Forbes, 21 Dec 09: A note on the new rules of international cyber intrigue: When it comes to stealing digital secrets, even the least likely Luddite may be snooping around in your servers.
That’s the lesson, it seems, that the South Korean military learned after hackers seemingly based in North Korea intercepted confidential defense strategy plans in November. The cyberspies accessed the documents after a South Korean military officer left a USB key plugged into his PC while switching from a highly secure private intranet to the public Internet, South Korean newspaper Chosun Ilbo reported Friday. The stolen materials, dubbed OPLAN 5027, detailed possible U.S. and South Korean responses or pre-emptive strikes against North Korea in case of an imminent military threat.
According to Chosun, that’s the second such cyber intrusion this year. Last month, the news outlet reported that the North Korean hackers had accessed emergency chemical accident response plans through South Korean army networks.
Proving that the theft incidents were carried out by North Koreans isn’t easy. The hackers were traced to an IP address in mainland China, but could have easily been using a Chinese computer compromised with malicious software. By some estimates, China has the most computers infected with that “bot” software of any country in the world, making it a convenient vessel for hackers seeking to protect their origins.
But Jim Lewis, a cybersecurity-focused researcher at the Center for Strategic and International Studies, (CSIS) says he has little doubt that North Korea has developed a cyber espionage program that puts it around the “second tier” of countries in terms of international espionage competence. . . . .
Wall Street Journal, 17 Dec 09: Militants in Iraq have used $26 off-the-shelf software to intercept live video feeds from U.S. Predator drones, potentially providing them with information they need to evade or monitor U.S. military operations.
Senior defense and intelligence officials said Iranian-backed insurgents intercepted the video feeds by taking advantage of an unprotected communications link in some of the remotely flown planes’ systems. Shiite fighters in Iraq used software programs such as SkyGrabber — available for as little as $25.95 on the Internet — to regularly capture drone video feeds, according to a person familiar with reports on the matter. . . .
. . . . U.S. military personnel in Iraq discovered the problem late last year when they apprehended a Shiite militant whose laptop contained files of intercepted drone video feeds. In July, the U.S. military found pirated drone video feeds on other militant laptops, leading some officials to conclude that militant groups trained and funded by Iran were regularly intercepting feeds.
In the summer 2009 incident, the military found “days and days and hours and hours of proof” that the feeds were being intercepted and shared with multiple extremist groups, the person said. “It is part of their kit now.”. . . .
. . . . Last December, U.S. military personnel in Iraq discovered copies of Predator drone feeds on a laptop belonging to a Shiite militant, according to a person familiar with reports on the matter. “There was evidence this was not a one-time deal,” this person said. The U.S. accuses Iran of providing weapons, money and training to Shiite fighters in Iraq, a charge that Tehran has long denied.
The militants use programs such as SkyGrabber, from Russian company SkySoftware. Andrew Solonikov, one of the software’s developers, said he was unaware that his software could be used to intercept drone feeds. “It was developed to intercept music, photos, video, programs and other content that other users download from the Internet — no military data or other commercial data, only free legal content,” he said by email from Russia. . . . .
Wired/Danger Room, 17 Dec 09: Tapping into drones’ video feeds was just the start. The U.S. military’s primary system for bringing overhead surveillance down to soldiers and Marines on the ground is also vulnerable to electronic interception, multiple military sources tell Danger Room. That means militants have the ability to see through the eyes of all kinds of combat aircraft — from traditional fighters and bombers to unmanned spy planes. The problem is in the process of being addressed. But for now, an enormous security breach is even larger than previously thought. . . . .
Insurgents Intercept Drone Video in King-Size Security Breach
Wired, 17 Dec 09: In Iraq and Afghanistan, the U.S. military depends on an array of drones to snoop on and stalk insurgents. Now it looks as if insurgents are tapping into those same drones’ broadcasts, to see what the flying robot spies see. If true — and widespread — it’s potentially one of the most serious military security breaches in years.
“U.S. military personnel in Iraq discovered the problem late last year when they apprehended a Shiite militant whose laptop contained files of intercepted drone video feeds,” Wall Street Journal reports. “In July, the U.S. military found pirated drone video feeds on other militant laptops, leading some officials to conclude that militant groups trained and funded by Iran were regularly intercepting feeds.”
How’d the militants manage to get access to such secret data? Basically by pointing satellite dishes up, and waiting for the drone feeds to pour in. According to the Journal, militants have exploited a weakness: The data links between the drone and the ground control station were never encrypted. Which meant that pretty much anyone could tap into the overhead surveillance that many commanders feel is America’s most important advantage in its two wars. Pretty much anyone could intercept the feeds of the drones that are the focal point for the secret U.S. war in Pakistan.
Using cheap, downloadable programs like SkyGrabber, militants were apparently able to watch and record the video feed — and potentially be tipped off when U.S. and coalition forces are stalking them. The $26 software was originally designed to let users download movies and songs off of the internet. Turns out, the program lets you nab Predator drone feeds just as easily as pirated copies of The Hangover. . . . .
Times of London, 13 Dec 09: Ten members of a suspected Islamist terror cell, said by MI5 to be plotting to blow up a shopping centre and a nightclub in Manchester, had been granted permission by the Home Office to work as security guards in Britain.
The Pakistani students — who were never charged for lack of evidence — were arrested over an alleged plot to bomb Britain last Easter. Police believed they had conducted “hostile reconnaissance” of the Arndale and Trafford shopping centres and the Birdcage nightclub.
It has now emerged that in the months before the alleged plot, the men were given licences to work as security guards by the Security Industry Authority (SIA), a Home Office body that regulates the private security industry.
They all passed a vetting programme designed to bar criminals and undesirables from taking up sensitive security posts protecting airports, ports and Whitehall buildings from terrorist attack. When arrested, two of the students were working for a cargo firm which had access to secure areas at Manchester airport. . . . .
PJM, 10 Dec 09: Terrorists love details. Al-Qaeda’s U.S. embassy bombers knew the thickness of the embassy walls — a key detail in figuring out how much explosives were necessary to take the buildings down. The Mumbai terrorists had copies of the floor plans to the Taj Mahal Hotel before beginning their three-day siege.
The 9/11 hijackers took no less than 33 test runs in the months leading up to America’s worst terrorist attack; they cased airports and watched how flight attendants did their jobs. Terrorists do homework. They conduct intense reconnaissance missions so as to maximize the death toll on the day of their actual attacks.
This week the Transportation Security Administration (TSA) — the agency tasked with keeping you and your family safe on airplanes — literally handed al-Qaeda its playbook. . . . .
. . . . One of the more troublesome exposures that must be addressed is the publication of undercover agents’ ID cards — including those for CIA officers and federal air marshals. . . . .
The largest group of federal law enforcement officers in the country wants action, not backpedaling. John Adler, spokesman for the Federal Law Enforcement Officers Association (FLEOA), told the House Homeland Security Committee, “Both TSA’s posting of sensitive security information and their unwillingness to grasp the seriousness of this are unacceptable.” Adler asked for closed-door congressional investigations, including a “meaningful damage-control assessment.” . . . .
Previous:
