Home Tags US intelligence

Tag: US intelligence

E-mails phished from Russian critic were “tainted” before being leaked

Campaign targeting more than 200 people also spread disinformation, report says.

AI, IoT and the end of Moore’s Law add to US...

US intelligence experts set out their list of potential threats - with technology risks high on the list.

US Intelligence “transparency report” reveals breadth of surveillance by NSA, others

Over 151 million call records collected to track 42 targets under new "limited" access arrangement.

Palantir settles US charges that it discriminated against Asian engineers

"We disagree with the allegations made by the Department of Labor."

We’re spying on you for your own protection, says NSA, FBI

Except we're not, of course, because that would be illegal A new factsheet by the NSA and FBI has laid bare ludicrous contradictions in how US intelligence agencies choose to interpret a law designed to prevent spying on American citizens, but which they use to achieve exactly that end.…

FBI confirms probe of possible collusion between Trump campaign, Russia

FBI director testifies about Trump Tower wiretap, investigation of Trump campaign.

Assange accuses CIA of “historic act of devastating incompetence”

Assange: Cache of cyber weapons was passed around "out of control" by contract hackers.

Nominee for top intelligence post “shocked” by Indian satellite launch

"We’ve seen now 11 nations that have the capacity to launch instruments into space.”

Kaspersky Lab Incident Investigations Head Arrested In Russia For 'Treason'

Security firm says the case doesn't affect its computer incidents investigation operations. Kaspersky Lab confirmed today that one of its top cybersecurity investigators was arrested in December in Russia, reportedly amid charges of treason. News of the arrest of Ruslan Stoyanov, head of Kaspersky Lab's computer incidents investigations unit, as well as Sergei Mikhailov, deputy head of the information security department at the FSB, first came via Kommersant, a Russian economic newspaper, and word later spread to US news media outlets. Stoyanov, who had been with Kaspersky Lab since 2012, led the firm's cybercrime investigation that ultimately led to the 2016 arrests of 50 members of the so-called Lurk cybercrime gang that stole more than $45 million from Russian financial institutions.

The case was said to be Russia's largest-ever crackdown on financial cybercrime. Stoyanov's arrest sent a chill throughout the security research community, with speculation by some that his cybercrime investigative efforts may have somehow gotten a little too close to Russian nation-state hacking efforts. Russian hacking has been in the spotlight since the US intelligence community published an unclassified report that concludes Russia - under the direction of Vladmir Putin - attempted to influence the US presidential election via hacks and leaks of data from the Democratic National Committee and Clinton campaign manager John Podesta. According to Kaspersky Lab, the nature of Stoyanov's arrest predates his employment with the security firm. "The case against this employee does not involve Kaspersky Lab.

The employee, who is Head of the Computer Incidents Investigation Team, is under investigation for a period predating his employment at Kaspersky Lab," the company said in a statement. Stoyanov, a former head of network security for Russian ISP OJSC RTComm.RU, also was with Ministry Of Interior's Moscow-based Cyber Crime Unit in the early 2000s. Security experts say his arrest underscores the sometimes-blurred lines between Russian cybercrime gangs and cyber espionage activity. "I think he flew too close to the sun as his recent investigations more than likely unearthed elements of the Pawn Storm campaign," says Tom Kellermann, CEO fo Strategic Cyber Ventures. "This is a red flag to all security vendors who expose the nexus between the cybercriminal conspiracies and the Russian cyberespionage campaigns." Pawn Storm, aka Fancy Bear and APT 28, was one of the Russian state hacking groups implicated in election-related hacks against the US. Researcher Business As Usual While Kaspersky Lab said it had no information of the "details of the investigation" of Stoyanov and that no official information had been released by the Russian government on the case, the company also maintained that the arrest would not affect its current or future research into Russian cyber activities. The company said that "as an IT security company, Kaspersky Lab is determined to detect and neutralize all forms of malicious programs, regardless of their origin or purpose." For now, Stoyanov is officially suspended from his post at Kaspersky Lab, according to the company. "The work of Kaspersky Lab’s Computer Incidents Investigation Team is unaffected by these developments." Stoyanov in 2015 authored a detailed report for Kaspersky Lab on how Russian financial cybercrime works.

The report notes how the risk of prosecution is low for Russian-speaking cybercriminals: "The lack of established mechanisms for international cooperation also plays into the hands of criminals: for example, Kaspersky Lab experts know that the members of some criminal groups permanently reside and work in Russia’s neighbors, while the citizens of the neighboring states involved in criminal activity often live and operate in the territory of the Russian Federation," he wrote. "Kaspersky Lab is doing everything possible to terminate the activity of cybercriminal groups and encourages other companies and law enforcement agencies in all countries to cooperate," he wrote. Aleks Gostev, chief security expert for Kaspersky Lab's Global Research and Analysis Team, in a tweet today said that Stoyanov "never worked with any APT stuff," dismissing some online speculation that the arrest was somehow related to cyber espionage research. He tweeted that the case wouldn't stop the security firm from its work. Kaspersky Lab is "an international team of experts.
It's impossible to prevent us from releasing data." Related Content:   Kelly Jackson Higgins is Executive Editor at DarkReading.com.
She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ...
View Full Bio More Insights

Kaspersky Lab’s top investigator reportedly arrested in treason probe

reader comments 28 Share this story In a move that stunned some security researchers, a top investigator at Russia's largest antivirus provider, Kaspersky Lab, has been arrested in an investigation into treason, a crime that upon conviction can carry severe sentences. Ruslan Stoyanov Kaspersky Lab Ruslan Stoyanov, the head of Kaspersky Lab's investigations unit, was arrested in December, Russian newspaper Kommersant reported Wednesday.

The paper said that Sergei Mikhailov, a division head of the Russian intelligence service FSB, was also arrested in the same probe.
Stoyanov joined the Moscow-based AV company in 2012 and was chiefly involved in investigating and responding to hacking-related crimes carried out in Russia. His LinkedIn profile shows he served as a major in the cybercrime unit of Russia's Ministry of Interior from 2000 to 2006. "The case against this employee does not involve Kaspersky Lab," company officials wrote in a statement issued following the report. "The employee, who is Head of the Computer Incidents Investigation Team, is under investigation for a period predating his employment at Kaspersky Lab. We do not possess details of the investigation.

The work of Kaspersky Lab's Computer Incidents Investigation Team is unaffected by these developments." In the past 15 months, Stoyanov wrote three posts for Kaspersky Lab's Securelist blog.

All three involved financially motivated crime conducted inside of Russia.
It's not clear what the maximum penalty is for treason in Russia.

The country has reportedly suspended executions, and the last one was in 1996. Word of the arrest almost immediately ignited a flurry of speculation and concerns of a possibly chilling effect the action might have among security researchers.

The charges were filed under Article 275 of Russia's criminal code, an extraordinarily broad statute that opens individuals to treason charges for providing financial, technical, advisory, or other assistance to a foreign state or international organization that's considered hostile to the Russian government.

As coverage from Forbes reported, such assistance could potentially be as simple as furnishing the FBI with information on a botnet. A much more chilling scenario, offered in this post from Lawfare Blog, is that Stoyanov was a source for US intelligence officers who ultimately concluded Russian-sponsored hacking attempted to interfere with the 2016 US presidential election.

That speculation is likely off base because it doesn't fit with Kaspersky's assertion Stoyanov is being investigated for activities that predated his employment or with this claim from a fellow Kaspersky Lab researcher that Stoyanov's research never involved advanced persistent threats, the term for hacking techniques used by government-sponsored spies. People advancing the theory seem to be basing it on the timing of the arrest, which roughly coincided with the classified release of specific details said to support the US intelligence community's claims the hacking was ordered by President Vladimir Putin. Whatever the specifics are behind the investigation into Stoyanov, security researchers said the arrest will likely cause colleagues in Russia and elsewhere to self-censor potentially sensitive findings. "For those living and working under oppressive regimes, keep up the good fight," Jake Williams, founder of security firm Rendition Software who previously worked for the Department of Defense, wrote in a blog post. "But also remember that no incident response report or conference talk is worth jail time (or worse)." In a message to Ars, he added: "I think that these charges will cause security researchers, particularly those in states with oppressive governments, to carefully consider the weight of reporting details of security incidents." Listing image by Kaspersky Lab

More, cheaper, bigger, faster: The defense and cyber strategy of Donald...

Enlarge / Where's the defense and cyber-weapon procurement budget going, Mr. President-elect?Getty Images | Joe Raedle reader comments 75 Share this story Since Election Day, President-elect Donald Trump has taken an inordinate interest in some of the minutia of defense policy. His tweets (particularly about the F-35 Joint Strike Fighter and the Air Force One presidential aircraft replacement program) have sent shockwaves through the defense industry. The same is true of the cyber realm—particularly in his treatment of the intelligence community that currently dominates the US' cyber-defense capabilities. The one thing that is certain is that Trump wants more muscle in both departments, urging an increase in the number of troops, ships, planes, and weapons deployed by the Department of Defense; the end of defense budget sequestration; and an expansion of the US nuclear and ballistic missile defense arsenal. And he has also pledged a new focus on offensive "cyber" capabilities, as outlined by his campaign, "to deter attacks by both state and non-state actors and, if necessary, to respond appropriately." That sort of aggressive posture is not a surprise. But the policies that will drive the use of those physical and digital forces are still a bit murky. Considering the position Trump has taken regarding the North Atlantic Treaty Organization (NATO) and his attitudes toward Russia, Trump's statements may hint at a desire for a Fortress America—armed to the teeth and going it alone in every domain of conflict. Saddle up While not quite on a Reagan-esque scale, the Trump surge would (based on his statements) bring forces back above their active size during the wars in Afghanistan and Iraq (though less than during the 2007 "surge" period of the Iraq War). Trump declared that he'll add about 60,000 more active duty soldiers to the Army, increase the Navy's fleet to 350 ships, increase the Marine Corps' strength by over a dozen battalions (roughly 12,000 Marines), and "provide the Air Force with the 12,000 fighters they need." On the strategic front, Trump has tweeted that he wants to expand and improve the US military's nuclear capabilities, modernizing and increasing weapons to improve their deterrent value. The modernization effort had already been queued up by President Barack Obama's administration, including the new Long Range Strike Bomber program awarded to Northrop Grumman. But those investments have been at the expense of other military (particularly Air Force) programs. Trump has also proposed investment in a "serious missile defense system" based on updating the Navy's Ticonderoga-class guided missile cruisers' Aegis systems and building more Arleigh Burke-class guided missile destroyers. The ballistic missile defense version of Aegis and the Standard Missile 3 (RIM-161) missile it controls are currently only capable of intercepting short- and intermediate-range ballistic missiles, not intercontinental ballistic missiles; to have a chance at taking down a US-targeted threat from North Korea, for example, they would have to be very close to the launch site and hit it early in its launch (the boost phase). How will Trump pay for all this hardware? By "conducting a full audit of the Pentagon, eliminating incorrect payments, reducing duplicative bureaucracy, collecting unpaid taxes, and ending unwanted and unauthorized federal programs," whatever those might be. There's certainly some room in the budget to be gained through increased administrative efficiency, as a Defense Business Board report found that the DOD could save as much in $125 billion in overhead (though that number may have been slightly inflated, as it was based on corporate, and not military, business models). Cyber up On the cyber side, it appears Trump wants to put the military on point for cyber defense. The campaign platform pushed for the DOD to place a new emphasis on offensive capabilities, including making enhancements to the US Cyber Command—currently led by NSA Director Admiral Mike Rogers—to increase its offensive punch and turn it into an effective cyber-deterrence force. “As a deterrent against attacks on our critical resources, the United States must possess the unquestioned capacity to launch crippling cyber counter-attacks,” Trump said in a speech in October. Just exactly how that would work isn't clear. Given the difficulty of attribution—a point Trump made repeatedly in his castigation of intelligence findings of Russian interference in the election—the kind of very attributable cyber force that US Cyber Command would wield as part of the Strategic Command would likely not act as much of a deterrent to low-level intrusions, espionage, and information operations. Yet those make up the majority of what has recently been dumped into the "cyberwarfare" shopping cart. Trump's policy outline also calls for the Joint Chiefs of Staff to participate in Trump's vaunted "Cyber Review Team," contributing experts to evaluate "all US cyber defenses"—including critical infrastructure in the private sector—alongside law enforcement and experts from private industry. The Cyber Review Team, which may or may not have anything to do with the group being headed by former New York City Mayor Rudy Giuliani, has a big mandate: The Cyber Review Team will provide specific recommendations for safeguarding different entities with the best defense technologies tailored to the likely threats and will follow up regularly at various federal agencies and departments. The Cyber Review Team will establish detailed protocols and mandatory cyber awareness training for all government employees while remaining current on evolving methods of cyber-attack. On the domestic end, the Trump administration would seek to take the same model that has been applied to terrorism to the cyber side, creating joint task forces that put Department of Justice, FBI, and Department of Homeland Security personnel alongside state and local law enforcement to respond to "cyber threats." Nothing Trump or his proxies have said indicates any policy around shaping what "norms" in the world connecting the digital to the physical should be. If anything, Trump's position seems to be that a cyber-armed world is a polite world—or at least one that will be polite to the United States, the only confirmed state cyberwar actor to hit another nation's infrastructure (aside from squirrels). The eyes have it It will take some time to see how Trump's indifference toward the US' obligations toward allies will affect overall defense and cyber-security policy. But if reports are true regarding US intelligence officials warning allies of Trump's Russia ties and if Trump goes forward with weakening the US involvement in NATO, his views could significantly affect both—especially in the realm of digital intelligence collection. A weakened relationship with the other members of the "Five Eyes" group—the UK, Australia, New Zealand, and Canada—on a military level could impact the National Security Agency's (and the CIA's) ability to collect intelligence from infrastructure that has up until now been widely shared. Only one thing is for certain: the defense industry should be expecting an aircraft carrier full of dollars headed in their direction.

Thanks, Obama: NSA to stream raw intelligence into FBI, DEA and...

Gee, what a lovely parting gift by outgoing US prez A last-minute rule change signed off by the outgoing Obama administration has made it much easier for the NSA to share raw surveillance data with more than a dozen government agencies. The changes [PDF] are tacked onto executive order 12333, which was enacted by then-President Ronald Reagan to allow intelligence agencies to share information on non-US nationals.

The new rules will allow the NSA to share unfiltered signals intelligence with other members of the intelligence community if it is deemed necessary. "The procedures permit IC [intelligence community] elements to have access, under appropriate conditions, to the unevaluated or unminimized (ie, 'raw') signals intelligence (SIGINT) information that the NSA collects pursuant to EO 12333, thus enabling elements to bring their own analytic expertise to reviewing that information and to use that information in support of their own missions," the office of the Director of National Intelligence explained today. "The procedures therefore provide an important mechanism for enhancing information sharing, integration, and collaboration in the IC." Under the terms of the changes – which were signed off by outgoing US spymaster James Clapper and the Attorney General Loretta Lynch – the NSA can now pass on information to the other 15 organizations that make up the US intelligence community.

Those 15 members are: Air Force Intelligence, Army Intelligence, the CIA, Coast Guard Intelligence, the Defense Intelligence Agency, the Department of Energy, the Department of Homeland Security, the Department of State, the Department of the Treasury, the Drug Enforcement Administration (DEA), the FBI, Marine Corps Intelligence, the National Geospatial-Intelligence Agency, the National Reconnaissance Office, and Navy Intelligence. The collected information itself can include any data slurped on a foreign national, including files, phone calls, satellite messages and faxes.
It applies to communications that take place outside the US and any traffic that passes within US borders. To get their paws on this data, an intelligence organization will have to assert that it's needed for an overseas investigation, and have that request approved by a "high-level NSA official," according to a fact sheet prepared by government officials.

The requestor also has to commit to protecting the data as much as possible. US citizens can have their data surveilled in the same way on the authorization of the Attorney General, the Director of the NSA, or the head of the recipient intelligence body – or a high-level designee. The amendment also requires Uncle Sam's snoopers to undergo training on how to follow the new rules, and creates an audit trail for the information. Quite why this needed to be rushed through in the dying days of the Obama administration remains to be seen. ® Sponsored: Flash enters the mainstream.
Visit The Register's storage hub