intelligence officers who ultimately concluded Russian-sponsored hacking attempted to interfere with the 2016 US presidential election.

That speculation is likely off base because it doesn't fit with Kaspersky's assertion Stoyanov is being investigated for activities that predated his employment or with this claim from a fellow Kaspersky Lab researcher that Stoyanov's research never involved advanced persistent threats, the term for hacking techniques used by government-sponsored spies. People advancing the theory seem to be basing it on the timing of the arrest, which roughly coincided with the classified release of specific details said to support the US intelligence community's claims the hacking was ordered by President Vladimir Putin. Whatever the specifics are behind the investigation into Stoyanov, security researchers said the arrest will likely cause colleagues in Russia and elsewhere to self-censor potentially sensitive findings. "For those living and working under oppressive regimes, keep up the good fight," Jake Williams, founder of security firm Rendition Software who previously worked for the Department of Defense, wrote in a blog post. "But also remember that no incident response report or conference talk is worth jail time (or worse)." In a message to Ars, he added: "I think that these charges will cause security researchers, particularly those in states with oppressive governments, to carefully consider the weight of reporting details of security incidents." Listing image by Kaspersky Lab

More, cheaper, bigger, faster: The defense and cyber strategy of Donald...

Enlarge / Where's the defense and cyber-weapon procurement budget going, Mr. President-elect?Getty Images | Joe Raedle reader comments 75 Share this story Since Election Day, President-elect Donald Trump has taken an inordinate interest in some of the minutia of defense policy. His tweets (particularly about the F-35 Joint Strike Fighter and the Air Force One presidential aircraft replacement program) have sent shockwaves through the defense industry. The same is true of the cyber realm—particularly in his treatment of the intelligence community that currently dominates the US' cyber-defense capabilities. The one thing that is certain is that Trump wants more muscle in both departments, urging an increase in the number of troops, ships, planes, and weapons deployed by the Department of Defense; the end of defense budget sequestration; and an expansion of the US nuclear and ballistic missile defense arsenal. And he has also pledged a new focus on offensive "cyber" capabilities, as outlined by his campaign, "to deter attacks by both state and non-state actors and, if necessary, to respond appropriately." That sort of aggressive posture is not a surprise. But the policies that will drive the use of those physical and digital forces are still a bit murky. Considering the position Trump has taken regarding the North Atlantic Treaty Organization (NATO) and his attitudes toward Russia, Trump's statements may hint at a desire for a Fortress America—armed to the teeth and going it alone in every domain of conflict. Saddle up While not quite on a Reagan-esque scale, the Trump surge would (based on his statements) bring forces back above their active size during the wars in Afghanistan and Iraq (though less than during the 2007 "surge" period of the Iraq War). Trump declared that he'll add about 60,000 more active duty soldiers to the Army, increase the Navy's fleet to 350 ships, increase the Marine Corps' strength by over a dozen battalions (roughly 12,000 Marines), and "provide the Air Force with the 12,000 fighters they need." On the strategic front, Trump has tweeted that he wants to expand and improve the US military's nuclear capabilities, modernizing and increasing weapons to improve their deterrent value. The modernization effort had already been queued up by President Barack Obama's administration, including the new Long Range Strike Bomber program awarded to Northrop Grumman. But those investments have been at the expense of other military (particularly Air Force) programs. Trump has also proposed investment in a "serious missile defense system" based on updating the Navy's Ticonderoga-class guided missile cruisers' Aegis systems and building more Arleigh Burke-class guided missile destroyers. The ballistic missile defense version of Aegis and the Standard Missile 3 (RIM-161) missile it controls are currently only capable of intercepting short- and intermediate-range ballistic missiles, not intercontinental ballistic missiles; to have a chance at taking down a US-targeted threat from North Korea, for example, they would have to be very close to the launch site and hit it early in its launch (the boost phase). How will Trump pay for all this hardware? By "conducting a full audit of the Pentagon, eliminating incorrect payments, reducing duplicative bureaucracy, collecting unpaid taxes, and ending unwanted and unauthorized federal programs," whatever those might be. There's certainly some room in the budget to be gained through increased administrative efficiency, as a Defense Business Board report found that the DOD could save as much in $125 billion in overhead (though that number may have been slightly inflated, as it was based on corporate, and not military, business models). Cyber up On the cyber side, it appears Trump wants to put the military on point for cyber defense. The campaign platform pushed for the DOD to place a new emphasis on offensive capabilities, including making enhancements to the US Cyber Command—currently led by NSA Director Admiral Mike Rogers—to increase its offensive punch and turn it into an effective cyber-deterrence force. “As a deterrent against attacks on our critical resources, the United States must possess the unquestioned capacity to launch crippling cyber counter-attacks,” Trump said in a speech in October. Just exactly how that would work isn't clear. Given the difficulty of attribution—a point Trump made repeatedly in his castigation of intelligence findings of Russian interference in the election—the kind of very attributable cyber force that US Cyber Command would wield as part of the Strategic Command would likely not act as much of a deterrent to low-level intrusions, espionage, and information operations. Yet those make up the majority of what has recently been dumped into the "cyberwarfare" shopping cart. Trump's policy outline also calls for the Joint Chiefs of Staff to participate in Trump's vaunted "Cyber Review Team," contributing experts to evaluate "all US cyber defenses"—including critical infrastructure in the private sector—alongside law enforcement and experts from private industry. The Cyber Review Team, which may or may not have anything to do with the group being headed by former New York City Mayor Rudy Giuliani, has a big mandate: The Cyber Review Team will provide specific recommendations for safeguarding different entities with the best defense technologies tailored to the likely threats and will follow up regularly at various federal agencies and departments. The Cyber Review Team will establish detailed protocols and mandatory cyber awareness training for all government employees while remaining current on evolving methods of cyber-attack. On the domestic end, the Trump administration would seek to take the same model that has been applied to terrorism to the cyber side, creating joint task forces that put Department of Justice, FBI, and Department of Homeland Security personnel alongside state and local law enforcement to respond to "cyber threats." Nothing Trump or his proxies have said indicates any policy around shaping what "norms" in the world connecting the digital to the physical should be. If anything, Trump's position seems to be that a cyber-armed world is a polite world—or at least one that will be polite to the United States, the only confirmed state cyberwar actor to hit another nation's infrastructure (aside from squirrels). The eyes have it It will take some time to see how Trump's indifference toward the US' obligations toward allies will affect overall defense and cyber-security policy. But if reports are true regarding US intelligence officials warning allies of Trump's Russia ties and if Trump goes forward with weakening the US involvement in NATO, his views could significantly affect both—especially in the realm of digital intelligence collection. A weakened relationship with the other members of the "Five Eyes" group—the UK, Australia, New Zealand, and Canada—on a military level could impact the National Security Agency's (and the CIA's) ability to collect intelligence from infrastructure that has up until now been widely shared. Only one thing is for certain: the defense industry should be expecting an aircraft carrier full of dollars headed in their direction.

Thanks, Obama: NSA to stream raw intelligence into FBI, DEA and...

Gee, what a lovely parting gift by outgoing US prez A last-minute rule change signed off by the outgoing Obama administration has made it much easier for the NSA to share raw surveillance data with more than a dozen government agencies. The changes [PDF] are tacked onto executive order 12333, which was enacted by then-President Ronald Reagan to allow intelligence agencies to share information on non-US nationals.

The new rules will allow the NSA to share unfiltered signals intelligence with other members of the intelligence community if it is deemed necessary. "The procedures permit IC [intelligence community] elements to have access, under appropriate conditions, to the unevaluated or unminimized (ie, 'raw') signals intelligence (SIGINT) information that the NSA collects pursuant to EO 12333, thus enabling elements to bring their own analytic expertise to reviewing that information and to use that information in support of their own missions," the office of the Director of National Intelligence explained today. "The procedures therefore provide an important mechanism for enhancing information sharing, integration, and collaboration in the IC." Under the terms of the changes – which were signed off by outgoing US spymaster James Clapper and the Attorney General Loretta Lynch – the NSA can now pass on information to the other 15 organizations that make up the US intelligence community.

Those 15 members are: Air Force Intelligence, Army Intelligence, the CIA, Coast Guard Intelligence, the Defense Intelligence Agency, the Department of Energy, the Department of Homeland Security, the Department of State, the Department of the Treasury, the Drug Enforcement Administration (DEA), the FBI, Marine Corps Intelligence, the National Geospatial-Intelligence Agency, the National Reconnaissance Office, and Navy Intelligence. The collected information itself can include any data slurped on a foreign national, including files, phone calls, satellite messages and faxes.
It applies to communications that take place outside the US and any traffic that passes within US borders. To get their paws on this data, an intelligence organization will have to assert that it's needed for an overseas investigation, and have that request approved by a "high-level NSA official," according to a fact sheet prepared by government officials.

The requestor also has to commit to protecting the data as much as possible. US citizens can have their data surveilled in the same way on the authorization of the Attorney General, the Director of the NSA, or the head of the recipient intelligence body – or a high-level designee. The amendment also requires Uncle Sam's snoopers to undergo training on how to follow the new rules, and creates an audit trail for the information. Quite why this needed to be rushed through in the dying days of the Obama administration remains to be seen. ® Sponsored: Flash enters the mainstream.
Visit The Register's storage hub

Hackers trigger yet another power outage in Ukraine

EnlargeYellowForester reader comments 10 Share this story For the second time in as many years, security researchers have determined that hackers have caused a power outage in Ukraine that left customers without electricity in late December, typically one of the coldest months in that country. The researchers' conclusion, reported by news outlets including Dark Reading, Motherboard, and the BBC, signals yet another troubling escalation in the hacking arena.

A December 2015 attack that caused 225,000 Ukrainians to lose electricity was the first known instance of someone using malware to generate a real-world power outage. Ukrainian officials have pinned the attack on the Russian government, a claim that's consistent with some evidence collected by private security firms. Now, researchers say a second power outage that struck Ukraine in mid-December was also the result of a computer intrusion and bears many of the same technical hallmarks as the first one.
It was part of a series of malicious hacks that have recently targeted key Ukrainian infrastructure, including the country's rail system server, several government ministries, and a national pension fund.

The attacks started on December 6 and lasted through December 20.

The December 17 power outage was the result of an attack at the Pivnichna substation outside Kiev that began shortly before midnight.
It lasted for about an hour. Demonstration of capabilities "The attack [was] not meant to have any lasting dramatic consequences," Marina Krotofil, a security researcher for Honeywell Industrial Cyber Security Labs, told Motherboard. "They could do many more things, but obviously they didn't have this as an intent.
It was more like a demonstration of capabilities." At the S4x17 Conference in Miami on Tuesday, Krotofil said last month's attacks used many of the same tools that were deployed in the year-earlier hack—including a framework known as BlackEnergy and disk-wiping malware called KillDisk.

The breaches stemmed from a massive spear phishing campaign that struck government organizations in July and allowed the attackers to conduct months of covert reconnaissance before finally striking last month.

The phishing e-mail came from a highly trusted individual and contained a macro attachment that infected people who allowed it to run.

The "dropper" malware, DarkReading reported, underwent 500 software builds over a two-week period, a testament to the rigor of the attackers' software development. In a pre-recorded video played at the conference, Oleksii Yasynskyi, head of research for Information Systems Security Partners in Ukraine, which has investigated the attacks, said the attackers belonged to several different groups that worked together.

Among other things, they gathered passwords for targeted servers and workstations and created custom malware for their targets. The attack on the Pivnichna transmission facility shut down the remote terminal units that control circuit breakers.

That hack was less severe than the one used in the 2015 attack, which rendered the devices inoperable and prevented engineers from remotely restoring power. Last month's hacking campaign also made use of denial-of-service attacks. It's still too early to definitively attribute the attacks to the Russian government, but it's also not possible to rule the possibility out. Last month's attack came around the same time that the US intelligence community blamed Russia for hacks against Democratic groups and individuals, attacks that were allegedly aimed at disrupting the 2016 US presidential election.
If Russia is in fact behind campaigns in both countries, the attacks signal Russia's growing willingness to use hacking to achieve geopolitical goals.

Even if Russia isn't involved, the events in Ukraine demonstrate that once-unprecedented attacks on power facilities and other critical infrastructure are quickly becoming the new normal.

Latest Ukraine Blackout Tied To 2015 Cyberattackers

Broad cyberattack campaign hitting finance, energy, transporation in Ukraine were meant to disrupt but not cause major damage, researchers say. S4x17 CONFERENCE -- Miami, Fla.-- A wave of fresh cyberattacks against power substations, defense, finance, and port authority systems in Ukraine last month appear to be the handiwork of the same attackers who in December 2015 broke in and took control of industrial control systems at three regional power firms in that nation and shut off the lights, researchers said here today. A pair of researchers from Ukraine confirmed that a second power outage on Dec. 16, 2016, in the nation also was the result of a cyberattack. Ukrainian officials have identified Russian hackers as the perpetrators, and Ukraine President Petro Poroshenko recently revealed that his nation had suffered 6,500 cyberattacks at the hands of Russia in the past two months. But unlike the 2015 cyberattack that crippled some 27 power distribution operation centers across the country and affected three utilities in western Ukraine, the December 2016 attack hit the Pivnichna remote power transmission facility and shut down the remote terminal units (RTUs) that control circuit breakers, causing a power outage for about an hour. Confirmation of yet another cyberattack campaign against the Ukraine comes at a time when Russian nation-state hacking is a front-burner concern in the US and Western world, especially with the US intelligence community's recent report concluding that Russian president Vladimir Putin directed a wide-ranging campaign to influence the outcome of the 2016 US presidential campaign in favor of President-Elect Donald Trump. US officials say Russia employed cyber espionage attacks against policy groups, US primary campaigns, and the Democratic National Committee (DNC) in 2015, as well as propaganda to influence public opinion. Marina Krotofil, a security researcher for Honeywell Industrial Cyber Security Labs, who today presented the newest findings on the Ukraine hacks, said the attackers appear to be using Ukraine "as a training ground for R&D" - basically a way to hone their attacks on critical infrastructure attacks in general. She said in an interview that this testbed-type approach against Ukraine is considered by experts as a "standard practice" by Russian nation-state attackers for testing out their tools and attacks. This recent campaign worries some US security experts. "The 'red lines' that conventional wisdom taught us would prevent disruptive or destructive attacks in critical infrastructure are dimming, if not gone," says Steve Ward, a senior director at Claroty. "With the 2015 Ukraine incident and the fact that no apparent repercussions followed, it is not surprising to be at the point where a follow-up attack has been confirmed … We should be very concerned with the potential of such attacks in America," Ward says. Honeywell's Krotofil says the latest attacks began on Dec. 6 and lasted until Dec. 20, with each target getting hit one-by-one, via a combination of remote exploits and websites crumbling under distributed denial-of-service attacks. With the Ukraine rail system's server taken offline by the attacks, travelers were unable to purchase train tickets, and cargo shipments also were interrupted, she says. She said the attackers didn't appear to intend to wreak major damage on Ukraine's infrastructure, however. "It's hypothesized that this hacking campaign was to sabotage normal operations in Ukraine to cause disorganization and distrust," she said. "The goal was to destabilize the economy and political situation." The attackers used many of the same tools that they deployed in the 2015 power grid blackout -- including BlackEnergy framework tools and KillDisk. "The attacks [grew] in sophistication," Krotofil said. "They were more organized, with several groups working together like a good orchestra.

That was different from" the 2015 attack that appeared to be more disjointed and disorganized, she said. A spear phish on July 14, 2016, kicked off the first phase of the attacks aimed at a Ukraine bank.

The attachment employed malicious macros that checked for sandboxes and hid its activity with obfuscation techniques.

The researchers did not confirm the initial attack vector for the electric grid, however. Via a translater, in a pre-recorded video shown during Krotofil's talk, Oleksii Yasynskyi - head of research for Information Systems Security Partners in Ukraine and a fellow investigator of the Ukraine attacks - said that the attackers were "several cybercriminal groups" working together. Yasynskyi said the groups employed legitimate IT administrative tools to evade detection as they gathered the necessary intelligence about the networks in the reconnaissance phase of the attacks. They gathered passwords about targeted servers and workstations, for instance, noted Yasynskyi, and they created custom malware for their targets. "The code was written by experts," he said. Macro Got More Game The attackers upped their malicious macro game significantly in the 2016 attacks in comparison to the 2015 attack.

Case in point: 69% of the code in their macro software was for obfuscation, 30% for duping forensic analysis, and only one percent of the code actually corresponded to the macro's ability to launch malware, according to Yasynskyi. "In essence, this macro is a sophisticated container for infiltrating and delivering malicious code for actual intrusion by the attackers," he said. The attackers this time around also put extra effort into making malware analysis as onerous as possible. "It writes itself into certain parts of memory, like a puzzle," he said. "It unwraps only parts it needs at the time. "This only confirms the theory that this was executed by several teams: infrastructure, instruments to automate the analysis and penetration, and to deliver the malicious code," he said. The dropper malware, a custom tool called Hancitor, had two different samples, but some 500 software builds during a two-week period, demonstrating the level of software development by the attackers, Krotofil noted. The attackers also obviously had done the homework in order to wreak havoc on the power grid, such as the inner workings of industrial processes there. "You can't simply get" that information or documents on the Net, Krotofil said. Interestingly, while it took some four months to investigate the 2015 Ukraine power grid attack, it took Yasynskyi and the other investigators only two weeks to investigate the 2016 attacks.

They were able to detect the similar methods and tools in the second attacks based on the research from the previous attacks. Michael Assante, SANS lead for ICS and SCADA security, in a presentation here today noted that the Ukraine attacks raise new issues for ICS/SCADA operators. "In the case of Ukraine, it opened up a lot of questions" after that 2015 attack about how to engage when such physically disruptive events hit, such as who should identify a cyberattack, how to respond, and what protocol to follow if the attack causes damage. Related Content: Kelly Jackson Higgins is Executive Editor at DarkReading.com.
She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ...
View Full Bio More Insights

North Carolina Man Admits Role in Online Attacks against U.S Intelligence...

Russia isn't the only place where attacks against the U.S Government come from, as a 24-year-old American pleads guilty to charges he was part of a group that targeted US intelligence officials including CIA chief John Brennan. The first of five individuals associated with the hacker group known as 'Crackas Wth Attitude' (CWA), that are alleged to have hacked online accounts of U.S Government officials in 2015, has pleaded guilty. 24-year-old Justin G. Liverman of North Carolina, entered a plea agreement with the U.S. Justice Department on Jan. 6.Liverman is one of two American citizens and five individuals that were alleged to be part of the CWA effort, that was able to exploit internet accounts owned by senior U.S Government officials including CIA Chief John Brennan and U.S Director of National Intelligence James Clapper."Liverman's plea admits guilt to a conspiracy to commit unauthorized computer intrusions, identity theft, and telephone harassment," the Department of Justice stated.Under the terms of the plea agreement, Liverman pleaded guilty to one felony count of conspiracy.

According to the agreement, Liverman's actions were responsible for $95,000 in damages, out of $1.5 million in total damages caused by the CWA. According to the original affidavit in the case, the CWA attackers used anonymizing software and social media platforms to communicate with each other, as well as to obtains unlawful access to online accounts and harass their victims. The CWA attackers used social engineering techniques in order to exploit victim's accounts.

Among the exploits that were conducted was one in November 2015, when a member of the CWA was able to gain access to a victim's Comcast account. Using the victim's credentials, a member of the CWA was able to gain access to the victim's account for the Law Enforcement Portal (LEEP).

A member of the CWA, then released information from the LEEP system on more than 80 officers from several Miami -area law enforcement agencies.

The CWA also according to the affidavit made a false bomb threat to the Palm Beach County Sherriff's Office in West Palm Beach, Florida in January 2016.As part of the statement of facts filed with the plea agreement, Liverman's role was identified as publicly posting online documents and personal information unlawfully obtained from a victim’s personal account.

Additionally, Liverman sent threatening text messages to the same victim's cellphone.Liverman will be sentenced on May 12 and faces up to five years in prison. His U.S co-defendant, Andrew Otto Boggs who is also from North Carolina, is expected to enter a guilty plea on January 10, according to the DoJ.Liverman's legal defense was assisted by the Courage Foundation, which is a group that aims to help support the efforts of whistleblowers."Nothing was really hacked in this case because important government officials and agencies left the door wide open," Courage attorney Tor Ekelan said in a statement. "One hopes that hostile nation state actors didn't walk through that open door before Justin (Livermore) did."Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com.

Follow him on Twitter @TechJournalist.

It’s official: US election systems designated as critical

reader comments 24 Share this story On Friday, US Homeland Security Secretary Jeh Johnson designated election systems to be part of the nation's critical US infrastructure. He said this move would better protect elections from increasingly sophisticated hacking. "Now more than ever, it is important that we offer our assistance to state and local election officials in the cybersecurity of their systems," Johnson wrote in a statement published late Friday afternoon. "Election infrastructure is vital to our national interests, and cyber attacks on this country are becoming more sophisticated, and bad cyber actors—ranging from nation states, cyber criminals and hacktivists—are becoming more sophisticated and dangerous." The designation came the same day that US intelligence officials published an unclassified version of a report concluding that Russian Federation president Vladimir Putin directly ordered intelligence agencies to collect data from the Democratic National Committee, the Hillary Clinton presidential campaign, and other organizations. The agencies then oversaw an effort to discredit Clinton, the Democratic party, and the US democratic political process through “information operations," according to the report, which was jointly written by the Central Intelligence Agency, the National Security Agency, and the FBI. Friday's declassified report says that Russian intelligence services "obtained and maintained access to elements of multiple US state or local electoral boards," but went on to conclude that none of the affected systems was involved in vote tallying. In August, voter registration systems in Arizona and Illinois were reportedly targeted by hackers. Election officials in Arizona said the FBI warned them the attempted intrusion was carried out by Russians, but they didn't say if the hackers were state-sponsored or financially motivated. Sixteen US sectors are classified as critical infrastructure, including chemical manufacturing, dams, and emergency services. Friday's designation adds election systems as a subsection to the existing government facilities sector. The DHS published a fact sheet concerning the move here. Johnson sought to head off criticism from some state officials opposed to the new designation. "This designation does not mean a federal takeover, regulation, oversight, or intrusion concerning elections in this country," he wrote. "This designation does nothing to change the role state and local governments have in administering and running elections." Listing image by Fairfax County