Public Service Announcement

from Greg
In honor of the late great John Candy we here at tablet certified would like to ask you to support the Jamaican Olymic bobsledding team. They have qualified for the Olympics but need $80,000 to cover expenses to ship the equipment to Russia. You can donate at their web site HERE. Ask yourself 'What would Uncle Buck do?' and then send them some money while drinking a beer on the way to the bowling alley.

from The Verge
Read the full story HERE

Jamaica has a bobsled team, and it's getting ready to return to the Winter Olympics. Jamaica's team qualified for the winter games for the first time in over a decade this weekend, but it's going to take quite a bit more than skill to get them over to Sochi for the 2014 Games. "In truth, we still don’t really know at the moment if we’d even have enough funds or sponsorship to fly to Sochi itself for the Games itself," Winston Watts, the driving force behind the team's resurgence, tells The Telegraph.

Watts tells the BBC that his team needs to raise for $40,000 to cover travel and new equipment, though the AP reports that the team is looking for upward of $80,000. "It's not been cheap," Watts says. He's already put £100,000 (around $164,000) of his own money toward the team, which is now looking to raise whatever else it can to help it get to Russia. In part, the team is looking to PayPal to help it receive donations and sell a book on its history. It's actually been accepting PayPal donations for several years now in hopes of bolstering the team — though it was absent from the 2006 and 2010 Winter Games, the BBC reports that lack of funds held it back. The Telegraph reports that even Jamaica's Olympic Association hasn't given the team financial support.

Cover of Cool Runnings

Now returning to the Olympics after years away, Watts has taken to calling his team's journey "Cool Runnings, the Second Generation," reports The Telegraph. From scrounging together money to being an unlikely set of competitors, the similarities go far beyond just country of origin. Following the events that inspired of Cool Runnings in 1988, Jamaica's team returned to the Olympics in 1992, 1994, 1998, and 2002, with Watts competing in the latter three games. But following Watts' retirement, the team has sat out unqualified ever since. He came out of retirement this year and cut the team down from four members to two to save money.

The plan has all worked so far, now it's just a matter of one last surge of funding. "I’m one of life’s optimists. I put my heart on the line for this," Watts tells The Telegraph. "Hopefully, the Jamaican Olympic Association will step in and support us now we’ve qualified."

Update: The Dogecoin Foundation has joined in to help the bobsled team make it to the Olympics. The organization started a charity for fans of the cryptocurrency to start donating, and, as of this writing, $3,156-worth of Dogecoins have been raised for the cause.

Related articles

• Jamaican bobsled team raising money on PayPal to reach Sochi Olympics
• Cool Runnings 2: Jamaican Bobsled Team Crowdfunding Their Way To Sochi
• Cool Runnings II: Jamaican bobsleigh team qualifies for Winter Olympics
• Jamaican Bobsled Team Qualifies for 2014 Sochi Winter Olympics

Add to Cart View detail

Who's Defending U.S. Military Networks if the NSA and FIS are Breaking Them?

According to Der Spiegel, the NSA has been developing tools to compromise software, hardware, and firmware made by multinational corporations in the U.S. and overseas. U.S. companies affected include Juniper Networks, Cisco, Dell, Western Digital, Seagate, Maxtor plus many others. Unless the company has offered to work with the NSA to create backdoors in their own products, you have a situation where the agency with the primary responsibility of defending U.S. Department of Defense networks from digital attack is also engaged in weakening the very technology used by the DOD on those networks such as Jupiter Network firewalls, Cisco routers, Seagate hard drives, etc.

Perhaps this wouldn't be a problem if foreign intelligence services (FIS) didn't also have the technical capability of finding those same vulnerabilities or others. For example, Xidian University in Xi'an, Shaanxi, China is one of China's top engineering universities. It's State Key Laboratory of Integrated Services Networks conducts research for military-specific and dual use systems including cryptography, offensive network attacks, and systems to be used in confrontational environments.

Here's another example taken from our data base on adversary R&D research. The Chinese Academy of Sciences' State Key Lab of Information Security reports directly to the Ministry of Public Security, among other government agencies. In addition to their primary research area of information security, they develop network attack systems.

Russia has similar educational institutions which focus on information security and electronic warfare for the Ministry of Defense, the FSB, and other relevant agencies. One example is the Voronezh Military Radio-electronics Insititute which is part of the Voronezh Aviation Engineering School. Part of their information warfare research includes breaking the security of automated systems.

Since Dell, Cisco, Juniper, etc. build hardware, firmware, and software that's broadly used around the world and especially on U.S. government networks, it's only logical to conclude that those companies' products are being examined for exploitable vulnerabilities by Russian and Chinese scientists who are at least equal if not superior to those employed by the NSA. Let's remember that unlike the NSA, scientists at Russian and Chinese foreign research laboratories don't have to compete with their respective versions of a Silicon Valley for high paying tech jobs. They can attract and keep their nation's brightest scientists focused on these high priority government military and civilian projects.

Bottom line - if the NSA has found or developed backdoors in critical U.S. technology, so have our adversaries, and by "adversaries", I don't mean Mandiant's version of the bored PLA hacker with sloppy OPSEC. We need as an industry to have more respect for our opponents. And there needs to be a serious discussion about whether the NSA can really defend U.S. military networks while also engaged in exploiting weaknesses in the very technology that those networks rely upon.

UPDATE (JAN 02 2014): Bruce Schneier has begun posting one NSA exploit per day at his blog. The first one called DEITYBOUNCE exploits the motherboard on Dell PowerEdge servers.

Add to Cart View detail

Russian Venture Capital (RVC): A Report on Funding Priorities and RF Government Affiliations

Taia Global regularly produces custom reports on foreign research and development activities in Russia and China. Our most recent report examines Russian Venture Capital (RVC), an Open Joint Stock company (OAO RVC) with initial funding from the Investment Fund of Russia through the Federal Agency for STate Property Management (Rosimuschestvo). It's charter allows RVC to invest both domestically and overseas. RVC's Board of Directors limited investments by RVC to companies with products on the Russian government's critical technologies list.

This report is 17 pages long with graphics and two appendices, including the above-mentioned critical technologies list. We examined the background of RVC's executives as well as the firm's investments and its U.S. affiliations.

We are offering this report for a limited time to non-subscribers for $225. Interested parties may order via this link or by calling (855) 877-8242.

Add to Cart View detail

Russian Institute Solicits Foreign Companies But Masks Ties with Russia's Defense Ministry

My company recently published a report which discovered that aerospace companies with joint ventures in Russia and China are hacked 2.4 times more often than those companies who don't. However, hacking a network is small potatoes when compared with the amount of intellectual property that is transferred in other ways.

One of the more surprising discoveries that we made while researching that report had to do with a Russian institute that was set up primarily to engage foreign companies with various types of assistance: the Research Institute of Mathematic Modeling and Intelligent Control Systems. This institute is a part of St. Petersburg State Polytechnical University's Institute of International Educational Programs. The website is in English and is not listed on SPSPU's Russian home page so it's entire focus is foreign-based. 

It conducts applied research in the following areas:

• Distributed industrial controllers networks for decentralized control of distributed objects and technological processes
• Intelligent multi-agent based control of android robots and cooperative behavior of robots network 
• Numerical modeling of external and internal flows aimed at dragand noise reduction
• Computation of vortical flows and wakes aimed at enhancement of safety in air and ground transportation 
• Numerical analysis of stress/strain distributions in the real world industrial objects, in particular for those working in the extreme conditions
• Numerical non-linear analysis of visco-elasticity, contact interaction, large deformations
• Seismic analysis, simulation of crash-tests, modeling of nucleation and propagation of damage
• Computation of cooling of electronic devices, heating and air-conditioning systems >> Development of graphic user interface to control virtual objects 
• Polygonal and NURBS-modeling

A few of the U.S. companies who work with RIMMICS include Boeing and GE. Foreign companies include EADS, Airbus, SAP, LG electronics and Bombardier. I wonder how many of those companies know that RIMMICS also provides avionics services, among others, for the Russian Ministry of Defense because it's not disclosed anywhere on the website.

More information on RIMMICS and other surprises that we've uncovered when investigating foreign vendors who service key U.S. enterprises will be disclosed at our upcoming Suits and Spooks luncheon at the Ritz Carlton Tysons Corner on Sept 10, 2013. Seats are extremely limited so register today. 

Add to Cart View detail

High Speed. Low Drag: Attack Efficiencies against U.S. Aerospace Joint Ventures (REPORT)

My team and I have completed a report (High Speed. Low Drag: Attack Efficiencies against U.S. Aerospace Joint Ventures) on how much more vulnerable U.S. companies are to being hacked if they engage in joint ventures in Russia and China. Everyone's first response to that is probably - of course! However, our findings might surprise you.

Key Findings:

An aerospace company that has a joint venture in Russia and/or China is 2.4 times more likely to experience a cyber attack than a non-JV company.

Of the study’s control group of 12 aerospace companies that have joint ventures in China and Russia, 8 experienced a cyber attack (67%), including Alcoa, Boeing, General Electric, Honeywell, Pratt & Whitney, Rockwell Collins, Rolls Royce North America and Sikorsky. The other 4 aerospace companies, Eaton, Goodrich, Hamilton Sundstrand, and Parker Aerospace, have not publicly disclosed any cyber attacks.

Of the 21 aerospace companies in the study’s random group, only 6 reported or were claimed to have been the victim of a cyber attack (28%), including General Dynamics, Gulfstream, Lockheed Martin, Northrup Grumman, Orbital Sciences Corporation, and Raytheon.

U.S. companies engaged in joint ventures represent a profit
center for international hacker groups.

This study shows that it is highly likely that the intellectual property owned by U.S. companies with Russian and Chinese JVs also represent high value targets for a variety of state and non-state actors worldwide.

It's unlikely that the Chinese or Russian government will utilize spear phishing or other low-level attacks against a U.S. company with a joint venture in their respective states when other superior means are available to them. 

While official and non-official sources frequently assign attribution to a state military or foreign intelligence organization rather than a mercenary hacker group, the host governments of joint venture companies do not need to craft spear phishing attacks against U.S. companies who operate within their borders; who are required to employ their citizens who are technically PRC government employees; and whose communications networks are supervised and monitored by the State.

Download the full report here

Add to Cart View detail

Chinese and Russian Information Security and Aeronautics R&D Luncheon

Announcing the first Suits and Spooks Adversary R&D luncheon at the Ritz Carlton Tysons Corner in McLean, VA on Sept 10, 2013 from 11:30am – 1:30pm. A limited number of attendees will enjoy a delicious lunch and receive a briefing on Chinese and Russian R&D priorities in the areas of Information Security and Aerospace.

Focus and Methodology:

In order to fully understand today’s threat landscape, Taia Global created the world’s first database on adversary state R&D called Chimera. Taia’s researchers collected intelligence on fifty State Key Laboratories (SKLs) in China and ten research centers and institutes in the Russian Federation. These laboratories are top-tier R&D centers that receive funding from the private sector and government-sponsored entities, including the People’s Liberation Army and IT firms such as Huawei and ZTE in China, and the Federal Security Service in Russia. SKLs focus their R&D efforts on strategic research priorities as defined by the central government of the PRC. These priorities range from geosciences to molecular chemistry. However, Taia’s researchers focused their initial collection efforts on laboratories researching and developing Information and Telecommunications Systems and aerospace capabilities.

After collection and translation, the team categorized the data into broad research areas (space systems, quantum cryptography, microelectronics, etc.) before then addressing specific projects, such as ground-based satellite telemetry encryption platforms or field-programmable gate arrays. This type of categorization allowed Taia Global to effectively identify Chinese and Russian research on U.S. export controlled technologies and systems as defined by the International Traffic in Arms Regulations (ITAR) and the Export Administration Regulations (EAR).

Key Findings:

Chinese laboratories are centers of civil-military-corporate integration and nearly 40% of the labs are working on export-controlled technologies. A number of SKLs are working on classified military-specific R&D projects for the People’s Liberation Army. Not only do the SKLs work closely with the Chinese public and private sectors, they actively pursue joint-ventures and partnerships with foreign IT and aerospace companies.

Russian Federation institutes and research centers focus on civil and military developments and 50% of them are working on export-controlled technologies.

To Reserve Your Space

The luncheon and briefing will take place in the Plaza room of the Ritz Carlton Tysons Corner at 11:30am until 1:30pm. All attendees will receive a copy of the presentation along with recorded audio. Tickets are $128 and seating is limited to 48 people. Ensure your space by registering today.

Add to Cart View detail

Russian Security Services lab tied to U.S. industrial espionage case in Texas

Taia Global publishes a subscription-only monthly report for our customers which is normally not available to the public. However in this case I thought that the content merited wide-spread release so an edited version of our report which identifies the name of the FSB lab that was part of a Russian industrial espionage ring operating out of a front company in Texas can be read at SOFREP.com.

Add to Cart View detail

Identifying Aggressors in the Global Cyber Threatscape

Independent hacker groups and cyber militias who conduct network attacks complicate international relations between governments. President Obama, at the conclusion of his historic talks with President Xi Jingping last Friday, acknowledged that the "theft of business, financial and military information ... are not issues that are unique to the U.S.-China relationship. Those are issues that are of international concern. Oftentimes it’s nonstate actors who are engaging in these issues as well.”

No nation state can be held responsible for all of the attacks emanating from their own IP addresses. Attribution remains a hard challenge, and the potential for serious miscalculations and misjudgments is high.

Since the landscape is foggy, the threat actors numerous and hard to identify, and the attacks proliferating on a daily basis, the focus of the next Suits and Spooks conference will be to identify non-state aggressors in cyberspace. About twenty speakers will present briefings over two days on hackers, citizen militias, and other non-state entities operating in the Middle East, China, Russia, Pakistan, India, Iran, Africa, South America, the United States (yes - we have non-gov threat actors domestically), and other parts of the world.

A partial list of our country experts include:

• Peter Matthis (Editor, Jamestown Foundation China Brief): China
• Peiran Wang (Ph.D. candidate, The Center for Economic Law and Governance, Faculty of Law and Criminology, Vrije Universiteit Brussel): China
• John Scott-Railton (Research Fellow at Citizen Lab, University of Toronto): Syria, Libya
• A. Aaron Weisburd (Instructor, Combating Terrorism Center at West Point; Founder, Internet Haganah): Middle East
• Sheena Chestnut Greitens, Ph.D. (Fellow, Harvard's Fairbank Center for Chinese Studies): North Korea
• Jonathan Hutson (Communications Director - Satellite Sentinel Project and The Enough Project): Africa

The venue will be in New York City at SOHO House on October 5-6, 2013. Admission will be limited to no more than 80 people so register early. Lunch will be provided on both days. If you'd like to submit a proposal for a talk, please do so by July 15, 2013.

Companies interested in sponsorship options for this event can view our prospectus on Google Drive.

The SOHO House NY Library

Registration

Super Early Bird: (June 10 - July 10): $275
Early Bird (July 11 - Aug 31): $395
Standard (Sep 1 until sold out): $625

Select One

Super Early Bird $275.00 USD Early Bird $395.00 USD Standard $625.00 USD

Add to Cart View detail

Deputy Prime Minister of Russia is worried about backdoors in Western tech

In the course of writing this month's S&TI Flash Traffic report for our subscribers, I came across this interesting article which demonstrates that the U.S. isn't the only country worried about supply chain security.

I had one of our Russian-speaking contractors translate it for inclusion into our report. Here's the English version:

February 23rd – Finmarket – The first breakthrough in technologies that will be produced by the fund of advanced research will appear by the end of this year, declared deputy prime-minister Dmitry Rogozin. “I think that by the end of even this year we will have one or two new ideas, which will facilitate a breakthrough decisions for our science of warfare,” said Dmitry Rogozin at the celebratory event hosted on February 23rd in the Technology Museum. In his opinion, before the fund starts their work a few months for organizational procedures will be needed.  "We will then acquire unique innovations, among others student auditoriums and institute flexible testing stations, all of which will exist in 5-7 year, no more,” said Rogozin. Altogether, he mentioned, the fund will be powered by academic science centers, and the results of its work will be used by lead institutes of domestic industry.
In addition, appearing before members of the patriotic organization which gathered from the regions, Rogozin asserted that Russia is obligated to carefully use foreign micro-electronics and software, and better overall to develop their own technology.  “Actually, cyber security in the West is understood as bookmarks in chips and software, supplied to different countries, bookmarks, which activate at a defined moment,” – said Rogozin. “If Russia can’t product a quality electronic-component base and  supply their own satellites, buying microelectronics abroad, it’s impossible to be exactly sure how these satellites will react at hour “X” – mentioned deputy prime minister. “Who are they, and who will they transfer to? And will they work for us, or will they be worked into another group?” – questioned Rogozin. 

The Fund of Advanced Research is Russia's newly created version of the U.S. Defense Advanced Research Projects Agency (DARPA). This article demonstrates the Russian government's concern over supply chain security when it comes to their reliance upon foreign-made microchips and software. Ironically, while U.S. companies make these products, we often don't make them in the U.S. but in China; hence we have the same problem that Russia does.

Add to Cart View detail

What's Missing in your Threat Landscape Picture?

ENISA (European Network and Information Security Agency) recently published its "ENISA Threat Landscape" report for 2012. Overall it's a good document as far as traditionally known threats go, but it's a re-hash of the threat landscape that we've accepted as complete because we've relied on security vendors to create it. A vendor tends to focus on the part of the threat landscape that their product addresses and ignore what's irrelevant to their product line. Customers often accept that as accurate because, after all, they aren't in the business of information security or threat assessment and rely upon the advice from their vendors, which I'm sorry to say is often incomplete.

The following threat table from ENISA illustrates what I mean:

According to ENISA's paper, the above table was created from 120 reports issued from Virus/Malware protection vendors, CERTS, security agencies, commercial companies in the area of security, industrial associations and committees, and Networks of Excellence (p. 10). Unfortunately, they tend to mirror each other in terms of what they report. In the Intelligence Community, this is a cognitive bias known as mirror-imaging. Customers, especially governments and multi-national corporations, need to go beyond these types of traditional and limited threat landscapes and expand it to include at least two more very important areas:

1. Vendor-to-Government relationships (V:G)
2. Offices in Foreign States (OFS)

Vendor-To-Government Relationships
U.S. companies, especially those in the Fortune 100, rely upon vendors, both foreign and domestic, for everything from development work to marketing. Yet very few take the time to do a deep dive into who their vendors' executives are and what their relationships are with other partners and government officials. As an example, we (meaning my company Taia Global) regularly perform this type of due diligence for our client firms and at least 70% of the time discover significant foreign government relationships with both U.S.-based and foreign-based vendors who have unrestricted access to valuable data owned by our clients. Frequently, prior to our investigation, no one was aware of those relationships.

Offices in Foreign States
U.S. companies who have offices in Russia and China, including Hong Kong, are at high risk for technology theft through both legal and illegal means. It may be through a local vendor who provides "secure" paper shredding services off-site when in reality those documents aren't destroyed but are sold to interested parties. It may be through legal intercepts on all landline, VOiP, mobile and satellite communications from the foreign offices of a U.S. company in Russia or China. It may be through a legal request to review your products' source code for "national security" reasons. The bottom line from a threat landscape perspective is - if you're doing business in a foreign state, there are a dozen ways for them to access your company's crown jewels; all of which have nothing to do with spear phishing, APT, or botnets.

If your company has overseas offices or uses vendors who do, the traditional threat landscape - even one created from over 100 sources - is incomplete. And if your security plan is built around that limited threat landscape, you're intellectual property is still at risk. Contact us for more information.

Add to Cart View detail

Five Critical Panels on the Use of Offensive Tactics in Cyberspace

On February 8-9, 2013, 24 world-renowned speakers will address and interact with about 80 attendees from the public and private sectors in a beautiful conference center high above the Potomac river on some of the most important issues in cyberspace - the controversial use of offensive tactics in defending networks (i.e., Active Defense). The full agenda can be seen here, but five critical panels are as follows:

• How is Russia and Georgia engaging in Active Defense?
• Featuring Ambassador David J. Smith (ret.) and Ms. Khatuna Mshvidobadze (Georgian Security Analysis Center)
• How Duqu, Flame, Gauss, and Shamoon can be reconfigured and reused against different victims (i.e., Iran against Saudi Arabia)?
• Featuring Dr. Boldizsár “Boldi” Bencsáth (Associate Professor, Laboratory of Cryptography and Systems Security (CrySyS), Department of Telecommunications, Budapest University of Technology and Economics) and Brig. Gen. Jim Jaeger (USAF, ret), Vice President of Network Defense & Forensic Services, General Dynamics
• How Much Leeway is there in the Computer Fraud and Abuse Act and International Law for Offensive Actions in Cyberspace?
• Featuring Dr. Catherine Lotrionte (Director of the Institute for Law, Science + Global Security, Georgetown University),  Mr. Stewart A. Baker (Partner, Steptoe & Johnson), Mr. Frank J. Cilluffo, Director, Homeland Security Policy Institute at George Washington University, and Mr. Marco Obiso (Cybersecurity Coordinator, International Telecommunications Union (ITU)
• What’s the Downside of Private Sector Offensive Engagement?
• Featuring Dr. Anup Ghosh (Founder and CEO at Invincea), Mr. Jeffrey Carr (Founder and CEO, Taia Global, Inc.), Mr. David Dittrich (Chief Legal Officer, The Honeynet Project), and Mr. Robert Bigman (former CISO, Central Intelligence Agency).
• If the ITU Assumes Ownership of the Internet, How May That Impact International Offensive Cyber Operations by Nation States?
• Featuring Mr. Marco Obiso (Cybersecurity Coordinator, International Telecommunications Union (ITU), Dr. Catherine Lotrionte (Director of the Institute for Law, Science + Global Security, Georgetown University), Mr. Robert Bigman (former CISO, Central Intelligence Agency), and Brig. Gen. Jim Jaeger (USAF, ret), Vice President of Network Defense & Forensic Services, General Dynamics

There are only 28 seats remaining and the Early Bird discount expires in one week so register today to be a part of the year's most unique and informative security event - Suits and Spooks DC 2013. If your employer is interested in joining RSA and Basis Technology as a sponsor, please contact me via email for details.

Add to Cart View detail

What's Happening at Russia's MEPHI and China's Key Lab of Aerospace Information Security?

Each month, Taia Global's Science and Technical Intelligence Flash Traffic brief looks at key R&D projects in any one of 14 nation state's research facilities including those of Russia and China. Tomorrow, November 1st, we will feature some key projects being worked on of the Russian Federation's premier universities (Moscow Engineering Physics Institute - MEPHI) who specializes in information security with customers in the Ministry of Defense and the Security Services.

An additional area of coverage in tomorrow's report will be two key labs in China - the Key Lab for Intelligent Networks and Network Security and the Key Lab of Aerospace Information Security and Trusted Computing.

If you believe as I do, that threat intelligence isn't just about malware signatures then I'd like to invite you to become a subscriber to this service. You can buy a single issue for $65 or subscribe for the year for $500. Annual subscribers will also receive free copies of the Russian Federation Information Security Framework 2011 and 2012. Thanks for your support.

Add to Cart View detail

2012 Russian Federation Information Security Reference

This book is an updated version of the 2011 Russian Federation Information Security Reference. It consists of original research conducted by Taia Global’s intelligence analysts who’ve recently retired from the U.S. intelligence community. The information was acquired through open sources on the Russian Internet (Runet) over a period of 8 months. Analysis was conducted by Taia Global’s veteran intelligence analysts who’ve recently retired from the U.S. intelligence community. This book is the culmination of many hundreds of hours of work. It contains findings that will be of use to corporate executives and their boards, law enforcement, intelligence agencies, and the military. It is unique in the marketplace and has been priced accordingly.
This book contains indepth reports on the following key agencies and one private company:

• The Russia Federal Security Service (FSB) Center for Electronic Surveillance of Communications (TSRRSS) is responsible for the interception, decryption, and processing of electronic communications.  The Center—also known as the 16th Center (Directorate) FSB and Military Unit (Vch) 71330—is directly subordinate to the FSB Director.
• Federal State Unitary Enterprises(FGUP) supervised by the Federal Security Service (FSB).  The list included the Orion Research and Development Center located in Moscow. Orion provides a range of information technology services including research, development, testing, consulting and certification of software and hardware.
• FGUP STC Atlas is responsible for developing and certifying information technology (IT) security and cryptographic systems for the Russian government.
• FGUP Center-Inform is the leading Russian state owned systems integration company for information technology (IT) and information security.
• The Russian firm OOO Speech Technology Company (STC) provides surveillance and monitoring equipment.
• Kaspersky Labs is licensed to provide classified work for the FSB and Defense Ministry.

To Order: US$159.00

Add to Cart View detail

BREACH ALERT: Putin Makes Unmanned Aerial Systems Development a National Priority

“Intelligence ... aims at supporting the process of modernization of our country and

creating the optimal conditions for the development of its science and technology.”

- Mikhail Fradkov, Director, SVR, December 2010

Source: Moscow Times

One of the easiest ways to determine what data is at risk is to know what the strategic imperatives are of  those countries who engage in "technology transfer" and industrial espionage. Russian president Vladimir Putin has made it clear that he's a supporter of espionage as a tool to be used in Russian technology development. A recent article in RIA Novosti discussed Putin's call for long range bombers and Unmanned Aerial Systems. Russia plans to spend US$13B on UAS development over the next eight years. Part of that technology development strategy is almost certainly going to be acquiring intellectual property on related technology from foreign firms.

Two good examples of companies at risk are Boeing and General Atomics. Boeing, which has a defense, space and security division alongside its civil aircraft division, has 170,000 employees in over 70 countries, including Russia. General Atomics, who makes the Predator drone, has an affiliate office in Moscow. In fact, GA was recently praised by Russian military analyst Konstantin Makiyenko.


Any foreign business operating inside of Russia which holds technology vital to Russia's national security interest will be contacted by the Russian Security Service (FSB). Under article 15 of the FSB law, those companies are obliged to provide assistance to the Federal Security Service in carrying out their assigned duties which could include a wide range of possibilities including the examination of source code. All communications emanating from those companies including landline, VOiP, mobile, and satellite will certainly be harvested electronically and entirely legally by the FSB.


While I'm using Russia and these two U.S. companies who do business there as examples, this same problem exists in many other nations which have active industrial espionage operations. It is a major part of a company's threat landscape and one that is frequently being ignored because (a) it doesn't involve a spear phishing email or a piece of malware and therefore doesn't fit the business model of most cyber security companies and (b) defending against it requires a specialized skill set.

Add to Cart View detail

Who Will You Meet At Suits and Spooks LA?

The most exciting part of a Suits and Spooks anti-conference isn't listening to our accomplished and fascinating speakers. It's meeting the other attendees. At last February's DC event, attendees included the founder of GreenPeace and an individual who was almost killed by a Russian assassin involved in the Alexander Litvenenko poisoning. In Los Angeles, attendees will include a career Mossad agent, a C-level executive from a major studio, a hacker that used to work for the IDF, and the creator of numerous "spy" TV shows and movies. Since attendance is usually less than 100 people, you get to spend a lot of time interacting not only with some truly fascinating people but with the speakers as well including retired Navy SEAL Rob DuBois, George Clooney and John Prendergast's Satellite Sentinel Project spokesman Jonathan Hutson, former FBI SSA Jason Smolanoff, China expert Matt Brazil, two former CIA intelligence officers Lisa Chambers and Nada Bakos, Doug Wilson of Mandiant and Jim Hake, the founder and CEO of Spirit of America. You'll also enjoy a lunch prepared by the Bel Air Bay Club chef in a beautiful space overlooking the Pacific ocean; definitely NOT conference cuisine.

Don't miss out or wind up paying more because you didn't get your registration in on time.. The early bird discount for our Los Angeles event is ending on June 1st so get your registration in early and be a part of a truly unique security event.

Add to Cart View detail

Announcing "A Traveler's Guide to Cyber Security"

Whether it’s a talk at a dinner for a group of Fortune 100 CIOs or a speech before the National Security Council of a U.S. allied government, one of the questions that I’m most frequently asked afterwards is “Jeff, how can I keep from being compromised when I travel overseas.” And of course they expect an easy answer in 30 seconds or less. After having written two editions of “Inside Cyber Warfare” (O’Reilly Media, 2009, 2011) and having given over 100 talks on the subject since 2008, I still struggled with the best way to answer it. The reality is that there’s no simple answer to that question if you want to do it justice. And there’s ample evidence that the most common advice given; i.e., don’t take your laptop or cell phone out of the country - is rarely complied with except by the most security conscious of government employees. The hard truth is that in a battle between security and convenience, convenience will always win.
I spent many hours working on the best way to answer that question. It eventually occured to me that attacks launched against high value targets are resource-intensive; meaning that they aren’t conducted - can’t be conducted - against everyone. Therefore an adversary most likely has a way to qualify targets of interest before commiting resources to compromise them. I decided to build my own system of qualifying targets (the Cyber Risk Index™) and then use that to provide appropriate security advice to traveling officials and executives. This ebook "A Traveler's Guide to Cyber Security" represents my best work to date on the question - what can I do to stay safe when traveling abroad. I consider it a work in progress and welcome your feedback.


This 40 page ebook provides detailed guidance on how to determine your personal CRI; provides information on how Russian and Chinese intelligence services can legally intercept your data and interact with you personally; and provides a groundwork in basic cyber self defense."

I'd appreciate your help in spreading the word about this new resource at your organization and among your peers. It's a low cost, unique, and effective approach to help business travelers more fully engage with the security process by knowing their risk of compromise in any country in which they're doing business. It's available on Amazon for the Kindle and on Lulu.com for all other formats although Lulu does require that Adobe Digital Editions be installed on your computer (sorry about that). Hopefully it'll soon be available at iBookstore as well.

Add to Cart View detail

Russian Presidential Elections: Cyber Developments

One of the services that my company Taia Global provides is a subscription bi-weekly cyber intelligence report that focuses primarily on the Russian Federation. I normally don't make these reports public however considering the upcoming Russian Presidential election on March 4th, I've made our report for this important event available for free in .pdf format. An introduction follows:


Russian Presidential Elections: Cyber Developments

Russia’s Presidential elections are scheduled for Sunday March 4th, 2012.  The Duma elections held last December were marked by widespread allegations of electoral fraud benefiting President Medvedev’s and Prime Minister Putin’s United Russia Party.  The allegations were documented by videos and first hand reports posted on social media, news sites, and election monitoring sites.

The public perception that United Russia stole the election led to protests coordinated through social media.  Protestors used US based Facebook and Twitter as well as Russian-focused social media.  Many sites were hit by cyber attacks that included massive distributed denial of service (DDoS) attacks that rendered sites unusable.  The DDoS attacks used previously undetected botnets and new malware variants.  Cyber attacks were conducted primarily against Russian-focused social media resources hosted in both Russia and the United States.  Twitter was hit by hashtag spamming.  Facebook was not attacked.

The Russian public assumes the government was behind the Duma election cyber attacks.  In contrast to past cyber attacks, neither patriotic hackers nor Russian youth groups claimed responsibility.  The Russian government did not comment on the attacks and did not initiate investigations to determine responsibility.  Indeed, RU-CERT (www.cert.ru), the Russian member of the Forum of Incident Response and Security Teams, seems completely oblivious to the DDoS attacks even though investigating cyber incidents falls within RU-CERT’s charter.

The DDoS attacks were usually tactically successful in rendering the target unusable.  However, the opposition quickly expanded the target set by moving posted material to additional sites inside and outside Russia.  As a result, the cyber attacks failed in their strategic objective of denying the opposition Internet access and instead became an opposition rallying point.

Since the Duma Elections

The cyber resources used by the opposition, the United Russia Party, and the Russian government have evolved since the Duma elections.  The opposition continued using Facebook and Twitter to organize protests demanding new Duma elections and fair Presidential elections.  Targeted web sites, such as the US hosted Feb26.ru, helped organize the Moscow ring road protest.  The Democratia2.ru web site provided a forum where the opposition organized groups around specific campaign issues and shared information documenting United Russia as “the party of crooks and thieves.”  The Democratia2.ru is hosted in Germany, however, the name servers are located in Russia where the Federal Security Service Information Security Center (FSB ISC) can monitor Russians visiting the site.

DOWNLOAD THE FULL REPORT HERE

Add to Cart View detail

Cyber Threats Require An Expansion Of The Sensitive Countries List

The website Public Intelligence has released Sandia National Labs and the Department of Energy's Sensitive Countries List. This is a list of 26 countries where approval is required for a visit or an assignment by a DOE employee because the country is known to engage in activities which may be contrary to the interests of the U.S. Of those 26 countries, I've identified 11 who are also developing CNO (Cyber Network Operation capabilities including CNE (Cyber Network Exploitation):

• Democratic Peoples Republic of Korea (North Korea)
• Peoples Republic of China (including Hong Kong)
• Georgia
• India
• Iran
• Israel
• Kyrgyzstan
• Russian Federation
• Syria
• Republic of China (Taiwan)
• Ukraine

There's actually many more countries with these capabilities that do not appear on the Sensitive Countries list and I hopeful that that will change in the next few years. 

Add to Cart View detail

Intelligence on Russian Information Warfare Activities

Threat Intelligence and Cyber Intelligence are phrases that are tossed around both frequently and casually these days. Threat intelligence as it's used by the information security community has to do with malware and malicious IPs. Cyber intelligence is used even more loosely and may cover everything from Threat Intelligence to discovering who the members of Anonymous are. My company Taia Global Inc. has been providing highly targeted open source intelligence reports on foreign corporations' government connections as well as the information warfare activities of individual nation states since 2009. Since most of our foreign government clients are interested in the IW activities of the Russian Federation, we focus a lot of attention there. Here is what we've produced in the last few months alone:

• Center for Computer Emergency Response of the Russian Federation (RU-CERT)
• Roskomnadzor and the Cyber Vigilantes
• Russian Federal Security Service Center for Electronic Surveillance of Communications - Military Unit (Vch) 71330
• Russian Federation Security Council and the Evolution of Russia’s Information Security Doctrine
• Federal State Unitary Enterprise Scientific Research Institute Kvant (Federal Security Service)
• Federal Security Service (FSB) Internet Monitoring Vendors
• Federal Security Service (FSB) Administrative Centers for Information Security

Apart from these specialized reports, we also produced the 2011 Russian Federation Information Security Reference.

If Russia is an important piece of your organization's business or security plans and you'd like more information about our intelligence services for the Russian Federation or other countries in Asia, the EU or elsewhere, you can contact us via the Taia Global website.

Add to Cart View detail

The Russian Internet (Runet) Becomes More Opaque

Recent implementation of amendments to Russian Law make the Russian Internet (Runet) more opaque to anyone other than the Russian security services.  For example, below is the domain registration for a Russian IT company as listed on November 2, 2011.  The registrar—Reg.Ru—is a Russian registrar located in Moscow:

domain: SAYTECH.RU

nserver: ns1.reg.ru.

nserver: ns2.reg.ru.

state: REGISTERED, DELEGATED, UNVERIFIED

org: Saitek, LLC

phone: +7 495 9843552

e-mail: villaine@mail.ru

registrar: REGRU-REG-RIPN

created: 2011.05.25

paid-till: 2012.05.25

source: TCI

As amended, however, Russian Federal Law FZ-152 On Personal Data now prohibits the release of personal data to any foreign entity by a Russian business operator.  Personal data includes phone numbers and email addresses.  As a result, the same domain registration now appears as below:

domain SAYTECH.RU

nserver: ns1.reg.ru.

nserver: ns2.reg.ru.

state: REGISTERED, DELEGATED, UNVERIFIED

org: Saitek, LLC

registrar: REGRU-REG-RIPN

admin-contact: http://www.reg.ru/whois/admin_contact

created: 2011.05.25

paid-till: 2012.05.25

free-date: 2012.06.25

source: TCI

Note that the email address and telephone number no longer appear.  Instead, anyone desiring contact information for Saitek, LLC must use the Reg.Ru whois administrative service.  Using the whois service returns the form below.  As you can see, the requestor must provide their email address and the information desired.  However, under Federal Law FZ-152, the domain administrator will simply refuse to provide the information except under a very limited set of circumstances.  Nevertheless, they will know who is interested and what they want.

The information is available since Federal Law FZ-152 now requires an internal passport for domain registration from a Russian registrar.  Federal Law FZ-149 On Information, Information Technologies and Data Protection requires the operator to provide that information to investigators from the Russian security services.  As a result, if the Federal Security Service (FSB) wants to know who registered the site posting information criticizing the government (usually referred to as exciting violence or extremism), no problem.  However, if a US system administrator wants to contact someone about the problems originating from a Russian registered domain, tough luck.

This is a guest blog post by Taia Global's lead Russia analyst.

Add to Cart View detail