Meet The FBI Cyber Action Team: Rapid Response Fly Team Can Deploy Across The Globe Within Hours To Respond To Major Cyber Threats

The FBI released a piece on their cyber action team.

Across the globe, malicious cyber activity threatens public safety and national and economic security. Criminals target organizations such as schools, hospitals, power and utility companies, and other critical infrastructure entities that serve communities.

As the lead federal agency for investigating cyberattacks and intrusions, the FBI developed a specialty group—the Cyber Action Team, or CAT—that can deploy across the globe within hours to respond to major cyber threats and attacks against these critical services.

Composed of about 65 members, CAT is an investigative rapid response fly team that leverages special agents, computer scientists, intelligence analysts, and information technology specialists from across FBI field offices and Headquarters.

"We respond onsite to victims who may include national government entities, private companies, or even sometimes foreign partner networks that have been compromised by an adversary," said Scott Ledford, head of the Cyber Action Team and the Advanced Digital Forensics Team. "Our job is to help conduct the investigation—we collect digital evidence and locate, identify, and reverse engineer malware. We also help the victim understand when they were compromised and how, writing a timeline and a narrative of that intrusion with the ultimate goal of identifying who is responsible, attributing that attack."

You can read the rest of the piece via the below link:

Meet the Cyber Action Team — FBI 

FBI: October Is National Cybersecurity Awareness Month

The FBI released the below information:

Internet-enabled crimes and cyber intrusions are becoming increasingly sophisticated and preventing them requires each and every user of a connected device to be aware and on guard.

“It’s no longer enough to be on the lookout for something in your inbox that appears suspicious,” said FBI Cyber Division Assistant Director Matt Gorham. “As criminals have grown savvier and their efforts more targeted, individuals and organizations need to scrutinize messages and requests that appear legitimate.”

Some of the most common and damaging Internet-enabled crimes begin with an employee clicking a link in an email that appears to be from a colleague, following the instructions in a message that looks like it came from a supervisor, or opening an account link or invoice that seems to be from a trusted vendor.

“These routine actions can be what exposes a computer or an entire network to a ransomware attack, data breach, or another crime,” said Gorham. “As we mark National Cybersecurity Awareness Month, our hope is to focus attention on the efforts required to safeguard individual computers and accounts and secure and protect critical data and infrastructure.”

Now in its 16th year, National Cybersecurity Awareness Month is hosted every October by the Department of Homeland Security and the National Cyber Security Alliance. Multiple agencies and organizations, including the FBI, collaborate to raise awareness about cybersecurity and stress the collective effort needed to stop cyber intrusions and online thefts and scams.

“Today’s cyber threat is bigger than any one government agency—frankly, bigger than government itself,” FBI Director Christopher Wray said at a cybersecurity conference in March. “But I think no agency brings the same combination of scope and scale, experience, tools, and relationships that the FBI has.”

The FBI works in close coordination with the private sector as well as with state, local, and international partners to understand and anticipate cyber threats and pursue cyber criminals.

During National Cybersecurity Awareness Month, the FBI joins in asking every user of a connected device to Own IT. Secure IT. Protect IT.

“We look to the public and to organizations to engage by understanding these threats, taking preventive action, and reporting cyber crimes when they occur,” said Gorham.

Cyber Safety Tips

All computer users should keep systems and software up to date and use a good anti-virus program. These programs are not foolproof, however, and computer users themselves often help cybercriminals get through these safeguards. To avoid inadvertently downloading malicious code that can harm your network or giving a criminal money or valuable information, the FBI recommends these tips:

• Examine the email address and URLs in all correspondence. Scammers often mimic a legitimate site or email address by using a slight variation in spelling.
• If an unsolicited text message or email asks you to update, check, or verify your account information, do not follow the link provided in the message itself or call the phone numbers provided in the message. Go to the company’s website to log into your account or call the phone number listed on the official website to see if something does in fact need your attention.
• Do not open any attachments unless you are expecting the file, document, or invoice and have verified the sender’s email address.
• Carefully scrutinize all electronic requests for a payment or transfer of funds.
• Be extra suspicious of any message that urges immediate action.
• Confirm requests for wire transfers or payment in person or over the phone as part of a two-factor authentication process. Do not verify these requests using the phone number listed in the request for payment.

Own IT

Understand Your Digital Profile

Internet-based devices are present in every aspect of our lives: at home, school, work, and on the go. Constant connection provides opportunities for innovation and modernization, but also presents opportunities for potential cybersecurity threats that can compromise your most important personal information. Understand the devices and applications you use every day to help keep you and your information safe and secure.

Secure IT

Secure Your Digital Profile

Cybercriminals are very good at getting personal information from unsuspecting victims, and the methods are getting more sophisticated as technology evolves. Protect against cyber threats by learning about security features available on the equipment and software you use. Apply additional layers of security to your devices—like multi-factor authentication—to better protect your personal information.

Protect IT

Maintain Your Digital Profile

Every click, share, send, and post you make creates a digital trail that can be exploited by cybercriminals. To protect yourself from becoming a victim, you must understand, secure, and maintain your digital profile. Be familiar with and routinely check privacy settings to help protect your privacy and limit Internet-enabled crimes.

FBI: International Conference On Cyber Security - Director Wray Touts FBI Cyber Capabilities, Addresses Current Threats

The FBI released the below information:

FBI Director Christopher Wray is seen through the phone of an audience member at the Fordham University/FBI-sponsored International Conference on Cyber Security in New York City on July 25, 2019.

The FBI is working to address evolving cyber threats facing the country, including foreign influence and foreign investment, FBI Director Christopher Wray said at a cybersecurity conference today.

“These threats strike—and they strike hard—at our security. That means our economic security and our ability to keep our companies safe from theft and intrusion,” Wray said. “It means our national security ... it means our safety as everyday citizens walking the streets and sending our kids to school.”

Wray served as the closing speaker at the International Conference on Cyber Security in New York, co-sponsored by the FBI and Fordham University. He was joined by Rev. Joseph McShane, president of Fordham University, and FBI New York Special Agent in Charge Aristedes Mahairas.

Wray described the many resources the FBI brings to its cyber mission—from Cyber Action Teams to the 24-hour command post known as CyWatch to the addition of cyber-focused legal attachés in FBI offices around the world.

“Our role isn’t limited to investigations,” Wray explained. We’re using our expertise to warn the public and private sectors about what we’re seeing and to spotlight risks and vulnerabilities.”

Foreign influence is one of today’s most pressing cyber-related threats, and Wray discussed the FBI’s role in mitigating these threats to the 2020 elections. Through its Foreign Influence Task Force, the FBI has foreign influence-related investigations open across the country. The Bureau’s efforts also involve building relationships with the private sector and information sharing.

“But the foreign influence threat isn’t just limited to election season,” Wray said. “We have to remain vigilant all year round. We have to raise public awareness and increase our country’s resilience in a more sustained and enduring way."

Another threat of concern to the U.S. government is foreign investment in American companies, which can sometimes lead to the theft of intellectual property, sensitive data, or proprietary research. He urged U.S. companies to exercise caution in working with companies from adversarial countries because adversaries are willing to buy access to American proprietary information. 

Additionally, Wray called on the public and private sectors to work together to address the growing inability for law enforcement to lawfully access encrypted data of terrorists and criminals, sometimes referred to as “going dark.” This data may be on phones or other devices or transmitted over encrypted apps or platforms.

While the FBI supports strong cybersecurity, Wray said that no place should be completely off-limits to lawful access. He called it a “fundamental public safety issue” that hampers not only the FBI but also state and local law enforcement efforts.

Wray cited the example that nearly two years after the shooting at a church in Sutherland Springs, Texas, the FBI still cannot get into the shooter’s phone. While the gunman is dead and no longer a threat, access to that information could potentially help prevent a future attack. “If we were dealing with a living subject—someone we were still trying to track down, who could be out planning another attack—the situation could be even more dangerous,” said Wray.

This trend is made more complex by the advent of virtual currency, which some criminals use to hide their transactions.

“It cannot be a sustainable end state for us to be creating some kind of unfettered space beyond the reach of lawful access for terrorists, hackers, and child predators to hide,” Wray said. “But that’s the path we’re on now if we don’t somehow come together to find a solution.”

Clicks Against Crime: A Look Inside The Defense Department's Cyber Crime Center

The Department of Defense Cyber Crime Center, DC3, notes that our entire lives are stored on cell phones, tablets and computers. 

You can get an inside look at the DoD Cyber Crime Center and see how forensic examiners are fighting cyber-crime in the lab via the below link:

https://www.dvidshub.net/video/697839/clicks-against-crime?source=GovDelivery 

Note: The video was made by Navy Petty Officer 1st Class Jennifer LeBron.

Cybercom To Elevate To Combatant Command

Lisa Ferdinando at the DoD News offers the below piece:

WASHINGTON, May 3, 2018 — In response to the changing face of warfare, U.S. Cyber Command will be elevated tomorrow to a combatant command, chief Pentagon spokesperson Dana W. White said today.

“The cyber domain will define the next century of warfare,” White said at a Pentagon news conference.

Army Lt. Gen. Paul M. Nakasone, most recently commander of Army Cyber Command, will receive his fourth star as he succeeds retiring Navy Adm. Michael S. Rogers as Cybercom commander.

“Just as our military must be prepared to defend our nation against hostile acts from land, air and sea,” White said, “we must also be prepared to deter, and if necessary, respond to hostile acts in cyberspace.”

New Warfighting Domain Has ‘Come of Age’

Nakasone will play a critical role in tasks that include training cyber warriors, advocating for more cybersecurity resources, and planning and conducting cyber operations, White said.

Deputy Defense Secretary Patrick M. Shanahan is to preside over the Cybercom portion of ceremony at the Integrated Cyber Center/Joint Operations Center at Fort Meade, Maryland, White said.

“This change of command is noteworthy because it signifies the elevation of Cyber Command as our 10th combatant command,” she said. “Last year, [Defense Secretary James N.] Mattis announced the elevation of Cyber Command, acknowledging that a new warfighting domain has come of age.”

Cyber Command Established in 2009

U.S. Cyber Command, which has been a subunified command under U.S. Strategic Command, was established in 2009 in response to the rapidly evolving threats, with adversaries seeking to exploit the cyber domain to attack the United States and its allies.

The elevation of the command raises the stature of the commander to a peer level with other unified combatant command commanders, allowing the Cybercom commander to report directly to the secretary of defense, Kenneth P. Rapuano, assistant secretary of defense for homeland defense and global security, told reporters at the Pentagon last year. 

Cybercom Commander Discusses Evolving Cyber Threats

Navy Petty Officer 2nd Class Ignacio D. Perez at the DoD News offers the below piece:

WASHINGTON, Feb. 27, 2018 — Although competitors such as China and Russia remain the greatest threat to U.S. security, rogue regimes such as Iran and North Korea have increased in capabilities and have begun using aggressive methods to conduct malicious cyberspace activities, the military’s top cyber officer told Congress today.

Navy Adm. Michael S. Rogers (seen in the below photo), director of the National Security Agency, commander of U.S. Cyber Command and chief of the Central Security Service, testified at a Senate Armed Services Committee hearing.

“Our adversaries have grown more emboldened, conducting increasingly aggressive activities to extend their influence without fear of significant consequence,” Rogers said. “We must change our approaches and responses here if we are to change this dynamic.”

But as the cyber domain has evolved, Rogers told the senators, Cybercom’s three major mission areas endure: protecting the Department of Defense Information Network; enabling other joint force commanders by delivering effects in and through cyberspace; and defending the nation against cyber threats through support to the Department of Homeland Security and others when directed to do so by the president or secretary of defense.

Joint Force Headquarters DODIN, the subordinate headquarters responsible for securing, operating and defending the Defense Department's complex information technology infrastructure, has achieved full operational capability, he said.

Joint Task Force Ares, created to lead the fight in cyber against the Islamic State of Iraq and Syria, has successfully integrated cyberspace operations into broader military campaigns, has achieved some “excellent results,” and will continue to pursue ISIS in support of the nation's objectives, the admiral told the Senate panel.

Cybercom also has significantly enhanced training in cyber operation platforms to prepare the battlespace against key adversaries, he said.

Milestones expected to be achieved this year include Cyber Command’s elevation to a combatant command responsible for providing mission-ready cyberspace operations forces to other combatant commanders, Rogers said.

In addition, the admiral said, Cybercom will be moving into a state-of-the-art integrated cyber center and joint operations facility at Fort Meade, Maryland, enhancing the coordination and planning of operations against cyber threats.

“Without cyberspace superiority in today's battlefield, risk to mission increases across all domains and endangers our security,” Rogers said.

Cybercom’s focus on innovation and rapid tech development has extended all the way to small businesses and working with the private sector while maintaining cybersecurity, Rogers told the committee.

“We intend in the coming year to create an unclassified collaboration venue where businesses and academia can help us tackle tough problems without needing to jump over clearance hurdles, for example, which for many are very difficult barriers,” Rogers explained.

After serving more than four years as a commander of Cybercom and after nearly 37 years of service as a naval officer, Rogers is set to retire this spring.

“I will do all I can during the intervening period to ensure the mission continues, that our men and women remain ever motivated, and that we have a smooth transition,” he said.  

President Elevates U.S. Cyber Command To Unified Combatant Command

Jim Garamone and Lisa Ferdinando at the DoD News offer the below piece:

WASHINGTON, Aug. 18, 2017 — At the direction of the president, the Defense Department today initiated the process to elevate U.S. Cyber Command to a unified combatant command.

"This new unified combatant command will strengthen our cyberspace operations and create more opportunities to improve our nation’s defense," President Donald J. Trump said in a written statement.

The elevation of the command demonstrates the increased U.S. resolve against cyberspace threats and will help reassure allies and partners and deter adversaries, the statement said.  The elevation also will help to streamline command and control of time-sensitive cyberspace operations by consolidating them under a single commander with authorities commensurate with the importance of those operations and will ensure that critical cyberspace operations are adequately funded, the statement said.

Defense Secretary Jim Mattis is examining the possibility of separating U.S. Cyber Command from the National Security Agency, and is to announce his recommendations at a later date.

Growing Mission

The decision to elevate U.S. Cyber Command is consistent with Mattis' recommendation and the requirements of the fiscal year 2017 National Defense Authorization Act, Kenneth P. Rapuano, assistant secretary of defense for homeland defense and global security, told reporters at the Pentagon today.

"The decision is a welcome and necessary one that ensures that the nation is best positioned to address the increasing threats in cyberspace," he added.

Cybercom's elevation from its previous subunified command status demonstrates the growing centrality of cyberspace to U.S. national security, Rapuano said, adding that the move signals the U.S. resolve to "embrace the changing nature of warfare and maintain U.S. military superiority across all domains and phases of conflict."

Cybercom was established in 2009 in response to a clear need to match and exceed enemies seeking to use the cyber realm to attack the United States and its allies. The command is based at Fort George G. Meade, Maryland, with the National Security Agency. Navy Adm. Michael S. Rogers is the commander of U.S. Cyber Command and the National Security Agency director. The president has directed Mattis to recommend a commander for U.S. Cyber Command, and Rogers for now remains in the dual-hatted role, Rapuano said.

More Strategic Role

Since its establishment, Cybercom has grown significantly, consistent with DoD's cyber strategy and reflective of major increases in investments in capabilities and infrastructure, Rapuano said. The command reached full operational capability Oct. 31, 2010, but it is still growing and evolving. The command is concentrating on building its Cyber Mission Force, which should be complete by the end of fiscal year 2018, he said.

The force is expected to consist of almost 6,200 personnel organized into 133 teams. All of the teams have already reached initial operational capability, and many are actively conducting operations. The force incorporates reserve component personnel and leverages key cyber talent from the civilian sector.

"This decision means that Cyber Command will play an even more strategic role in synchronizing cyber forces and training,  conducting and coordinating military cyberspace operations, and advocating for and prioritizing cyber investments within the department,"  Rapuano said.

Cybercom already has been performing many responsibilities of a unified combatant command. The elevation also raises the stature of the commander of Cyber Command to a peer level with the other unified combatant command commanders, allowing the Cybercom commander to report directly to the secretary of defense, Rapuano pointed out.

The new command will be the central point of contact for resources for the department's operations in the cyber domain and will serve to synchronize cyber forces under a single manager. The commander will also ensure U.S. forces will be interoperable.

"This decision is a significant step in the department's continued efforts to build its cyber capabilities, enabling Cyber Command to provide real, meaningful capabilities as a command on par with the other geographic and functional combat commands," Rapuano said. 

Seven Iranians Working For Islamic Revolutionary Guard Corps-Affiliated Entities Charged for Conducting Coordinated Campaign of Cyber Attacks Against U.S. Financial Sector

The U.S. Justice Department released the below information:

A grand jury in the Southern District of New York indicted seven Iranian individuals who were employed by two Iran-based computer companies, ITSecTeam (ITSEC) and Mersad Company (MERSAD), that performed work on behalf of the Iranian Government, including the Islamic Revolutionary Guard Corps, on computer hacking charges related to their involvement in an extensive campaign of over 176 days of distributed denial of service (DDoS) attacks.

Ahmad Fathi, 37; Hamid Firoozi, 34; Amin Shokohi, 25; Sadegh Ahmadzadegan, aka Nitr0jen26, 23; Omid Ghaffarinia, aka PLuS, 25; Sina Keissar, 25; and Nader Saedi, aka Turk Server, 26, launched DDoS attacks against 46 victims, primarily in the U.S financial sector, between late 2011 and mid-2013.  The attacks disabled victim bank websites, prevented customers from accessing their accounts online and collectively cost the victims tens of millions of dollars in remediation costs as they worked to neutralize and mitigate the attacks on their servers.  In addition, Firoozi is charged with obtaining unauthorized access into the Supervisory Control and Data Acquisition (SCADA) systems of the Bowman Dam, located in Rye, New York, in August and September of 2013.

The indictment was announced today by Attorney General Loretta E. Lynch, Director James B. Comey of the FBI, Assistant Attorney General for National Security John P. Carlin and U.S. Attorney Preet Bharara of the Southern District of New York.

“In unsealing this indictment, the Department of Justice is sending a powerful message: that we will not allow any individual, group, or nation to sabotage American financial institutions or undermine the integrity of fair competition in the operation of the free market,” said Attorney General Lynch.  “Through the work of our National Security Division, the FBI, and U.S. Attorney’s Offices around the country, we will continue to pursue national security cyber threats through the use of all available tools, including public criminal charges.  And as today’s unsealing makes clear, individuals who engage in computer hacking will be exposed for their criminal conduct and sought for apprehension and prosecution in an American court of law.”

“The FBI will find those behind cyber intrusions and hold them accountable — wherever they are, and whoever they are,” said Director Comey.  “By calling out the individuals and nations who use cyber attacks to threaten American enterprise, as we have done in this indictment, we will change behavior.”

“Like past nation state-sponsored hackers, these defendants and their backers believed that they could attack our critical infrastructure without consequence, from behind a veil of cyber anonymity,” said Assistant Attorney General Carlin.  “This indictment once again shows there is no such veil – we can and will expose malicious cyber hackers engaging in unlawful acts that threaten our public safety and national security.”

“The charges announced today respond directly to a cyber-assault on New York, its institutions and its infrastructure,” said U.S. Attorney Bharara.  “The alleged onslaught of cyber-attacks on 46 of our largest financial institutions, many headquartered in New York City, resulted in hundreds of thousands of customers being unable to access their accounts and tens of millions of dollars being spent by the companies trying to stay online through these attacks.  The infiltration of the Bowman Avenue dam represents a frightening new frontier in cybercrime.  These were no ordinary crimes, but calculated attacks by groups with ties to Iran’s Islamic Revolutionary Guard and designed specifically to harm America and its people.  We now live in a world where devastating attacks on our financial system, our infrastructure and our way of life can be launched from anywhere in the world, with a click of a mouse.  Confronting these types of cyber-attacks cannot be the job of just law enforcement.  The charges announced today should serve as a wake-up call for everyone responsible for the security of our financial markets and for guarding our infrastructure.  Our future security depends on heeding this call.”

According to the indictment unsealed today in federal court in New York City:

DDoS Attacks

The DDoS campaign began in approximately December 2011, and the attacks occurred only sporadically until September 2012, at which point they escalated in frequency to a near-weekly basis, between Tuesday and Thursdays during normal business hours in the United States.  On certain days during the campaign, victim computer servers were hit with as much as 140 gigabits of data per second and hundreds of thousands of customers were cut off from online access to their bank accounts. 

Fathi, Firoozi and Shokohi were responsible for ITSEC’s portion of the DDoS campaign against the U.S. financial sector and are charged with one count of conspiracy to commit and aid and abet computer hacking.  Fathi was the leader of ITSEC and was responsible for supervising and coordinating ITSEC’s portion of the DDoS campaign, along with managing computer intrusion and cyberattack projects being conducted for the government of Iran.  Firoozi was the network manager at ITSEC and, in that role, procured and managed computer servers that were used to coordinate and direct ITSEC’s portion of the DDoS campaign.  Shokohi is a computer hacker who helped build the botnet used by ITSEC to carry out its portion of the DDoS campaign and created malware used to direct the botnet to engage in those attacks.  During the time that he worked in support of the DDoS campaign, Shokohi received credit for his computer intrusion work from the Iranian government towards his completion of his mandatory military service requirement in Iran.

Ahmadzadegan, Ghaffarinia, Keissar and Saedi were responsible for managing the botnet used in MERSAD’s portion of the campaign, and are also charged with one count of conspiracy to commit and aid and abet computer hacking.  Ahmadzadegan was a co-founder of MERSAD and was responsible for managing the botnet used in MERSAD’s portion of the DDoS campaign.  He was also associated with Iranian hacking groups Sun Army and the Ashiyane Digital Security Team (ADST), and claimed responsibility for hacking servers belonging to the National Aeronautics and Space Administration (NASA) in February 2012.  Ahmadzadegan has also provided training to Iranian intelligence personnel.  Ghaffarinia was a co-founder of MERSAD and created malicious computer code used to compromise computer servers and build MERSAD’s botnet.  Ghaffarinia was also associated with Sun Army and ADST, and has also claimed responsibility for hacking NASA servers in February 2012, as well as thousands of other servers in the United States, the United Kingdom and Israel.  Keissar procured computer servers used by MERSAD to access and manipulate MERSAD’s botnet, and also performed preliminary testing of the same botnet prior to its use in MERSAD’s portion of the DDoS campaign.  Saedi was an employee of MERSAD and a former Sun Army computer hacker who expressly touted himself as an expert in DDoS attacks.  Saedi wrote computer scripts used to locate vulnerable servers to build the MERSAD botnet used in its portion of the DDoS campaign.

For the purpose of carrying out the attacks, each group built and maintained their own botnets, which consisted of thousands of compromised computer systems owned by unwitting third parties that had been infected with the defendants’ malware, and subject to their remote command and control.  The defendants and/or their unindicted co-conspirators then sent orders to their botnets to direct significant amounts of malicious traffic at computer servers used to operate the websites for victim financial institutions, which overwhelmed victim servers and disabled them from customers seeking to legitimately access the websites or their online bank accounts.  Although the DDoS campaign caused damage to the financial sector victims and interfered with their customers’ ability to do online banking, the attacks did not affect or result in the theft of customer account data.

DDoS Botnet Remediation

Since the attacks, the Department of Justice and the FBI have worked together with the private sector to effectively neutralize and remediate the defendants’ botnets.  Specifically, through approximately 20 FBI Liaison Alert System (FLASH) messages, the FBI regularly provided updated information collected from the investigation regarding the identity of systems that been infected with the defendants’ malware and operating as bots within the malicious botnets.  In addition, the FBI conducted extensive direct outreach to Internet service providers responsible for hosting systems that have been infected with the defendants’ malware to provide them information and assistance in removing the malware to protect their customers and other potential victims of the defendants’ unlawful cyber activities.  Through these outreach efforts and the cooperation of the private sector, over 95 percent of the known part of the defendants’ botnets have been successfully remediated.

Bowman Dam Intrusion

Between Aug. 28, 2013, and Sept. 18, 2013, Firoozi repeatedly obtained unauthorized access to the SCADA systems of the Bowman Dam, and is charged with one substantive count of obtaining and aiding and abetting computer hacking.  This unauthorized access allowed him to repeatedly obtain information regarding the status and operation of the dam, including information about the water levels, temperature and status of the sluice gate, which is responsible for controlling water levels and flow rates.  Although that access would normally have permitted Firoozi to remotely operate and manipulate the Bowman Dam’s sluice gate, Firoozi did not have that capability because the sluice gate had been manually disconnected for maintenance at the time of the intrusion.

Remediation for the Bowman Dam intrusion cost over $30,000.

* * *

All seven defendants face a maximum sentence of 10 years in prison for conspiracy to commit and aid and abet computer hacking.  Firoozi faces an additional five years in prison for obtaining and aiding and abetting unauthorized access to a protected computer at the Bowman Dam.

An indictment is merely an accusation and all defendants are presumed innocent unless proven guilty in a court of law.

The case was investigated by the FBI, including the Chicago; Cincinnati; New York; Newark, New Jersey; Phoenix; and San Francisco Field Offices.  This case is being prosecuted by Assistant U.S. Attorney Timothy T. Howard of the Southern District of New York, with the substantial assistance of Deputy Chief Sean M. Newell of the National Security Division’s Counterintelligence and Export Control Section.

Assistant Attorney General John P. Carlin Delivers Remarks At Press Conference Announcing Seven Iranians Charged For Conducting Cyber Attacks Against U.S. Financial Sector

The U.S. Justice Department released Assistant Attorney General John P. Carlin's (seen in the above DOJ photo) remarks at a press conference announcing seven Iranians charged with conducing cyber attacks.

You can read the remarks below:

Good morning.  And thank you, Preet – this case would not have been possible without the hard work of the men and women of your office and our partners at the FBI.  I also want to thank the men and women of the National Security Division for their work on this case and for their efforts to protect our country from all manner of national security threats. 

In addition, we thank all of the victims for their critical assistance during the investigation.  This case demonstrates the power of public-private partnerships in holding accountable cyber actors who threaten our national security.

For many years, nation states and their affiliates enjoyed what they perceived to be a cloak of anonymity.  A cloak they hid behind to break our laws through cyber intrusions and to threaten our security and economic well-being. 

They had this perceived cloak because they thought we couldn’t figure out who did it and, if we did figure it out, we would keep it a secret. 

They are wrong.  In a new approach, we have unleashed prosecutors and FBI agents against national security cyber threats.  In addition, we work closely with the private sector to

That’s why, two years ago – from this very podium – we could announce an indictment against five members of the People's Liberation Army.

Today, let this indictment reinforce that the days of perceived anonymity are gone – we can remove the cloak.

And we will.

Today’s announcement proves, once again, there is no free pass for nation state affiliated computer intrusions. 

This week is significant – a landmark for our national security cyber program.  On Tuesday, we unsealed a complaint against members of the Syrian Electronic Army.  Yesterday, a Chinese businessman in Los Angeles pled guilty for conspiring to hack into U.S. defense contractors and to steal sensitive information related to fighter jets. 

And now, today, we can tell the world that hackers affiliated with the Iranian government attacked U.S. systems, and we seek to bring them to justice for their crimes.

No matter where a hacker is located or who he is affiliated with – China or North Korea, ISIL or SEA – we can figure who did it, by name and face, we can do so publicly and we can impose consequences. 

This is still the beginning.  We will continue to pursue hackers affiliated with nation states or terrorist organizations.  And when we find you, we will use every available tool at our disposal to hold you accountable. 

That means more public actions, more charges, more arrests and more sanctions, until the conduct changes.   

Thank you.   

FBI Director Briefs Congressional Subcommittee On Key Threats And Challenges

The FBI released the below information:

FBI Director James Comey, appearing today before the House Appropriations Committee’s Commerce, Justice, Science, and Related Agencies Subcommittee, provided members an overview of the FBI’s fiscal year 2017 budget request and explained how the requested resources are critical to the Bureau’s ability to address existing and emerging national security and criminal threats.

Some of those threats, according to the Director’s statement, are terrorism—in particular, the threats posed by foreign fighters, including those recruited from the U.S., traveling to join ISIL—and homegrown violent extremists; foreign intelligence and espionage activities, especially the growing problem of the insider threat; the most dangerous and malicious cyber threats from state-sponsored hackers, hackers for hire, organized cyber syndicates, and terrorists; and serious criminal threats such as public corruption, Internet-facilitated sexual exploitation of children, violent gangs, corporate fraud, and international criminal enterprises.

Comey also said that resources are needed to close gaps in operational capabilities, including enhancements to cyber investigative capabilities, the mitigation of threats from foreign intelligence services and insiders, investments related to the Going Dark initiative, improvements to the National Instant Criminal Background Check System, and operation and maintenance costs of the new Biometrics Technology Center.

Note: You can read his full statement via the below link:

https://www.fbi.gov/news/testimony/fbi-budget-request-for-fiscal-year-2017 

Chairman Of The Joint Chiefs Of Staff Marine General Dunford Discusses Implications of Current Security Environment

Jim Garamone a the DoD News offers the below piece:

WASHINGTON, Dec. 14, 2015 — The chairman of the Joint Chiefs of Staff discussed his short-term priority – defeating the Islamic State of Iraq and the Levant – and provided insight into his long-term goals during a talk at the Center for a New American Security here today.

Marine Corps Gen. Joseph F. Dunford Jr. spoke about the security environment and its implications on the force of the future and also spoke about joint force organization.

Current trends indicate any conflict in the future will be transregional, multidomain and multifunctional, the chairman said.

“When I look at information operations, cyber capabilities, space and counter-space capabilities, ballistic missile technology – they have all affected the character of the modern battlefield,” the general said. “And we see such capabilities fielded by both state and nonstate actors.”

The North Korean Challenge

An example of the changes these technologies have wrought is North Korea, Dunford said, noting that in the past, military planners believed any conflict would be confined to the Korean Peninsula. “But as North Korea developed ballistic missile technology, that obviously affected other regional actors, such as Japan,” he said.

Today, with ICBMs, cyber, information operations and more, “it’s pretty hard to see how even a conflict on the peninsula would be anything but transregional, multidomain and multifunctional,” the chairman said.

Current planning, organizational constructs and command and control set-ups “is not optimized for that fight,” he added.

U.S. military planning is done regionally and commanders rely on cooperation and collaboration, the chairman said. “It may surprise you to know this, but the lowest level of integration in the Department of Defense really is the secretary of defense,” he said. “That’s an issue that’s on the top of my inbox. That’s an issue that I am taking a look at hard.”

No Slowing Down

Underlying everything are the people of the U.S. military, the chairman said, noting that he returned from a trip last week in which he visited with service members in U.S. European Command, U.S. Africa Command and U.S. Central Command. “I saw a large number of soldiers, sailors, airmen and Marines, and they are in great spirits. … The closer I got to the fight, the more spirited they were. They are focused and proud about what they are doing,” he said. “I don’t take that for granted. The one thing I am mindful of as I come into the job is that we have been running pretty hard for a long period of time.”

The challenges of the world mean they won’t get a rest soon, Dunford said.

“I told them I can’t see a time where that dynamic is going to change,” he explained. “If our requirements continue to be what I believe they will be, and the force structure stays about what it is today, … we are going to be running hard for some time to come.”

Measuring Joint Readiness

The general said he is looking at new ways to measure joint readiness, and that people should expect a new way of looking at the concept after the first of the year.

“It isn’t just the readiness of our individual units and the parts and pieces,” he said. “It’s making sure we have the right inventory, and also making sure on a day-to-day basis we are postured to respond in a timely manner.”

The fight against violent extremism is a transregional conflict, the chairman said. Still, he added, the Defense Department’s portion of the nine lines of effort are focused on destroying core ISIL in Syria and Iraq, and the U.S. military does this by striking ISIL leaders and fighters. “The second critical element is to develop and support effective partners on the ground to seize and secure ISIL-held terrain,” he said.

Dunford came to the venue straight from a meeting with President Barack Obama and the rest of the National Security Council at the Pentagon. “I want to make it clear that within the framework of international and domestic law, our policies and our end state, I don’t personally feel at all inhibited in terms of making recommendations to the president,” he said. “And we will continue to do that.”
Syria, he said, is the bigger challenge, because there is no partner on the ground. The Iraqi security forces and Kurdish peshmerga provide allies to take and control terrain inside Iraq. Dunford did say he understands how much more needs to be done, but that he is encouraged by operations against ISIL.

Concerns Over State Actors

However, the chairman said, the threat from extremists, while pressing, is not the only security challenge. The capabilities and behaviors of four state actors– Russia, China, Iran and North Korea – must inform U.S. contingency plans, he said.

“Despite its declining population and shrinking economy, Russia has made a significant investment in its military capabilities,” the chairman said. Russia has fielded new ICBMs, aircraft, new submarines, tanks and air defense systems. The nation is also expanding capabilities in space and cyberspace. As you look at Russian capability, you have to look at it in the context of what they have done in Crimea, Ukraine and Syria.”

Dunford then turned to China, saying the emphasis is to cooperate with the rising giant. “We also – and we get paid to do that – watch closely the developments in their military capabilities and their behavior in the South China Sea,” he said.

Iran and North Korea are exporters of instability who continue to look for new ways to threaten neighbors, the chairman said.

All of these challenges have implications for the future joint force, he said, and the first is foundational.

“We need a balanced inventory of joint capabilities that’s going to allow us to deter and defeat potential adversaries across the range of military operations,” he said. “We don’t have the luxury to have a choice between a force that can fight the current fight against violent extremism and one that can deal with the full range of challenges.”

The second implication is to define how to use the military instrument of power in the “gray zone” of cyberspace, he said.

“I believe we need to develop more effective methods to deal with challenges like Russia’s ‘little green men’ or Iranian malign influence,” he said. “Our traditional approach – where we view things either as at peace or at war – may not be the case for our adversaries.”


On cyber, Dunford called for more offensive cyber capabilities and cyber deterrence.

FBI Director Briefs Congressional Oversight Committee On FBI’s Current Efforts

The FBI released the above photo and the below report.

FBI Director James Comey, pledging to “be the best possible stewards of the authorities and the funding you have provided for us,” testified today before the U.S. House of Representatives’ Judiciary Committee on current Bureau efforts in a wide variety of priority investigative programs and initiatives.

Among the highlights:

• Counterterrorism remains the FBI’s top priority, and the Bureau is working to address the evolving threat, including offshoots of al Qaeda, like ISIL, and the explosion of terrorist propaganda and training on the Internet.
• In the counterintelligence realm, the Bureau continues to investigate traditional espionage—spies posing as diplomats or ordinary citizens—but we also remain focused on the growing insider threat: trusted employees and contractors who use their legitimate access to steal secrets to benefit another company or country.
• In the cyber arena, an element of virtually every national security threat and crime problem the FBI faces is cyber-based or facilitated—cyber threats exist from those who want our state secrets, trade secrets, technology, and our ideas; those who maliciously steal or delete corporate data; and criminals on the so-called “dark web” who exchange information and tools that enable cyber crimes.
• And on the criminal side, the FBI continues to place a premium on investigations involving public corruption, violations of civil rights, health care fraud, violent crime, transnational organized crime, crimes against children, and crimes in Indian Country, among others.

In his prepared statement, Comey also discussed the FBI’s commitment to countering the threat of nuclear smuggling and other weapons of mass destruction, his continued focus on the Going Dark communications technology gap, ongoing efforts to integrate intelligence and operations, the need for more and better Uniform Crime Reporting data related to officer-involved shootings, and the many state-of-the-art services provided by the FBI Laboratory to our law enforcement, intelligence, military, and forensic science partners.

FBI: October Is National Cyber Security Awareness Month

The FBI website reminds us that October is National Cyber Security Awareness Month.

October is National Cyber Security Awareness Month, administered by the Department of Homeland Security. This is the perfect time of year for individuals, businesses, and other organizations to reflect on the universe of cyber threats and to do their part to protect their networks, their devices, and their data from those threats.

You can read the rest of the report via the below link:

https://www.fbi.gov/news/stories/2015/october/national-cyber-security-awareness-month/national-cyber-security-awareness-month?utm_campaign=email-Daily&utm_medium=email&utm_source=fbi-top-stories&utm_content=473212

Defense, Intel Leaders: Cybersecurity Priorities Are Defense, Deterrence

Cheryl Pellerin at the DoD News offers the below report:

WASHINGTON September 29, 2015 — Defense and deterrence are two of the highest priorities for bolstering the nation’s cybersecurity capabilities, top officials from the Defense Department and the intelligence community told a Senate panel here today.

Deputy Defense Secretary Bob Work testified on cybersecurity policy and threats before the Senate Armed Services Committee. Joining him were Director of National Intelligence James R. Clapper and Navy Adm. Michael S. Rogers, commander of U.S. Cyber Command and director of the National Security Agency.

In his remarks to the panel, Clapper said that for the third year in a row, cyberthreats headed the list of threats reported in the annual National Intelligence Worldwide Threat Assessment.

“Although we must be prepared for a large Armageddon-scale strike that would debilitate the entire U.S. infrastructure, that is not … the most likely scenario,” Clapper added.

Integrating Intelligence

The primary concern is low- to moderate-level cyberattacks from a growing range of sources that will continue and probably expand, he said, adding that in the future he expects to see more cyber operations that manipulate electronic information to compromise its integrity, as opposed to deleting or disrupting access to it.

Clapper said President Barack Obama has directed him to form a small center that will integrate cyberthreat intelligence from across federal agencies, as do centers established over the years for counterterrorism, counterproliferation and counterintelligence.

In his remarks to the panel, Work said recent cyber intrusions involving the Office of Personnel Management, the Joint Staff and Sony by three separate state actors are “not just espionage of convenience, but a threat to our national security.”

Earlier this year, the department released a new strategy to guide the development of its cyber forces and strengthen its cybersecurity and cyber deterrence postures. The previous cyber strategy was released in 2011.

DoD Core Missions

As laid out in the new strategy, DoD’s core missions are to defend DoD network systems and information, defend the nation against cyber events of significant consequence, and provide cyber support to operational and contingency plans.

“In this regard, U.S. Cyber Command may be directed to conduct cyber operations in coordination with other government agencies … to deter and defeat strategic threats in other domains,” Work said.

On cyber deterrence, Work acknowledged that he and Defense Secretary Ash Carter “recognize that we are not where we need to be in our deterrent posture,” and the revised strategy is designed to help improve cyber deterrence.

Deterrence works by convincing any potential adversary that the costs of conducting an attack far outweigh potential benefits, Work said, describing the three pillars of the cyber deterrence strategy as denial, resilience and cost imposition.

Cyber Deterrence

“Denial means preventing the cyber adversary from achieving his objectives; resilience is ensuring that our systems will perform their essential military tasks even when they are contested in the cyber environment; and cost imposition is our ability to make our adversaries pay a much higher price for malicious activities than they [expected],” the deputy secretary explained.

Work said that because nearly every successful network exploitation involving the Defense Department can be traced to one or more human errors that allowed entry into the network, raising the level of individual cybersecurity awareness and performance is critical.

“As part of this effort, we recently published a cybersecurity discipline implementation plan and a scorecard that is brought before the secretary and me every month,” he said.

The scorecard holds commanders accountable for hardening and protecting their critical systems, and allows them to hold their personnel accountable, Work said, noting that the first scorecard was published in August.

“Denial also means defending the nation against cyberthreats of significant consequence,” Work said, “and the president has directed DoD, working in partnership with other agencies, to be prepared to blunt and stop the most dangerous cyber events.”

Fighting Through Cyberattacks

On resilience, Work explained that adversaries view DoD's cyber dependence as a potential wartime vulnerability, so the department views its ability to fight through cyberattacks as a critical mission function.

“That means normalizing cybersecurity as part of our mission-assurance efforts, building redundancy whenever our systems are vulnerable, and training constantly to operate in a contested environment. Our adversaries have to see that these cyberattacks will not provide them a significant operational advantage,” Work said.

The third aspect of deterrence means demonstrating the ability to respond through cyber and non-cyber means to impose costs on a potential adversary.

“The administration has made clear that we respond to cyberattacks in the time, manner and place of our choosing, and the department has developed cyber options to hold an aggressor at risk in cyberspace if required,” Work said.

Measurable Progress

During his testimony, Rogers said the military is in constant contact with agile, learning adversaries in cyberspace who have shown the capacity and willingness to take action against soft targets in the United States.

Some countries are integrating cyber operations into a total strategic concept for advancing their regional ambitions, he said, “to use cyber operations to influence the perceptions and actions of states around them and shape what we see as our options for supporting allies and friends in a crisis.”

“We need to deter these activities by showing that they are unacceptable, unprofitable and risky for the instigators,” he added.

U.S. Cyber Command is building capabilities that contribute to deterrence, the admiral told the panel.

“We are hardening our networks and showing an opponent that cyber aggression won't be easy,” Rogers said. “We are creating the mission force -- trained and ready like any other maneuver element that is defending DoD networks -- supporting joint force commanders and helping defend critical infrastructure within our nation.”

U.S. Cyber Command has made measurable progress, he added. “We are achieving significant operational outcomes and we have a clear path ahead."

Terrorism Morphing Into Different Threats, Says CIA Chief

Jim Garamone at the DoD News offers the below report:

WASHINGTON, March 16, 2015 - Terrorism is morphing into different types of threats, including cyberattacks that can impact nations across the globe, the director of central intelligence said in New York last week.

John Brennan told the Council on Foreign Relations that terror attacks in Europe, the Middle East, Africa and Central Asia show the terror threat is changing. The CIA working with foreign partners is key to defeating the terror threat, he added.

"These attacks underscore a disturbing trend that we have been monitoring for some time -- the emergence of a terrorist threat that is increasingly decentralized, difficult to track and even more difficult to thwart," Brennan said.

Though the United States and its partners have had considerable success in attacking core al-Qaida, affiliates have risen, said Brennan, pointing to al-Qaida groups in Libya, Egypt, Somalia, Nigeria "and especially Yemen where al-Qaida in the Arabian Peninsula has demonstrated a capability to plot attacks well beyond Yemen's borders, including in our homeland."

ISIL a 'Serious Danger' Beyond Region

But the heartland of terror, the director said, now operates in Syria and Iraq where the Islamic State of Iraq and the Levant is waging a campaign of unspeakable brutality against the local population and anyone who does not share its ideology.

Left unchecked, ISIL poses a serious danger not only to Syria and Iraq, but to the wider region and beyond, including the threat of attacks on the U.S. homeland and the homelands of its partners, Brennan said.

The intelligence chief echoed DoD leaders in saying the fight against ISIL will be a long one. "If there is one thing we have learned over the years, it is that success against terrorism requires patience and determination," he said. "Clearly our country will be dealing with terrorism in one form or another for many years to come."

Threats in the Cyber Realm

Modern communications technologies complicate the fight against ISIL and its ilk, Brennan said. "New technologies can help groups like ISIL coordinate operations, attract new recruits, disseminate propaganda and inspire sympathizers across the globe to act in their name," he said. "The overall threat of terrorism is greatly amplified by today's interconnected world where an incident in one corner of the globe can instantly spark a reaction thousands of miles away, and where a lone extremist can go online and learn how to carry out an attack without ever leaving home."

The cyber domain brings tremendous benefits, but also brings tremendous dangers, he said.

"Threats in the cyber realm are an urgent national security priority, as America has no equivalent to the two wide oceans that have helped safeguard our country's physical, maritime and aviation domains for centuries," Brennan added.

Nations, terrorist organizations, criminals and hackers are trying to penetrate U.S. digital networks, he said.

"Government institutions are under constant assault, and private companies are spending enormous sums of money to defend against hacking attempts, denial of service attacks and other efforts to disrupt their networks," Brennan said.

The North Korean attack on Sony last year highlighted the cyber threat, he said.

"CIA is working with our partners across the federal government to strengthen cyber defenses, to share expertise and to collaborate with the private sector to mitigate these threats," Brennan said. "Together we have advanced our understanding of the threats in the cyber realm."

U.S. Intelligence Chief Describes 'Pervasive Uncertainty' Of Worldwide Threats

Jim Garamone at the DoD News offers the below piece:

WASHINGTON, Feb. 27, 2015 - "Unpredictable instability" is the new normal, the director of National Intelligence told the Senate Armed Services Committee here yesterday.

James R. Clapper (seen above in his official photo) testified on worldwide threats facing the United States and gave his best advice on what he considers to be the dangers Americans need to be aware of.

He said 2014 had the highest rate of political instability since 1992, when the Soviet Union collapsed. Last year also saw the most deaths as a result of state-sponsored mass killing and the highest number of refugees and internally displaced persons since World War II.

"This pervasive uncertainty makes it all the harder to predict the future," he said.

The North Korean cyberattack on Sony, the Ebola epidemic, and dramatic terrorist attacks in Australia, Belgium, Canada, Denmark, France and the United States mean 2015 promises to be as unstable as 2014, Clapper said.

Cyber, Terror Concerns

Cyberattacks are increasing in frequency, scale, sophistication and severity of impact, he said. The U.S. government must be prepared for a massive cyberattack, he added, but the truth is the nation is already living with a constant and expanding barrage of cyberattacks.

Nations, criminal networks, terror groups and even individuals can launch these attacks, Clapper said. He highlighted the actions of North Korea, Iran, Russia and China in the cyber realm.

The terrorist threat grew last year, also, the director said.

"In 2013, just over 11,500 terrorist attacks worldwide killed approximately 22,000 people," he said. "Preliminary data for the first nine months of 2014 reflects nearly 13,000 attacks, which killed 31,000 people."

About half of all attacks, as well as fatalities occurred in just three countries: Iraq, Pakistan and Afghanistan, Clapper said. The Islamic State of Iraq and the Levant conducted more terror attacks than any other entity in the first nine months of 2014.

A new terror threat comes from "radicalized" individuals who travel to fight with ISIL in Syria or Iraq and then return to their home countries and launch attacks there, Clapper said. He estimates more than 20,000 Sunni foreign fighters have traveled to Syria from more than 90 countries to fight the Assad regime. Of that number, at least 13,600 have extremist ties, he said.

"About 180 Americans or so have been involved in various stages of travel to Syria," Clapper said.

Rise of ISIL

ISIL is increasing its influence outside of Iraq and Syria, seeking to expand its self-declared caliphate into the Arabian Peninsula, North Africa and South Asia and planning terrorist attacks against Western and Shia interests, Clapper said.

"ISIL's rise represents the greatest shift in the Sunni violent extremist landscape since al-Qaida affiliates first began forming, and it is the first to assume at least some characteristics of a nation state," the director said.

Iran is exerting its influence in Syria, Iraq and Yemen, he said. Iranian leaders have provided robust military support to Syrian leader Bashir al-Assad and to the Iraqi government. This includes arms, advisers, funding, intelligence collection, electronic warfare and cyber support and combat support, Clapper explained.

"More broadly, Iran will face many of the same decision points in 2015 as it did in 2014," Clapper said. "Foremost is whether the supreme leader will agree to a nuclear deal. He wants sanctions relief but, at the same time, to preserve his options on nuclear capabilities."

Yemen's political future and stability are, at best, uncertain. Iran has provided support to the Houthis -- a group that now controls the government -- for years," Clapper said. "Their ascendancy is increasing Iran's influence."

Russia's Intentions in Eastern Europe

Clapper discussed problematic relations with Russia, as the country seems intent on a revanchist strategy with Ukraine squarely in the cross hairs.

"Moscow sees itself in direct confrontation with the West over Ukraine and will be very prone to overreact to U.S. actions," he said. "[Russian President Vladimir] Putin's goals are to keep Ukraine out of NATO and to ensure separatist control of an autonomous entity within Ukraine. He wants Moscow to retain leverage over Kiev, and Crimea, in his view, is simply not negotiable."

China Modernizes its Military

China is an emerging power and China's leaders are primarily concerned with domestic issues, the Communist Party's hold on power, internal stability and economic growth, Clapper said.

"Although China is looking for stable ties with the United States," he said, "it is more willing to accept bilateral and regional tensions in pursuit of its interest, especially on maritime-sovereignty issues."

The Chinese government continues a robust military modernization program directly aimed at what they consider to be U.S. strengths, Clapper said.

"Their military training program last year included exercises unprecedented in scope, scale and complexity to both test modernization progress and to improve their theater warfare capabilities," he said.