Showing posts with label hacking. Show all posts
Showing posts with label hacking. Show all posts

12 April 2017

Keystone Cops - the Trump-Russia Connection

by David Edgerley Gates

Once again, a disclaimer. This post isn't political comment, but thinking out loud about the spycraft involved. Nor do I claim special knowledge. It's pure speculation.



If you're one of the people following what Rick Wilson of The Daily Beast has characterized as "the Trump-Russia intelligence and influence scandal," you can be forgiven for experiencing a certain bemusement. The story keeps wandering off-narrative, the cast doesn't know their lines, the whole thing is like a dress rehearsal for the school play. Lucian K. Truscott IV, writing for SALON, sounds a note of gleeful despair, trying to strike a balance between the giddy anarchy of a Three Stooges routine and the jaws of darkness yawning open beneath our feet. You don't have to take sides to take it seriously, but it has an unreal quality. Farce, caricature, exaggeration of effect, clown noses and oversized shoes. 

What would a working intelligence professional make of all this? If we discount the attitude, and the partisanship, and the Whose-Ox-Is-Being-Gored, and focus on the basic operational dynamics - the tradecraft of recruitment, the servicing of resources, the value of the product - does it show any return on the investment? What's our cost-benefit ratio?

Security operations are often graded on the curve. You might have a downside risk, but if you're blown, the exposure is quantifiable. It's worth losing X to acquire Y. Penetrations are always high-value. Getting someone inside. Philby and Blake. Gunter Guillaume. Alger Hiss. Penkovsky. It's a tightrope act for the spy, of course. For his handlers, not so much. Embarrassment, contrition, crocodile tears. Deep-cover assets understand their vulnerability. It's a buyer's market. You're only as good as your last picture. So forth and so on. The point here being that a penetration is usually considered well worth the money, the extra effort, the aggravation. Any rewards justify the sweat equity. But defectors are known to inflate their resumes. They give themselves better credentials, they claim better access. Another thing to remember is that the more difficult the courtship, and the more it costs, the more highly you value the object of your desire. In other words, we both want to close the sale. It's to our mutual advantage. And who's to say there isn't as much wishful thinking on the one side as on the other?

Intelligence consumers want what's known in the trade as collateral, telling detail that gives your product a material weight, the force of gravity. What we've got here is disconnect. Peripheral vision, low light. Manafort is compromised because he was a bagman for Yanukovych. Kushner met with VneshEconomBank chair Gorkov, and VEB launders dirty money for the Kremlin. Flynn broke bread with Putin at a meet-and-greet sponsored by RT. Page and Stone were coat-trailed by SVR. All of it suggestive, none of it at all imperative.

There's a moment in Smiley's People, about a third of the way through, when George learns that Karla is "looking for a legend, for a girl."  This is the place where the story - the story within, the hidden narrative - begins to shape itself. George first hears that voice, and we're taken into his confidence, and feel its muscularity, and the book turns a corner (its secret just around the next one). 

How do we apply the comforts of a fiction? We suppose not, but hold the phone. The absence of structure tells us something. We're used to the idea of conspiracy, plots laid, inductions devious. I'd suggest this wasn't a concerted effort. Not at either end. I think the Russian services went after targets of opportunity. Putin's an old KGB guy of course, but he seems to have buried the hatchet with GRU. He's made extensive use of both, in Crimea and the Donbass. Russian information warfare strategy has also been formalized. Kaspersky Lab, which on paper is private sector, works in cybersecurity. Once upon a time, this was all under the authority of the Organs, the state apparat, but the chain of command is more flexible. I'm guessing an approach to an American or European businessman could be made by anybody, sanctioned or not. Is it corporate espionage, or government? What's the difference? you might ask. If you're shaking hands with the siloviki, the oligarchs, you're already in bed with the Mafia and state security. It's not at all difficult to imagine a guy like Paul Manafort being recruited, because he'd be recruiting talent himself, working both sides of the street. He's cultivating influence, that's his currency. So let's say we see this happen with other examples. No grand design or discipline, just low-hanging fruit.

Moving ahead, we get to the past summer of an election year, 2016, and evidence of Russian e-mail hacking. We know the FBI opened their investigation in July, and it's now being reported that CIA began briefing the Gang of Eight - the senior majority and minority leaders in the House and Senate, and on the intelligence committees - in mid-August. Slight cognitive dissonance, as the Bureau believed the Russian threat was meant only to disrupt the political process in general, CIA believed it was specifically focused on sabotaging the Clinton campaign and electing Trump. CIA suspects active collusion.

What are the basics? We know any intelligence community is top-heavy with turf warriors. MI5 and MI6. FBI and CIA. SVR and FSB and GRU. But there was a trigger mechanism. My guess is that a ranking somebody in the Russian spy orbits took notice and pulled the various threads together. We imagine frustrations expressed at the top of the food chain, "Who will rid me of this tempestuous priest?" And the barons mount up. I'm also thinking this was as much accident as anything else. The necessary tools were ready to hand. All it required was an organizing principle. The rest is housekeeping, who carried the water.

One last observation. The feckless and the foolish are easily led. You play to their vanities, their limitless self-regard. it's never truer than in the spook trade that you can't cheat an honest man.

Recommended:
Lucian K. Truscott IV in SALON
http://www.salon.com/writer/lucian_k_truscott_iv/

08 March 2015

The Kaspersky Code

by Leigh Lundin

Three weeks ago, Kaspersky Lab, the Russian security software maker exposed a cyber-espionage operation that many believe originated within the NSA. The devilishly clever bit of code hides in the firmware of disc drives and has the ability to continuously infect a machine. If you use a Windows computer, there’s a good chance it’s not only infected but was built that way likely without the manufacturers' knowledge.

Kaspersky researcher Costin Raiu says the NSA couldn’t have done it without the source code.

What?!!

The contention that the NSA definitely had access to the source code is not only patent nonsense, it ignores that fact that Kaspersky themselves supposedly didn’t have the code. Having the source code is the easy way, perhaps the preferred way, but it’s hardly the only way.

A Reuters article speculates how the NSA might have obtained the source code and indeed, one of those is a likely scenario. But it’s also feasible to do the job without the source and I’ll show you what I mean, a technique I used to unravel computer fraud programs. Fasten your seat belt because this is going to get technical.

World’s Greatest Puzzle

Those around in my Criminal Brief days know that I love puzzles. For me, the ultimate puzzle has been systems software programming, making the machine do what I want. But sometimes I’ve come up against puzzles, some benign, some not, where I didn’t have the source code.

Let’s try an example. What if we found mysterious code in our computer that looked something like this:

confused pseudo code snippet
Mysterious Snippet of Computer Code

If you can’t make sense out of this, you’re not alone. 98% of computer programmers wouldn’t know what to make of it either. But if you look closely, the data populating the upper block looks different from that in the lower block. This is a clue.

Unlike commercial and scientific programs, systems software deals with the operation of the computer itself– utilities, communications, and especially the operating system. The realm of a computer’s internals are abstract, far more so than the Tron movies. Key aspects seldom relate to real-world equivalents. Sure, we say that RAM is a little like notes spread out on your work table and that disc storage is kinda sorta like a file cabinet… but not really. Even the term RAM– random access memory– is misleading; there’s nothing random about it.

Back in the real world, let’s say you want to write a simple program that adds the number of apples and oranges. In most programming languages, this code would look like this:
total = apples + oranges
Internally, a program loads apples and oranges into registers (kind of like keying them into a calculator), adds them, and stores them in a variable called total. If we were to write this in the argot of the computer, we’d use assembly language mnemonics, an abstraction of the computer’s machine language. Deep, deep down in a program, we’d see nothing but numbers where we count…
0, 1, 2, 3, 5, 6, 7, 8, 9, A, B, C, D, E, F
Yes, A-F are digits in this context. Within the computer, our little program above might resemble…

simple pseudo-code program: total=apples+oranges
total = apples + oranges

What isn’t obvious to many programmers is that computer instructions are data. Indeed, some black-hat crackers (the bad guys) have used this property to sneak malware onto unsuspecting computers.

If you look again at the original sneak peek of data, you’ll start to see patterns and may even pick out the machine instructions from our code example above.

clarified pseudo code snippet
Less Mysterious Code Snippet

This puzzle solving is called reverse engineering. It’s possible to write a program called a disassembler (I have) or a de-compiler (I haven’t) to decode the machine language into something more intelligible. The program has to be smart enough to not only separate actual data from instructions, but distinguish the type of data.

As you see, compiling source into binary executable code isn’t a one-way street. With dedication and know-how, reversing the process is well within reach.

How safe do you feel now?