08/19/2011
'Counterstrike' details U.S. intelligence agencies' cyberwar efforts in Iraq
The U.S. military has hacked and temporarily disabled Iraqi insurgent and terrorist-based websites, a little-known tactic that's part of a government "counterstrike" capability, according to a new book.
At least two sites were "knocked off the web" before Iraq's March 2010 national election after "the largest interagency meetings held since" the Sept. 11, 2001 terrorist attacks, write New York Times reporters Eric Schmitt and Thom Shanker in "Counterstrike: The Untold Story of America's Secret Campaign Against Al-Qaeda."
The sites, including one sponsored by a "shadowy organization" called the JRTN, "were posting specific operational information that was considered a clear and emerging threat to the security of the vote," they wrote.
At least one site, hosted by a U.S.-based Internet service provider, was shut down after a visit from U.S. lawyers "presenting snapshots of virulent, extremist and violent web pages carried on their server," they wrote. The U.S. provider was not identified.
The book, in chapters called "Terror 2.0" and "The New Network Warfare," sheds light on offensive U.S. cyber operations seldom discussed by U.S. officials. The book's cites tactics such as "overloading," without details.
Pentagon said otherwise
The book's disclosures contrast with the Pentagon's public description of its strategy for blunting cyberattacks, which focuses on improving defenses instead of deterring intrusions or threatening retaliation.
Deputy Defense Secretary William Lynn on July 14 released the Pentagon's "Strategy for Operating in Cyberspace," which outlines five "strategic initiatives." One is to partner with other U.S. agencies and private industry to craft a "whole-of-government" approach.
Left unsaid was that the approach includes a capability to review and approve selective U.S. attacks under a forum known as the "Strategic Operational Planning Interagency Group for Terrorist Use of the Internet," the authors write.
Proposals for attacks are reviewed by what Schmitt and Shanker call a "powerful board of governors assigned to oversee counterstrikes on the Internet," under a "three-way agreement" among the Pentagon, intelligence agencies and the Justice Department "for considering timely attacks on terrorist websites, with the president making the final decision on whether to proceed."
Then-President George W. Bush, in a secret authorization, in effect "declared Iraq an official battle space for America's cyberwarriors," as it became "a real-world laboratory for computer network warfare," they write.
To sow distrust and confusion among jihadists, the United States also uses a technique of "webspoofing" called "false band replacement," where U.S. intelligence officers infiltrate networks to post their own materials.
The agencies have forged an al-Qaida "web watermark" that in effect "makes messages posted on these sites official," Schmitt and Shanker wrote.
One official told them, "We have learned to mimic their watermarks."
The U.S. military also "had the ability to hack into their phones and we would text message guys" telling them "another guy is cheating you out of money," one "senior official" told the reporters.
Radio jam
Pentagon and State officials in Kabul devised an "over-broadcast" technique to jam insurgent pirate radio networks using a strong signal cover to block the adversaries' message and send "counterprogram" coalition messages on adjacent channels.
"The goal is fuzzing out the militants' radio broadcasts so everybody has to turn to another station -- and that station is yours," said a U.S. official. The commercial technology to track, locate and "overbroadcast a signal" costs about $10,000, the official said.
Perhaps the U.S. greatest technological advance in the war on terror is the eavesdropping National Security Agency's supercomputers that can "collect, analyze, sort and store data from a range of communications, in particular cell phone conversations, emails and websites, billions of times faster than humans can."
The NSA computers scan and store the call history of cell phones turned over by thousands of temporary and permanent detainees that pass through U.S. camps in Iraq and Afghanistan or voluntary applicants for government jobs, they write.
"Each of these cell phones can be copied or cloned in seconds" and scanned for any matches to terrorist group members. "It opens the door to a whole command and control network," he told the authors.
http://www.mercurynews.com/books/ci_18718411
Friday, August 19, 2011
Sunday, August 14, 2011
FBI sees mortgage fraud growing as economy stumbles
August 13, 2011
FBI sees mortgage fraud growing as economy stumbles
Washington, Mortgage and investment schemes targeting troubled U.S. homeowners jumped in 2010 and may increase further if the economy does not improve, the FBI said on Friday.
The FBI said in an annual report that pending investigations increased 12 percent in the fiscal year ended September 30, 2010, to 3,129 cases. That in turn was a 90 percent jump from the previous fiscal year.
An FBI official said the trend will continue as more borrowers struggle to pay their mortgages.
"If we have continuing high unemployment and increased numbers of foreclosures, what we see is a greater percentage of the population of existing homeowners being vulnerable to these schemes," said David Cardona, FBI deputy assistant director.
The collapse of the housing boom and the resulting financial crisis has led to a wave of foreclosures. In 2010, 2.5 million foreclosures were initiated, with a similar number expected this year.
The FBI said mortgage origination schemes have declined due to the depressed market for home purchases.
Fraud targeting troubled borrowers, however, has increased and includes loan modification scams and foreclosure rescue schemes in which perpetrators convince borrowers they can save their homes through deed transfers and upfront fees.
Cardona said stock market fluctuations have also resulted in more Americans falling for fake investments.
"It's not a dynamic that we think will self-correct. If anything it could get worse," he said
The report listed "hot spots" for mortgage fraud. California, Florida and New York were among the hottest of those, in line with some of the worst unemployment and mortgage default rates in the country.
Since the FBI was tasked with rooting out criminal activity that exacerbated the housing crisis in 2008, it has been criticized as ineffective against powerful executives of companies tied to the housing and financial industry.
"Although we tried mightily we just didn't hit the mark," Cardona said, referring to the aborted investigation of Washington Mutual Bank in early August.
Cardona said the government struggles to prove criminal intent in corporate crime.
One of the biggest cases so far was a $3 billion fraud case involving the privately held mortgage firm Taylor, Bean & Whitaker Mortgage Corp. The chairman of the firm, Lee Farkas, was sentenced to 30 years in prison after being convicted on 14 counts of conspiracy, wire, securities and bank fraud.
Cardona said the FBI is hoping the government can win more high-profile cases through civil probes. He said the FBI is cooperating "closer now than ever" with the Securities and Exchange Commission and Commodity Futures Trading Commission.
"We're going to see a quicker return on investment through civil means than showing criminal intent by some of these high-level officials," he said.
http://news.yahoo.com/fbi-sees-mortgage-fraud-growing-economy-stumbles-215355231.html
FBI sees mortgage fraud growing as economy stumbles
Washington, Mortgage and investment schemes targeting troubled U.S. homeowners jumped in 2010 and may increase further if the economy does not improve, the FBI said on Friday.
The FBI said in an annual report that pending investigations increased 12 percent in the fiscal year ended September 30, 2010, to 3,129 cases. That in turn was a 90 percent jump from the previous fiscal year.
An FBI official said the trend will continue as more borrowers struggle to pay their mortgages.
"If we have continuing high unemployment and increased numbers of foreclosures, what we see is a greater percentage of the population of existing homeowners being vulnerable to these schemes," said David Cardona, FBI deputy assistant director.
The collapse of the housing boom and the resulting financial crisis has led to a wave of foreclosures. In 2010, 2.5 million foreclosures were initiated, with a similar number expected this year.
The FBI said mortgage origination schemes have declined due to the depressed market for home purchases.
Fraud targeting troubled borrowers, however, has increased and includes loan modification scams and foreclosure rescue schemes in which perpetrators convince borrowers they can save their homes through deed transfers and upfront fees.
Cardona said stock market fluctuations have also resulted in more Americans falling for fake investments.
"It's not a dynamic that we think will self-correct. If anything it could get worse," he said
The report listed "hot spots" for mortgage fraud. California, Florida and New York were among the hottest of those, in line with some of the worst unemployment and mortgage default rates in the country.
Since the FBI was tasked with rooting out criminal activity that exacerbated the housing crisis in 2008, it has been criticized as ineffective against powerful executives of companies tied to the housing and financial industry.
"Although we tried mightily we just didn't hit the mark," Cardona said, referring to the aborted investigation of Washington Mutual Bank in early August.
Cardona said the government struggles to prove criminal intent in corporate crime.
One of the biggest cases so far was a $3 billion fraud case involving the privately held mortgage firm Taylor, Bean & Whitaker Mortgage Corp. The chairman of the firm, Lee Farkas, was sentenced to 30 years in prison after being convicted on 14 counts of conspiracy, wire, securities and bank fraud.
Cardona said the FBI is hoping the government can win more high-profile cases through civil probes. He said the FBI is cooperating "closer now than ever" with the Securities and Exchange Commission and Commodity Futures Trading Commission.
"We're going to see a quicker return on investment through civil means than showing criminal intent by some of these high-level officials," he said.
http://news.yahoo.com/fbi-sees-mortgage-fraud-growing-economy-stumbles-215355231.html
Monday, August 8, 2011
U.S. Agents, an Aerial Snoop and Teams of Hackers
"Hacker" used to be a bad word. Now, Hackers are being offered positions with the government to combat cyber crime. So, tell all your homies they could turn their lives around and go legit, roger that .. done deal.
August 7, 2011
U.S. Agents, an Aerial Snoop and Teams of Hackers
Defcon, a convention of computer hackers here, was crawling with hackers, digital security professionals and federal agents.
WHY are federal agents hobnobbing with hackers?
Defcon, a convention of computer hackers here, was crawling with them on Friday. They smiled, shook hands, handed out business cards, spoke on a panel called “Meet the Federal Agent 2.0” and were really, really nice.
Naturally, federal agents have been hanging out at hacker gatherings for years to snoop. “Cloak and dagger,” as one put it.
This time they came with another purpose: to schmooze, impress and, perhaps ultimately, lure. The United States Cyber Command, the Pentagon’s Internet defense arm, “has a work force issue,” said Daron Hartvigsen, special agent with the Air Force Office of Special Investigations. “We have needs that some in this community can solve. We need folks with skills.”
Government agencies especially need computer professionals with cybersecurity skills. At Defcon, these skills were in ample supply — and they can alternately thrill and scare. There were hackers and lockpickers here, problem solvers and troublemakers. There were attendees with mohawks and blue hair, and some with blue mohawks. One wore a cape. A few wore kilts. Most, whether out of fear or conceit, insisted on using their digital names rather than their real ones: Lost, alien, Abstract.
In their midst were Internet crime investigators representing the Army, Navy, Air Force and NASA. The F.B.I. set up a recruiting table at Black Hat, a related conference of security professionals earlier in the week. A National Security Agency official was to speak to next-generation hackers at a two-day event called Defcon Kids on Saturday.
For the federal agents, it seemed less an aggressive recruiting drive than a public diplomacy mission. They took pains to describe themselves as lovable hackers under their crew cuts.
Ryan Pittman, an ex-cop who now works computer crime cases in the Army’s criminal investigations division, said the convention was an opportunity to whittle away the federal agents’ image as “jackbooted thugs.” Ahmed Saleh, a computer crime investigator with NASA, described a job that might be appealing “if you’re a geek and you want to catch the bad guys.”
There seemed to be plenty of receptive hackers. Christine Banek, 29, a software programmer with plum-colored hair, sidled up to Mr. Saleh after the panel and asked if his agency was still hiring. She said she had applied online and had not heard back. “If they were offering, I would totally take it,” she said. Later, she suggested aloud that the government legalize marijuana. Positive drug tests generally disqualify a candidate from a law enforcement position.
It flies. It spies. It is the color of sunshine, and it has googly eyes.
Meet WASP, the Wireless Aerial Surveillance Platform, one of the star attractions of this year’s Black Hat conference.
It’s a remote-controlled plane with a computer in its belly that can fly up to 400 feet above the ground, snoop quietly on wireless networks below and attack one if it wants to. It can also pretend to be a GSM cellphone tower, eavesdropping on calls and text messages that pass through.
The WASP was built by Richard Perkins and Mike Tassey using hobby materials, including a Styrofoam plane body, a plastic propeller and foam tires, along with circuit boards and wires. The materials are all off the shelf, costing $6,190 — a fraction of the cost of a spy plane, with cyberweapons included.
Its creators eschew the term “spy plane.” “There’s a negative connotation to a spy plane,” Mr. Tassey said. “This was done in an attempt to prove a concept.”
What concept?
“That it can be done,” he said.
His sentiment perfectly embodied the ethos of Black Hat, a spirited gathering of technologists who sometimes make scary things to show that they can be made, and at other times break things to show how badly they need to be fixed.
The bird conjured by Mr. Perkins and Mr. Tassey is barely four feet long and becomes an imperceptible, quietly humming little creature when it hovers overhead. It could be deployed over, say, an office building to sniff out information going across its wireless network. Or if the office network is well secured, the plane could follow an employee on a trip to a neighborhood Starbucks.
The WASP could mimic the cafe’s network, luring the unwitting employee and allowing access to a laptop or cellphone. As Mr. Tassey put it, “In Starbucks, no one can hear your laptop scream.”
They sat at tables along the perimeter of a ballroom in the Rio hotel. Lights were low. Laptops burned like campfires. Men and women hunched over the machines, their backs curved like question marks. Their fingers clicked away furiously.
“This is a spelling bee for hackers,” explained Giovanni Vigna, 42, a professor of computer science from the University of California, Santa Barbara. “It’s a way to prove your hacking skills.”
Each team, he said, was given the same type of virtual server, with the same strengths and weaknesses. The teams were charged with defending their servers and attacking those of others. Each time a weak spot was attacked, a flag was awarded. The team with the most flags won. Hence, the name of the contest: Capture the Flag. This was the final round.
Contests are a big deal at Defcon. But they’re not all on computers. Defcon is about celebrating tinkering.
There was a “lockpicking village” where interested parties did exactly that: pick locks. “Most of us see locks as puzzles,” Babak Javadi, 26, one of the organizers, explained. He has been taking apart locks since he was a kid, he said, and now runs a security business, specializing in high-security locks.
There was a barber offering mohawks. There were vendors selling “advanced gaming eyewear,” glasses that sell for up to $189 a pair, designed to reduce the glare of a computer screen and ease eye fatigue. There were vendors selling luggage tags that said “Geek on Board.”
In one hall, a competition was under way to invent a beer-cooling contraption. In another, teams were competing to tamper with so-called tamper-resistant materials.
“You’re doing something you’re not meant to do: That’s the essence of hacking,” said Chris Kuivenhoven, 34, a security engineer from Atlanta. “People can use it for good or bad.”
http://www.nytimes.com/2011/08/08/technology/scenes-from-hacker-gatherings-in-las-vegas.html?_r=1&pagewanted=all
August 7, 2011
U.S. Agents, an Aerial Snoop and Teams of Hackers
Defcon, a convention of computer hackers here, was crawling with hackers, digital security professionals and federal agents.
WHY are federal agents hobnobbing with hackers?
Defcon, a convention of computer hackers here, was crawling with them on Friday. They smiled, shook hands, handed out business cards, spoke on a panel called “Meet the Federal Agent 2.0” and were really, really nice.
Naturally, federal agents have been hanging out at hacker gatherings for years to snoop. “Cloak and dagger,” as one put it.
This time they came with another purpose: to schmooze, impress and, perhaps ultimately, lure. The United States Cyber Command, the Pentagon’s Internet defense arm, “has a work force issue,” said Daron Hartvigsen, special agent with the Air Force Office of Special Investigations. “We have needs that some in this community can solve. We need folks with skills.”
Government agencies especially need computer professionals with cybersecurity skills. At Defcon, these skills were in ample supply — and they can alternately thrill and scare. There were hackers and lockpickers here, problem solvers and troublemakers. There were attendees with mohawks and blue hair, and some with blue mohawks. One wore a cape. A few wore kilts. Most, whether out of fear or conceit, insisted on using their digital names rather than their real ones: Lost, alien, Abstract.
In their midst were Internet crime investigators representing the Army, Navy, Air Force and NASA. The F.B.I. set up a recruiting table at Black Hat, a related conference of security professionals earlier in the week. A National Security Agency official was to speak to next-generation hackers at a two-day event called Defcon Kids on Saturday.
For the federal agents, it seemed less an aggressive recruiting drive than a public diplomacy mission. They took pains to describe themselves as lovable hackers under their crew cuts.
Ryan Pittman, an ex-cop who now works computer crime cases in the Army’s criminal investigations division, said the convention was an opportunity to whittle away the federal agents’ image as “jackbooted thugs.” Ahmed Saleh, a computer crime investigator with NASA, described a job that might be appealing “if you’re a geek and you want to catch the bad guys.”
There seemed to be plenty of receptive hackers. Christine Banek, 29, a software programmer with plum-colored hair, sidled up to Mr. Saleh after the panel and asked if his agency was still hiring. She said she had applied online and had not heard back. “If they were offering, I would totally take it,” she said. Later, she suggested aloud that the government legalize marijuana. Positive drug tests generally disqualify a candidate from a law enforcement position.
It flies. It spies. It is the color of sunshine, and it has googly eyes.
Meet WASP, the Wireless Aerial Surveillance Platform, one of the star attractions of this year’s Black Hat conference.
It’s a remote-controlled plane with a computer in its belly that can fly up to 400 feet above the ground, snoop quietly on wireless networks below and attack one if it wants to. It can also pretend to be a GSM cellphone tower, eavesdropping on calls and text messages that pass through.
The WASP was built by Richard Perkins and Mike Tassey using hobby materials, including a Styrofoam plane body, a plastic propeller and foam tires, along with circuit boards and wires. The materials are all off the shelf, costing $6,190 — a fraction of the cost of a spy plane, with cyberweapons included.
Its creators eschew the term “spy plane.” “There’s a negative connotation to a spy plane,” Mr. Tassey said. “This was done in an attempt to prove a concept.”
What concept?
“That it can be done,” he said.
His sentiment perfectly embodied the ethos of Black Hat, a spirited gathering of technologists who sometimes make scary things to show that they can be made, and at other times break things to show how badly they need to be fixed.
The bird conjured by Mr. Perkins and Mr. Tassey is barely four feet long and becomes an imperceptible, quietly humming little creature when it hovers overhead. It could be deployed over, say, an office building to sniff out information going across its wireless network. Or if the office network is well secured, the plane could follow an employee on a trip to a neighborhood Starbucks.
The WASP could mimic the cafe’s network, luring the unwitting employee and allowing access to a laptop or cellphone. As Mr. Tassey put it, “In Starbucks, no one can hear your laptop scream.”
They sat at tables along the perimeter of a ballroom in the Rio hotel. Lights were low. Laptops burned like campfires. Men and women hunched over the machines, their backs curved like question marks. Their fingers clicked away furiously.
“This is a spelling bee for hackers,” explained Giovanni Vigna, 42, a professor of computer science from the University of California, Santa Barbara. “It’s a way to prove your hacking skills.”
Each team, he said, was given the same type of virtual server, with the same strengths and weaknesses. The teams were charged with defending their servers and attacking those of others. Each time a weak spot was attacked, a flag was awarded. The team with the most flags won. Hence, the name of the contest: Capture the Flag. This was the final round.
Contests are a big deal at Defcon. But they’re not all on computers. Defcon is about celebrating tinkering.
There was a “lockpicking village” where interested parties did exactly that: pick locks. “Most of us see locks as puzzles,” Babak Javadi, 26, one of the organizers, explained. He has been taking apart locks since he was a kid, he said, and now runs a security business, specializing in high-security locks.
There was a barber offering mohawks. There were vendors selling “advanced gaming eyewear,” glasses that sell for up to $189 a pair, designed to reduce the glare of a computer screen and ease eye fatigue. There were vendors selling luggage tags that said “Geek on Board.”
In one hall, a competition was under way to invent a beer-cooling contraption. In another, teams were competing to tamper with so-called tamper-resistant materials.
“You’re doing something you’re not meant to do: That’s the essence of hacking,” said Chris Kuivenhoven, 34, a security engineer from Atlanta. “People can use it for good or bad.”
http://www.nytimes.com/2011/08/08/technology/scenes-from-hacker-gatherings-in-las-vegas.html?_r=1&pagewanted=all