Thursday, April 24, 2014

U.S. Government Uses Social Media to Subliminally Undermine Target Nations

WASHINGTON (AP) — In July 2010, Joe McSpedon, a U.S. government official, flew to Barcelona to put the final touches on a secret plan to build a social media project aimed at undermining Cuba's communist government.
McSpedon and his team of high-tech contractors had come in from Costa Rica and Nicaragua, Washington and Denver. Their mission: to launch a messaging network that could reach hundreds of thousands of Cubans. To hide the network from the Cuban government, they would set up a byzantine system of front companies using a Cayman Islands bank account, and recruit executives who would not be told of the company's ties to the U.S. government.
McSpedon didn't work for the CIA. This was a program paid for and run by the U.S. Agency for International Development, best known for overseeing billions of dollars in U.S. humanitarian aid.
According to documents obtained by The Associated Press and multiple interviews with people involved in the project, the plan was to develop a bare-bones "Cuban Twitter," using cellphone text messaging to evade Cuba's strict control of information and its stranglehold restrictions over the Internet. In a play on Twitter, it was called ZunZuneo — slang for a Cuban hummingbird's tweet.
Documents show the U.S. government planned to build a subscriber base through "non-controversial content": news messages on soccer, music and hurricane updates. Later when the network reached a critical mass of subscribers, perhaps hundreds of thousands, operators would introduce political content aimed at inspiring Cubans to organize "smart mobs" — mass gatherings called at a moment's notice that might trigger a Cuban Spring, or, as one USAID document put it, "renegotiate the balance of power between the state and society."
At its peak, the project drew in more than 40,000 Cubans to share news and exchange opinions. But its subscribers were never aware it was created by the U.S. government, or that American contractors were gathering their private data in the hope that it might be used for political purposes.
"There will be absolutely no mention of United States government involvement," according to a 2010 memo from Mobile Accord, one of the project's contractors. "This is absolutely crucial for the long-term success of the service and to ensure the success of the Mission."
The program's legality is unclear: U.S. law requires that any covert action by a federal agency must have a presidential authorization and that Congress should be notified.
Read the rest at http://bigstory.ap.org/article/us-secretly-created-cuban-twitter-stir-unrest

NSA Knew about the Heartbleed Bug and Exploited it for Years

Well isn't that nice. The NSA, an agency which claims to be on guard for cyber security threats (when they're not busy spying on you), has known about Heartbleed, the critical security bug which made it possible to steal passwords, emails and other information on a massive scale, and has intentionally withheld information from security professionals for years. Why? So that they would have unfettered access to everyone's personal information.
 
This afternoon, Bloomberg News journalist Michael Riley reported that the NSA knew about the security flaw for at least two years ago, but kept it hidden from technologists so that they could use it to hack the computers and correspondence of their targets.
“The agency found the Heartbeat glitch shortly after its introduction, according to one of the people familiar with the matter, and it became a basic part of the agency’s toolkit for stealing account passwords and other common tasks,” Riley wrote.
“Putting the Heartbleed bug in its arsenal, the NSA was able to obtain passwords and other basic data that are the building blocks of the sophisticated hacking operations at the core of its mission, but at a cost,” he wrote. “Millions of ordinary users were left vulnerable to attack from other nations’ intelligence arms and criminal hackers.”
http://scgnews.com/nsa-knew-about-the-heartbleed-bug-and-exploited-it-for-years

U.S. Government Secretly Used Anoymous Hacker Group As Cover

WASHINGTON — An informant working for the F.B.I. coordinated a 2012 campaign of hundreds of cyberattacks on foreign websites, including some operated by the governments of Iran, Syria, Brazil and Pakistan, according to documents and interviews with people involved in the attacks.
Exploiting a vulnerability in a popular web hosting software, the informant directed at least one hacker to extract vast amounts of data — from bank records to login information — from the government servers of a number of countries and upload it to a server monitored by the F.B.I., according to court statements.
The details of the 2012 episode have, until now, been kept largely a secret in closed sessions of a federal court in New York and heavily redacted documents. While the documents do not indicate whether the F.B.I. directly ordered the attacks, they suggest that the government may have used hackers to gather intelligence overseas even as investigators were trying to dismantle hacking groups like Anonymous and send computer activists away for lengthy prison terms. 
The attacks were coordinated by Hector Xavier Monsegur, who used the Internet alias Sabu and became a prominent hacker within Anonymous for a string of attacks on high-profile targets, including PayPal and MasterCard. By early 2012, Mr. Monsegur of New York had been arrested by the F.B.I. and had already spent months working to help the bureau identify other members of Anonymous, according to previously disclosed court papers.
One of them was Jeremy Hammond, then 27, who, like Mr. Monsegur, had joined a splinter hacking group from Anonymous called Antisec. The two men had worked together in December 2011 to sabotage the computer servers of Stratfor Global Intelligence, a private intelligence firm based in Austin, Tex.
Shortly after the Stratfor incident, Mr. Monsegur, 30, began supplying Mr. Hammond with lists of foreign websites that might be vulnerable to sabotage, according to Mr. Hammond, in an interview, and chat logs between the two men. The New York Times petitioned the court last year to have those documents unredacted, and they were submitted to the court last week with some of the redactions removed. 
...
Mr. Hammond would not disclose the specific foreign government websites that he said Mr. Monsegur had asked him to attack, one of the terms of a protective order imposed by the judge. The names of the targeted countries are also redacted from court documents.
But according to an uncensored version of a court statement by Mr. Hammond, leaked online the day of his sentencing in November, the target list was extensive and included more than 2,000 Internet domains. The document said Mr. Monsegur had directed Mr. Hammond to hack government websites in Iran, Nigeria, Pakistan, Turkey and Brazil and other government sites, like those of the Polish Embassy in Britain and the Ministry of Electricity in Iraq.

An F.B.I. spokeswoman declined to comment, as did lawyers for Mr. Monsegur and Mr. Hammond.

The hacking campaign appears to offer further evidence that the American government has exploited major flaws in Internet security — so-called zero-day vulnerabilities like the recent Heartbleed bug — for intelligence purposes. Recently, the Obama administration decided it would be more forthcoming in revealing the flaws to industry, rather than stockpiling them until the day they are useful for surveillance or cyberattacks. But it carved a broad exception for national security and law enforcement operations.
Mr. Hammond, in the interview, said he and Mr. Monsegur had become aware of a vulnerability in a web-hosting software called Plesk that allowed backdoor access to thousands of websites. 

Read the rest at http://www.nytimes.com/2014/04/24/world/fbi-informant-is-tied-to-cyberattacks-abroad.html?_r=0