Connect with us

Intelligence

A Perfect Cyber Storm: Russia and China Teaming Together

Published

on

United States intelligence agencies have listed cyber-attacks as the top threat to American national security, ahead of terrorism. These threats are increasing in sophistication, scale, frequency, and severity of impact.

Also, the range of actors, attack methods, targeted systems, and victims are expanding. In February 2015, James Clapper, the Director of National Intelligence in the United States, announced that the estimation of the Russian cyber threat had been elevated, pushing Russia to the number one spot on the list of countries which pose the greatest danger to the United States.

Since the collapse of the Soviet Union, Russia has faced political, military, and economic challenges which it worried could mean that its national interests could be ignored by other powers. In order to protect their interests defensively, and free up their offensive capabilities for deployment elsewhere, Russia and China signed an agreement in April 2015 vowing not to attack each other, while also agreeing to share intelligence and software and cooperate in law enforcement and investigations. This is a direct challenge to the United States because not only are Russia and China working together to get ahead in the energy race but this agreement meant they were now trying to combine their capacities in the digital world.

China and Russia, by far, have the most sophisticated cyber capabilities in the world. The offensive cyber capabilities of each individual country was a threat already to the United States but if they now work together in earnest the United States could be facing an unprecedented cyber danger. According to senior military officials, Russia’s Ministry of Defense is establishing its own cyber command that will be responsible for conducting offensive cyber activities such as propaganda operations and inserting malware into enemy command and control systems. A specialized branch for computer network operations is also being established by Russia’s armed forces. Computer security studies claim that unspecified Russian cyber actors are developing ways to access industrial control systems remotely. Industrial control systems manage critical infrastructures such as electrical power grids, urban mass-transit systems, air-traffic control, and oil and gas distribution networks. “These unspecified Russian actors have successfully compromised the product supply chains of three ICS vendors so that customers download exploitative malware directly from the vendors’ websites along with routine software updates.”

Russia was one of the first nations to move assertively into the cyber sphere. In 1998, long before most nations even began thinking about cyber-security, the Kremlin-backed “Directorate K”, a government agency, began operations to monitor and defend against hackers and spammers. However, in recent years Directorate K has taken on a more offensive role in the digital sphere. Russia has been cyber-probing the United States for many years. In 1999, it was discovered that the Moonlight Maze virus had been stealing information from the Department of Defense, Department of Energy, NASA, and military contractors for two years.

In early 2015, Russian hackers were able to access an unclassified server belonging to the United States Department of State. Through this they were able to penetrate sensitive areas of the White House computer system and access information such as the real-time non-public details of President Barack Obama’s schedule. The FBI, Secret Service, and other United States intelligence agencies were all involved in investigating the breach and said that it was the most sophisticated attack ever launched against an American governmental system. The breach was pinpointed to hackers working for the Russian government based on “tell-tale codes and other markers,” even though the intrusion was routed through computers all around the globe. The attack was believed to have begun with a phishing email launched using a State Department email account that the hackers had previously stolen.

China has also recently increased the amount of time, manpower, resources and money spent on cyber espionage. China’s People’s Liberation Army (PLA) includes a special bureau within its intelligence community specifically managed for cyber espionage. The PLA, according to recent intelligence reports, is not only capable of advanced surveillance and collection but also possesses malware that could take down foreign electricity and water grids. However, it seems that China so far has only been motivated to commit financial and economic espionage, rather than any outright physical infrastructure attacks. Nevertheless, the United States has been getting compromised by China for many years. “It is estimated that in the last few years, Chinese hackers have attempted attacks on 2,000 companies, universities, and government agencies in the United States.” In 2003, China launched Titan Rain against United States military and government agencies. Titan Rain targeted US defense networks in an attempt to obtain confidential national security information. While no information was reported as stolen, it was considered to be one of the largest attacks in cyber espionage history. Titan Rain is particularly unnerving because the attack was meant to be completed in as little as 20 minutes and was able to target high-profile agencies such as NASA, the US Army Information Systems Engineering Command, the Defense Information Systems Agency, the Naval Ocean Systems Center, and the US Army Space and Strategic Defense Installation simultaneously in one day.

These cyber threats from Russia and China were always a major concern for the United States because they undermined American economic competitiveness and at least tried to compromise national security interests. As of now, a “cyber armageddon” may not be a high risk but low to moderate-level attacks over time could pose serious financial and security risks to the United States. Especially if this supposed cyber alliance ever truly takes root and begins to create new innovative cyber strategies for attacks. “In the United States alone, the value of the information that is compromised due to international hacking is somewhere between 25 billion to 100 billion dollars annually.” With Russia’s tactics of using cyber-attacks to block any and all communications from within a nation-state and China’s habit of economic and financial cyber-attacks, the two countries combining could be a perfect storm of political and economic havoc that may not yet have the United States’ proper attention and deterrence capacity.

Continue Reading
Comments

Intelligence

9-11 Terrorist Attack: Defensive countermeasures of deter and detect

Bob Budahl

Published

on

On September 11, 2001 at 8:46 a.m. an airliner slammed into the North Tower of the World Trade Center in New York City. At 9:03 a.m. a 2nd airliner slammed into the South Tower. The planes carried thousands of gallons of jet-fuel aboard in effect making them lethal weapons. Tens of thousands of people worked in these buildings daily and both buildings fell to the ground within 90 minutes. More than 2,600 people died in the World Trade Center tower attacks. Then at 9:37 a.m. a 3rd airliner rammed into the western side of the Pentagon. 125 people died in the Pentagon attack. And a 4thairliner was intended for attack in either the U.S. Capitol or White House but the heroics of passengers crashed the plane, hence thwarting the attack. A total of 256 people died in the four planes. The death toll even surpassed the Pearl Harbor attacks of 1941.

Those responsible for the horrific attack were 19 Arabs carrying out Islamist extremists plans. Their headquarters were located in Afghanistan. They were resourceful and some had lived in the United States for some time and four of them had trained to be pilots. They were not well educated. They carried out the terrible attacks with knives, cutters, mace, etc. And they had tried to bring down the World Trade Center in 1993 but failed however in the result killed six people and wounded a thousand. It was an effort led by Ramzi Yousef. Others including Omar Abdel Rahman who had plans to blow up the Lincoln and Holland tunnels and other New York City landmarks, but they were arrested. Ramzi Yousef and others had various other terror plans of which some succeeded and some fortunately did not.

Bin Ladin was known and thought to be a financier but not thought of as a terrorist leader until later. In 1998 Bin Ladin and four others issued a fatwa in which it was publicly declaring it was God’s order that Muslims should try to kill any American they could. Bin Ladin was a wealthy Saudi and had conducted jihadist activities against the Soviet Union. But he also held grievances against the United States such as a U.S. troop presence in Saudi Arabia. He recruited and trained followers in Afghanistan and continued carrying out acts of terror, including on the United States. His people attacked embassies, hotels, and even attempted to sink the USS Cole Navy Ship by a terrorist attack. His rhetoric is derived from Islam, history and the economic and political disorder in the area. He formed an alliance between the al Qaeda group he led and the Taliban. The Clinton administration had tried cruise missile strikes against al Qaeda in Afghanistan and tried to get the Taliban to force Bin Ladin to leave Afghanistan. The U.S. unsuccessfully utilized CIA paid foreign agents to try to capture or kill Bin Ladin and his group.

As early as 1998 or 1999 Bin Ladin had been contacted by Khalid Sheikh Mohammed with an idea of using the planes as a method of attacking the World Trade Center and other targets. The original plans were for 10 planes to target both east and west coasts of the United States. The CIA did uncover some reports of Bin Ladin’s intent on attacks. The U.S. continued its disruption attempts globally and also utilized diplomacy with countries. The “predator drone” was eventually fitted with a missile should an attack on Bin Ladin provide an opportunity. Some of the reasons and connections to the actions of the perpetrators of the planned 9-11 terrorist attack became apparent after the attack. Unrest had come to the surface in the time before the attack as the Taliban leader opposed attacking the United States, in contrast to Bin Ladin’s wishes.

On 9/11 the terrorists were successful in hijacking the four planes. The planes were being used as terrorist weapons and confusion was present with air control. But eventually the FAA and NORAD who controlled airspace did receive a “shoot down order” but it was after the plane in Pennsylvania had been forced down by passengers in the only way to stop the plane from being used as a weapon.      

The enactment of the United States “Patriot Act” removed barriers that had impeded terrorism investigations in their outlay, scope and means. And in effect sped up the investigation and prosecution of the defendants. The FBI was point on the investigation that followed the attack and the operation was named Operation PENTTBOM. At one time more than half of the FBI’s personnel worked on the case. They followed through on more than one-half million leads. It was the largest crime scene in the FBI’s history.  Also in the time period following the 9/11 attack the Department of Homeland Security was created in March 2003, which brought together 22 separate agencies and offices into a Cabinet level department. The 9/11 Commission had made several recommendations and in this report some details are brought forward. These would be included under the defensive counterintelligence support mode of operation and include the principles of deter and detect within the countermeasures. It included recognizing 72 fusion centers throughout the country which acts as a focal point for receipt, analysis and sharing of threat related information. Also establishing related training and informational programs to deal with threats. One such example is the National Terrorism Advisory System. And the DHS developed and implemented a risk-based transportation security strategy. An action taken such as strengthening airline passenger’s pre-screening and targeting terrorist travel will deter terrorists as they become aware of increased security measures and thwart terrorists from attempting to board airlines for terrorist activities. The airliner’s cabin cockpit doors have been hardened post-911 and Air Marshalls are used appropriately as well as some flight crew being eligible to carry firearms. The TSA behavior detection officers use non-intrusive behavior observation to identify people who may be high risk. The TSA also utilizes detection methods such as canine teams to sniff for explosives on passengers and in luggage. Post 9/11 all cargo on U.S. planes is screened commensurate with their checked luggage. The flights coming into the U.S. from foreign countries are required to provide information prior to departure and checks all passengers against watch lists the government utilizes such as the Secure Flight Program. It also increases efficiency by allowing those cross-checked with biometrics to have expedited travel.

Today a significant defensive countermeasure post-911 is that airlines now screen all checked and carry-on baggage for explosives. The U.S. has increased security of U.S. borders and identification documents. Certain areas are closely watched and critical security improvements along the Northern and maritime are emplaced. The Dept. Of Homeland Security has taken aggressive action to enhance the security of the nation’s infrastructure and also cyber infrastructure and networks. There in a federal government system cyber intrusion detection system which includes EINSTEIN and the National Cybersecurity and communications integration center is the nation’s hub for organizing cyber response efforts. DHS and DOD are working together to protect against threats to military and civilian computer systems and networks. This is another example of defensive countermeasures. DNDO is affiliated with nuclear detection and back in 2003 only 68% of arriving trucks and passenger vehicles were scanned along the northern border with no system on the southwest border. But today the systems scan 100% of all containerized cargo and personal vehicles arriving in the U.S. through land port of entries and up to 99% of sea containers. Counter-proliferation of nuclear and biological threats is a high priority of the DHS. The tragic occurrence of 9-11 has brought about real focus on the danger of leaving vulnerabilities open to exploitation. The DHS also has importantly increased efforts to track and disrupt terrorist financing through programs such as ECTF or Electronic Crimes Task Force.

Another action taken post-9/11 was the creation of the National Counterterrorism Center or NCTC which was to serve 5 functions which were; Threat Analysis, Identity Management, Information sharing, Strategic Operational Planning and National Intelligence Management.

The U.S. Department of Justice charged ZACARIAS MOUSSAOUI with numerous terrorism charges and indicates others involved in the terrorist acts. The United States Department of Defense obtained a video tape of Bin Ladin basically accepting responsibility of the 9-11 attacks and the DOD has a transcript of the video and a portion I will quote is as follows. UBL refers to Osama Bin Ladin: “UBL: The brothers, who conducted the operation, all they knew was that they have a martyrdom operation and we asked each of them to go to America but they didn’t know anything about the operation, not even one letter.  But they were trained and we did not reveal the operation to them until they are there and just before they boarded the planes.UBL: (…inaudible…) then he said: Those who were trained to fly didn’t know the others.”

Bin Ladin, America’s most wanted terrorist was killed by United States Special Forces in a compound in Pakistan on May 2, 2011. The CIA had been involved in investigating Bin Ladin for years.      

Continue Reading

Intelligence

Counterintelligence Threat Brief for Turkey

Bob Budahl

Published

on

I will provide a Counterintelligence threat brief on traditional and non-traditional Counterintelligence threats to non-security cleared individuals who are traveling to Turkey as business travelers or for personal reasons. MIT, the official Turkey intelligence agency is active. And non-traditional threats also exist as Turkey includes diverse elements of persons from different Muslim nations. Some of which include terrorist groups with their main base of operation located in a different country but also operating within Turkey. As seen in EurAsia Review, conflicts that were usually based on national interests today are based typically on non-national interests such as ethnicity, religion and culture. Asymmetric warfare rather than having a clear issue now has several. And a weaker enemy will use it strengths against a superior adversaries weaknesses.

Using OSINT (Open Source Intelligence) to conduct my research I uncovered motive for Turkey seeking intelligence from the United States. Turkey is a NATO ally and an American ally. However, that is the crux of their relationship. It has never encompassed social and economic theology. They are predominately a Muslim country and have disagreements about many aspects of wars and conflicts that the US had interests in such as Iraq and Syria. Turkey targets Kurd fighters in Syria while we support them. And they opposed the action President Trump put in place of recognizing Jerusalem as Israel’s Capitol. There is a great amount of suspicion and mistrust regarding the failed coup of President Erdoğan. And Fethullah Gülen, the suspected leader of the attempted coup resides in the United States and refuses to extradite him. They believe Gulen is responsible for the assassination of Russian ambassador Andrey Karlov. They have typically bought US military products and technology but have made a deal with Russia to purchase an advanced missile defense system. Andrew Brunson who is an American Pastor is being held and faces spying charges and thus far efforts to release him are unsuccessful. They are suspicious of everyone. They will not hesitate to leverage information acquired through their intelligence services from the United States or any source. Turkey has long been thought of as torn between the East and West. In Turkey if you access the internet via a local ISP they can install spyware on your computer that can control it. Charter Schools are being targeted by Turkey since Gulen was instrumental in them and that tie is enough for Erdogan to lash out. MIT-Turkey’s intelligence agency places agents in journalist positions as cover which often leads to someone divulging information that is considered private.

If Turkey has decided to spy on you it probably originates from passport screening. Some things that a US visitor should be aware of are to self-assess if you could be thought of as a terrorist, narcotics trafficker or criminal. Black market activity. Do not be caught with suspicious or incriminating luggage. Do not identify known associations that Turkey may find incriminating. They may utilize any of these ways to recruit you as an asset of theirs. Usually direct and indirect activities used in conducting their intelligence operations are non-threatening and unobtrusive. Beware of local laws and customs as one example is in Turkey derogatory comments regarding government and its leaders are prohibited. It may be illegal to use insulting language.

Information Turkey may covet and target from a target such as a defense contractor non-intelligence employee may include customer data, employee data, vendor information, pricing strategies, propriety information, technical plans, corporate strategies, financials, computer access protocols, acquisition strategies, investment date, business directories of phone and emails. They may be subtle and use elicitation to gain information slowly and by gaining your trust. Be alert for tips. Throw them off their own game by asking why they ask. Refer them to public sources if specifically targeted questions are posed. Or say you cannot discuss it or just do not know. Examples of things I would consider for combating their intelligence collection efforts are to use rental electronic devices. Disable the Wi-Fi. And on the flight travel with the device as carry-on luggage. Do not use foreign storage devices in your devices. Do not leave documents and information in your hotel room. Do not use the hotel safe. Select your own cab.

But sometimes harassment incidents are utilized and obviously are meant to intimidate or test a US citizen’s reactions. If harassment is selected to be used on a prospective recruit it can be used in a variety of means.

Continue Reading

Intelligence

Yom Kippur War Intelligence Failure

Bob Budahl

Published

on

The Yom Kippur War intelligence failures were broad and to the highest level of government and military within Israel. They misperceived themselves as being free and safe of attack from the Arabs, at least in the near and current future. The Israelis were confidant an attack would only occur along the perimeters in which they themselves perceived the Arabs may attack, which they believed to be in the distant future. Israel felt that such an attack was bound to fail and thus preventing the Arabs from initiating an attack. Israel had let down their guard and therefore were surprised by the timing of the attack, the method of attack and also the place of the attack. Few military parallels are found as great as the strategic surprise Egypt and Syria enjoyed on October 6, 1973.

Information divulged years later is that King Hussein of Jordan made a visit September 25, 1973 to Israel and met with the Prime Minister and gave his assessment that Egypt and Syria were about to attack Israel. Warning was not heeded as the attack took place October 6, 1973. And importantly Jordan itself had been involved in former wars itself with Israel so their motivation for informing them of an impending attack was suspicious from the Israelis’ view. Skeptics argue that Hussein disavowed giving warning to Israel during this visit. Hussein had hoped that the warning would influence the Israeli Prime Minister to make changes and progress with the Arabs and avoid a costly war. Israel’s intelligence officer dismissed Hussein’s claim and believed that the Arabs were too weak to attack. Also believed by the Israelis is that the Arabs would not fight a war they knew they would lose. This may be a key point as to misperception as the Arab’s initially in the war obtained their objectives and possibly in their view set the course right from the “1967 War” in which they lost territory. Egypt’s Sadat even made a trip to Saudi Arabia before the war and made a plea that if the United States resupplied Israel during the war for Saudi Arabia to emplace an oil embargo on the United States to exert influence. The CIA passed a report on September 30th to the Israelis which was sourced to King Hussein which elaborated on what he had previously told the Prime Minister. By September Syria had received Soviet SAM’s and other equipment and were ready for war. The Soviets removed dependents of advisors and diplomats from Egypt and Syria October 5th.Israel suffered 2,656 dead and 7,250 wounded in the battle.

The Israeli armed forces were reliant on reservists which made up a large portion of Israel’s armed forces. In order to prove successful time was needed in times of attack to mobilize and move them from civilian life and emplace these personnel into a war-time theater of operation. As such, Israel put much effort into developing their intelligence services into the elite force for which much trust was given by the country to provide the warning it needs to prepare for war.With the failure of fore-warning to Israelis’ the Arab’s controlled the early moves in the war and brought initial success which they desired and in effect changed the balance of power within the Middle East away from Israel’s advantage.

Egypt and Syria’s attack on October 6, 1973 occurred at 14:00 hours which caught the IDF off guard and Israel’s military and political leaders did not understand a war was about to break out until 18:00, which was too late. The Commission investigating the intelligence failure indicated three reasons for the mistake. The first reason involved two assumptions in which Egypt would conduct air strikes deep into Israel against its air force before starting a war and the other assumption was Syria would not go full-scale war unless Egypt was in action against the Israelis already. The 2ndreasonwas a major mistake as Military Intelligence had guaranteed that they would be able to provide adequate advance warning of any attack and they did not do so. The 3rd reason is the intelligence services basically dismissed the adversaries’ forces buildups as either defensive or an exercise. Prime Minister Gold Meir and the Defense Minister Moshe Dayan concluded full mobilization was not necessary early on and they only placed the standing army on full alert.

To lend support to Israelis’ perception that attack was not probable at least not in the near future there is evidence and facts that the Arab’s did successfully employ deception methods on Israel as well as on the United States. The Arabs had been open to Dr. Kissinger’s peace negotiation in September 1973 and even planted items in a Lebanese newspaper about neglect and deterioration of equipment from the Soviet Union within the Suez Canal area. A very good synopsis which perhaps lends Israeli a sympathetic path is that estimating intentions are one of the most difficult and yet crucial element within intelligence. One may use hard evidence. If the evidence is incomplete it is more difficult to determine intention. Technology has advanced greatly in later years which makes a surprise attack much more difficult to achieve with the presence of advanced IMINT and SIGINT.

Is the current state of counterintelligence in the Intelligence Community adequate?

In regard to whether the state of counterintelligence within the Intelligence Community is adequate today one can best assume counterintelligence is a forever changing, evolving, assessment and reactive process of making sure our capabilities are up to date with the current world intelligence threat that exists in the world today. I do believe that counterintelligence is adequate as of today but that does not mean we do not need to improve. Much can be derived as to pre-9/11 or post-9/11 scenario. The intelligence officials and decision makers have to make sure that the IC is able to function strategically and operationally. Post 9/11 there exists “old” and “new” threats but clearly now we are primarily and immediately faced with “new” threats such as prevention of individual or small group acts rather than State actors. And because of this emphasis is placed upon utilizing human sources or spies, and interrogations of suspects or informants. The “old” threats still require IC collection, analysis and operations regarding State actors and these services are still intact and operating fully. The intelligence community may involve two ways in which it adapts to its external demands and when a perceived intelligence failure occurs then it reinvents itself to deal effectively. Or it may change proactively because of anticipating or observing environment changes.

There still exist threats from State actors in regard to our intelligence community and national decision makers and counterintelligence needs to be vigilant to deter, detect, exploit, neutralize and disrupt these attacks on an ongoing basis. National Security information as well as the US companies’ proprietary information will be targeted for collection. Some industries that may experience activity directed against them include the defense, finance, energy, dual-use technology, etc.  Insider threats will continue to be a closely surveilled item of interest of the counterintelligence agencies. And Russia is believed to remain a threat through cyber operations meant to influence or convey misleading information to encourage public opinion towards Russia’s best interests. Elections have been targeted and efforts are believed to continue. Increased and vigilant counter-cyber terrorism programs need to be fully conducted and expanded to the utmost ability the United States can exhibit and emplace.

Transnational criminal groups as well as terrorists are learning and utilizing advanced intelligence capabilities in technical, physical and cyber means. And “insider threats”, which is the oldest form of spying still exist in today’s world.

Continue Reading

Latest

Economy32 mins ago

The Election Agenda

Akin to the last Big Collapse, currently, the gatekeepers of the world economy are in deep silence as the new...

South Asia3 hours ago

The Likely Outcome of Narendra Modi’s Unconstitutional Seizure of Kashmir

An independent fact-finding mission into the now military-ruled constitutionally autonomous Indian state of Jammu-Kashmir (commonly referred to simply as “Kashmir”)...

Health & Wellness5 hours ago

Expert tips for a better night’s sleep

When was the last time you had a good night’s sleep? For many, sleep doesn’t come easy. Up to 70...

Travel & Leisure9 hours ago

Top 4 Drives around Beverly Hills and L.A. to Experience in a 2019 Maserati Levante SUV

With a deep history of more than 100 years of Italian craftsmanship, Maserati’s DNA is a balance of luxurious, sophisticated...

South Asia12 hours ago

Indian Subcontinent Independence and Economies Lagging Counterparts

Mid-August is when the subcontinent celebrates independence from Britain.  Born in a cauldron of hate 72 years ago, India today...

Newsdesk15 hours ago

UN Security Council discusses Kashmir- China urges India and Pakistan to ease tensions

The Security Council considered the volatile situation surrounding Kashmir on Friday, addressing the issue in a meeting focused solely on the dispute,...

Middle East17 hours ago

Business and boxing: two sides of the same coin

What do a planned US$15 billion Saudi investment in petroleum-related Indian businesses and a controversial boxing championship have in common?...

Trending

Copyright © 2019 Modern Diplomacy