Homeland Security, Center for Security & Counter-Terrorism

The Invitation You Don’t Want

Do you know that, if you care to, you can log on to Amazon and, in addition to purchasing your groceries, you can obtain: “The Hacker Playbook—A Practical Guide to Penetration”. Then I stumbled onto an article that described an incredible, worldwide cyber-attack, and realized I know minus zero about cyberspace security or even hacking. I can tell you what hacking causes because almost everyone I know has had their e-mail hacked at one time or another.

How awkward and uncomfortable I felt writing a security-bent Commentary, as I was preparing to purchase a new computer and moving at the same time. My learning curve took a dramatic turn that brought me to a slew of wonderful articles and reports that opened a new world of understanding and, above all else, caution and continuing concern.

In one extensive report, I learned that last year (2017) there was cyberattack on a power grid in the United States, and even though it was horrific in scope and import, it drifted by unnoticed by most of the people I know. It has been claimed that there are those who beyond mere curiosity but with criminal intent, have the ability to shut down all our generated power and throw us into total darkness. And by that I do not mean just the lights in your home but to affect our all aspects of our being from individual and national finance to healthcare and cooking dinner to our basic forms of daily transportation.

The scope of the breach, first reported by the cybersecurity company Symantec in September 2017, revealed much about the way these attacks work. So much was revealed in its report, that the U.S. government turned it into a high valued investigation that produced a 16 page document. A team of cyber specialists from the Department of Homeland Security and Federal Bureau of Investigation placed the hackers’ tradecraft under its investigatory microscope and then disseminated its findings in the hope that the information would help prevent similar attacks – and keep this one attack from generating further chaos.

Experts say cyberspace communication is at a crucially vulnerable time in an age when hackers, whether motivated by disruption or bent on conducting wide scale cyber warfare, are constantly finding ways to infiltrate, corrupt and weaponize whatever touches the internet – often bit by bit. As I type this page I suddenly wonder is there someone looking-in that I am unaware of and what will they do with the information learned.

“It’s important to raise awareness,” said Mark Orlando, chief technology officer for cyber services at Raytheon. “…. details, if taken by themselves, might not seem that impactful. When presented with the entire story, we can see it was part of a larger, sustained campaign, potentially causing a lot of damage.”

The prospective for that type of damage is sweeping, said Constance Douris, who studies cybersecurity for the Lexington Institute, a Washington, D.C. think tank that focuses on defense. She said hacking the power grid is essentially a newer way of attacking a traditional military target. Understand that a power grid is not merely a power vehicle for our individual and business life but constitutes a prime military target by any adversary.

“Everyone understands cyber is important, but they don’t quite understand why it needs to be protected,” she said. “Hospitals, banks, pipelines, military bases – all of these cannot operate without electricity. Protecting the grid from cyberattacks should not be neglected by any means.” Clearly, this is an understatement. Our cyberspace integrity is “crucial” to our national and individual wellbeing. It can be utilized as a silent massive attack against the United States. It is not as dramatic as three planes flying into well-known buildings but clearly and potentially more deadly.

Here’s how the cyber experts broke down the “work” of the hacker – and how businesses and by extension, individuals can protect themselves.

Hackers have the learned that the shortest distance between two points is not necessarily a straight line—thus instead of attacking the largest target (who are, by necessity and self-preservation on the alert) the hacker works his or her way through the “smaller, less secure companies” and networks. Jumping from one network to another and moving to larger networks one at a time. One of the attackers’ main strategies is to divide targets into groups. As one security expert put it: each of us must “manager our own systems and being as vigilant as you can.” And we have read in the press that the hacker can use misleading emails that will deliver malware right into your computer. Be careful of what mail you open, especially if you do not recognize the sender. The hacker knows who they are targeting by collecting as much information and intelligence that is available, so that the email received by the target is both reasonable and believable and therefore more likely to be opened. I recieve emails all the time from institutions with whom I have some business or professional relationship asking me to update information that they should not be requesting. I don’t open those messages. I receive telephone calls from people with far-east accents who tell me that I am having a problem with my computer and they can rectify the issue with a small payment and to allow them access to my computer.

Another method of crawling into your computer with malware is to corrupt a site that you visit often. When you log into that site which has been “altered to contain and reference malicious content,” the government investigation found that you will then be infected with the planted malware. Some refer to these sites as “watering-holes” where the malicious malware codes at planted. Common places are the information sites you generally turn to on a regular basis. As one person said to me: “You can catch a lot of fish that way.” Another method is by stealing the identity of an important member/employee of a target including their usernames and passwords. Here again that is usually accomplished through tricking that person with a false login page of an often utilized site.

The Department of Homeland Security and FBI uncovered yet another method of invading your computer: The hacker sends a document to its target, but it is sent in a manner in which it cannot be downloaded. The bait is to then to inform the target: “if you are having problems downloading this document”, to click “having trouble” — which takes the target to the program that contains the malware. Cleaver and destructive.

If your i-pad and i-phone are connected to your computer they are all invitations to the hacker to invade your world. Cancel those “invitations” with heightened awareness that “anyone” could be a target—anyone. And the results of those invitations can be catastrophic.

Richard Allan,
The Editor

Terrorism and Encryptology

A number of years ago as I clutched to the window ledge of car driven by a man whose eyeglasses seemed to have been made from the bottoms of coca cola bottles, I asked this security service official why his country’s “counterterrorist” services were so good at preventing terrorist attacks in his country. His answer was direct: “Because they (the terrorist) are not now that smart, but someday they will be.”

That day has long since arrived.

The date can be marked with the coordination and execution of the 9/11 attack. In retrospect, the logistics were quite astonishing; it was executed with immaculate precision, not on their own turf, but on ours.

A report by Anna Mulrine written about two months ago, but just arrived at my desk discussed how we confront terrorism has been transformed

The title of her article: “New encryption technology is aiding the terrorist, intelligence director says.” The intelligence director she refers to is the non-descript, bi-speckled James Clapper, the Director of National Intelligence (DNI). In that position he answers to and is directed by the President .He also serves as the advisor to not only the President himself but the National Security Council and Homeland Security Council in matters that relate to our national security. He also is head of a 16 member national intelligence community. Interestingly, federal law mandates that he also be an active-duty commissioned officer or have experience in military intelligence. The bottom line is that when this man speaks, we should listen very carefully.

A cautionary note: Critics claim that in crafting the legislation that created the DNI, it provided inadequate powers to improve the performance of the US Intelligence Community. Namely, the legislation creating the DNI left other important security agencies untouched. The need to hold onto power never changes.

This past week we are faced with mass murder in Orlando. This is the worst domestic attack of its kind in American history. We know there was a lone killer, born in the United States. The suspect, 29-year-old Omar Mateen, is a Muslim American of Afghan descent, and law enforcement agencies were investigating whether he had ties to or was inspired by Islamist extremism. An Islamic State group claimed the impetus for the attack, and across social-media outlets, Islamic State supporters cheered Sunday’s mass shooting, and called for more attacks on the West.

All this brings me to Ms. Mulrine’s report that new encryption technology is benefiting the terrorist. The playing field is becoming level. General Clapper noted — “The Edward Snowden” leaks, if nothing else, fast-tracked the sophistication of encryption technologies by “about seven years.” And that is nothing but bad news for United States’ national security.

Clapper noted that the Islamic State is “the most sophisticated user by far of the Internet.” And they accomplish that because they have the resources and ability to go into the market place and purchase software that will “ensure end-to-end encryption” of their communications. In turn, he noted that this “had and is having major, profound effects on our ability” to collect intelligence, “particularly against terrorists”. This raises a particularly American long standing issue.

The publicized conflict between national security, privacy issues and those companies who refuse to divulge their user’s information creates — rightfully or wrong — road blocks in the fight not merely to stop but to at least contain the terrorist act. It increases the tension with those supporting the need for advanced security against cyber-attacks. Recently as February Clapper cited cyber-attacks as a greater threat than terrorism – and the blunt opposition to law enforcement against the development of so-called unbreakable encryption software that, they say, could hinder their search for terrorists. That said, he warned of yet the next step in this conflict with the development of an unbreakable encryption: it would “give the terrorists a pass” in its operational ability. Think of those consequences and one can only shudder.

Clapper warned that ISIS has clandestine cells that are plotting more terrorist attacks in Germany, Italy, and England. This can only lead to the question: what if ISIS is defeated at home, how strong will they remain in plotting attacks abroad. Barbara Star, the CNN Pentagon Correspondent quoted a high racking counterterrorist official saying that ISIS “is not an army, It’s not about religion, it is not even a movement. It is a label covering mad and upset young man who can just say they are part of ISIS.” How does any part of law enforcement respond to that?

To this end, the United States is stepping up efforts to promote more intelligence sharing. In my previous blog, I wrote of the proposed creation of a Secretary General for Intelligence within the NATO structure to improve not only how intelligence is shared but to expand its view of how analysis and information is shared. In the meantime, since the attacks on Paris and Brussels in January of last year, the US intelligence officials have learned that ISIS is clearly taking advantage of the migrant crisis in Europe, Clapper said. Nothing new was reveled in that statement but it doesn’t make it any less unsettling.

All this presents a daunting task for Europe, Clapper warned. There is a “fundamental conflict” between European Union incentives that drives the agenda to promote openness and free movement of people and goods with privacy. This “in some ways is in conflict with the responsibilities that each country has as a nation-state to protect the borders and securities of their nations and peoples.” This is all complicated by this week’s election in the UK weather or not to exit the EU. Even before the vote, the mere thought of exiting the UK has exacerbated normal volatility in the world’s stock markets and will have enormous bearing upon the security of all nation-states. Scotland has announced that if there is an exit by the UK from the EU, it will reexamine if it wants to remain within the UK; there are rumblings that it would also have lasting negative effect on peace in Norther Island. And there has been one assassination of a young member of the British Parliament.

If I were a “doctor” having just concluded a physical examination of these issues in the U.S., I would be more than merely concerned with its continued well-being. We live in a different world since 9/11 –The terrorist is not uninformed. The terrorist is sophisticated. The terrorist has learned to master the techniques utilized by the most advanced governments. The terrorist has learned to take advantage of the chaos in the Mideast, its flow into Europe and the political and social tensions around the world. The state of the patient’s national security “health” is not merely “not very good”—it’s in jeopardy of further very concerning deterioration. Political hysteria, in some quarters, does not address the problem.

Richard Allan,
The editor