China stole plans for a new fighter plane, spy documents have revealed
Date January 18, 2015 - 7:00PM
Stolen secrets: Chinese cyber spies have stolen details relating to the Joint Strike Fighter, or F-35 Lightning II.
Chinese spies stole key design information about Australia's new Joint Strike Fighter, according to top secret documents disclosed by former US intelligence contractor Edward Snowden.
German magazine Der Spiegel has published new disclosures of signals intelligence collected by the United States National Security Agency (NSA) and its "Five Eyes" partners, including the Australian Signals Directorate. The intelligence reveals new details of the directorate's efforts to track and combat Chinese cyber-espionage.
According to a top secret NSA presentation, Chinese cyber spies have stolen huge volumes of sensitive military information, including "many terabytes of data" relating to the Joint Strike Fighter (JSF) - also known as the Lockheed Martin F-35 Lightning II.
In April 2014 Tony Abbott announced Australia would buy 58 more F-35 fighters at a cost of more than $12 billion. Photo: Alex Ellinghausen
The leaked document shows that stolen design information included details of the JSF's radar systems which are used to identify and track targets; detailed engine schematics; methods for cooling exhaust gases; and "aft deck heating contour maps".
Although it has been previously alleged the F-35 has been a target of Chinese cyber-espionage, the Snowden documents provide the first public confirmation of how much the highly sensitive data has been compromised.
Military aviation experts have speculated that the design of China's new "fifth-generation" fighters - the Chengdu J-20 and the Shenyang J-31 - have been extensively influenced by design information stolen from the United States, significantly eroding the air power superiority the US and its allies have long enjoyed.
Edward Snowden was responsible for the National Security Agency leaks in 2013. Photo: Reuters/Glenn Greenwald/Laura Poitras
In April 2014 Prime Minister Tony Abbott announced that Australia would buy 58 more F-35 fighters at a cost of more than $12 billion. The extra aircraft will bring Australia's total planned JSF force to 72 aircraft, with the first of them to enter service with the Royal Australian Air Force in 2020.
"The fifth-generation F-35 is the most advanced fighter in production anywhere in the world and will make a vital contribution to our national security," Mr Abbott said.
In June 2013 US Defense Department acquisitions chief Frank Kendall told a US Senate hearing that he was "reasonably confident" classified information related to the development of the F-35 was now well protected. It is understood the main data breach took place at the prime contractor Lockheed Martin in 2007.
The Snowden documents confirm the Australian Government has been informed of the "serious damage" caused by Chinese cyber-espionage against the JSF. The leaked US NSA briefings, which predate Australia's acquisition of the fighter, are marked as releasable to all members of Five Eyes, which comprises the US, Britain, Canada, Australia and New Zealand.
The Snowden documents also show that Chinese cyber-espionage operations, codenamed "Byzantine Hades" by the Five Eyes partners, have enjoyed other successes with the US Defense Department registering over 500 "significant intrusions" in one year. Damage assessment and network repair costs amounted to more than $US100 million ($121 million).
Sensitive military technologies and data stolen included information relating to the B-2 stealth bomber; the F-22 Raptor stealth fighter; nuclear submarine and naval air-defence missile designs; and tens of thousands of military personnel records.
The total data theft was estimated to be equivalent to "five Libraries of Congress (50 terabytes)."
However, the documents also show that the NSA and its Five Eyes partners have penetrated China's espionage agencies, such as infiltrating the computer of a high-ranking Chinese military official and accessing information about Chinese intelligence targets in the US government and other foreign governments.
The Australian government has repeatedly refused to comment on specific disclosures from the documents leaked by Mr Snowden. However, federal Attorney-General George Brandis has called Mr Snowden "an American traitor".
The NSA's former top lawyer talks privacy, security, and Snowden's 'betrayal'
By Aaron Sankin
Apr 3, 2015, 9:48am CT | Last updated Apr 3, 2015, 11:25pm CT
"Lots of lawyers like to say they've litigated through public controversy," Rajesh De says with a chuckle, "but I've actually lived it."
De isn't kidding: He had been the top lawyer for the National Security Agency (NSA) for about a year when former agency contractor Edward Snowden leaked a trove of classified materials that instantly turned one of the most secretive arms of the U.S. government into the nation's No. 1 topic of conversation. Snowden's revelations about widespread government surveillance of the world's electronic communication networks raised serious questions about the legality and ethics of the program. It was a controversy in which De, as the agency's general counsel, stood directly in the center.
This scandal was hardly the first time De has lawyered his way through a high-profile, high-stakes position. Prior to joining the NSA, De worked as a legal advisor to the 9/11 Commission and as a staffer on the Senate Homeland Security & Governmental Affairs Committee. De also served as the White House staff secretary, personally managing the information flow going to President Obama.
After three years at the intelligence agency, De left government and now runs a rapidly growing team of over 30 lawyers in the privacy and cybersecurity practice at Washington, D.C.-based law firm Mayer Brown, which represented Ameritrade in one of the earliest high-profile data-breach cases, and the firm he left to join the executive branch during the early days of the Obama administration. (Full disclosure: Mayer Brown managing partner Kenneth Geller is the father of the Daily Dot's deputy morning editor, Eric Geller.)
While De wasn't able to respond to a few key followup questions—specifically two concerning the NSA's reported purchase of zero-day exploits and its reported infiltration of major SIM card manufacturer Gemalto—De offered detailed insights into the spy agency's efforts to find balance between security and privacy, why the NSA often has trouble defending itself in public, the culture of "No Such Agency," and what it was like on the inside when the Snowden bombshell went off.
You gave a speech at Georgetown University in 2013 where you said the idea that the NSA "is a vacuum that indiscriminately sweeps up and stores global communications is not something that's true." Can you expand on that? There's definitely a perception among much of the public that this is precisely what's happening.
Fmr. NSA General Counsel Rajesh De Mayer Brown
Rajesh De: It's both not accurate within our legal and regulatory mandates, nor is it accurate as a practical matter. NSA conducts its activities in what I would characterize as the most robust legal and policy framework in the world for these activities. And that's for good reason. I say that proudly because the U.S. intelligence community is one of the most powerful intelligence communities in the world, and we also have the strongest democratic tradition in the world.
Last January, the president issued a policy directive to the intelligence community. Without getting in the weeds, it's called Presidential Policy Directive 28. The first section of that articulates the principles by which we will and will not conduct this type of intelligence. First among those principles is intelligence collected will be as narrowly tailored as feasible given our national security needs. That is a principle from the president of the United States. Even within that context, what is conducted is not indiscriminate collection; it's because of certain intelligence requirements developed by policy makers.
Those who don't pay too close attention think the NSA is out there gathering up whatever it can without rhyme or reason. But, in fact, [collection] is in response to things called intelligence requirements, which are made through a big, formal process across the executive branch, by which different parts of the policy apparatus articulate needs for information. That ultimately gets winnowed down and articulated for lots of different intelligence agencies, not just the NSA, about what they need to know about X, Y, or Z. That is what the NSA is out there trying to collect.
One of the things that surprised me most about serving as the general counsel at the NSA was that it was a lot like serving as the general counsel for a highly regulated business or enterprise, which isn't how most people would think of the job. It's actually quite a complex array of constitutional principles, statutory regimes, internal executive branch regulations and, on top of that, an auditing and oversight structure that is unlike anything I had seen before. That's not an answer to every critique, but it's a fact that I had to deal with. It's really important to this question of what is pulled in and how the NSA is conducting itself with what is gathered.
So much of the NSA's mission necessarily involves secrecy, creating an inherent difficulty in the agency's ability to have the degree of transparency necessary to gain trust with a large segment of the public. How good of a job do you think the NSA has done in balancing secrecy and openness?
Well, there certainly is room for improvement. But I also think that it's far more complicated than those who don't have to actually do the job think it is. There are clearly things that the government is striving to be more transparent about. Things like what the framework within which intelligence activities—not just the NSA's—are conducted. What is the value proposition of those intelligence activities? Is it useful? Is it helpful? What are the American people getting out of it?
It's complicated because you can't always talk about intelligence successes, but I think the American people would be both pleased and surprised about the intelligence successes we've had. You need to understand that at a greater level in order to actually have a thoughtful, reasonable opinion about what the framework should be within which we operate. I certainly think that's an area that can be improved.
I don't think people realize how much of a driver the NSA is within the intelligence community. Last year alone, 60 to 80 percent of the information provided [to] the president in his daily brief came in part from the NSA. That's astonishing. I do think there's a need for the government to be more proactively transparent about what the intelligence community is asked to do at a high level and what value it provides.
Was the job of the NSA, in explaining both its mission and the controls on intelligence gathering it has place, made more difficult by not being more forthcoming about its activities prior to the Snowden leaks?
I certainly think the government would be well served to explain what it does in any situation. The history of "No Such Agency" did not serve it well when people start asking questions and wondering what the agency does. When there is a vacuum, people will naturally think the worst; we all do that. It would behoove the intelligence community to be more forward leaning and proactive.
You had been at the NSA for about a year before the Snowden leaks. What was the atmosphere inside the agency when it happened?
I was relatively new at the time, so I probably had a different experience than many of the people who had worked at the agency, in the culture of "No Such Agency" for many years.
My sense of it was that there were two overriding emotions among the workforce. The first was a deep, deep [feeling] of betrayal. Someone who was sitting next to them—being part of the team helping keep people safe, which is really what people at the agency think they are doing—could turn around and do something so self-aggrandizing and reckless.
"When there is a vacuum, people will naturally think the worst."
There was also a deep sense of hurt that a lot of what was in the media was not entirely accurate. Questioning the motives and legality of what NSA employees were being asked to do to keep Americans safe—all within the legal policy construct that we've been given—that was difficult for the NSA workforce. The good thing is that it's a mission-oriented place. Folks do tend to put their heads down and do what they're supposed to do. They worked through it.
You've said that the NSA is bound by a whole set of regulations aimed at protecting Americans from unlawful surveillance. Can you give an example of something the NSA could do with the technology that it has, but is electing not to do because of legal or privacy concerns?
I can’t give you a particular example, not because I can’t think of them, but because I can’t talk to that level of granularity.
That question does raise a very good point. In the context of a lot of disclosures that have come out post-Snowden, often the focus is on technical capabilities without considering the complete legal framework within which we have to operate. Talking about any program or activity, one very simple principle adheres: Under the Foreign Intelligence Surveillance Act (FISA), targeting a U.S. person for the contents of their communications anywhere in the world requires a probable cause finding by a federal judge. There's lot of talk about what the NSA could do, but that is a legal principle, enshrined in FISA. There is sometimes a disconnect between technical capability and legal framework. Whenever one reads about technical capabilities, one has to think about it in that context. But it's very rare that anyone actually writes about that latter piece.
There have been multiple government review groups that have gone through things like the phone metadata program and charged that there haven’t been too many tangible benefits outside of what could have been obtained through more traditional targeted phone records demands. How do those sorts of reports play into the agency's decision-making process?
What happens, unfortunately, is that there tends to be polarized discussion about if X is the most important thing in the world, what terrorist attack has it stopped? As opposed to a thoughtful discussion about how intelligence works. How complicated the landscape is? How different tools interplay with one another? How should one measure [a program's] contribution to public safety? Those are all really hard questions. Effectiveness should be, and is in fact, part of what intelligence agencies think about.
There is sometimes a disconnect between technical capability and legal framework.
One program that has been closely discussed is an email metadata program that was in place up until 2011. The decision to shut that program down was not made because there wasn't legal authority to do it but because it didn't make sense as an operational or resource matter. That is very good public example of a program that wasn't worth continuing that there was legal authority to conduct. It's hard to talk about those generally, but that folks would be well advised to understand that far more consideration other than what's been going on come into play—operational effectiveness, resource issues, privacy considerations, risk considerations, etc.
Through leaks and government reports, there have been disclosures of certain compliance violations by individual NSA employees. There were the analysts who were caught spying on former love interests and people collecting data outside of the limits of FISA. Have there been any criminal prosecutions for those violations? Are there other enforcement actions that have taken place?
I don't have any details of the particular cases. But if you look at the public correspondence between the folks at the NSA and senior folks at the Justice Department that have articulated what's happened in some particular cases, there are a couple big picture points. One is that the Foreign Intelligence Surveillance Court (FISC) opinions that have been released should put to bed any notion that the FISC is somehow a rubber stamp for the executive branch. If you take a moment to read some of those opinions, they can be quite harsh on the executive branch when mistakes happen.
They're quite useful in that regard.
Two: Some of this should give some confidence that the auditing and oversight mechanisms that are in place actually work—whether it is audits from outside the agency or automatic auditing from within the agency, [or] other sorts of methods that are in place. It's not an accident that we haven't seen widespread abuse of the intelligence apparatus. We have structures in place, at least in that respect, that actually work. We should feel confident and good about that as the American people.
Photo via NSA.gov
UK under pressure to respond to latest Edward Snowden claims
Sunday Times says Downing Street believes Russia and China have hacked into American whistleblower’s files, endangering US and British agents
Edward Snowden taking part in an online Q&A session from Moscow last year. Photograph: Itar-Tass/Barcroft Media
Ewen MacAskill and Patrick Wintour
Monday 15 June 2015 01.58 AEST Last modified on Monday 15 June 2015 12.47 AEST
Downing Street and the Home Office are being challenged to answer in public claims that Russia and China have broken into the secret cache of Edward Snowden files and that British agents have had to be withdrawn from live operations as a consequence.
The reports first appeared in the Sunday Times, which quoted anonymous senior officials in No 10, the Home Office and security services. The BBC also quoted an anonymous senior government source, who said agents had to be moved because Moscow gained access to classified information that reveals how they operate.
More on this topicSnowden files 'read by Russia and China': five questions for UK government
Privacy campaigners questioned the timing of the report, coming days after a 373-page report by the independent reviewer of terrorism legislation, David Anderson QC, which was commissioned by David Cameron. Anderson was highly critical of the existing system of oversight of the surveillance agencies and set out a series of recommendations for reform.
A new surveillance bill, scheduled for the autumn, is expected to be the subject of fierce debate.
Responding to the Sunday Times, David Davis, the Conservative MP who is one of the leading campaigners for privacy, said: “We have to treat all of these things with a pinch of salt.” He said the use of an anonymous source to create scare stories was a typical tactic and the timing was comfortable for the government.
“You can see they have been made nervous by Anderson. We have not been given any facts, just assertions,” he said.
Anderson recommended that approval of surveillance warrants be shifted from the home and foreign secretaries to a new judicial body made up of serving and retired judges, which Davis supports but towards which the government appears to be lukewarm.
Davis said there was little point in raising the Sunday Times allegations in the Commons as the government would say it does not comment on intelligence matters. Davis’s prediction was prescient. A Downing Street spokeswoman said: “We don’t comment on leaks.” The intelligence agencies said: “Our longstanding policy is not to comment on intelligence matters.”
But Eric King, the deputy director of Privacy International, echoed Davis, saying: “Looking at the Sunday Times, it asks more questions than it answers.” He added that if Downing Street and the Home Office believed that Russia and China had gained access to the Snowden documents, then why was the government not putting this out through official channels.
More on this topicCongress passes NSA surveillance reform in vindication for Snowden
He added: “Given Snowden is facing espionage charges in the US, you would have thought the British government would have provided them with this information.”
Snowden, a former NSA contractor, handed over tens of thousands of leaked documents to the Guardian in Hong Kong two years ago. He left Hong Kong with flights booked to Latin America but was stopped in Russia when the US revoked his passport, and has been living in Moscow in exile since.
He has repeatedly said he handed over all the documents to journalists in Hong Kong and no longer has access to them, making it impossible for either China or Russia to get to them through him. The Sunday Times and BBC do not say where China or Russia allegedly gained access to the files.
Shami Chakrabarti, director of Liberty, said: “Last week, David Anderson’s thoughtful report called for urgent reform of snooping laws. That would not have been possible without Snowden’s revelations. Days later, an ‘unnamed Home Office source’ is accusing him of having blood on his hands. The timing of this exclusive story from the securocrats seems extremely convenient.”
More on this topicIntelligence and security committee report: the key findings
Andrew Mitchell, a former cabinet minister, said he was sure the Sunday Times got story because of the Anderson report. He added: “I think we have to be very careful of the argument ‘listen sonny, we know what you don’t know and therefore you should do what we say’. That is not a good argument; we need to have a proper debate about all of this.”
“I don’t approve of what Snowden did, but I have to say having been to Washington recently that there has been a massive change of view in the United States, not just people like Rand Paul and so on, there’s a massive change of view about the debate and that has resulted from Snowden, whether you like it or not.”
The White House said it had no comment on the UK government claims.
Since the initial revelations about the extent of the bulk collection of communications data and the relationship between the intelligence agencies and internet companies, the US and British governments – and their intelligence agencies – have made a series of assertions that have subsequently been retracted.
Snowden was initially said to be a Chinese or Russian spy, but the US has since said this is not true. The US has also backtracked on claims that surveillance helped stop 56 plots and that Snowden had “blood on his hands”.
The British government and intelligence agencies in both countries issued warnings as far back as at least 18 months ago that the Snowden disclosures had helped terrorists, costing GCHQ, the UK’s main surveillance agency, up to 30% of its capabilities and that agents had had to be moved.
But privacy campaigners countered that no evidence had ever been provided to back up these assertions and that Snowden had done a public service by revealing the extent of illegal mass surveillance.
The allegations being made 18 months ago have now resurfaced in the Sunday Times. The paper quoted a source saying: “Agents have had to be moved and that knowledge of how we operate has stopped us getting vital information.” The source said they had no evidence that anyone had been harmed.
A “senior Home Office source” was also quoted by the newspaper, saying: “Putin didn’t give him asylum for nothing. His documents were encrypted but they weren’t completely secure and we have now seen our agents and assets being targeted.”
The Sunday Times also quoted a “British intelligence source” saying that Russian and Chinese officials would be examining Snowden’s material for “years to come”.
“Snowden has done incalculable damage,” the intelligence source reportedly said. “In some cases the agencies have been forced to intervene and lift their agents from operations to prevent them from being identified and killed.”
Edward Snowden on police pursuing journalist data: the scandal is what the law allows
The Guardian Edward Snowden: ‘Police in developed democracies don’t pore over journalists’ private activities to hunt down confidential sources.’
Edward Snowden has condemned Australian law enforcement for collecting the communications records of a Guardian journalist without a warrant.
The world’s most prominent whistleblower, who disclosed dragnet surveillance unprecedented in its scale by the National Security Agency and its allies, singled out for critique the Australian government’s contention that it broke no laws in its leak investigation of Paul Farrell, a Guardian reporter who in 2014 exposed the inner workings of Australia’s maritime interception of asylum seekers.
“Police in developed democracies don’t pore over journalists’ private activities to hunt down confidential sources,” Snowden told the Guardian.
“The Australian federal police are defending such operations as perfectly legal, but that’s really the problem, isn’t it? Sometimes the scandal is not what law was broken, but what the law allows.”
Throughout 2015 the Australian parliament enacted a series of controversial laws that curbed privacy and freedom of expression rights.
Geoffrey King, director of the Committee to Protect Journalists’ Technology Program, said the AFP’s actions were “obviously outrageous”.
“This should not be happening. But it is the inevitable result of mandatory data retention and mass surveillance, which is neither necessary nor proportional to any threat,” King said. “It doesn’t line up with the values that we all adhere to, to good counter terrorism strategy, and it certainly doesn’t line up with a free and open society where journalists can do their jobs.”
In March 2015 the Australian Senate passed legislation requiring internet and mobile phone companies to retain customer metadata for 24 months. The bill was vehemently opposed by the Australian Greens, whose communications spokesman, Senator Scott Ludlam, called its new provisions a “form of mass surveillance”.
Although a last-minute amendment obliged security agencies to get a warrant before accessing a journalist’s metadata, the law essentially expands the Australian government’s ability to conduct dragnet surveillance.
Australia, along with the US, UK, Canada and New Zealand, is part of the Five Eyes signals-intelligence sharing network.
Documents leaked by Snowden in 2013 revealed that Australian spying authorities had offered to share bulk metadata of ordinary Australian citizens with their partners in the Five Eyes network. Other documents Snowden leaked revealed Australian spies had attempted to listen in to the phone calls of former Indonesian president Susilo Bambang Yudhoyono and his inner circle, causing an extended diplomatic rift between the two countries.
The investigation into Farrell’s sources, for a story relating to the activities of an Australian customs vessel and a controversial operation to turn back a boat carrying asylum seekers from Indonesia, was conducted in 2014, before the amendment passed parliament. Law enforcement did not need a warrant for accessing the information at the time.
The case marks the first time the AFP has confirmed seeking access to a journalist’s metadata in a specific case, although the agency has admitted to investigating several journalists reporting on Australian immigration.
The acknowledgement that authorities had sought access to Farrell’s records was only divulged after the reporter lodged a complaint to Australia’s privacy commissioner under the country’s Privacy Act.
In July 2015, the Australian government passed the Border Force Act, which criminalises whistleblowing from within Australia’s hardline immigration detention network, making it an offense punishable with up to two years in prison.
The country’s “Operation Sovereign Borders”, a harsh, military-led crackdown on asylum seekers who attempt to enter Australia by boat, includes a policy of turning back boats carrying migrants and deporting every arrival including children to harsh, offshore detention centres in Papua New Guinea and the tiny pacific island state of Nauru, for permanent resettlement.
Data-Theft Arrest Shows that Insider Threat Remains Despite Post-Snowden Security*Improvements
By Patrick Tucker
October 7, 2016
The case of the NSA contractor arrested this week shows that the intelligence community has much further to go in stopping insider threats.
Not every insider threat fits the same mold, and that is what makes stopping the theft of data by individuals with clearance so difficult. Harold Martin III, the NSA contractor arrested Aug. 27 for hoarding agency documents, according to a recently released Justice Department complaint, is a case in point.
Martin is accused of stealing Top Secret files, but not of*distributing them, or of committing espionage. At least, he’s not been charged with that yet. The authorities are looking into whether Martin might be linked to the Shadow Brokers, a group that attempted to auction off a set of stolen NSA exploits the same month he was arrested, according to the Washington Post. But just last week, Shadow Brokers took to Medium to complain that no one is taking the auction seriously. That suggests that Martin and Shadow Brokers are separate. Moreover, the investigation into the Shadow Brokers theft has shifted toward the possibility that the loss happened after an NSA agent left software tools behind during a tailored access operation. TAOs are attempts to*breach a foreign nation’s computer network, sometimes by physically breaking into the target’s facilities. Martin did work in the NSA Tailored Access Operations unit, according to the Daily Beast.
At first glance, Martin appears to be a very different and more subtle sort of insider threat than Edward Snowden, who stole documents and made them public. Instead, Martin appears to have stolen information for personal use. That sort of thing is much harder to detect.
In 2012, the Obama administration created a task force to stop data theft, leaks, and insider threats. The task force began to implement a program of continuous evaluation, whose goal is detect the red flags that could help identify a potential Snowden before that individual gives a bunch of secrets away. Today, almost all intelligence community employees and contractors with Top Secret clearance are subjected to continuous evaluation, according to William Evanina, the National Counterintelligence Executive. But it was not in place in 2014 The material that the FBI found in Martin’s home dates back to that year. And it is not yet fully in place across the Defense Department, where Martin, employed by Booz Allen Hamilton, was working as a contractor.
In 2000, Martin had a $8,997 lien against his home, according to The New York Times. In 2003, he was accused of using a computer for harassment, a charge that was later dismissed. A drunk-driving charge in 2006 was also dropped. Today, these sort of incidents might raise a red flag under continuous evaluation.
Martin was also enrolled in a Ph.D program at the University of Maryland. His dissertation, submitted earlier this year, was on the “exploration of new methods for remote analysis of heterogeneous & cloud computing architectures.” That means he was looking at how to map and analyze a cloud computing network made up of multiple different devices (heterogenous) and do it from a computer that is physically distant from the network (remotely).
That sort of research could be used legitimately by someone looking to map and analyze a cloud network remotely to service it, or by someone looking to map out and analyze a network secretly from a safe, distant location to steal data. But by itself the research is not terrifically provocative.
Last month, Evanina described how the Office of the Director of National Intelligence searches the open web for material like what Martin allegedly took.
While most people rarely see headlines about NSA or intelligence leaks, classified, secret, or sensitive information does make its way into academic research papers with some regularity, Evanina said.
“There’s no more shock and awe,” he said, referring to splashy headlines of the sort that appeared on newspaper front pages in 2013. “Now all this stuff is academic…It gets published, maybe in Der Spiegel, but usually in some trade publication and it goes on the internet. Those are just as damaging because the only body with interest in that work are those that really have a stake. For instance, if the article that was done by a consortium of folks is about how does the FBI put out fires, utilizing four fire trucks and an ambulance, how do they get to the fire, what hoses do they us…nobody reading USA Today is going to care about that.”
Evanina warned that even continuous evaluation cannot be guaranteed to prevent an insider intent on stealing data.
“It’s not possible,” said Evanina, “The same way you can’t stop someone from starting a fire who wants to be an arsonist.”
In a recent report, the House Intelligence Committee reached the same conclusions, but then went to disparage the community for not trying hard enough.
“Although it is impossible to reduce the chance of another Snowden to zero, more work can and should be done to improve the security of the people and computer networks that keep America’s most closely held secrets. For instance, a recent DOD Inspector General report directed by the Committee found that NSA has yet to effectively implement its post-Snowden security improvements. The Committee has taken actions to improve IC information security in the Intelligence Authorization Acts for Fiscal Years 2014, 2015, 2016, and 2017, and looks forward to working with the IC to continue to improve security.”
The CIA’s Leaking Cyber Vault
By Tamir Eshel - Mar 7, 2017
Since 2001 the CIA has gained political and budgetary preeminence over the U.S. National Security Agency (NSA). The CIA found itself building not just its now infamous drone fleet, but a very different type of covert, globe-spanning force — its strong fleet of hackers. The agency’s hacking division freed it from having to disclose its often controversial operations to the NSA (its primary bureaucratic rival) to draw on the NSA’s hacking capacities.
According to the documents released today by Wikileaks, by the end of 2016, the CIA’s hacking division, which formally falls under the agency’s Center for Cyber Intelligence (CCI), had over 5,000 registered users. They had produced more than a thousand hacking systems, trojans, viruses, and other “weaponized” malware, collectively known as “Vault 7”.
The CIA Organizational chart showing the the various operational groups involved in computer and network operations, physical access and engineering development (cyber),
Based on the documents released by Wikileaks the organization assesses the scale of the CIA’s hackers activities in 2016 utilized more code than that used to run Facebook. The CIA had created, in effect, its “own NSA” with even less accountability and without publicly answering the question as to whether such a massive budgetary spend on duplicating the capacities of a rival agency could be justified.
But the clandestine cyber operation has even more dangerous side effects – recently, the CIA lost control of the majority of its hacking arsenal, including malware, viruses, trojans, weaponized “zero-day” exploits, malware remote control systems and associated documentation. Once a single cyber ‘weapon’ is ‘loose’, it can spread around the world in seconds, to be used by rival states, cyber mafia and teenage hackers alike. This extraordinary collection, which amounts to more than several hundred million lines of code, gives its possessor the entire hacking capacity of the CIA. The archive appears to have been circulated among former U.S. government hackers and contractors in an unauthorized manner, one of whom has provided WikiLeaks with portions of the archive.
Big Brother Is In Your TV and Your Car
The CIA Engineering Development Group (EDG) is responsible for the development, testing and operational support of all backdoors, exploits, malicious payloads, trojans, viruses and any other kind of malware used by the CIA in its covert operations worldwide.
Among the activities described in the recently published documents is a malware which infects smart TVs, transforming them into covert microphones. For example, the*“Weeping*Angel” developed under a joint US-UK partnership was designed to attack *Smart TVs made by*Samsung. After infestation, Weeping Angel places the target TV in a ‘Fake-Off’ mode, that bypass the shutdown of the device. While the users think their TV is off, the device is remotely controlled, can record conversations in the room and send them over the Internet to a covert CIA server.
Other attacks were designed to infect control systems used in modern cars and trucks. The purpose of such control is not specified, but it would permit the CIA to engage in nearly undetectable assassinations.
Exploiting Mobile Phones
Mobile Devices are also very vulnerable to attacks developed by the CIA’s Mobile Development Branch (MDB), as they are targeted by many criminal and intelligence agencies worldwide. These devices can easily be turned into tracking and spying devices as well as covertly activating the phone’s camera and microphone.
The CIA invested considerable effort hacking into iPhones, considered more difficult to attack. In 2016 the CIA established a specialized unit to produces malware to infest, control and exfiltrate data from iPhones and other Apple products running iOS, such as iPads. The disproportionate focus on iOS may be explained by the popularity of the iPhone among social, political, diplomatic and business elites. The CIA’s iPhone hacks arsenal includes numerous local and remote “zero days” developed by CIA or obtained from GCHQ, NSA, FBI or purchased from cyber arms contractors such as Baitshop.
A similar unit targets Google’s Android which is used to run the majority of the world’s smartphones, including Samsung, HTC, and Sony. As of 2016, the CIA had 24 “weaponized” Android “zero days” which it has developed itself and obtained from GCHQ, NSA, and cyber arms contractors. These techniques permit the CIA to bypass the encryption of WhatsApp, Signal, Telegram, Weibo, Confide and Cloackman by hacking the “smart” phones that they run on and collecting audio and message traffic before encryption is applied.
Other departments run a very substantial effort to infect and control popular operating systems including Microsoft Windows, Apple OSX and Linux.
As expected, Microsoft Windows users are exposed to multiple local and remote weaponized “zero days,” and air gap jumping viruses such as “Hammer Drill” which infects software distributed on CD/DVDs. Other risks cooked by the CIA include*infectors for removable media such as USBs, systems to hide data in images or covert disk areas (“Brutal Kangaroo”) and to keep its malware infestations going. Many of these infection efforts are pulled together by the CIA’s Automated Implant Branch (AIB), which has developed several attack systems for automated infestation and control of CIA malware, such as “Assassin” and “Medusa.”
The CIA also targets the Internet infrastructure and web servers through their Network Devices Branch (NDB). This branch uses automated multi-platform attack tools and malware control systems known as the “HIVE” and “Cutthroat” or “Swindle” – tools covering all common operating systems – Windows, Mac OS X, Solaris, and Linux.
In the wake of Edward Snowden’s leaks about the NSA, the U.S. technology industry secured a commitment from the Obama administration that the government would disclose to industry serious vulnerabilities, exploits, bugs and ‘zero days’ discovered in information systems and technologies developed by Microsoft, Apple, Google and other US manufacturers. The new documents show that the CIA breached these commitments. Many of the vulnerabilities used in the CIA’s cyber arsenal are pervasive, and some may already have been found by rival intelligence agencies or cyber criminals.
Unlike weapons of mass destruction or major defense systems, cyber ‘weapons’ are, in fact, just computer programs which can be pirated like any other. Since they are entirely comprised of information, they can be copied quickly with no marginal cost. Therefore, securing such ‘weapons’ is particularly challenging since the same people who develop and use them have the skills to exfiltrate copies without leaving traces — sometimes by using the very same ‘weapons’ against the organizations that contain them.
There are substantial price incentives for government hackers and consultants to obtain copies since there is a global “vulnerability market” that will pay hundreds of thousands to millions of dollars for copies of such ‘weapons.’ Similarly, contractors and companies who obtain such ‘weapons’ sometimes use them for their purposes, getting an advantage over their competitors in selling ‘hacking’ services.
Over the last three years the United States intelligence sector, which consists of government agencies such as the CIA and NSA and their contractors, such as Booze Allan Hamilton, has been subject to unprecedented series of data exfiltrations by its workers.
A number of intelligence community members not yet publicly named have been arrested or subject to federal criminal investigations in separate incidents.
Most visibly, on February 8, 2017, a U.S. federal grand jury indicted Harold T. Martin III with 20 counts of mishandling classified information. The Department of Justice alleged that it seized some 50,000 gigabytes of information from Harold T. Martin III that he had obtained from classified programs at NSA and CIA, including the source code for numerous hacking tools.
Once a single cyber ‘weapon’ is ‘loose’ as a massive tsunami, spreading around the world in seconds, and immediately be exploited by peer states, cyber mafia and teenage hackers alike.
One can assume that when developing such powerful cyber weapon, the CIA would keep them highly classified and limit the access to such capabilities on a need to know basis. However, to enable as wide distribution of such malware and exploits as possible, the CIA declassified these tools. The CIA structured its classification regime such that the most valuable part of “Vault 7” was… unclassified! Yes, the CIA’s weaponized malware (implants + zero days), Listening Posts (LP), and Command and Control (C2) systems were all unclassified. Having these weapons unclassified enabled*these implants to communicate with their control programs over the internet. (If CIA implants, Command & Control and Listening Post software were classified, then CIA officers could be prosecuted or dismissed for violating rules that prohibit placing classified information onto the Internet.)
Moreover, the vast investment in hacking tools and exploits was contributed freely to the criminal community and foreign cyber agencies, since the U.S. government is not able to assert copyright either, due to restrictions in the U.S. Constitution. This means that cyber ‘arms’ manufacturers and computer hackers can freely “pirate” these ‘weapons’ if they are obtained. The CIA has primarily had to rely on obfuscation to protect its malware secrets.
Developers were instructed to write code that infiltrates target systems, encrypt and exfiltrate data to command and control servers, eliminate any forensic evidence of its activity, evade most well-known anti-virus programs and persist for extended periods in the target machines.
WikiLeaks publishes 'biggest ever leak of secret CIA documents'
The 8,761 documents published by WikiLeaks focus mainly on techniques for hacking and surveillance
US consulate in Frankfurt, Germany is home to a ‘sensitive compartmentalised information facility’, according to the leaked documents. Photograph: Boris Roessler/AP
Ewen MacAskill Defence and security correspondent, Sam Thielman in New York, and Philip Oltermann in Berlin
Wednesday 8 March 2017 03.42 AEDT
Last modified on Wednesday 8 March 2017 11.40 AEDT
The US intelligence agencies are facing fresh embarrassment after WikiLeaks published what it described as the biggest ever leak of confidential documents from the CIA detailing the tools it uses to break into phones, communication apps and other electronic devices.
The thousands of leaked documents focus mainly on techniques for hacking and reveal how the CIA cooperated with British intelligence to engineer a way to compromise smart televisions and turn them into improvised surveillance devices.
The leak, named “Vault 7” by WikiLeaks, will once again raise questions about the inability of US spy agencies to protect secret documents in the digital age. It follows disclosures about Afghanistan and Iraq by army intelligence analyst Chelsea Manning in 2010 and about the National Security Agency and Britain’s GCHQ by Edward Snowden in 2013.
The new documents appear to be from the CIA’s 200-strong Center for Cyber Intelligence and show in detail how the agency’s digital specialists engage in hacking. Monday’s leak of about 9,000 secret files, which WikiLeaks said was only the first tranche of documents it had obtained, were all relatively recent, running from 2013 to 2016.
The revelations in the documents include:
- CIA hackers targeted smartphones and computers.
- The Center for Cyber Intelligence, based at the CIA headquarters in Langley, Virginia, has a second covert base in the US consulate in Frankfurt which covers Europe, the Middle East and Africa.
- A programme called Weeping Angel describes how to attack a Samsung F8000 TV set so that it appears to be off but can still be used for monitoring.
The CIA declined to comment on the leak beyond the agency’s now-stock refusal to verify the content. “We do not comment on the authenticity or content of purported intelligence documents,” wrote CIA spokesperson Heather Fritz Horniak. But it is understood the documents are genuine and a hunt is under way for the leakers or hackers responsible for the leak.
WikiLeaks, in a statement, was vague about its source. “The archive appears to have been circulated among former US government hackers and contractors in an unauthorised manner, one of whom has provided WikiLeaks with portions of the archive,” the organisation said.
The leak feeds into the present feverish controversy in Washington over alleged links between Donald Trump’s team and Russia. US officials have claimed WikiLeaks acts as a conduit for Russian intelligence and Trump sided with the website during the White House election campaign, praising the organisation for publishing leaked Hillary Clinton emails.
Asked about the claims regarding vulnerabilities in consumer products, Sean Spicer, the White House press secretary, said: “I’m not going to comment on that. Obviously that’s something that’s not been fully evaluated.”
Asked about Trump’s praise for WikiLeaks during last year’s election, when it published emails hacked from Clinton’s campaign chairman, Spicer told the Guardian: “The president said there’s a difference between Gmail accounts and classified information. The president made that distinction a couple of weeks ago.”
Julian Assange, the WikiLeaks editor-in-chief, said the disclosures were “exceptional from a political, legal and forensic perspective”. WikiLeaks has been criticised in the past for dumping documents on the internet unredacted and this time the names of officials and other information have been blacked out.
WikiLeaks shared the information in advance with Der Spiegel in Germany and La Repubblica in Italy.
Edward Snowden, who is in exile in Russia, said in a series of tweets the documents seemed genuine and that only an insider could know this kind of detail. He tweeted:
EDITED......... USUAL SHIT, adds nothing constructive
The document dealing with Samsung televisions carries the CIA logo and is described as secret. It adds “USA/UK”. It says: “Accomplishments during joint workshop with MI5/BTSS (British Security Service) (week of June 16, 2014).”
It details how to fake it so that the television appears to be off but in reality can be used to monitor targets. It describes the television as being in “Fake Off” mode. Referring to UK involvement, it says: “Received sanitized source code from UK with comms and encryption removed.”
WikiLeaks, in a press release heralding the leak, said: “The attack against Samsung smart TVs was developed in cooperation with the United Kingdom’s MI5/BTSS. After infestation, Weeping Angel places the target TV in a ‘Fake Off’ mode, so that the owner falsely believes the TV is off when it is on. In ‘Fake Off’ mode the TV operates as a bug, recording conversations in the room and sending them over the internet to a covert CIA server.”
The role of MI5, the domestic intelligence service, is mainly to track terrorists and foreign intelligence agencies and monitoring along the lines revealed in the CIA documents would require a warrant.
The Snowden revelations created tension between the intelligence agencies and the major IT companies upset that the extent of their cooperation with the NSA had been exposed. But the companies were primarily angered over the revelation the agencies were privately working on ways to hack into their products. The CIA revelations risk renewing the friction with the private sector.
The initial reaction of members of the intelligence community was to question whether the latest revelations were in the public interest.
A source familiar with the CIA’s information security capabilities took issue with WikiLeaks’s comment that the leaker wanted “to initiate a public debate about cyberweapons”. But the source said this was akin to claiming to be worried about nuclear proliferation and then offering up the launch codes for just one country’s nuclear weapons at the moment when a war seemed most likely to begin.
Monday’s leaks also reveal that CIA hackers operating out of the Frankfurt consulate are given diplomatic (“black”) passports and US State Department cover. The documents include instructions for incoming CIA hackers that make Germany’s counter-intelligence efforts appear inconsequential.
The document reads:
“Breeze through German customs because you have your cover-for-action story down pat, and all they did was stamp your passport.
Your cover story (for this trip):
Q: Why are you here?
A: Supporting technical consultations at the consulate.”
The leaks also reveal a number of the CIA’s electronic attack methods are designed for physical proximity. These attack methods are able to penetrate high-security networks that are disconnected from the internet, such as police record databases. In these cases, a CIA officer, agent or allied intelligence officer acting under instructions, physically infiltrates the targeted workplace. The attacker is provided with a USB stick containing malware developed for the CIA for this purpose, which is inserted into the targeted computer. The attacker then infects and extracts data.
A CIA attack system called Fine Dining provides 24 decoy applications for CIA spies to use. To witnesses, the spy appears to be running a programme showing videos, presenting slides, playing a computer game, or even running a fake virus scanner. But while the decoy application is on the screen, the system is automatically infected and ransacked.
The documents also provide travel advice for hackers heading to Frankfurt: “Flying Lufthansa: Booze is free so enjoy (within reason).”
The rights group Privacy International, in a statement, said it had long warned about government hacking powers. “Insufficient security protections in the growing amount of devices connected to the internet or so-called ‘smart’ devices, such as Samsung smart TVs, only compound the problem, giving governments easier access to our private lives,” the group said.