Analysis 09-02-2016


Hacking Reaches New Heights

Are State Election System Systems under Threat?

The threat of hacking has reached new heights as it was revealed that two states’ (Illinois and Arizona) elections computer systems were hacked.

This follows warnings by the government to both the Republican and Democratic parties that their computer systems could be subject to major attacks.

The FBI’s Cyber Division issued an alert to state elections systems after it uncovered evidence foreign hackers had penetrated systems in these two states.

The threat has forced the government to declare the American election system a “Critical Infrastructure,” like the electrical infrastructure or the financial system.

Homeland Security Secretary Jeh Johnson said, “There’s a vital national interest in our election process, so I do think we need to consider whether it should be considered by my department and others critical infrastructure.”

However, declaring it critical infrastructure is easier than actually controlling it.  The constitutional authority for handling elections resides within the states.  Johnson said, “There’s a national election for president, [but] there are some 9,000 jurisdictions that participate, contribute to collecting votes, tallying votes and reporting votes.”

The Arizona and Illinois Hacks

In the Illinois case, officials were forced to shut down the state’s voter registration system for 10 days in late July, after the hackers managed to download personal data on up to 200,000 state voters, Ken Menzel, the general counsel of the Illinois Board of Elections, said in an interview.

The Arizona attack was more limited, involving malicious software that was introduced into its voter registration system but the hack was unable to download any voter information.

“This is a big deal,” said Rich Barger, chief intelligence officer for ThreatConnect, a cybersecurity firm, who reviewed the FBI alert at the request of Yahoo News. “Two state election boards have been popped, and data has been taken. This certainly should be concerning to the common American voter.”

Barger noted that one of the IP addresses listed in the FBI alert has surfaced before in Russian criminal underground hacker forums. He also said the method of attack on one of the state election systems — including the types of tools used by the hackers to scan for vulnerabilities and exploit them — appears to resemble methods used in other suspected Russian state-sponsored cyberattacks.

There isn’t any evidence that the hacks were designed to influence the November elections.  In fact, it could merely be a hack to obtain personal information.

“It’s got the hallmark signs of any criminal actors, whether it be Russia or Eastern Europe,” said Milan Patel, a former chief technology officer of the FBI’s Cyber Division who is now at the security firm K2 Intelligence. However, he added, “the question of getting into these databases and what it means is certainly not outside the purview of state-sponsored activity.”

The real concern here is not the two intrusions that have already been detected but the possibility that a full scale hack could create chaos on Election Day. Yahoo News notes, “six states and parts of four others,” use direct electronic voting for which there is no paper back up. A hacker who was able to access the data in those systems could potentially make the outcome of the election in those states suspect. Politico reports the FBI’s alert to state officials is unprecedented:

One person who works with state election officials called the FBI’s memo “completely unprecedented.”

“There’s never been an alert like that before that we know of,” said the person, who requested anonymity to discuss sensitive intergovernmental conversations.

So the picture isn’t very clear at this moment. Maybe it was Russia and, if so, maybe it was state sponsored. Given the intrusions at the DNC, DCCC, the Clinton Foundation and other politically connected organizations by Russia this year, it makes sense to be very cautious with state election systems.

Governments aren’t the only Targets in Hacking

While governments are being hacked, governments are also breaking into personal cell phones and computers in order to harass political opponents.

According to the 2012 document, leaked by whistleblower Edward Snowden and published jointly by CBC News and The Intercept, the NSA and its international counterparts took part in a series of workshops between November 2011 and February 2012 to find new ways to exploit smartphone technology for spying operations.

The Intercept reports:

“As part of a pilot project codenamed IRRITANT HORN, the agencies were developing a method to hack and hijack phone users’ connections to app stores so that they would be able to send malicious “implants” to targeted devices. The implants could then be used to collect data from the phones without their users noticing.”

It’s not just the NSA that is using it.  Several weeks ago, the United Arab Emirates used sophisticated software to attack the iPhone 6 of Ahmed Mansoor.  Mansoor, a UAE based pro-democracy activist, was sent text messages promising secrets on detainees held in UAE jails if he clicked on a link. He instead contacted the security firms.

Electronic analysis showed the malware link was a hacking ploy that researchers traced to an Israeli-based cyber security firm called the NSO Group, reportedly made up of former cyber sleuths from Unit 8200—Israel’s electronic intelligence service. NSO sells a software called Pegasus, an electronic intercept software used by governments.

According to Citizen Lab, a malware expert, “Once infected, Mansoor’s phone would have become a digital spy in his pocket, capable of employing his iPhone’s camera and microphone to snoop on activity in the vicinity of the device, recording his WhatsApp and Viber calls, logging messages sent in mobile chat apps, and tracking his movements.”

Although Apple has tried to maintain its customer’s privacy, it is a constant battle against hackers (both government and private), who are determined to break into “unbreakable” computer systems.

How governments or Hackers Can Spy on you

The Monitor asked some computer experts about some of the ways that governments or hackers can turn your computer or cell phone into a spying device.

Don’t assume that covering up your cell phone microphone can protect you.  Smart phones these days have something called gyroscopes in them. What these things do is measure movement and orientation. This is extremely useful for letting the phone know when it’s being held horizontally or vertically or assisting with navigation apps.

Recently, it was shown that someone could tap into those gyroscopes and actually convert the phone’s vibrations into sound. Researchers from Stanford University with Israeli defense firm Rafael have developed an Android app called Gyrophone that picks up vibrations of sound by using vibrating pressure plates in the phone’s gyroscope.  What they’ve essentially done is convert the phone itself into a microphone.

Your cell phone can also spy on your computer.

Everyone has heard of keyloggers that can record what you type on your keyboard.  Spies, private investigators, and suspicious spouses have been using them for years.  You just have to get access to the computer and then retrieve the keylogger later to read the data.  There are some systems that you can just plug in and they send out the data by wifi.

So you may think then that your computer activities are safe as long as you don’t let anyone near your computer. You’d be wrong about that.

Georgia Tech and MIT came up with a way that they can actually spy on your computer activity through your cell phone in pretty much the same way as a keylogger does.

The study’s executive summary states, “Mobile phones contain an array of powerful sensors. While access to many of the most obvious sources of information is generally restricted, the use of a number of a number of other seemingly innocuous sensors is not.  In this paper, we demonstrate that unfettered access to accelerometer data allows a malicious application to recover and decode the vibrations caused by keypresses on a nearby keyboard.”

Currently, your keystrokes can only be deciphered if your phone is set next to your keyboard.  However, as technology improves, they’ll be able to listen in with more accuracy from farther away.

Another solution would be to get a good RF-shielding cell phone case.  Obviously you can’t receive calls while it’s being shielded but most systems will update your phone on missed calls once you pull the phone out. Experts recommend that you get a quality one that has effective shielding

An added protection this gives you is your movements can’t be tracked by cell towers while your phone is in the case.

It’s also important to realize that cell phone pictures can be used to spy on you.  Known as Exif data, the standard was created to hold additional data that photographers might find useful, such as the focal length and aperture they used while taking it.  It’s used by professionals to embed contact information and copyright details, as well.

Exif data can contain a whole lot more information. In fact, if you’ve taken a picture with a smartphone, or even a modern digital camera, there’s a good chance that the picture records where it was taken using the built-in GPS.  This means that a government group can look at one of your cell phone pictures and tell where you were when it was taken.

The Smurfs

Whistleblower Edward Snowden, in an interview with the BBC told how governments can hack smartphones with a single text message. The spyware package is named after the little blue cartoon characters; the Smurfs.

“It’s called an ‘exploit’,” Snowden told the BBC. “That’s a specially crafted message that’s texted to your number like any other text message but when it arrives at your phone it’s hidden from you. It doesn’t display.”

Smartphone users can do “very little” to stop security services getting “total control” over their devices, according to Snowden.

The “Smurf Suite” package arrives by text messages, without users ever being aware of the message or its payload, as the phone is not altered in any way, according to Snowden.

Snowden said the spy agency could see “who you call, what you’ve texted, the things you’ve browsed, the list of your contacts, the places you’ve been, the wireless networks that your phone is associated with.”

“And they can do much more. They can photograph you,” he said.

Some of the Smurf apps include:

Dreamy Smurf: A power management tool, which allows the phone to be powered on and off without the user knowing.

Nosey Smurf: A ‘hot-mic’ tool that allows the microphone on a phone to be turned on, even if the phone is powered off.

Tracker Smurf: A geo-location tool that tracks a person with much greater precision than the typical triangulation of cellphone towers.

Paranoid Smurf: Covers the tracks of the breach of phone security, as to not allow even a phone security expert to recognize that the device has been tampered with upon inspection.




Reforming Intelligence: A Proposal for Reorganizing the Intelligence Community and Improving Analysis
By Mary R. Habeck and Charles “Cully” Stimson
Heritage Foundation
August 29, 2016

Despite the deep reforms of the U.S. intelligence community (IC) carried out after 9/11, including the creation of the Director for National Intelligence (DNI) and the National Combatting Terrorism Center (NCTC), there is widespread agreement that more remains to be done. This is not a new thought. Before the ink was dry on the 2004 Intelligence Reform and Terrorism Prevention Act (IRTPA), there were warnings from insiders as well as outside experts that the law had not fully dealt with the challenges facing the IC. The critics pointed to the anomalous position of the DNI, a neglect of strategic analysis, accusations of the politicization of intelligence, and the difficulties that the IC has with failure, learning, and adaptation, as signs that all was not well within the IC.

Read more


Unpacking Syria’s Chemical Weapons Problem
By Rebecca Hersman
Center for Strategic and International Studies
August 25, 2016

A series of three chemical weapons attacks in Syria within a two-week span in August 2016 occurred amidst increased scrutiny and criticism from the international community, which has sought to identify and hold accountable those state and/or nonstate actors perpetrating, organizing, or sponsoring these chemical weapons attacks. A number of reports released in recent weeks by the Organization for the Prohibition of Chemical Weapons (OPCW) have revealed growing concerns about non-declared chemical weapons (CW) activities in Syria, raising the prospect that Syria might be hiding illicit CW capabilities in violation of its accession to the Chemical Weapons Convention (CWC). Further, the international team from the OPCW-United Nations (UN) Joint Investigative Mechanism (JIM) yesterday released the findings of its year-long investigation into nine confirmed cases of CW use in Syria during 2014 and 2015.

Read more


Biden Back in Turkey: Personal Diplomacy After the Coup Attempt
By Bulent Aliriza
Center for Strategic and International Studies
August 23, 2016

The fact that it is Biden who is traveling to Turkey rather than Secretary of State John Kerry, who was originally scheduled to go to Ankara, underlines the Obama Administration’s recognition of the seriousness of the current malaise in the relationship. Biden, who is known to be proud of his abilities at personal diplomacy, clearly believes that his meetings with President Recep Tayyip Erdogan and other Turkish leaders will help steer U.S.-Turkish relations back on track. However, while he is likely to leave without solving the issues on the agenda which will continue to cast a shadow over the relationship, the reestablishment of a dialogue at the highest level between Washington and Ankara, combined with positive optics associated with the visit, will surely help to ease strains to some extent.

Read more


Putin Doubles Down in Syria
By Stephen Blank
Foreign Policy Research Institute
August 23, 2016

A year ago, President Obama opined that Russian intervention in Syria would turn into a quagmire. One year later, however, Russia is expanding and consolidating its positions and goals in Syria. Bashar Assad’s rule looks more secure than ever, buttressed by Russian weapons (including chemical weapons), intelligence, diplomatic support, and money. Moreover far from reducing its military footprint, Russia is expanding it. The Duma is about to ratify agreements essentially giving Russia permanent air bases like Hmeymim air base and Tartus. Thus Moscow, for the first time in over forty years, now has permanent bases in the Middle East, both in Syria and in Cyprus. Moreover, it is an open secret that Moscow would like to obtain a base at Alexandria like the one it had in the 1970s. In August 2016 Moscow revealed that it is now operating out of the Hamadan air base in Iran. However, within days the Iranian government pulled the plug on Russia, criticizing its inconsiderate and ungentlemanly attitude.

Read more


Turkish Incursion into Northern Syria Signals Turning Point in Anti-ISIS Fight
By Jennifer Cafarella
Institute for the Study of War
August 30, 2016

Turkey is unraveling America’s anti-ISIS partner in northern Syria in order to position itself as a major power broker in planned operations to retake Raqqa City. Turkish Armed Forces (TSK) crossed into Syria to seize the ISIS held border town of Jarablus alongside numerous Turkish- and U.S.-backed Syrian armed opposition groups on August 24. The operation, titled Euphrates Shield, is a turning point in American-Turkish relations and the war against ISIS by fulfilling longstanding American demands for more Turkish involvement in the anti-ISIS fight. Euphrates Shield also aims to prevent the expansion of Kurdish control along the border, however. The U.S. ordered the Syrian Kurdish People’s Defense Forces (YPG) to withdraw to the east bank of the Euphrates River in accordance with Turkish demands at the start of the operation. Turkey is leveraging Syrian opposition groups it trusts in Jarablus and intentionally sidelining groups that joined the Syrian YPG-led Syrian Democratic Forces (SDF), bringing U.S.- and Turkish- backed opposition factions into direct conflict with the American-backed SDF.

Read more


The Rise of ISIL: Counterterrorism Lectures 2015, Counterterrorism Lecture Series, Vol.  7
Matthew Levitt, editor
Washington Institute
August 2016

Bookended by terrorist plots in Paris, 2015 marked the rise of the so-called Islamic State as an international terrorist phenomenon. Spectacular attacks in Paris, Brussels, Istanbul, and beyond have made it plain that the scale of the threat posed to the West is far larger than most had previously thought. And this threat is no longer limited to potential lone-wolf plots by homegrown extremists, nor to the radicalization of the 5,000-plus European citizens who left to fight alongside the Islamic State in Syria, Iraq, and more recently Libya. Indeed, these recent attacks have made it painfully clear that the Islamic State is determined to plan and direct attacks in the West that are far more sophisticated and lethal than such small-scale mayhem.  The seventh volume in The Washington Institute’s Counterterrorism Lectures series spans the period from January 2015 to November 2015.

Read more


The New Normal: Today’s Arab Debate Over Ties With Israel
By David Pollock
Washington Institute
August 25, 2016

A recent spate of reports in major Arab media about official and other contacts with Israelis — including very widely publicized Saudi and Egyptian visits to Israel in the past month — is generating renewed regional debate over the pros and cons of this phenomenon. Much of this debate, however, obscures one key point: Arab contacts with Israel, far from being brand new, actually have a very long history, with many ups and downs along the way.

Read more