Public Intelligence

A letter from the Commander of U.S. Cyber Command Keith Alexander to Senator John McCain describing the role of U.S. Cyber Command and its position on current efforts to pass cybersecurity legislation.

A fascinating article in the San Jose Mercury News discusses the recent expansion of public-private partnerships in the growing effort to combat cyber threats from foreign governments and criminals. These partnerships occur through formal agreements between major corporations and government-backed organizations, such as law enforcement, the military or research institutions. The agreements usually involve sharing of intelligence between the government and corporate representatives, as well as participation in threat reporting programs and security exercises. In some cases, the partnerships relate directly to research and development regarding ways to mitigate security threats.

Rather than combating natural disasters or a nuclear detonation in a major U.S. city, this year’s National Level Exercise will focus on cyber threats to critical infrastructure and the “real world” implications for government and law enforcement of large-scale cyber attacks. National Level Exercise 2012 (NLE 2012) is scheduled to take place in June and will involve emergency response personnel from at least thirteen states, four countries, nearly every major governmental department as well as a number of private companies, non-governmental organizations, institutions of higher education and local fusion centers. The exercise will span four FEMA regions and will include scenarios affecting the National Capital Region.

This document is intended to provide private sector stakeholders with an overview of NLE 2012, to include a discussion of the exercise timeline, a snapshot of the exercise scenario, and a review of the various potential exercise participation opportunities.

The National Security Agency/Central Security Service officially opened the new NSA/CSS Georgia Cryptologic Center at a ribbon-cutting ceremony where officials emphasized how the $286 million complex will provide cryptologic professionals with the latest state-of-the-art tools to conduct signals intelligence operations, train the cryptologic workforce, and enable global communications. NSA/CSS has had a presence in Georgia for over 16 years on Ft. Gordon, when only 50 people arrived to establish one of NSA’s Regional Security Operations Centers.

Tom Kean and Lee Hamilton, who co-chaired the 9/11 Commission, weighed in Monday on a simmering disagreement in the Senate over the best way to address the nation’s vulnerability to cyberattacks. The two men, who now run the Bipartisan Policy Center’s Homeland Security project, are calling on senators to take more urgent action on the issue of cybersecurity. They cite recent public statements by Director of National Intelligence James Clapper and FBI DIrector Robert Mueller warning that the cyber threat is expected to overshadow other terrorist threats facing the United States in the not-too-distant future. “Much like the situation before the September 11, 2001, attacks, the federal government is not adequately organized to deal with a significant emerging national security threat,” said Kean, former governor of New Jersey; and Hamilton, a former congressman from Indiana, in a letter sent to Senate leaders urging action on cybersecurity.

Like Damocles’ sword, this global interconnectivity both strengthens us and moderates us at the same time. We are strengthened because we are better connected to others than ever before and thus capable of spreading the seeds of liberty and opportunity to populations that yearn for it and where the lack of it is still being justified. We are moderated by this interconnectivity because others can more easily exploit the seams and turn our freedoms against us to infect with vitriolic propaganda that violently radicalizes populations across this interconnected web. It is the matter of moderation of our strength that brought together the remarkable group of thinkers whose words are reflected within this report. We are concerned here with the problem of deterring violent non-state actors from doing harm to our nation and to our allies. The questions of extending freedom through access while mitigating the misuse of that freedom to harm us were the dominant questions we took up in this workshop.

Steganography—the practice of concealing data within a carrier—may be used to obscure malicious or criminal information and activity from law enforcement. While steganography dates to the fifth century BC, it has long been regarded as, and remains, one of the most advanced forms of clandestine communication. In modern usage, the Internet allows accessibility to, and broad dissemination of, steganography tools, and its application continues to evolve with technology. Understanding steganography in its current state is essential to its identification and detection.

The Department of Homeland Security is set to participate in a discussion panel at an online dating industry conference in Miami in the coming days. Tom Millar, chief of communications for the Department of Homeland Security’s United States Computer Emergency Readiness Team (US-CERT) is slated to discuss deceptive dating tactics in a January 24 panel at the iDate SuperConference event, said a statement from Ticondergoa Ventures, Inc., the sponsor of the conference. The event takes place on January 23-30, 2012 in Miami Beach. Millar’s session is designed, said Ticonderoga Ventures, to help dating operators prevent fraud within their respective sites.

Members of the House Homeland Security Committee introduced a cybersecurity bill on Thursday that would establish a quasi-governmental entity to oversee information-sharing with the private sector. Like the other cybersecurity bills offered by the House GOP, the Promoting and Enhancing Cybersecurity and Information Sharing Effectiveness (PrECISE Act) encourages private firms to share information on cyber threats but stops short of mandating new security standards for sectors deemed critical to national security. “The risk of cyberattack by enemies of the United States is real, is ongoing and is growing,” said Chairman Pete King (R-N.Y.). “The PrECISE Act, in line with the framework set forth by the Speaker’s Cybersecurity Task Force led by Rep. [Mac] Thornberry [R-Texas], protects our critical infrastructure without a heavy-handed and burdensome regulatory approach that could cost American jobs.”

US citizens and assets – including the White House, the Central Intelligence Agency, InfraGard, the state of Arizona, and major defense contracting companies – experienced high-profile cyber threats and attacks in the first half of 2011. Most of the tactics and techniques used were not new, however the increase in attacks during the past few months exemplifies the growth of cyber incursions and reinforces the need to be aware of risks and mitigation techniques associated with cyber threats.

The FBI assesses with high confidence a that law enforcement personnel and hacking victims are at risk for identity theft and harassment through a cyber technique called “doxing.” “Doxing” is a common practice among hackers in which a hacker will publicly release identifying information including full name, date of birth, address, and pictures typically retrieved from the social networking site profiles of a targeted individual.

The Chertoff Group, a global security advisory firm founded by Michael Chertoff, former Secretary of the U.S. Department of Homeland Security (DHS), is pleased to announce the opening of a new office in San Francisco. Founded in 2009, The Chertoff Group provides consulting, business development, and merger and acquisition (M&A) advisory services for clients in the security, defense and government services industries. “We are excited to be expanding our presence in Silicon Valley – the heart of innovation and home to so many truly transformative technologies,” said Michael Chertoff, Chairman of The Chertoff Group. “This office will enable us to share our analysis and insight in the homeland security, defense and intelligence space with this unique community that is developing many of the critical technologies needed to confront today’s global security challenges. Our team has helped an array of companies grow and meet their business objectives especially in the federal and international markets and we look forward to continuing this work on the West Coast.”

The loosely organized hacking collective known as “Anonymous” has announced through several mediums that they plan on conducting cyber attacks, peaceful protests, and other unspecified activity targeting a variety of organizations. The purpose of this product is to judge the likelihood of occurrence for these events, as well as the potential impact.

This plan outlines the Chief of Naval Operations’ (CNO) Strategic Studies Group (SSG) XXVIFs approach to addressing the challenges of operating at the convergence of Sea Power and Cyber Power as presented in the CNO’s Theme. In addition to providing a framework for the approach, this plan presents SSG XXVIFs initial overarching concept and Concept Team (CT) areas of focus.

The National Security Agency, a secretive arm of the U.S. military, has begun providing Wall Street banks with intelligence on foreign hackers, a sign of growing fears of financial sabotage. The assistance from the agency that conducts electronic spying overseas is part of an effort by American banks and other financial firms to get help from the U.S. military and private defense contractors to fend off cyber attacks, according to interviews with U.S. officials, security experts and defense industry executives. The Federal Bureau of Investigation has also warned banks of particular threats amid concerns that hackers could potentially exploit security vulnerabilities to wreak havoc across global markets and cause economic mayhem. While government and private sector security sources are reluctant to discuss specific lines of investigations, they paint worst-case scenarios of hackers ensconcing themselves inside a bank’s network to disable trading systems for stocks, bonds and currencies, trigger flash crashes, initiate large transfers of funds or turn off all ATM machines.

The loosely organized hacking collective known as Anonymous has recently expressed an interest in targeting industrial control systems (ICS). This product characterizes Anonymous’ capabilities and intent in this area, based on expert input from DHS’s Control Systems Security Program/Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) in coordination with the other NCCIC components.

The hacker collective known as ‘Anonymous’ has successfully attacked a wide range of public and private sector entities since 2003 with relatively crude tools. Historically, they rely on tools such as the Low Orbit Ion Cannon (LOIC) or Botnets to deny access to websites, or hijack or deface web pages and post quasi-political statements, or perform other malicious activity. Since many of these older tools made it relatively easy for law enforcement and other government forces to identify the source of an attack and then arrest the perpetrator, Anonymous members may have recognized a need to have more advanced tools that offered a lesser degree of exposure. They recently claimed to have developed and possibly employed several new cyber attack tools for use in their self-proclaimed ‘internet civil disobedience’ campaigns. The NCCIC, coordinating with several of its partners, believes there are at least four new tools being shared among and employed by Anonymous members: #RefRef, Apache Killer, Anonware, and Universal Rapid Gamma Emitter (URGE).

The FBI assesses that the hacktivist group Anonymous is likely to participate in the “Day of Rage” protest scheduled for 17 September 2011 in New York City‟s financial district. While the extent of group members‟ participation in the event is unknown, in late August 2011 Anonymous endorsed the event through propaganda consisting of a video posted on YouTube and a campaign poster, as well as references in their Twitter accounts. In the past, Anonymous has been involved in physical protests that coincided with planned cyber attacks. This could indicate an intention to conduct a cyber attack in conjunction with the “Day of Rage” protest.

Threats posed by cyber-attacks on computer networks and the Internet are escalating from large-scale theft of data and strikes designed to disrupt computer operations to more lethal attacks that destroy entire systems and physical equipment. “That’s our concern about what’s coming in cyberspace — a destructive element,” Gen. Alexander, who is also the director of the National Security Agency, the electronic spying agency, said in a speech at a conference on cyberwarfare. Gen. Alexander said two cases illustrate what could happen in an attack.

This section provides the long-term Public Key Infrastructure (PKI) interoperability architecture for the CCEB Allies as agreed at the February 2005 Canberra Collocated Meeting. The architecture enables interoperability through direct cross-certification of each National Defence PKI (NDPKI) in a mesh configuration.

Department of Homeland Security National Cyber Security Division presentation on “Cyber Resilience” with overviews of recent hacking incidents, including many connected with the hacktivist group Anonymous.

Malicious users seeking to exploit interest related to physical events such as earthquakes and hurricanes will likely use subject lines and attachment titles related to the incidents in phishing e-mails. Network administrators and general users should be aware of these attempts and avoid opening messages with attachments and/or subject lines related to physical events.

The former director of the CIA’s Counterterrorism Center raised concerns Wednesday about an impending “code war” in which hackers will tamper not just with the Internet but with technology that runs real-world infrastructure. Somewhat fittingly, Cofer Black’s keynote talk at the Black Hat hacker conference at Caesars Palace in Las Vegas was interrupted by a literal alarm: flashing lights, sirens and the whole bit. “Attention, please. Attention, please,” a robotic woman’s voice said repeatedly as Black smiled, apparently confused. “We are currently investigating the alarm signal you are hearing. Please remain calm.” After a pause and some laughs from the audience, Black kept going.

This Bulletin is being provided for your Executive Leadership, Operational Management, and Security Administrators situational awareness. The actors who make up the hacker group “Anonymous” and several likely related offshoots like “LulzSec”, continue to harass public and private sector entities with rudimentary exploits and tactics, techniques, and procedures (TTPs) commonly associated with less skilled hackers referred to as “Script Kiddies”. Members of Anonymous routinely claim to have an overt political agenda and have justified at least a portion of their exploits as retaliation for perceived ‘social injustices’ and ‘freedom of speech’ issues. Attacks by associated groups such as LulzSec have essentially been executed entirely for their and their associates’ personal amusement, or in their own hacker jargon “for the lulz”.