Once again, a disclaimer. This post isn't political comment, but thinking out loud about the spycraft involved. Nor do I claim special knowledge. It's pure speculation.
If you're one of the people following what Rick Wilson of The Daily Beast has characterized as "the Trump-Russia intelligence and influence scandal," you can be forgiven for experiencing a certain bemusement. The story keeps wandering off-narrative, the cast doesn't know their lines, the whole thing is like a dress rehearsal for the school play. Lucian K. Truscott IV, writing for SALON, sounds a note of gleeful despair, trying to strike a balance between the giddy anarchy of a Three Stooges routine and the jaws of darkness yawning open beneath our feet. You don't have to take sides to take it seriously, but it has an unreal quality. Farce, caricature, exaggeration of effect, clown noses and oversized shoes.
What would a working intelligence professional make of all this? If we discount the attitude, and the partisanship, and the Whose-Ox-Is-Being-Gored, and focus on the basic operational dynamics - the tradecraft of recruitment, the servicing of resources, the value of the product - does it show any return on the investment? What's our cost-benefit ratio?
Security operations are often graded on the curve. You might have a downside risk, but if you're blown, the exposure is quantifiable. It's worth losing X to acquire Y. Penetrations are always high-value. Getting someone inside. Philby and Blake. Gunter Guillaume. Alger Hiss. Penkovsky. It's a tightrope act for the spy, of course. For his handlers, not so much. Embarrassment, contrition, crocodile tears. Deep-cover assets understand their vulnerability. It's a buyer's market. You're only as good as your last picture. So forth and so on. The point here being that a penetration is usually considered well worth the money, the extra effort, the aggravation. Any rewards justify the sweat equity. But defectors are known to inflate their resumes. They give themselves better credentials, they claim better access. Another thing to remember is that the more difficult the courtship, and the more it costs, the more highly you value the object of your desire. In other words, we both want to close the sale. It's to our mutual advantage. And who's to say there isn't as much wishful thinking on the one side as on the other?
Intelligence consumers want what's known in the trade as collateral, telling detail that gives your product a material weight, the force of gravity. What we've got here is disconnect. Peripheral vision, low light. Manafort is compromised because he was a bagman for Yanukovych. Kushner met with VneshEconomBank chair Gorkov, and VEB launders dirty money for the Kremlin. Flynn broke bread with Putin at a meet-and-greet sponsored by RT. Page and Stone were coat-trailed by SVR. All of it suggestive, none of it at all imperative.
There's a moment in Smiley's People, about a third of the way through, when George learns that Karla is "looking for a legend, for a girl." This is the place where the story - the story within, the hidden narrative - begins to shape itself. George first hears that voice, and we're taken into his confidence, and feel its muscularity, and the book turns a corner (its secret just around the next one).
How do we apply the comforts of a fiction? We suppose not, but hold the phone. The absence of structure tells us something. We're used to the idea of conspiracy, plots laid, inductions devious. I'd suggest this wasn't a concerted effort. Not at either end. I think the Russian services went after targets of opportunity. Putin's an old KGB guy of course, but he seems to have buried the hatchet with GRU. He's made extensive use of both, in Crimea and the Donbass. Russian information warfare strategy has also been formalized. Kaspersky Lab, which on paper is private sector, works in cybersecurity. Once upon a time, this was all under the authority of the Organs, the state apparat, but the chain of command is more flexible. I'm guessing an approach to an American or European businessman could be made by anybody, sanctioned or not. Is it corporate espionage, or government? What's the difference? you might ask. If you're shaking hands with the siloviki, the oligarchs, you're already in bed with the Mafia and state security. It's not at all difficult to imagine a guy like Paul Manafort being recruited, because he'd be recruiting talent himself, working both sides of the street. He's cultivating influence, that's his currency. So let's say we see this happen with other examples. No grand design or discipline, just low-hanging fruit.
Moving ahead, we get to the past summer of an election year, 2016, and evidence of Russian e-mail hacking. We know the FBI opened their investigation in July, and it's now being reported that CIA began briefing the Gang of Eight - the senior majority and minority leaders in the House and Senate, and on the intelligence committees - in mid-August. Slight cognitive dissonance, as the Bureau believed the Russian threat was meant only to disrupt the political process in general, CIA believed it was specifically focused on sabotaging the Clinton campaign and electing Trump. CIA suspects active collusion.
What are the basics? We know any intelligence community is top-heavy with turf warriors. MI5 and MI6. FBI and CIA. SVR and FSB and GRU. But there was a trigger mechanism. My guess is that a ranking somebody in the Russian spy orbits took notice and pulled the various threads together. We imagine frustrations expressed at the top of the food chain, "Who will rid me of this tempestuous priest?" And the barons mount up. I'm also thinking this was as much accident as anything else. The necessary tools were ready to hand. All it required was an organizing principle. The rest is housekeeping, who carried the water.
One last observation. The feckless and the foolish are easily led. You play to their vanities, their limitless self-regard. it's never truer than in the spook trade that you can't cheat an honest man.
Recommended:
Lucian K. Truscott IV in SALON
http://www.salon.com/writer/lucian_k_truscott_iv/
Showing posts with label hacking. Show all posts
Showing posts with label hacking. Show all posts
12 April 2017
Keystone Cops - the Trump-Russia Connection
Labels:
campaign,
CIA,
David Edgerley Gates,
election,
FBI,
GRU,
hacking,
KGB,
Russia,
scandals,
Smiley's People
08 July 2015
Scattered Castles
There's been a lot of smoke and mirrors lately about the Chinese hacking into computer networks all over the place, and of course it isn't just the Chinese. Cyberattacks have become a lot more common. Anybody remember STUXNET, the virus that targeted the Iranian nuke R&D? Nobody's copped to it, but we can imagine it was probably a joint effort by the U.S. and the Israelis.
My own website was hacked by some Russian trolls. I don't know what the object was. Bank fraud, or Meet Hot Slavs? It wouldn't be to use any of the actual information from my site, but to compromise the server pathways. FatCow, the server, hosts a buttload of websites, and once in the back door, you could cherry-pick all the caramels, and leave the liquid centers behind.
The point of the Chinese hacks is that they're not amateur or random, by and large, but directed by the Ministry of Defense, against specific hard targets. The big one, most recently (or at least most recently discovered), is the security breach of the Office of Personnel Management. I know this doesn't sound all that glamorous or hot-ticket - OPM is basically the U.S. government's Human Resources department, the central clearinghouse - but in fact it's a big deal. Best guess to date is that 18 million files have been penetrated, and that's a lowball figure.
Here's what makes it important. OPM is responsible for security clearances, access to classified material. Back in the day, this was the FBI's job, but it's presently estimated that 5 million people, including both government employees and contractors, hold clearances, and the FBI's current staffing is 35,000. You do the math. The numbers are overwhelming. OPM, in turn, farms this out to FIS, the Federal Investigative Services, and the private sector.
But wait, there's more. The intelligence agencies, CIA, NSA, the National Reconnaissance Office (the spy satellite guys), have their own firewalled system, know as Scattered Castles. For whatever reason, budgetary constraints, too much backlog, or pressure from the Director of National Intelligence, the spook shops were instructed to merge their data with OPM's. So was the Defense Department. A certain amount of foot-dragging ensued, not just territory, either, but concerns about OPM's safeguards. In the end, they caved. Not to oversimplify, because the databases are in theory separate, but it created an information chain.
Suppose, and it's a big suppose, that Scattered Castles is accessible through the OPM gatekeeper. Nobody in the intelligence community, or OPM, or the FBI (which is the lead investigator of the OPM break), will go on the record one way or the other. Understandably, because they'd be giving whoever hacked OPM a further opportunity to exploit, if they haven't already. This is a case of locking the barn door after the horse is gone. The worst-case scenario is that active-duty covert agents could be exposed. And bear in mind, that when you're investigated for a security clearance, you give up a lot of sensitive personal data - divorce, bankruptcy, past drug use, your sexual preference - the list goes on. Which opens you up to blackmail, or pressure on your family. This is an enormous can of worms, the consequences yet to be addressed.
OPM uses a Web-based platform called eQip to submit background information. You might in all seriousness ask whether it's any more secure than Facebook. The issue here, long-run, isn't simply the hack, but the collective reactive posture. These guys are playing defense, not offense. The way to address this is to uncover your weaknesses before the other guy does, and identify the threat, not wait for it to happen. Take the fight to them. Otherwise we're sitting ducks.
It's amazing to me that these people left us open to this, quite honestly. They don't go to the movies, their kids don't play video games, they're totally out to lunch? It ain't science fiction. It's the real world. Cyber warfare is in the here and now.
Heads are gonna roll, no question. OPM's director is for the high jump, and her senior management is probably going to walk the plank, too. This doesn't fix it. What needs fixing is the mindset. We're looking at inertia, plain and simple, a body at rest. We need to own some momentum.
My own website was hacked by some Russian trolls. I don't know what the object was. Bank fraud, or Meet Hot Slavs? It wouldn't be to use any of the actual information from my site, but to compromise the server pathways. FatCow, the server, hosts a buttload of websites, and once in the back door, you could cherry-pick all the caramels, and leave the liquid centers behind.
The point of the Chinese hacks is that they're not amateur or random, by and large, but directed by the Ministry of Defense, against specific hard targets. The big one, most recently (or at least most recently discovered), is the security breach of the Office of Personnel Management. I know this doesn't sound all that glamorous or hot-ticket - OPM is basically the U.S. government's Human Resources department, the central clearinghouse - but in fact it's a big deal. Best guess to date is that 18 million files have been penetrated, and that's a lowball figure.
Here's what makes it important. OPM is responsible for security clearances, access to classified material. Back in the day, this was the FBI's job, but it's presently estimated that 5 million people, including both government employees and contractors, hold clearances, and the FBI's current staffing is 35,000. You do the math. The numbers are overwhelming. OPM, in turn, farms this out to FIS, the Federal Investigative Services, and the private sector.
But wait, there's more. The intelligence agencies, CIA, NSA, the National Reconnaissance Office (the spy satellite guys), have their own firewalled system, know as Scattered Castles. For whatever reason, budgetary constraints, too much backlog, or pressure from the Director of National Intelligence, the spook shops were instructed to merge their data with OPM's. So was the Defense Department. A certain amount of foot-dragging ensued, not just territory, either, but concerns about OPM's safeguards. In the end, they caved. Not to oversimplify, because the databases are in theory separate, but it created an information chain.
Suppose, and it's a big suppose, that Scattered Castles is accessible through the OPM gatekeeper. Nobody in the intelligence community, or OPM, or the FBI (which is the lead investigator of the OPM break), will go on the record one way or the other. Understandably, because they'd be giving whoever hacked OPM a further opportunity to exploit, if they haven't already. This is a case of locking the barn door after the horse is gone. The worst-case scenario is that active-duty covert agents could be exposed. And bear in mind, that when you're investigated for a security clearance, you give up a lot of sensitive personal data - divorce, bankruptcy, past drug use, your sexual preference - the list goes on. Which opens you up to blackmail, or pressure on your family. This is an enormous can of worms, the consequences yet to be addressed.
OPM uses a Web-based platform called eQip to submit background information. You might in all seriousness ask whether it's any more secure than Facebook. The issue here, long-run, isn't simply the hack, but the collective reactive posture. These guys are playing defense, not offense. The way to address this is to uncover your weaknesses before the other guy does, and identify the threat, not wait for it to happen. Take the fight to them. Otherwise we're sitting ducks.
It's amazing to me that these people left us open to this, quite honestly. They don't go to the movies, their kids don't play video games, they're totally out to lunch? It ain't science fiction. It's the real world. Cyber warfare is in the here and now.
Heads are gonna roll, no question. OPM's director is for the high jump, and her senior management is probably going to walk the plank, too. This doesn't fix it. What needs fixing is the mindset. We're looking at inertia, plain and simple, a body at rest. We need to own some momentum.
http://www.DavidEdgerleyGates.com/
Labels:
China,
CIA,
computers,
cyber warfare,
David Edgerley Gates,
FBI,
hackers,
hacking,
Leigh Lundin,
North Korea,
NSA
08 March 2015
The Kaspersky Code
by Leigh Lundin
Three weeks ago, Kaspersky Lab, the Russian security software maker exposed a cyber-espionage operation that many believe originated within the NSA. The devilishly clever bit of code hides in the firmware of disc drives and has the ability to continuously infect a machine. If you use a Windows computer, there’s a good chance it’s not only infected but was built that way likely without the manufacturers' knowledge.
Kaspersky researcher Costin Raiu says the NSA couldn’t have done it without the source code.
What?!!
The contention that the NSA definitely had access to the source code is not only patent nonsense, it ignores that fact that Kaspersky themselves supposedly didn’t have the code. Having the source code is the easy way, perhaps the preferred way, but it’s hardly the only way.
A Reuters article speculates how the NSA might have obtained the source code and indeed, one of those is a likely scenario. But it’s also feasible to do the job without the source and I’ll show you what I mean, a technique I used to unravel computer fraud programs. Fasten your seat belt because this is going to get technical.
World’s Greatest Puzzle
Those around in my Criminal Brief days know that I love puzzles. For me, the ultimate puzzle has been systems software programming, making the machine do what I want. But sometimes I’ve come up against puzzles, some benign, some not, where I didn’t have the source code.
Let’s try an example. What if we found mysterious code in our computer that looked something like this:
If you can’t make sense out of this, you’re not alone. 98% of computer programmers wouldn’t know what to make of it either. But if you look closely, the data populating the upper block looks different from that in the lower block. This is a clue.
Unlike commercial and scientific programs, systems software deals with the operation of the computer itself– utilities, communications, and especially the operating system. The realm of a computer’s internals are abstract, far more so than the Tron movies. Key aspects seldom relate to real-world equivalents. Sure, we say that RAM is a little like notes spread out on your work table and that disc storage is kinda sorta like a file cabinet… but not really. Even the term RAM– random access memory– is misleading; there’s nothing random about it.
Back in the real world, let’s say you want to write a simple program that adds the number of apples and oranges. In most programming languages, this code would look like this:
What isn’t obvious to many programmers is that computer instructions are data. Indeed, some black-hat crackers (the bad guys) have used this property to sneak malware onto unsuspecting computers.
If you look again at the original sneak peek of data, you’ll start to see patterns and may even pick out the machine instructions from our code example above.
This puzzle solving is called reverse engineering. It’s possible to write a program called a disassembler (I have) or a de-compiler (I haven’t) to decode the machine language into something more intelligible. The program has to be smart enough to not only separate actual data from instructions, but distinguish the type of data.
As you see, compiling source into binary executable code isn’t a one-way street. With dedication and know-how, reversing the process is well within reach.
How safe do you feel now?
Kaspersky researcher Costin Raiu says the NSA couldn’t have done it without the source code.
What?!!
The contention that the NSA definitely had access to the source code is not only patent nonsense, it ignores that fact that Kaspersky themselves supposedly didn’t have the code. Having the source code is the easy way, perhaps the preferred way, but it’s hardly the only way.
A Reuters article speculates how the NSA might have obtained the source code and indeed, one of those is a likely scenario. But it’s also feasible to do the job without the source and I’ll show you what I mean, a technique I used to unravel computer fraud programs. Fasten your seat belt because this is going to get technical.
World’s Greatest Puzzle
Those around in my Criminal Brief days know that I love puzzles. For me, the ultimate puzzle has been systems software programming, making the machine do what I want. But sometimes I’ve come up against puzzles, some benign, some not, where I didn’t have the source code.
Let’s try an example. What if we found mysterious code in our computer that looked something like this:
Mysterious Snippet of Computer Code |
If you can’t make sense out of this, you’re not alone. 98% of computer programmers wouldn’t know what to make of it either. But if you look closely, the data populating the upper block looks different from that in the lower block. This is a clue.
Unlike commercial and scientific programs, systems software deals with the operation of the computer itself– utilities, communications, and especially the operating system. The realm of a computer’s internals are abstract, far more so than the Tron movies. Key aspects seldom relate to real-world equivalents. Sure, we say that RAM is a little like notes spread out on your work table and that disc storage is kinda sorta like a file cabinet… but not really. Even the term RAM– random access memory– is misleading; there’s nothing random about it.
Back in the real world, let’s say you want to write a simple program that adds the number of apples and oranges. In most programming languages, this code would look like this:
Internally, a program loads apples and oranges into registers (kind of like keying them into a calculator), adds them, and stores them in a variable called total. If we were to write this in the argot of the computer, we’d use assembly language mnemonics, an abstraction of the computer’s machine language. Deep, deep down in a program, we’d see nothing but numbers where we count…total = apples + oranges
Yes, A-F are digits in this context. Within the computer, our little program above might resemble…0, 1, 2, 3, 5, 6, 7, 8, 9, A, B, C, D, E, F
total = apples + oranges |
What isn’t obvious to many programmers is that computer instructions are data. Indeed, some black-hat crackers (the bad guys) have used this property to sneak malware onto unsuspecting computers.
If you look again at the original sneak peek of data, you’ll start to see patterns and may even pick out the machine instructions from our code example above.
Less Mysterious Code Snippet |
This puzzle solving is called reverse engineering. It’s possible to write a program called a disassembler (I have) or a de-compiler (I haven’t) to decode the machine language into something more intelligible. The program has to be smart enough to not only separate actual data from instructions, but distinguish the type of data.
As you see, compiling source into binary executable code isn’t a one-way street. With dedication and know-how, reversing the process is well within reach.
How safe do you feel now?
Labels:
code,
computers,
cracking,
hacking,
Kaspersky Lab,
Leigh Lundin,
NSA,
Russia
Location:
Orlando, FL, USA
Subscribe to:
Posts (Atom)