Monday, June 22, 2015

OPM Breaches Go Back to 2012 and 2013

The Office of Personnel Management's troubles extend even further back than the current reported 2014-2015 timeline according to a 2013 Office of the Inspector General audit report on OPM's use of Serena Business Management software. The system was hacked in May, 2012 and March 2013 and sensitive data was lost (p.ii of the Executive Summary).

Appendix II of the above-referenced 2013 report contains a copy of the FLASH Audit Alert to the OPM, which states:
"In May 2012, a malicious hacker successfully breached OPM's Serena Business Manager system (Serena, formerly known as TeamTrack). The system was briefly taken down by OPM's Office of the Chief Information Officer (OCIO), but was quickly restored and made available on the public Internet." 
"Over the past year. the a CID 's Network Security Branch has conducted vulnerability scans that detected security flaws in the Serena system. However. it appears that no action was taken by the system administrators to address these issues, as another application on the Serena platform was hacked in March 2013. 
After both security breaches. the hackers boasted on the Internet about compromising a government computer system. leading to embarrassing publicity for OPM."
According to the company, Serena Business Software has been used by OPM for automating process solutions for background checks, FOIA requests, health and compliance issues, etc.

Friday, June 12, 2015

Tianjin University Use Case For R&D As A Way To Predict Breaches Targeting IP

On May 19, 2015, The FBI announced that it had charged six individuals (including two Chinese professors) with economic espionage and theft of trade secrets "for their roles in a long-running effort to obtain U.S. trade secrets for the benefit of universities and companies controlled by the PRC government(1)."

Here are the details from the FBI's press release:
"According to the indictment, PRC nationals Wei Pang and Hao Zhang met at a U.S. university in Southern California during their doctoral studies in electrical engineering. While there, Pang and Zhang conducted research and development on thin-film bulk acoustic resonator (FBAR) technology under funding from U.S. Defense Advanced Research Projects Agency (DARPA). After earning their doctorate in approximately 2005, Pang accepted employment as an FBAR engineer with Avago Technologies (Avago) in Colorado and Zhang accepted employment as an FBAR engineer with Skyworks Solutions Inc. (Skyworks) in Massachusetts. The stolen trade secrets alleged in the indictment belong to Avago or Skyworks."
"Avago is a designer, developer and global supplier of FBAR technology, which is a specific type of radio frequency (RF) filter. Throughout Zhang’s employment, Skyworks was also a designer and developer of FBAR technology. FBAR technology is primarily used in mobile devices like cellular telephones, tablets and GPS devices. FBAR technology filters incoming and outgoing wireless signals so that a user only receives and transmits the specific communications intended by the user. Apart from consumer applications, FBAR technology has numerous applications for a variety of military and defense communications technologies."
"According to the indictment, in 2006 and 2007, Pang, Zhang and other co-conspirators prepared a business plan and began soliciting PRC universities and others, seeking opportunities to start manufacturing FBAR technology in China. Through efforts outlined in the superseding indictment, Pang, Zhang and others established relationships with officials from Tianjin University. Tianjin University is a leading PRC Ministry of Education University located in the PRC and one of the oldest universities in China." 
"As set forth in the indictment, in 2008, officials from Tianjin University flew to San Jose, California, to meet with Pang, Zhang and other co-conspirators. Shortly thereafter, Tianjin University agreed to support Pang, Zhang and others in establishing an FBAR fabrication facility in the PRC. Pang and Zhang continued to work for Avago and Skyworks in close coordination with Tianjin University. In mid-2009, both Pang and Zhang simultaneously resigned from the U.S. companies and accepted positions as full professors at Tianjin University. Tianjin University later formed a joint venture with Pang, Zhang and others under the company name ROFS Microsystem intending to mass produce FBARs."
"According to the indictment, the stolen trade secrets enabled Tianjin University to construct and equip a state-of-the-art FBAR fabrication facility, to open ROFS Microsystems, a joint venture located in PRC state-sponsored Tianjin Economic Development Area (TEDA), and to obtain contracts for providing FBARs to commercial and military entities."
While this case is an example of industrial espionage, identical cases involving cyber espionage and other forms of IP theft happen frequently against companies who engage in research and development that's of interest to rival governments, state-owned enterprises and for-profit corporations world-wide.

Taia Global's REDACT™ is the only commercial product outside of a classified environment that is entirely focused on collecting, aggregating, and mining foreign government funding of R&D at the project level. Had Avago and Skyworks been REDACT™ customers, they would have been able to identify which government-funded research universities and state key labs were working on FBAR and other precision acoustic technologies and then assess how valuable their technology was to rival governments, thus establishing their Target Asset Value™.

Wednesday, June 10, 2015

BREAKING: SCANEX Reported Greenpeace Vessel Arctic Sunrise to FSB, Then Sought To Cover It Up

On September 18, 2013 Greenpeace protestors left the Arctic Sunrise on inflatable motor boats and headed towards Gazprom's oil platform, the Prirazlomnaya, to protest drillings' which threaten the pristine Arctic environment. The Russian Coast Guard was informed of the attempted protest action and sent commandos to intercept them. They rammed the Greenpeace inflatables, fired shots across the bow of the Arctic Sunrise and arrested two activists.

On September 19, agents from the Russian Security Service (FSB) fast-roped onto the deck of the Arctic Sunrise from a helicopter overhead and took the entire ship into custody even though it was in international waters and outside the 500 meter protection zone around the drilling platform.

Taia Global analysts have discovered that RDC SCANEX, a privately owned Russian company, alerted the Coast Guard. In an email thread dated 20 September 2013, Georgy Potapov, a project manager at SCANEX at the time, wrote:
"If you, like me, received a letter from Greenpeace today about the campaign near the Gazprom rig in the Perchora Sea (also known as the Prilazlomnaya Platform) – then you’re aware that their ship was boarded by border guards. They have even been charged with violating a foreign ship within the limits of territorial waters, the so-called three-mile zone.""When charting them on the OSM map with the boundaries of water, adding the three-mile buffer zone and looking at the dates - we can see that on September 16th, Arctic Sunrise ship arrives, then moves in a circle, but does not cross any border zones or any limits of territorial waters."

Arctic Sunrise Location

Alexey Kucheiko, Deputy Director of SCANEX, responded:
"For your information (in order to cool the excitement of the findings), we have provided direction for the border guards twice to intercept the ship with Greenpeacers, passing the AIS remarks to the Coast Guard of the FSB frontier: in the Kara and Pechora Sea.""And if prompted, we will ensure the seizure of the crazy civilians again. I am sure that if they got on Statoil or Shell’s platform in Alaska, they would have received even more serious consequences for the Greenpeace cash bank.""Please be very carefully in sharing your "findings" which can expose and bring a blow to our people.""For possible objections about the need to protect nature - we are conducting 2 commercial contracts, one with the wildlife sanctuary and the other - with the WWF on the basis of AIS."
Deputy Director Kucheiko not only clarified that SCANEX was responsible for reporting the position of the Arctic Sun to the Russian Coast Guard, which is part of the Border Guard of the FSB, but that he knew they'd suffer repercussions from their customers and planned to offset the blowback by providing AIS support to two environmental organizations. This is the equivalent of an oil company who, after creating an environmental disaster, announces how environmentally friendly they are.

Olga Gershenzon, SCANEX's VP of Engineering, asked Kucheiko:
"And at whose request have we imposed the Border Guards on Greenpeace?", 
to which Kucheiko replied:
"At the personal request of the regional border guard officer of Coast Guard Border Service of FSB. Information is being reported to Moscow. His leaders are planning to come to our conference."
RDC SCANEX has numerous foreign partners including the U.S. Geological Survey, VMWare, HP, IBM, and Google. This could be a supply chain nightmare for western companies who have no idea what type of work SCANEX may be doing for the FSB.

On September 30, Greenpeace Russia released a statement refuting the Russian government's declaration of illegal activities by Greenpeace.
(machine translation) "Greenpeace icebreaker Arctic Sunrise did not cross the established international and Russian legislation a security zone around the platform." 
"International law, in particular Article 60 (5) of the UN Convention on the Law of the Sea allows you to declare a security zone no more than 500 meters around the offshore installation. Arctic Sunrise has never approached "Prirazlomnaya" closer than 500 meters. It can be seen on the web map , which displays the location of the ship. Location data were obtained through a geo-portal "Kosmosnimki" integrated with the Canadian AIS (Automatic Identification System) " Exactais " in real time." 
"Inflatable boats used for carrying out a peaceful protest, approached closer than 500 meters to the platform. However, they do not pose a security risk to "Prirazlomnaya", which is on the high pedestal of steel and concrete to protect from the effects of huge ice floes." 
"Actions activists present no hazard to the platform. All the Greenpeace activists undergo special training to non-violent action. They endangered the lives of the platform with him they did not have anything except banners and ropes. This is a peaceful protest was held at the "Prirazlomnaya" last year and took place without incident."
Taia Global asked Greenpeace Russia to comment on this report. They informed us that there was no need for SCANEX to contact the Coast Guard since they were already in regular radio contact with the Coast Guard starting two days before the protest action took place. Daniel Simons, Chief Legal Counsel at Greenpeace International said:
"When the protest began, the ship radioed to the Prirazlomnaya to explain the peaceful intentions of the Greenpeace activists. This is standard practice at any Greenpeace protest and since this incident Greenpeace has continued to protest Arctic oil drilling peacefully and safely, most recently on Shell’s Arctic rig Polar Pioneer, which plans to drill off Alaska this summer." 
"If the FSB received further information from Scanex on the ship's positions, it merely reinforces that official claims that the Coast Guard intervened forcefully because it feared a terrorist attack were bogus."
Almost one year ago, on June 6, 2014, the Russian government released the Arctic Sunrise vessel, having held it for almost 9 months. The crew members had been released after a little over three months. Greenpeace has vowed to continue campaigning peacefully against oil drilling in the Arctic.

NOTE: The emails quoted in this thread were delivered to Taia Global by a Ukrainian hacker who cracked the email archives of Alexey Beseda, one of the board members of RDC Scanex as a protest action against Russia's incursion into Ukraine. All emails were translated into English from the original Russian language.

In July, 2014, the Ukrainian Security Service (SBU) opened a criminal case against the head of the Russian Coast Guard for financing insurgents and smuggling weapons into Eastern Ukraine.

This article has been cross-posted from the Taia Global website.

"Hacked Emails Reveal Russian Plans To Obtain Sensitive Western Tech"

Friday, June 5, 2015

Anonymous Operations and Techniques revealed by Former CabinCr3w and Anonymous Members

After the online uproar over my inviting Hector Monsegur (aka Sabu) to speak at Suits and Spooks NYC, I offered to provide a second panel to any Anonymous leaders (meaning individuals who actually planned and led an Op) who wanted to participate. I'm happy to announce that two really interesting folks came forward and took me up on my offer.
VizFoSho is a Database Analyst for a private company, and is a former member of Anonymous and CabinCr3w. After the arrest of two of CabinCr3w members and the end of the group, Viz helped launch the Rustle League as one of its core members. He worked on various Ops while with Anonymous, and led a few of his own. Viz is the creator of Op Equip, which is a registered nonprofit that puts computers with educational software into the hands of those residing in impoverished communities. One of his last acts as a member of Anonymous was an attempt to clean up the YourAnonNews twitter account, working with a small team of people who never got their YAN mugs. 
Flanvel is an independent internet and security researcher who is a former Anonymous member. During his time as a member, he helped create videos, media, and write press releases. From 2010 throughout 2013, he was an active member and worked on several worldwide operations. He was also a contributor to @Anon_Central. An account documented in GHCQ's program called LOVELY HORSE to monitor and index public discussion by hackers on Twitter and other social media. Since his disbandment with the group, Flanvel has worked identifying software vulnerabilities and creating exploits as well as creating several software products such as a crawler to identify, index, and crawl Tor network hidden services.
This has never been done before at any security conference. Anons are a secretive group, by necessity, but security conference organizers frequently shy away from controversy because it might offend their sponsors. RSA, for example, hired Hector to speak last year and then changed their mind due to fears about possible blowback. Sponsorship dollars are hard to get because there's over a thousand security events each year. For example, Suits and Spooks has seen a consistent drop in sponsorships over the past year or so because we're a very small, specialty event. In fact, we lost a media sponsor (CSFI) because of my invitation to Hector to speak. I've been warned by someone at another company that has supported our events in the past that the negative comments about my inviting Hector speak could be hurting the Suits and Spooks brand. That person clearly has no idea what our brand is.

My goal has always been to invite speakers from the IC, law enforcement, and the private sector who can shed light on hard challenges (especially first-hand experiences) and engage in discussion with our attendees to find answers. In order for that process to work, you have to include "bad actors" who are willing to share first-hand info. What most conferences offer instead are security researchers who have "studied" Anonymous. That's fine but it's not nearly as valuable as having an Anon operator speak.

The bottom line is that I have never and will never edit my choice of speakers for political correctness or to cater to my sponsors. I'll shutter this event first.

I hope that those of you who support my approach will either register and attend or encourage others to do so. I'm offering 50% off the normal registration fee of $598 (now only $299) until Monday June 8th. Registration includes all sessions plus two lunches and two breakfasts. Attendees will also receive an awesome t-shirt designed by Norse Corp., one of our sponsors.

Tuesday, June 2, 2015

Former Director, CIA's Center for the Study of Intelligence, on Improving Cyber Threat Analysis

Carmen Medina is an internationally known visionary and analytic thinker who served 32 years with the Central Intelligence Agency. During her time there, she served as Deputy Director, Intelligence and Director, Center for the Study of Intelligence (the CIA's internal think tank). She'll be speaking at Taia Global's Suits and Spooks All Stars event at Soho House in New York City on June 19-20, 2015.

You can see her Suits and Spooks 2014 talk on Vimeo:

Carmen is one of our most popular speakers and this event is limited to only 75 attendees so register today before we sell out.

Use discount code NYC2015 by June 7th and save 50% (only $299).

Suits and Spooks NYC Targeted By Anonymous For A Protest Operation

Yesterday I announced that Hector Monsegur (aka Sabu), the founder of LulzSec and a long time member of Anonymous who was responsible for hundreds of attacks, will be a speaker at Suits and Spooks NYC (June 19-20, 2015).

Today, Anonymous (@YourAnonNews) whose Twitter account has 1.4 million followers has announced a #NYC PROTEST SABU operation to take place at Soho House, our venue for the event, on June 20th at 2pm. This marks an unusual first for Suits and Spooks however I've always chosen to provide a platform for speakers with interesting skill sets that aren't typically invited to security conferences. I've found that it's always better sort out disagreements in person in a safe environment than simply engage in online trolling.

So if you'd like to hear what Sabu has to say about his time with Anonymous and what actually happened when he was arrested and began working for the FBI, register and attend. You'll not only get to speak with Sabu but you'll also enjoy hearing some of the best security minds on the planet.

Monday, June 1, 2015

Meet LulzSec Founder "Sabu" at Suits and Spooks NYC

Hector Monsegur (aka Sabu) was responsible for many of the highest profile hacks conducted by LulzSec and Anonymous between 2009 and 2011. His arrest and subsequent assistance to the FBI helped prevent hundreds of attacks in 2012 and 2013. Now that his probationary period with the Dept of Justice has ended, I've asked him to speak at Suits and Spooks NYC this month to talk about his time in Anonymous and its rise and fall. He's also willing to do a Q&A with our attendees. This is the first event that Hector has agreed to speak at since his arrest and you won't want to miss it.

In fact, we have the best lineup of speakers for any security event this year. These folks usually give the keynote at events around the world but they'll all be at Suits and Spooks All Stars at Soho House NYC on June 19-20. Here are just a few:

Dan Geer (In-Q-Tel)
Carmen Medina (Retired CIA Deputy Director of Intelligence)
David Kilcullen (Former Special Advisor on Counter Insurgency, State Dept.)
Other speakers include Stewart Baker (formerly NSA General Counsel), Zachary Tumin (Deputy Commissioner NYPD), Niloo Howe (Endgame), Joe Fitzpatrick (Firmware hacker), Kurt Stammberger (Norse), and actress Janina Gavankar (invited).

There are only 35 seats left so register soon before we sell out. Use discount code NYC2015 and save 50% on your registration fee (only $299 with code).