Author Topic: Cyberwar, Cyber Crime, and American Freedom  (Read 217739 times)


Crafty_Dog

  • Administrator
  • Power User
  • *****
  • Posts: 55124
    • View Profile
Stratfor: Crime an Technology Part 1: Secure Communication Platforms
« Reply #601 on: July 01, 2021, 05:39:34 AM »
Crime and Technology, Part I: Secure Communication Platforms

undefined and Global Security Analyst
Ben West
Global Security Analyst, Stratfor
15 MIN READJun 30, 2021 | 10:00 GMT






(Shutterstock)

Editor's Note: Criminals have always been relatively quick to adopt new technology. From bootleggers assembling fleets of motorized vehicles in the 1930s for the transport of illegal alcohol to drug traffickers exploiting commercial airliners to transport cocaine from South America in the 1960s, technology has always created opportunities for criminals. The current era is no exception, and criminals are quickly adopting technology to help them communicate in secrecy, sell their illicit wares in virtual marketplaces, and send and receive payments through new forms of currency. The technologies are helping criminal organizations conduct traditional activities (such as drug trafficking) more efficiently and creating entirely new fields of criminal activity, such as ransomware attacks and off-the-shelf tools to facilitate cyberattacks.

But with new technology comes new vulnerabilities, and law enforcement agencies around the world are demonstrating that they can also harness the efficiencies of new technology to counter criminal activity. In this three-part series on crime and technology, we will explore how criminals are adopting new forms of communication to coordinate criminal activity, new marketplaces for selling illicit wares and new ways to facilitate payments that cater to a more virtual market. Each analysis will explore how criminals use the technology in question, how it makes them vulnerable to detection and what to expect in the future. First, we consider how criminals use secure communication platforms to coordinate activity across organizations and around the world, and how those same platforms can make them vulnerable.

Secure, private communications platforms are proliferating as more people around the world seek out ways to stay connected to others while also being discreet about what information they share with whom. Every week seemingly brings new revelations about ostensibly private information being compromised in a data breach, hostile cyberattack, government surveillance operation or from private companies gleaning personal details about their users. Concern for privacy has driven demand for mainstream platforms like WhatsApp and iMessage, which allow individuals and groups to share information through encrypted channels. Encrypted messaging platforms are attractive in business and commercial dealings, allowing users to hash out details on a transaction, share invoices and arrange transfers of goods and services in a convenient and relatively secure fashion.

The privacy provided by mainstream services like WhatsApp and iMessage is not sacrosanct. Such platforms are operated by major companies — in these cases, Facebook and Apple, respectively — that fall under U.S. legal jurisdiction. If law enforcement authorities have reason to suspect individuals are conducting illegal activity on the messaging platforms, they can file requests for information with the company in order to get details that could facilitate legal charges and arrests. While companies tout the privacy provided by their products, they also have a reputation to uphold and would not benefit from being associated with drug trafficking, child pornography, threats of violence or other illicit activities. In short, there is a limit to the privacy large companies tolerate on their services.

Just as encrypted messaging services benefit legitimate business and commercial activity, criminal and terrorist groups also stand to gain from them. Public debate over the legality of encrypted communications and secure electronic devices accelerated after the 2015 San Bernardino terrorist attack, when a husband and wife team slew 14 people before law enforcement killed them. Despite law enforcement appeals to Apple to help them unlock an iPhone belonging to one of the attackers, Apple refused, arguing that it would not compromise user privacy to help with the investigation. The FBI eventually gained access to the phone with the help of a third party.

The San Bernardino attack and resulting investigation elevated public awareness of encryption and the limits of personal privacy on electronic devices. Even though Apple held its ground on protecting user privacy, it became clear that U.S. authorities had legal avenues to try to compel compliance and/or break the encryption that supported that privacy. This development accelerated criminals' adoption of more niche apps and services to ensure security and privacy above and beyond the encrypted messaging service apps widely used by the general public.

How Criminals Use Encrypted Communication Tech
Criminals undoubtedly continue to use mainstream communication platforms, despite the security vulnerabilities, because they are cheap, easy to access and allow them to communicate with a wide audience. As of May 2021, WhatsApp had 2.5 billion users in over 100 countries, making it the most used encrypted communications app in the world. There are an estimated 1.3 billion active iMessage users; another popular encrypted messaging app, Telegram, has 500 million users. Criminals have exploited the huge markets they can access through popular messaging services to sell their illicit products.

A research group affiliated with Norton Cybersecurity published a report in 2021 outlining how criminals use Telegram to sell everything from counterfeit documents to personally identifiable information to cyber malware that facilitates online criminal activity such as distributed denial of service and ransomware attacks.
A federal investigation in 2020 dismantled an opioid and fentanyl trafficking operation on the East Coast that at least partially relied on iMessages for coordination.
In 2019, Insight Crime reported that street gangs in Mexico were using WhatsApp to advertise drug sales, list prices, availability and arrange delivery.
As demonstrated in the examples above, despite these apps' heightened privacy settings due to encryption, criminal activity is still fairly easily discoverable — by both independent researchers and legal authorities. Because apps like WhatsApp and iMessage are widely available, criminal actors conducting illegal activities over the platforms can never really be sure of who they are dealing with: police officers can pose as buyers or business partners on messaging apps more easily than they can in the physical world.

In order to provide a deeper level of security, a new group of encrypted messaging services has emerged over the past five years. Such services do not aim to be the next WhatsApp, iMessage or even Telegram, but instead, they work to remain unknown except to the small number of people who use them. Since 2018, law enforcement agencies have taken down three such services: Phantom Secure, EncroChat and Sky Global. They have all followed similar strategies to provide next-level security in electronic communications. Services used widely available electronic devices, stripped them down to only the most essential components (removing cameras, microphones, GPS devices or other components that could jeopardize the user's security) and installed a single app on the phone that only allowed the user to communicate with people who also had access to that app. The encryption technology behind the app itself wasn't necessarily new, but rather the single-purpose nature of the app and the device that hosted it that ensured communications remained isolated from other services that could compromise the user's security. The services also offered a feature that would destroy past messages and even shut down individual devices should they be seized or otherwise compromised. By sandboxing the service on a dedicated device and only allowing users to communicate with other users, these encrypted messaging platforms provided increased operational security.

While the services ostensibly helped business executives and celebrities ensure discretion in business dealings and/or personal matters, they were immensely popular with criminals. The messaging services' aggressive security features offered criminals a sense of comfort, leading them to discuss details of drug sales and shipments in plain terms instead of code. For example, British investigators charged a former Royal Marine with drug trafficking after intercepting messages from his EncroChat account openly discussing the price and delivery methods of marijuana, MDMA, heroin and other drugs, as well as pictures of the shipments to offer potential buyers proof of quality. The criminal activity wasn't just limited to drug trafficking — police accused Phantom Secure users of attempting to organize murders on the platform. Based on investigations into the services mentioned above, police were able to identify dozens of drug labs, interdict tons of drugs, seize illegal weapons and ultimately arrest thousands of criminals.

It is important to note that the enhanced security messaging platforms were primarily used to facilitate wholesale drug sales and shipments between criminal organizations. They are not practical when it comes to retail drug sales due to the limited number of users. Compared to the billions of users on mainstream messaging services such as WhatsApp, iMessage and Telegram, niche platforms like Phantom Secure, EncroChat and Sky Global measured their users in the tens of thousands. They were still, however, very successful financially. Each device cost several thousand dollars and access to the niche encrypted messaging services cost upward of $1,000 per month. One of the first companies discovered to be involved in such a business, Phantom Secure, earned an estimated $80 million in revenue over 10 years in business. When it comes to encrypted communications platforms, bigger is not always better. And based on the financial success of past companies in the market, more are sure to follow.

How Encrypted Communication Tech Has Made Criminals Vulnerable to Detection
All of the advantages of niche encrypted communications platforms have come at the price of increased police scrutiny and surveillance. The fact that the public is aware of companies like Phantom Secure, EncroChat and Sky Global is the first indication that their encrypted messaging platforms were not as secure as advertised. Phantom Secure collapsed after the FBI arrested its owner, Vincent Ramos, in 2018 for knowingly facilitating criminal activity. EncroChat shut down its services in 2020 after learning that French police were monitoring its servers and collecting intelligence on criminal communications on the platform. In early 2021, European authorities gained access to Sky Global's secure network and monitored the activity of 70,000 users before shutting the operation down.

The key vulnerability of these services is that they depended on servers to handle the encrypted traffic and make sure messages go where they are supposed to go. In all three cases, police found out about the services when they noticed suspected criminals carrying unusual electronic devices. Collecting evidence on individuals typically gives law enforcement agencies leverage over them that they use to turn suspects into informants, which can lead to further evidence and arrests. Investigators were eventually able to trace down the servers that supported those devices. When those servers are physically located in a law enforcement agency's jurisdiction — or that of a partner country — authorities can get legal approval to search or monitor those servers. Once investigators have access to the servers, they can intercept messages and start collecting evidence to make arrests. As demonstrated in the 2015 San Bernardino case, it is possible to break encryption, and law enforcement agencies appear to have been able to do that based on their access to plain text messages and images shared on the platforms.

A Timeline of Operation Trojan Shield
In the most recent case of police targeting criminal communication networks, authorities expanded their access from the servers to the devices themselves. In early June, police agencies around the world started announcing arrests linked to Operation Trojan Shield, a two-yearslong sting operation that tricked criminals into using supposedly the latest and greatest encrypted messaging service, called "Anom." While the devices followed similar protocols as their predecessors — stripped down handsets whose sole function was to send and receive secure texts through an app disguised as a calculator — there was one major, critical difference: Law enforcement authorities had inserted code into the messaging program that forwarded an unencrypted copy of all messages to a server they controlled. Over two years, the devices acted as honey pots to attract nearly 12,000 criminal actors around the world, yielding 20 million individual messages that authorities used to eventually arrest 800 people and counting.

The success of the operation relied on access to networks of criminals just as much as the piece of code that forwarded copies of all the messages. The FBI was able to carry out the operation by recruiting a confidential human source who had worked on the development of the Phantom Secure service. After the arrest of Vincent Ramos and the collapse of Phantom Secure in 2018, the CHS began developing the next-generation niche encrypted messaging service when the FBI arrested him. They worked out an arrangement whereby the confidential human source would continue with his plans to launch a new encrypted messaging service, but he would include the tracking code on devices and ship them out to criminals in order to help police monitor criminal activity. Having been closely involved in the success of Phantom Secure, the confidential human source not only had the technical expertise, but also the reputation and credibility within criminal organizations around the world so that when he sent out a device, they trusted him. As mentioned above, niche encrypted messaging services cannot become successful the same way mainstream services can through market saturation and scale. Instead, discretion and exclusivity are essential, and the confidential human source was able to convince his contacts that the devices he provided were secure and private.

A Chart Comparing Criminal-Linked Encrypted Messaging Services
While Operation Trojan Shield posted impressive figures when it comes to geographic scope, number of arrests, and seized criminal assets, perhaps its largest impact was on the credibility of niche encrypted messaging services — at least in the immediate future. In announcing the culmination of Operation Trojan Shield in early June, the FBI specifically noted that one of the objectives of the effort was to "shake the confidence in" messaging services catering to criminal actors. The success of this sting operation means that at least some criminal actors will be more cautious when it comes to adopting encrypted communications services moving forward. The next generations of service providers will face a considerable challenge in convincing users that their devices are secure following Operation Trojan Shield. Creating mistrust in the criminal world will make it that much harder to organize drug shipments, share intelligence or discuss other criminal matters openly. Any degradation in criminal communication networks makes them less efficient, less profitable and less able to expand operations in the near future. That said, at some point, this disruptive impact will wear off and, in the long run, Operation Trojan Shield and other similar law enforcement efforts targeting encrypted messaging services are unlikely to severely hamper global criminal activities as criminals adapt and adopt new communications practices.

What Lies Ahead for Secure Criminal Communications
The demand for secure communications reaches far beyond just criminal organizations and, given the success (albeit short term) of previous niche encrypted messaging platforms, more will certainly come. Legitimate businesses and multinational corporations want to be able to communicate without jeopardizing key technology or business decisions, celebrities and high-profile individuals similarly want to be able to discuss personal matters without it leaking to the public, and security-conscious individuals, in general, want to be able to communicate without having their information harvested and sold to marketers. To that end, researchers are constantly working on new technology and companies are constantly providing new services that offer secure, encrypted communications.

An Explainer of Block Chain Technology
One of those emerging technologies is blockchain messaging, which uses the same technology behind cryptocurrencies to send and receive secure messages. Proposed designs would mean that only users of the devices sending and receiving the messages would be able to view them. Network administrators, the messaging company providing the service and outside law enforcement investigators would not be able to intercept messages outside of the devices approved to view the messages — at least not without tipping off the author and recipient of the message.

An Explainer on Validating Blockchain Requests
The challenge of offering such a service in the long term is figuring out how to prevent it from becoming corrupted by criminals or terrorists. Police will eventually find out about communication services that facilitate criminal activity and the moment of truth would arrive for any such company when put in the position of either cooperating with authorities or resisting. Cooperating with authorities would cost a company its criminal clientele and resisting would likely result in criminal charges and a service shutdown.

One outcome could be that state-backed criminals facilitate encrypted communication platforms by hosting servers and other critical infrastructure in more permissive environments out of reach of foreign law enforcement agencies. This outcome would acknowledge that communication security is not so much a question of encryption technology, but the physical location of servers that support the service. Countries like Russia and North Korea have been known to tolerate and even support criminal activity so long as it targets their internal political rivals or external enemies and does not challenge their own political power.

Another outcome might be just to continue the cat-and-mouse game with police, where criminals and service providers accept a high rate of turnover in the development of new encrypted messaging apps (along with the risk of arrest) as the cost of doing business. New services will surface and shut down in the face of law enforcement scrutiny only to reemerge in different forms in an ever-repeating cycle.

Criminal organizations have immense access to resources and an even greater demand for secrecy in their daily operations. These two forces will ensure that secure communication services will run the risk of attracting a criminal clientele and that some companies will even cater to criminals in ways that help them avoid law enforcement detection. But just as these dynamics are inevitable, so it is that law enforcement agencies will continue to find ways into ostensibly secure platforms to identify and ultimately disrupt their users. This same process plays out in the shadowy world of online criminal marketplaces, which we will discuss in part two of this series.

Next: New Marketplaces for Selling Illicit Wares


Crafty_Dog

  • Administrator
  • Power User
  • *****
  • Posts: 55124
    • View Profile
GPF: Team Biden begins to take measures against Chinese cyber attacks?
« Reply #603 on: July 19, 2021, 12:39:45 PM »
Accusations against China. A cybersecurity coalition involving NATO member states, the EU, Australia, New Zealand and Japan launched Monday. In its first joint action, the bloc accused China’s Ministry of State Security of collaborating with criminal organizations to conduct a slew of cyberattacks, including one targeting Microsoft that came to light in March. The Biden administration appears to be behind the campaign, releasing a trove of details about the allegations. The European Council said it backs the U.S. accusations.


Crafty_Dog

  • Administrator
  • Power User
  • *****
  • Posts: 55124
    • View Profile
WSJ: Tough Biden Talk, Little Action
« Reply #605 on: July 22, 2021, 04:45:46 AM »
Tough Biden Talk, Little Action
On Nord Stream and Chinese hacking, a message of weakness.
By The Editorial Board
July 21, 2021 6:42 pm ET


President Joe Biden speaks as Secretary of State Antony Blinken, left, listens during a cabinet meeting at the White House in Washington, D.C., U.S., on Tuesday, July 20, 2021.
PHOTO: AL DRAGO - POOL VIA CNP/ZUMA PRESS

A troubling pattern is emerging in President Biden’s foreign policy: Officials talk tough—then follow up with diplomacy that amounts to little. Two examples this week—on Chinese hacking and Russia’s Nord Stream 2 pipeline—underscore the point.


Barack Obama and Donald Trump opposed the $11 billion Nord Stream pipeline, which could double the amount of natural gas exported directly to Germany from Russia. But the Biden Administration has now blessed the project’s completion, handing Vladimir Putin a major strategic victory at the expense of Ukraine and Europe’s energy independence.

The White House says the pipeline was inevitable and improving America’s relationship with the Germans should come first. But the deal with Germany is embarrassing in its weakness. In a joint U.S.-German statement on Wednesday, Berlin pledges to impose sanctions in the future “should Russia attempt to use energy as a weapon or commit further aggressive acts against Ukraine.” We can hear them laughing in the Kremlin at that one.

The deal won’t go down well in Kyiv, which is struggling against Russian assaults on its territory. The country is set to lose billions in transit fees as Russian natural gas is diverted from routes that run through Ukraine. But at least “Germany commits to establish and administer a Green Fund for Ukraine to support Ukraine’s energy transition, energy efficiency, and energy security,” according to the joint statement. The U.S. and Germany say they’ll ask Russia to keep paying Ukraine. Are they kidding?

Giving a revisionist power more influence over Europe’s economy doesn’t help U.S. interests. The big win for Russian gas also comes as the Administration moves to restrict fossil-fuel production in the U.S. Angela Merkel, who negotiated the deal with President Biden, soon won’t even be Chancellor.

***

Meanwhile, on Monday the Administration called out China for cyber attacks and was joined by the European Union, NATO, the United Kingdom, Canada, Australia, New Zealand and Japan. Secretary of State Antony Blinken said “the United States and countries around the world are holding the People’s Republic of China (PRC) accountable for its pattern of irresponsible, disruptive, and destabilizing behavior in cyberspace, which poses a major threat to our economic and national security.”

Accountable how? The allied powers announced no sanctions or other repercussions. A coalition against Chinese cyber attacks is nice, but not if the result is a lowest-common-denominator response—i.e., nothing. Beijing may conclude that harsh words are all the U.S. can unite its allies behind.

Mr. Blinken also confirmed this week that “cyber actors affiliated with” China’s Ministry of State Security had conducted a “massive cyber espionage operation” earlier this year that “indiscriminately compromised thousands of computers and networks.”

He’s referring to an attack on entities that ran their on-premise email server through Microsoft Exchange. The Chinese hackers gained access to users’ email correspondence, attachments and contacts, then launched attacks that could compromise the organization’s networks and computer systems, says Steven Adair, president of the cyber security firm Volexity, which was among the first to detect the breach.

The hackers focused on traditional espionage targets, then broadened their efforts to include others in the private and public sectors, nonprofits and academia. The State Department confirms the operation “gave Chinese intelligence services the ability to access and spy on or potentially disrupt tens of thousands of computer systems worldwide.”

The U.S. response this past week was to unseal an indictment against four Chinese citizens involved in another hacking campaign. The feds say that from 2011 to “at least” 2018, a provincial arm of the Ministry of State Security set up a front company that stole intellectual property, trade secrets, and other confidential information “from companies and universities involved in virus and vaccine research of the Ebola virus,” among other topics.


Alas, all four are “nationals and residents” of China, and unlikely to be extradited, so the indictment’s utility as a deterrent is symbolic. Oh, and State did announce a reward of up to $10 million for information to identify cyber criminals who target the U.S. for a foreign government. No doubt that will impress the hard men at Zhongnanhai.

Biden officials, including the President, believe in the power of diplomacy almost for its own sake. But diplomacy that yields only talk achieves nothing against determined adversaries with malign intentions.

ccp

  • Power User
  • ***
  • Posts: 12622
    • View Profile
Re: Cyberwar, Cyber Crime, and American Freedom
« Reply #606 on: July 22, 2021, 05:21:26 AM »
"Tough Biden Talk, Little Action"

threaten to tell the teacher on China ->. " we are going to discuss this with our friends and allies"

threaten to make them go stand in the corner ->. " we are going to threaten sanctions"

This was the Democrats foreign policy concerning  adversaries ( Hillary would repeat this like a broken memorized record every time)

DougMacG

  • Power User
  • ***
  • Posts: 14518
    • View Profile
Re: WSJ: Tough Biden Talk, Little Action
« Reply #607 on: July 22, 2021, 11:24:00 AM »
Projecting American weakness to our enemies is a feature, not a bug, of their plan.

These are not Henry Scoop Jackson Democrats running our country.
https://en.wikipedia.org/wiki/Henry_M._Jackson

Come election time, how do they defend stopping a pipeline of energy for Americans while giving the Russian German one their blessing?

Crafty_Dog

  • Administrator
  • Power User
  • *****
  • Posts: 55124
    • View Profile
Re: Cyberwar, Cyber Crime, and American Freedom
« Reply #608 on: July 22, 2021, 12:48:25 PM »
Back when his name was being mentioned as a possible presidential nominee, my father sat next to him at some fund raiser dinner.

"Not bright enough" was my dad's assessment.


Crafty_Dog

  • Administrator
  • Power User
  • *****
  • Posts: 55124
    • View Profile
Dark Territory: The Secret History of Cyber War
« Reply #610 on: July 27, 2021, 06:06:47 PM »
Dark Territory: The Secret History of Cyber War
By Fred Kaplan

A reader recommended Fred Kaplan's “Dark Territory: The Secret History of Cyber War” to me, and it turned out to be a timely suggestion. The book, which lays out an in-depth history of U.S. cyber policies dating back to just about as soon as Washington realized that with the great potential of the internet also came great peril, hits on a couple of repeated themes. One is the perhaps inevitable struggle to get the folks in charge to take cyber seriously. Computer stuff is complicated, after all, and path dependencies are enormously difficult for institutions to break. So time and again, it came down to a handful of figures who were astute enough to grasp the fantastic and fraught security environment that was emerging – and who happened to have the necessary bureaucratic knife-fighting chops – to get the machinery of government moving in a constructive direction. One maneuver in particular pulled off by former National Security Agency director and LBJ School of Public Affairs professor Adm. Bobby Inman will be studied in elite policy schools for a century to come. Another theme is the constant rediscovery that defense is much harder than offense – and that offensive cyber capabilities that the U.S. pioneered can be assumed to eventually land in the hands of potential adversaries.

These themes remain in play today. It's no longer necessary to persuade anyone in power that cyberattacks could be extraordinarily destructive, of course. But there still often seems to be a lack of appreciation for the true scale of destruction that's possible as the emerging technologies become integrated with nearly every dimension of U.S. vitality – as well as the near-impossibility of defensive innovations keeping pace with the offensive realm.

There are signs that a paradigm shift in D.C. has taken root, thanks to myriad high-profile attacks ranging from whatever Russia was up to in the 2016 election to the brief crippling of the Colonial Pipeline this spring. The new U.S.-led cybersecurity coalition involving dozens of allied countries shouldn't be sniffed at. But the reality is: It's easier than ever for state and non-state adversaries alike to do severe, tangible damage to U.S. infrastructure and myriad other critical systems without resorting to conventional weapons – to say nothing of threats to data, trade secrets, intellectual property, the information domain and so forth. This is leveling the balance of power and creating a new form of mutually assured destruction, the logic of which needs to be explored.

Phillip Orchard, analyst

A referral is the best compliment.
Feel free to forward this email to friends and colleagues.

Share this article on Facebook