Mediaboss Marketing

Former National Security Agency Deputy Director Chris Inglis was formally sworn in as the first White House national cyber director on Monday.

Ingliss swearing-in, confirmed to The Hill by a spokesperson for the White Houses National Security Council, came almost a month after the Senate unanimously approved his nomination andfollows multiple major cybersecurity incidents such as last weeks ransomware attack on software group Kaseya.

Bloomberg Government first reported Inglis's plannedswearing-in late last week.

Inglis will be the first to serve as the White House cyber czar after the position was created as part of the most recent National Defense Authorization Act. It is an expansion of the previous White House cybersecurity coordinator role that was eliminated in 2018 under the Trump administration.

The position is intended to serve as a coordinating mechanism for cybersecurity policy between federal agencies, Congress and the White House.

Sen. Angus KingAngus KingChris Inglis formally sworn in as national cyber director Democrats hit crunch time in Biden spending fight Joe Manchin's secret MORE (I-Maine), the co-chairman of the Cyberspace Solarium Commission, which pushed for the establishment of the position, on Monday praised Ingliss confirmation. Inglis served as a member of the commission, alongside other members of Congress and federal officials.

The threats of cyberattacks arent just looming they [are] here and harming us every day, King said in a statement provided to The Hill. America is a uniquely connected nation, but that leaves us especially exposed to bad actors, and our cyber vulnerabilities are being exploited to make our nation less safe.

Given that cybersecurity touches every aspect of our government and our lives -- from our laptops to the Internet of Things -- the U.S. desperately needs centralized leadership to coordinate the federal response to improve our defenses, King said. After serving with him for two-plus years on the Cyberspace Solarium Commission, I am confident that Chris Inglis is the right person to take on this vital role.

Inglis, who was confirmed by the Senate in June, wassworn in justmore thana week after a ransomware attack on software company Kaseya impacted up to 1,500 businesses. It was one of the largest ransomware attacks in history.

While the Biden administration has not yet formally concluded who was behind the attack, cybersecurity experts have pointed to Russian-linked cyber criminal group REvil, which was also linked by the FBI to the ransomware attack on meat producer JBS USA in May.

The Biden administration has been forced to make cybersecurity a priority from almostits first day, with President BidenJoe BidenPoll: Biden approval on coronavirus slips 2 percentage points Overnight Defense: Top US commander in Afghanistan departs | US sends delegation to Haiti after request for troops | Senate Dems propose .3B for Pentagon in Capitol security bill Protests escalate US-Cuba tensions MORE taking office a month after the discovery of the SolarWinds hack, which compromised nine federal agencies and around 100 private sector groups for most of 2020.

Following formal attribution of the attack by U.S. intelligence officials to Russian-government linked hackers, Biden levied a sweeping set of sanctions on Russia in April in retaliation and discussed cybersecurity concerns with Russian President Vladimir PutinVladimir Vladimirovich PutinChris Inglis formally sworn in as national cyber director Rand Paul requests probe into allegations NSA spied on Tucker Carlson Ukraine says Russian-linked hackers attacked its navy's website MORE during their summit in Geneva last month.

King on Monday pointed to the mounting threats in underlining the need for federal cybersecurity leadership.

His swearing-in is a major step forward for Americas cyber defense posture; now, its time for us all to get to work, King said.

Read this article:
Chris Inglis formally sworn in as national cyber director | TheHill - The Hill

Tucker Carlson, host of Tucker Carlson Tonight, on the set of his Fox News program in 2017. Richard Drew/AP hide caption

Tucker Carlson, host of Tucker Carlson Tonight, on the set of his Fox News program in 2017.

On consecutive nights this week, Fox News prime-time host Tucker Carlson has alleged that the National Security Agency charged with monitoring communications abroad to keep the U.S. safe is spying on him in hopes of getting his top-rated show canceled.

"We heard from a whistleblower within the U.S. government who reached out to warn us that the NSA, the National Security Agency, is monitoring our electronic communications and is planning to leak them to take this show off the air," Carlson said Monday night.

Ascribing political motivations to the Biden administration, Carlson said the whistleblower had information about a story he's working on that could only have been derived from his own texts and emails.

On Tuesday, the NSA denied spying on him or wanting his show canceled. That night, Carlson returned to the air, crackling with indignation. He followed up his incendiary charge of possible criminal acts by saying the agency had notably not denied it was reviewing his communications.

He did not, however, offer anything more concrete. And Fox News has notably not reported on Carlson's allegations within its news programs, according to a review of transcripts. Not on Fox News political anchor Bret Baier's show. Not on Fox anchor John Roberts' afternoon news program. Not even on the often conspiracy theory-friendly morning show, Fox & Friends.

Online, Fox News has published two brief posts one without a byline simply rounding up what Carlson said but offering no new reporting. And Fox News public relations executives have not responded to repeated requests for comment from NPR and other outlets asking whether the network stands behind Carlson's claims. They instead pointed to Carlson's own remarks.

Asked by NPR for greater verification or documentation, Carlson wrote, "My word. Why would I make something like that up? Doesn't help me. I've got enough drama."

"But it's true," he said. "They haven't denied it, including tonight. The NSA was reading my email. That's absolutely confirmed."

Carlson did not answer NPR's questions of whether he was in contact with people in Russia or Ukraine over the 2016 elections, the president's son Hunter Biden or any related matter.

The NSA is banned from targeting U.S. citizens for direct eavesdropping unless a secret federal court finds there is reason to believe they are terrorists or agents of a foreign power. Yet the agency often sweeps up the emails or other communications of Americans who are in touch with one of the agency's foreign targets. Because the agency operates on such a massive global scale, the communications that are "incidentally" collected can be extensive.

"Tucker Carlson has never been an intelligence target of the Agency and the NSA has never had any plans to try to take his program off the air," the NSA said in a formal statement Tuesday. "We target foreign powers to generate insights on foreign activities that could harm the United States. With limited exceptions (e.g. an emergency), NSA may not target a U.S. citizen without a court order that explicitly authorizes the targeting."

The NSA's statement saying Carlson was not a "target" of its intercept operations does not conclusively mean the agency did not collect some of his emails or texts. If, hypothetically, Carlson was exchanging messages with someone in Russia or Ukraine as part of his show's coverage of the 2016 election or the Trump administration or Hunter Biden, and the person overseas was being monitored by the NSA, the agency might well have gathered his messages. The agency is supposed to conceal the names of any Americans whose communications are gathered that way.

House Minority Leader Kevin McCarthy, a California Republican, announced Wednesday he had asked Rep. Devin Nunes of California to investigate the NSA over Carlson's claims and other episodes. Nunes, a former chairman of the House Intelligence Committee when Republicans controlled the chamber, has pushed conspiracy theories from former President Donald Trump and his allies over numerous matters, including the 2016 elections, Russia and Ukraine.

Carlson is right on one score at least: He has had more than enough drama. Carlson has come under attack for some of his claims surrounding COVID-19 and public health officials and his defense of Trump against critics. Yet Carlson has navigated a delicate dance on those, taking the pandemic more seriously, more quickly, than many of his opinion colleagues at Fox, and also acknowledging, at times, Trump's flaws.

More problematically, Carlson has embraced rhetoric that inspires white supremacists, even as a top writer for his show quit after his online posts were revealed to have been racist and bigoted. Carlson also defended those who laid siege to the U.S. Capitol in January as patriots wrongly singled out for denigration by overbearing law enforcement authorities and liberals.

And most recently, and seemingly paradoxically, Carlson has also argued that the FBI may have been behind the siege.

"His audience is in perpetual state of anger and outrage, where now the target has shifted from 'the radical left' and the [D]emocrats, to the security state," tweeted Joan Donovan, research director of Harvard University's Shorenstein Center and a scholar of online misinformation and hate groups.

"He's making stronger and stronger claims about a conspiracy to overthrow the government without requisite proof," Donovan wrote. "This propaganda feeds into ... his audience's collective desperation that NO ONE is going to bring about justice. To them, the govt is now occupied by illegitimate forces."

Carlson's assertions could prove true or contain grains of truth. But that's not necessary for him to keep broadcasting: Lawyers for Fox News prevailed in a slander suit against Carlson by arguing his words could not literally be believed. A federal judge embraced that reasoning.

Read the original post:
Tucker Carlson Says The NSA Wants Him Off The Air. Fox News Isn't Following His Lead - NPR

WASHINGTON (AP) U.S. and British agencies disclosed on Thursday details of brute force methods they say have been used by Russian intelligence to try to break into the cloud services of hundreds of government agencies, energy companies and other organizations.

An advisory released by the U.S. National Security Agency describes attacks by operatives linked to the GRU, the Russian military intelligence agency, which has been previously tied to major cyberattacks abroad and efforts to disrupt the 2016 and 2020 American elections.

In a statement, NSA Cybersecurity Director Rob Joyce said the campaign was likely ongoing, on a global scale.

Brute force attacks involve the automated spraying of sites with potential passwords until hackers gain access. The advisory urges companies to adopt methods long urged by experts as common-sense cyber hygiene, including the use of multi-factor authentication and mandating strong passwords.

Issued during a devastating wave of ransomware attacks on governments and key infrastructure, the advisory does not disclose specific targets of the campaign or its presumed purpose, saying only that hackers have targeted hundreds of organizations worldwide.

The NSA says GRU-linked operatives have tried to break into networks using Kubernetes, an open-source tool originally developed by Google to manage cloud services, since at least mid-2019 through early this year. While a significant amount of the attempted break-ins targeted organizations using Microsofts Office 365 cloud services, the hackers went after other cloud providers and email servers as well, the NSA said.

The U.S. has long accused Russia of using and tolerating cyberattacks for espionage, spreading disinformation, and the disruption of governments and key infrastructure.

The Russian Embassy in Washington on Thursday strictly denied the involvement of Russian government agencies in cyberattacks on U.S. government agencies or private companies.

In a statement posted on Facebook, the embassy said, We hope that the American side will abandon the practice of unfounded accusations and focus on professional work with Russian experts to strengthen international information security.

Joe Slowik, a threat analyst at the network-monitoring firm Gigamon, said the activity described by NSA on Thursday shows the GRU has further streamlined an already popular technique for breaking into networks. He said it appears to overlap with Department of Energy reporting on brute force intrusion attempts in late 2019 and early 2020 targeting the U.S. energy and government sectors and is something the U.S. government has apparently been aware of for some time.

Slowik said the use of Kubernetes is certainly a bit unique, although on its own it doesnt appear worrying. He said the brute force method and lateral movement inside networks described by NSA are common among state-backed hackers and criminal ransomware gangs, allowing the GRU to blend in with other actors.

John Hultquist, vice president of analysis at the cybersecurity firm Mandiant, characterized the activity described in the advisory as routine collection against policy makers, diplomats, the military, and the defense industry.

This is a good reminder that the GRU remains a looming threat, which is especially important given the upcoming Olympics, an event they may well attempt to disrupt, Hultquist said in a statement.

The FBI and the Cybersecurity and Infrastructure Security Agency joined the advisory, as did the British National Cyber Security Centre.

The GRU has been repeatedly linked by U.S. officials in recent years to a series of hacking incidents. In 2018, special counsel Robert Muellers office charged 12 military intelligence officers with hacking Democratic emails that were then released by WikiLeaks in an effort to harm Hillary Clintons presidential campaign and boost Donald Trumps bid.

More recently, the Justice Department announced charges last fall against GRU officers in cyberattacks that targeted a French presidential election, the Winter Olympics in South Korea and American businesses.

Unlike Russias foreign intelligence agency SVR, which is blamed for the SolarWinds hacking campaign and is careful not to be detected in its cyber ops, the GRU has carried out the most damaging cyberattacks on record, including two on Ukraines power grid and the 2017 NotPetya virus that caused more than $10 billion in damage globally.

GRU operatives have also been involved in the spread of disinformation related to the coronavirus pandemic, U.S. officials have alleged. And an American intelligence assessment in March says the GRU tried to monitor people in U.S. politics in 2019 and 2020 and staged a phishing campaign against subsidiaries of the Ukrainian energy company Burisma, likely to gather information damaging to President Joe Biden, whose son had earlier served on the board.

The Biden administration in April sanctioned Russia after linking it to election interference and the SolarWinds breach.

___

Bajak reported from Boston.

Originally posted here:
NSA discloses hacking methods it says are used by Russia - The Associated Press

Adversaries have heavily invested in cyberspace operations and capabilities. As such, cyber operations, cybersecurity and information operations are increasingly important to the joint force, said the commander of U.S. Cyber Command, who's also the director of the National Security Agency.

"The scope of what we need to defend and protect has dramatically expanded," Army Gen. Paul M. Nakasone said today during a virtual address to the U.S Naval Institute and Armed Forces Communications and Electronics Association's WEST Conference.

The Defense Department's information network is composed of 15,000 sub-networks, 3 million users, 4 million computers, 180,000 mobility devices and 605 million website requests a day, he said.

"We used to think about cyberspace as merely the need to protect these computer networks. And while it's a good place to start, the attack surface is much broader," Nakasone said.

For example, protecting weapons systems is a related but distinct challenge compared to networks, he said. They require software updates and patches. In the case of the Navy, they're onboard ships that don't return to port for months at a time, making it even more challenging to provide timely updates.

Another challenge with weapons systems is ensuring that cybersecurity considerations are implemented in the earliest phases of the acquisition cycle, he said.

Protecting DOD's data is also a major challenge, he said.

Understanding how state and non-state adversaries are able to successfully carry out cyberattacks is important, he said. "They learn over time in terms of what they can do. They're not static in the terms of how they approach cyberspace."

In about the past 150 days, adversaries have successfully conducted supply chain attacks, particularly ransomware attacks, he said. In the last several years, election cybersecurity has taken on an increasingly important role.

Terrorist groups are also mounting cyberattacks, he said. In response, the department has emphasized close teamwork between the NSA, Cybercom, and other commands U.S. Special Operations Command, in particular.

"We learned how to work closely with U.S. Special Operations Command, both to support their efforts against kinetic targets and to leverage their capabilities against virtual ones," he said.

Nakasone also emphasized the importance of working with industry, academia, interagency partners like the FBI and the Department of Homeland Security, as well as with allies and partners.

Having a skilled and motivated workforce is also critically important, he said. They need to have the right training and career paths and professional development opportunities, and the DOD must be open to their new ideas.

Read the original post:
NSA, Cybercom Leader Says Efforts Have Expanded > US DEPARTMENT OF DEFENSE > Defense Department News - Department of Defense

An ongoing brute-force attack campaign targeting enterprise cloud environments has been spearheaded by the Russian military intelligence since mid-2019, according to a joint advisory published by intelligence agencies in the U.K. and U.S.

The National Security Agency (NSA), Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), and the U.K.'s National Cyber Security Centre (NCSC) formally attributed the incursions to the Russian General Staff Main Intelligence Directorate (GRU) 85th Main Special Service Center (GTsSS).

The threat actor is also tracked under various monikers, including APT28 (FireEye Mandiant), Fancy Bear (CrowdStrike), Sofacy (Kaspersky), STRONTIUM (Microsoft), and Iron Twilight (Secureworks).

APT28 has a track record of leveraging password spray and brute-force login attempts to plunder valid credentials that enable future surveillance or intrusion operations. In November 2020, Microsoft disclosed credential harvesting activities staged by the adversary aimed at companies involved in researching vaccines and treatments for COVID-19.

What's different this time around is the actor's reliance on software containers to scale its brute-force attacks.

"The campaign uses a Kubernetes cluster in brute force access attempts against the enterprise and cloud environments of government and private sector targets worldwide," CISA said. "After obtaining credentials via brute force, the GTsSS uses a variety of known vulnerabilities for further network access via remote code execution and lateral movement."

Some of the other security flaws exploited by APT28 to pivot inside the breached organizations and gain access to internal email servers include -

The threat actor is also said to have utilized different evasion techniques in an attempt to disguise some components of their operations, including routing brute-force authentication attempts through Tor and commercial VPN services, such as CactusVPN, IPVanish, NordVPN, ProtonVPN, Surfshark, and WorldVPN.

The agencies said the attacks primarily focused on the U.S. and Europe, targeting government and military, defense contractors, energy companies, higher education, logistics companies, law firms, media companies, political consultants or political parties, and think tanks.

"Network managers should adopt and expand usage of multi-factor authentication to help counter the effectiveness of this capability," the advisory noted. "Additional mitigations to ensure strong access controls include time-out and lock-out features, the mandatory use of strong passwords, implementation of a Zero Trust security model that uses additional attributes when determining access, and analytics to detect anomalous accesses."

Read the original:
NSA, FBI Reveal Hacking Methods Used by Russian Military Hackers - The Hacker News