Posts

Is This What Robert Mueller Meant by Cyber Expertise?

/4 Comments/in , /by

Back on February 3, I noted what I thought was the irony that, four days after FBI Director Robert Mueller bragged about FBI’s cybersecurity expertise–including its partnerships with counterparts overseas–Anonymous released an earlier hacked call between Scotland Yard and FBI.

Mueller: If I may interject, we have built up a substantial bit of expertise in this arena over a period of time, not only domestically but internationally. We have agents that are positioned overseas to work closely with–embedded with–our counterparts in a number of countries, and so we have, over a period of time, built up an expertise. That is not to say that NSA doesn’t have a substantial bit of expertise also, understanding where it’s located.

Mikulski: But it’s a different kind.

Mueller: Well, no, much of it is the same kind, much of it is the same kind, in terms of power, I think NSA has more power, in the sense of capabilities, but in terms of expertise, I would not sell ourselves short.

We now know that at the time of both the hack and Mueller’s comment, the FBI was running Hector Xavier Monsegur–Sabu–as a confidential informant–and the Scotland Yard call is one of the hacks they busted others for with his assistance last week.

In January 2012, O’CEARRBHAIL hacked into the personal e-mail account of an officer with Ireland’s national police service, the An Garda Siochana (the “Garda”). Because the Garda officer had forwarded work e-mails to a personal account, O’CEARRBHAIL learned information about how to access a conference call that the Garda, the FBI, and other law enforcement agencies were planning to hold on January 17, 2012 regarding international investigations of Anonymous and other hacking groups. O’CEARRBHAIL then accessed and secretly recorded the January 17 international law enforcement conference call, and then disseminated the illegally-obtained recording to others.

And meanwhile, all of the things Sabu was saying on his twitter account were closely monitored–if not written–by the FBI, including the comment about FBI’s informants, above, and the multiple “celebrations” of the Scotland Yard hack.

Read more

FBI Director Mueller Boasts of FBI’s Cyber Expertise before Anonymous Hacks Cyber Call

/13 Comments/in , /by

As you may have heard, Anonymous hacked into and released a conference call between the FBI and Scotland Yard discussing their efforts to crack down on the hackers’ group.

What makes the hack all the more ironic is its release comes just days after Robert Mueller bragged of the FBI’s cyber expertise at the Threat Assessment hearing on Tuesday (the actual call took place on January 17, which makes me wonder whether they have gotten subsequent calls as well). In response to MD (and therefore NSA’s) Senator Barbara Mikulski’s suggestion that the NSA was the only entity able to investigate cybercrime, Mueller insisted (after 2:01) the FBI can match the expertise of NSA. He even bragged about how important partnering with counterparts in other countries–like Scotland Yard–was to the FBI’s expertise.

Mueller: If I may interject, we have built up a substantial bit of expertise in this arena over a period of time, not only domestically but internationally. We have agents that are positioned overseas to work closely with–embedded with–our counterparts in a number of countries, and so we have, over a period of time, built up an expertise. That is not to say that NSA doesn’t have a substantial bit of expertise also, understanding where it’s located.

Mikulski: But it’s a different kind.

Mueller: Well, no, much of it is the same kind, much of it is the same kind, in terms of power, I think NSA has more power, in the sense of capabilities, but in terms of expertise, I would not sell ourselves short.

I don’t want to sell the FBI short or anything. But regardless of their expertise in investigating cybercrimes, it sure seems like they’ve got the same crappy security the rest of the Federal government has.

DOD Promises to Defend the Networks They Failed to Defend after 2008

/in /by

There’s something hysterical about the promise a Quantico spokesperson made that DOD would take any threats to its IT networks–in this case, threats made by Anonymous–seriously.

A Quantico spokesman, Lieutenant Agustin Solivan, said officials had referred the matter to law enforcement and counter-intelligence agencies. “We are aware of the threat and any threats to defence department information systems and networks are taken seriously,” he said. “The intent or stating that you are going to commit a crime is a crime in itself,” he added.

You see, back in 2008, DOD got badly hit by malware introduced via a thumb drive or some other removable media. And in response, DOD instituted measures that–it said–would clear up the problem.

The Defense Department’s geeks are spooked by a rapidly spreading worm crawling across their networks. So they’ve suspended the use of so-called thumb drives, CDs, flash media cards, and all other removable data storage devices from their nets, to try to keep the worm from multiplying any further.

The ban comes from the commander of U.S. Strategic Command, according to an internal Army e-mail. It applies to both the secret SIPR and unclassified NIPR nets. The suspension, which includes everything from external hard drives to “floppy disks,” is supposed to take effect “immediately.”

[snip]

Servicemembers are supposed to “cease usage of all USB storage media until the USB devices are properly scanned and determined to be free of malware,” one e-mail notes.

Eventually, some government-approved drives will be allowed back under certain “mission-critical,” but unclassified, circumstances. “Personally owned or non-authorized devices” are “prohibited” from here on out.

In other words, back in 2008, an enemy force attacked DOD’s IT system using an embarrassing security vulnerability. In response DOD immediately banned all removable media. That ban was supposed to be permanent on classified networks like SIPRNet.

Just over one year later, a low-ranking intelligence analyst in Iraq brought in a Lady Gaga CD, inserted it into his computer attached to SPIRNet, and allegedly downloaded three huge databases of classified information.

Throughout the WikiLeaks scandal, DOD has been the functional equivalent of someone who, just weeks after getting cured of syphilis, went right back to his old ways and–surprise surprise!–got the clap, all the while denying he bore any responsibility for fucking around.

According to Bradley Manning’s description, there was a virtual orgy of IT security problems at his base in Iraq.

(01:52:30 PM) Manning: funny thing is… we transffered so much data on unmarked CDs…

(01:52:42 PM) Manning: everyone did… videos… movies… music

(01:53:05 PM) Manning: all out in the open

(01:53:53 PM) Manning: bringing CDs too and from the networks was/is a common phenomeon

(01:54:14 PM) Lamo: is that how you got the cables out?

(01:54:28 PM) Manning: perhaps

(01:54:42 PM) Manning: i would come in with music on a CD-RW

(01:55:21 PM) Manning: labelled with something like “Lady Gaga”… erase the music… then write a compressed split file

(01:55:46 PM) Manning: no-one suspected a thing

(01:55:48 PM) Manning: =L kind of sad

(01:56:04 PM) Lamo: and odds are, they never will

(01:56:07 PM) Manning: i didnt even have to hide anything

(01:56:36 PM) Lamo: from a professional perspective, i’m curious how the server they were on was insecure

(01:57:19 PM) Manning: you had people working 14 hours a day… every single day… no weekends… no recreation…

(01:57:27 PM) Manning: people stopped caring after 3 weeks

(01:57:44 PM) Lamo: i mean, technically speaking

(01:57:51 PM) Lamo: or was it physical

(01:57:52 PM) Manning: >nod<

(01:58:16 PM) Manning: there was no physical security

(01:58:18 PM) Lamo: it was physical access, wasn’t it

(01:58:20 PM) Lamo: hah

(01:58:33 PM) Manning: it was there, but not really

(01:58:51 PM) Manning: 5 digit cipher lock… but you could knock and the door…

(01:58:55 PM) Manning: *on

(01:59:15 PM) Manning: weapons, but everyone has weapons

(02:00:12 PM) Manning: everyone just sat at their workstations… watching music videos / car chases / buildings exploding… and writing more stuff to CD/DVD… the culture fed opportunities

Incidentally, note that no one has been fired for having left SIPRNet open to the same vulnerability that had already been targeted in a hostile attack? It’s all Bradley Manning’s fault. Sure, DOD was fucking around. But it can’t be held responsible!

So now, weeks after HBGary emails made it clear that DOD and DOJ and CIA were already investigating Anonymous, they’re telling us they’re investigating. For real now.

And don’t you worry! Ain’t no way Anonymous can hurt them. Because they know how to defend against such threats.

Hunton & Williams Left Fingerprints at SEIU

/in , /by

Hunton & Williams, the law firm that solicited HBGary and two other security firms to spy on Chamber of Commerce opponents, has remained silent so far about its efforts.

But it hasn’t covered its tracks. The SEIU reports that people from Hunton & Williams spent 20 hours last November–at the time when Themis was pitching H&W to use a JSOC approach to go after Chamber opponents–on the SEIU sites.

Server logs and leaked emails reveal that employees at Hunton & Williams, the principal law firm of the U.S. Chamber of Commerce, spent 20 hours on SEIU websites last November while partners from the firm were working with private security firms on an illegal “dirty tricks” campaign aimed at undermining the credibility of the Chamber’s political opponents, including the Service Employees International Union (SEIU).

And of course SEIU is able to see precisely what H&W was looking at in that period: top H&W page views in 2010 include SEIU’s page on the Chamber and on big banks. People from H&W searched on individuals at SEIU as well as on SEIU’s organizing of protests outside of BoA’s General Counsel. They even searched on “hourly pay for SEIU organizers.” (Whatever that is, it’s less than Themis was going to charge for its paid trolls.)

No wonder H&W has been so quiet about their role in this campaign.

Update: This post has been edited for accuracy.

The HBGary Scandal: Using Counterterrorism Tactics on Citizen Activism

/in /by

As I described on the Mike Malloy show on Friday and as Brad Friedman discusses in his post on being targeted by the Chamber of Commerce, the essence of the Chamber of Commerce/Bank of America/HBGary scandal is the use of intelligence techniques developed for use on terrorists deployed for use on citizens exercising their First Amendment rights.

ThinkProgress has a post making it clear that the Chamber of Commerce’s nondenial denials don’t hold up. In this post, I’ll begin to show the close ties between the tactics HBGary’s Aaron Barr proposed to use against Wikileaks and anti-Chamber activists and those already used in counterterrorism.

Barr Says He’s Done this with Terrorists

I will get into what we know of Barr’s past intelligence work in future posts, but for the moment I wanted to look just at his reference to analysis he did on FARC. Barr’s HBGary coder, who sounds like the smartest cookie of the bunch was balking at his analysis of Anonymous for several reasons–some of them ethical, some of them cautionary, and some of them technical. In the middle of an argument over whether what Barr was doing had any technical validity (the coder said it did not), Barr explained.

The math is already working out. Based on analysis I did on the FARC I was able to determine that Tanja (the dutch girl that converted to the FARC is likely managing a host of propoganda profiles for top leaders. I was able to associate key supporters technically to the FARC propoganda effort.

He’s referring to Tanja Anamary Nijmeijer, a Dutch woman who has been an active FARC member for a number of years. And while it’s not proof that Barr did his analysis on Nijmeijer for the government, she was indicted in the kidnapping of some American contractors last December and the primary overt act the indictment alleged her to have committed was in a propaganda function.

On or about July 25, 2003, JOSE IGNACIO GONZALEZ PERDOMO, LUIS ALBERTO JIMENEZ MARTINEZ, and TANJA ANAMARY NIJMEIJER, and other conspirators, participated in making a proof of life video of the three American hostages. On the video, the FARC announced that the “three North American prisoners” will only be released by the FARC once the Colombian government agrees to release all FARC guerrillas in Colombian jails in a “prisoner exchange” to take place “in a large demilitarized area.” The proof of life video was then disseminated to media outlets in the United States.

In any case, Barr is referring to an ongoing investigation conducted by the Miami and Counterterrorism Section of DOJ, with assistance from the DNI.

His “proof” that this stuff works is that it has worked in the past (he claims) in an investigation of Colombian (and Dutch) terrorists.

Read more

HBGary Fees: “Dam It Feels Good to Be a Gangsta”

/in , /by

One of the more interesting documents on HBGary et al’s partnership with the Chamber of Commerce details the prices they wanted to charge. Now, other emails make it clear that the Chamber balked at what the team originally proposed would be $2 million of work–the Chamber didn’t pay these rates (indeed, they probably haven’t paid for any of this).

But I was particularly interested in what HBGary’s Aaron Barr proposed charging for the work of what they called a “Social Media SME.”

Social media sme ($250 per hour) – experienced in social media link analysis. Personna development. Content management. Social media exploitation techniques.

This is a social media consultant, someone we know from the team’s plans they intended to deploy on Facebook and Twitter in false personas ultimately aiming to destroy the credibility of anti-Chamber activists.

These are just reasonably skilled trolls.

And for that, they wanted to charge $2,000 a day.

To put it in even more stark perspective, consider one ultimate target of the campaign: the men and women SEIU organizes pushing back against the anti-worker policies of the Chamber. Many of these workers–the kind of people who keep your building clean or care for you when you’re sickmake as little $12/hour or less (though the wages for nurses and other skilled medical care providers are higher).

These corporate spook assholes–in addition to targeting Americans for political activism–also think they’re worth 20 times as much as the people who care for the sick.

As the Palantir employee working with Barr on these numbers put it, “Most of all that we are the best money can buy! Dam it feels good to be a gangsta…..”

Palantir Tries to Preserve Their Government Contracts

/in , /by

In a post I’ll write some day, I will show how the WikiLeaks cables show that every time a partner government threatens to use the high tech intelligence toys we share with it–notably our telecommunication wiretapping–to spy on domestic opponents, the Obama Administration makes a very concerted effort to disavow such efforts (if not end the partnership).

Which is why I find it so interesting that the CEO of Palantir Technologies just apologized to Glenn Greenwald for (I guess) allowing HBGary to target him for an oppo research and attack on his credibility.

“As the Co-Founder and CEO of Palantir Technologies, I have directed the company to sever any and all contacts with HB Gary,” the statement starts.

Dr. Karp explains that Palantir Technologies provides a software analytic platform for the analysis of data. They do not provide – “nor do we have any plans to develop” – offensive cyber capabilities.

In addition, the statement says that Palantir does not build software that is designed to allow private sector entities to obtain non-public information, engage in so-called cyber attacks, or take other offensive measures.

“I have made clear in no uncertain terms that Palantir Technologies will not be involved in such activities. Moreover, we as a company, and I as an individual, always have been deeply involved in supporting progressive values and causes. We plan to continue these efforts in the future,” Dr. Karp added.

“The right to free speech and the right to privacy are critical to a flourishing democracy. From its inception, Palantir Technologies has supported these ideals and demonstrated a commitment to building software that protects privacy and civil liberties. Furthermore, personally and on behalf of the entire company, I want to publicly apologize to progressive organizations in general, and Mr. Greenwald in particular, for any involvement that we may have had in these matters.”

Somehow,Dr. Karp forgot to apologize to Brad Friedman, another journalist WBGary–in projects bid in partnership with Palantir–has targeted.

As a reminder, Palantir Technologies is one of the two other security firms that HBGary partnered with to try to get spying business with Bank of America and the Chamber of Commerce.

But perhaps more relevant is Palantir’s primary focus: working with the national security apparatus. They’ve done at least $6,378,332 in business with entities like SOCOM and FBI in the last several years. And while they say they have no plans to adopt “offensive cyber capabilities,” that’s not to say they’re not helping the government analyze data on our presumed enemies.

I would imagine Palantir has pretty good reason to know that the government will not do business with a contractor using the same technologies to target Glenn Greenwald (and maybe Brad Friedman).

At least not publicly. Remember–DOJ recommended Hunton & Williams (which put Palantir and HBGary together for the bid) to Bank of America.

From the ChamberPot: A Carefully Worded Nondenial Denial

/in , /by

The Chamber of Commerce has responded to ThinkProgress’ reporting of the Chamber’s discussions with Hunton & Williams about an intelligence campaign against USChamberWatch and other anti-Chamber efforts. It purports to deny any connection with Hunton & Williams and HBGary.

More Baseless Attacks on the Chamber

by Tom Collamore

We’re incredulous that anyone would attempt to associate such activities with the Chamber as we’ve seen today from the Center for American Progress. The security firm referenced by ThinkProgress was not hired by the Chamber or by anyone else on the Chamber’s behalf. We have never seen the document in question nor has it ever been discussed with us.

While ThinkProgress and the Center for American Progress continue to orchestrate a baseless smear campaign against the Chamber, we will continue to remain focused on promoting policies that create jobs.

But it does no such thing.

First, note what they are denying:

  1. The “security firm” referenced by TP was not hired by the Chamber or by anyone else on the Chamber’s behalf
  2. “We have never seen “the document in question”

By “security firm,” it presumably means HBGary, the one of the three security firms involved that got hacked.

Note, first of all, that they’re not denying hiring Hunton & Williams, the law firm/lobbyist which they hired last year to sue the Yes Men. They’re not even denying that they retain Hunton & Williams right now.

What they’re denying is that they–or, implicitly, Hunton & Williams, on their behalf–hired HBGary.

But as I suggested in my last post on this, they are not paying HBGary (or Hunton & Williams) for the work they’re doing right now; they’re all working on spec, to get the business (business which I’m guessing they’re not going to get).

Read more

The Disinformation Campaign Bank of America Considered

/in /by

Wikileaks has posted the presentation three security companies–Palantir, HBGary Federal, and Berico Technologies–made to Bank of America, proposing to help it respond to Wikileaks.

In addition to the degree to which the proposal emphasizes the national security ties and military background of the employees of the company (particularly Berico), the presentation fleshes out what the companies proposed. Under potential proactive tactics, it lists:

  • Feed the fuel between the feuding groups. Disinformation. Create messages around actions to sabotage or discredit the opposing organization. Submit fake documents and then call out the error.
  • Create concern over the security of the infrastructure. Create exposure stories. If the process is believed to not be secure they are done.
  • Cyber attacks against the infrastructure to get data on document submitters. This would kill the project. Since the servers are now in Sweden and France putting a team together to get access is more straightforward.
  • Media campaign to push the radical and reckless nature of wikileaks activities. Sustained pressure. Does nothing for the fanatics, but creates concern and doubt amongst moderates.
  • Search for leaks. Use social media to profile and identify risky behavior of employees.

Of particularly interest, they describe HBGary Federal’s abilities to conduct INFOOPS, including “influence operations” and “social media exploitation.”

In other words, in addition to proposing to conduct cyber attacks on Wikileaks’ European-based infrastructure (complete with a picture of WL’s bomb shelter-housed servers), the proposal appears to recommend that these companies be paid to troll social media, like Twitter, to not only “identify risky behavior of employees” but also, presumably, “push the radical and reckless nature of wikileaks activities.” You know–the kind of trolling we often see targeted at Glenn (and in recent days targeted against David House, who was also listed in this presentation).

In addition, the presentation proposes to create a concern over the security of the infrastructure. Interestingly, when additional newspapers in Europe got copies of the State cables (including Aftenposten), some people speculated that the files had come from a hack of Wikileaks servers. (Note how the slide above notes the disgruntled WL volunteers.)

That doesn’t mean we’re seeing this campaign in process. After all, Glenn has a ton of enemies on Twitter. And if the intent behind leaking additional copies of the cables was to suggest WL’s infrastructure had been hacked, that perception has largely dissipated as more and more newspapers get copies.

One final note: according to Tech Herald, the law firm pitching these firms, Hunton and Williams, was itself recommended to BoA by DOJ. As the presentation makes clear, these are significant government contractors. (Remember, we’re getting these documents because Anonymous hacked HBGary Federal, which was offering what it had collected to DOJ.) To what extent is what we’re seeing just an extension of what our own government is trying to combat Wikileaks?

Security Firms Pitching Bank of America on WikiLeaks Response Proposed Targeting Glenn Greenwald

/in , , /by

On Saturday, private security firm HBGary Federal bragged to the FT that it had discovered who key members of the hacking group Anonymous are. In response, Anonymous hacked HB Gary Federal and got 44,000 of their emails and made them publicly available.

You believe that you can sell the information you’ve found to the FBI? False. Now, why is this one false? We’ve seen your internal documents, all of them, and do you know what we did? We laughed. Most of the information you’ve “extracted” is publicly available via our IRC networks. The personal details of Anonymous “members” you think you’ve acquired are, quite simply, nonsense.

So why can’t you sell this information to the FBI like you intended? Because we’re going to give it to them for free. Your gloriously fallacious work can be a wonder for all to scour, as will all of your private emails (more than 44,000 beauties for the public to enjoy). Now as you’re probably aware, Anonymous is quite serious when it comes to things like this, and usually we can elaborate gratuitously on our reasoning behind operations, but we will give you a simple explanation, because you seem like primitive people:

You have blindly charged into the Anonymous hive, a hive from which you’ve tried to steal honey. Did you think the bees would not defend it? Well here we are. You’ve angered the hive, and now you are being stung.

As TechHerald reports, among those documents was a presentation, “The Wikileaks Threat,” put together by three data intelligence firms for Bank of America in December. As part of it, they put together what they claimed was a list of important contributors to WikiLeaks. They suggested that Glenn Greenwald’s support was key to WikiLeaks’ ongoing survival.

The proposal starts with an overview of WikiLeaks, including some history and employee statistics. From there it moves into a profile of Julian Assange and an organizational chart. The chart lists several people, including volunteers and actual staff.

One of those listed as a volunteer, Salon.com columnist, Glenn Greenwald, was singled out by the proposal. Greenwald, previously a constitutional law and civil rights litigator in New York, has been a vocal supporter of Bradley Manning, who is alleged to have given diplomatic cables and other government information to WikiLeaks. He has yet to be charged in the matter.

Greenwald became a household name in December when he reported on the “inhumane conditions” of Bradley Manning’s confinement at the Marine brig in Quantico, Virginia. Since that report, Greenwald has reported on WikiLeaks and Manning several times.

“Glenn was critical in the Amazon to OVH transition,” the proposal says, referencing the hosting switch WikiLeaks was forced to make after political pressure caused Amazon to drop their domain.

As TechHerald notes, an earlier version of the slide said support from people like Glenn needed to be “attacked.”

Now aside from the predictable, but nevertheless rather shocking detail, that these security firms believed the best way to take WikiLeaks out was to push Glenn to stop supporting them, what the fuck are they thinking by claiming that Glenn weighs “professional preservation” against “cause”? Could they be more wrong, painting Glenn as a squeamish careerist whose loud support for WikiLeaks (which dates back far longer than these security firms seem to understand) is secondary to “professional preservation”? Do they know Glenn is a journalist? Do they know he left the stuffy world of law? Have they thought about why he might have done that? Are they familiar at all with who Glenn is? Do they really believe Glenn became a household name–to the extent that he did–just in December?

I hope Bank of America did buy the work of these firms. Aside from the knowledge that the money would be–to the extent that we keep bailing out Bank of America–taxpayer money, I’d be thrilled to think of BoA pissing away its money like that. The plan these firms are pushing is absolutely ignorant rubbish. They apparently know almost nothing about what they’re pitching, and have no ability to do very basic research.

Which is precisely the approach I’d love to see BoA use to combat whatever WikiLeaks has coming its way.