Pages

15 May 2019

U.S. Special Forces school publishes new guide for overthrowing foreign governments

by Tom O’Connor

The official school of the United States’ Special Operations Command has published a new paper detailing a decades-long history of Pentagon-backed interference around the world, hoping to provide insight on how best to approach such efforts in the present and future.

The 250-page study, “Support to Resistance: Strategic Purpose and Effectiveness,” was compiled by Army Special Forces veteran Will Irwin and published earlier this week by the official Joint Special Operations University, where he was a resident senior fellow. Though the report notes that its views “are entirely those of the author,” its findings present a comprehensive look at how the U.S. has supported efforts to pressure, undermine and overthrow foreign governments.

The report includes some 47 case studies spanning from 1941 to 2003, detailing a legacy of mixed results that included assisting partisans against the Axis Power satellites during World War II, bolstering anti-communist forces throughout the Cold War and taking on post-9/11 adversaries in Afghanistan and Iraq. The numerous Washington-orchestrated coups of the past 70 years were “not included in this study as they did not involve legitimate resistance movements.”


“This work will serve as a benchmark reference on resistance movements for the benefit of the special operations community and its civilian leadership,” the report reads.


A guerrilla soldier aims a U.S.-built Stinger surface-to-air missile system at passing aircraft near a remote rebel base in the Safed Koh Mountains, in Afghanistan, on February 10, 1988. Robert Nickelsberg/LiaisonThe cases were broken down into three major support to resistance (STR) categories: disruption, coercion and regime change. The report found that “from 1940 to the present, nearly 70 percent of STR operations were conducted for disruptive purposes,” while “non-disruptive cases were about equally divided between coercion and overthrow.”

Of the 47 cases analyzed, 23 were deemed “successful,” 20 were designated “failures,” two were classified as “partially successful” and two more—both during World War II—were called “inconclusive” as the broader conflict led to an Allied victory anyway. Coercion was the most successful method at a three-quarters rate of success or partial success, while disruption worked just over half the time and regime change only yielded the desired result in 29 percent of the cases reviewed.

Other major findings included observations that most operations “were carried out under wartime conditions, with those being nearly twice as successful as cases conducted under peacetime conditions” and “support to nonviolent civil resistance seems to be more likely to succeed than support to armed resistance.” At the same time, they were also “most effective when conducted in direct support of a military campaign rather than as an independent or main effort operation.”

In eight of the 20 failures found, the author blamed security breaches that clued the enemy in ahead of time, sometimes potentially through coverage in U.S. media, as may have been the case with newspaper stories prior to the abortive CIA-backed Bay of Pigs invasion of Cuba.


U.S. national security adviser John Bolton speaks during the Bay of Pigs Veterans Association lunch at the Biltmore Hotel, in Coral Gables, Florida, on April 17. The Trump administration has evoked the U.S.’ extensive history of intervention against leftist forces across Latin America with new efforts targeting Cuba, Nicaragua and Venezuela. Joe Raedle/Getty ImagesThe paper also acknowledged that this kind of mission “most often addresses immediate issues and short-term rather than longer-term interests,” though it defended unintended consequences of U.S. assistance for Afghan mujahedeen, some of whom went on to form the Taliban and Al-Qaeda, by suggesting the Soviet satellite state they were fighting may have turned out to be an even more formidable enemy.

“One thing common to all 47 cases reviewed in this study is the fact that the targeted state was ruled either by an unfriendly occupying force or by a repressive authoritarian regime,” the author wrote, before asserting that in the present day, “Russia and China have boldly demonstrated expansionist tendencies.”

The U.S. has identified Russia and China as its top rivals in recent years, with President Donald Trump specifically calling the powers out by name in major strategy documents. Under Trump, Washington has also waged economic wars with other stated foes such as Iran, Syria and Venezuela—whose governments the White House has publicly sought to oust, accusing them of human rights abuses as posing a threat to the national security of the U.S. and its allies.

The CIA Sets Up Shop On The Anonymous Dark Web

Lily Hay Newman posted a May 7, 2019 article to the cyber security and technology website, WIRED.com with the title above. I have written several articles over the past two years about the growing popularity and expansion of the Dark Web. Ms. Newman writes that the Dark Web “has long been a tool for intelligence agencies and clandestine communications — not to mention endless cat-and-mouse games between law enforcement and criminals. But now, the CIA is taking a more public presence there.”

“On Tuesday, the CIA announced its own Tor “onion service,” so that people around the world can browse the agency’s website anonymously– or send in history altering tips. Tor is an anonymity network that you can access through a special browser like the Tor browser, that uses its own URLs,” Ms. Newman wrote. “The service protects your IP address and browsing online, by encrypting the traffic and bouncing it around a series of waypoints to make it very difficult to trace.”

Over the past several years, several prominent organizations have established a presence on the Dark Web, including FaceBook in 2014, and the New York Times in 2017. as well as some law enforcement and police organizations; but, “the CIA is the first national intelligence agency to make the leap,” Ms.Newman wrote.

“Our global mission demands that individuals can access us from anywhere,” said Brittany Barnell, Director of Public Affairs told WIRED in a statement prior to the official website launch. “Creating an onion site is just one of the ways we’re going where the people are,” in the digital universe.

“Everything from the CIA’s main website is available on its onion site,” Ms. Newman wrote, “including instructions on how to contact the CIA, and a digital form for submitting tips. There are also job listings, the agency’s archival material, including its World Factbook and, of course, the Kid’s Zone. The main reasons for accessing the CIA’s Tor website is anonymity, and/or, applying for a job,” Ms. Newman noted.

“The CIA’s site is a Version 3 onion service, meaning it has improved cryptographic algorithms and stronger authentication the Tor Project launched at the end of 2017,” Ms. Newman wrote. “In general, it works the same as Version 2 onion sites, except it has a longer address: ciadotgov4sjwlzihbbgxnqg3xiyrg7so2r203lt5wz5ypk4sxystad,onion

Better Late Than Never; But, One Does Wonder About Dark Web Longer Term As DARPA Pursues Totally Anonymous Web

The CIA’s decision falls into the category of “Better late than never.” And, perhaps USCYBERCOM should consider doing the same, if they haven’t already.

According to a February 18, 2018 article by Wagas, which he posted to the cyber security and technology website, HackRead.com, the Dark Web is comprised of some 3,000 databases, containing 200 million unique user accounts, including email addresses, potentially, personal identification information, potential financial accounts, unique IP addresses, unique account identifiers, and other highly sensitive information linked to organizations, and individuals across the globe.”

And, thanks to upgrades/changes to the anonymity tools underlying the Dark Net, in the past year, by the TOR Project, anyone who wants to create their own dark corner of the Internet that’s anonymous, untraceable, and practically undiscoverable without an invite. I say practically, because with enough time, money, resources, and digital talent, I do not think anything digital is entirely untraceable. But, it is much more difficult and challenging to unmask someone on the Dark Web, who takes proactive measures to muddy their digital bread crumbs.

In the spring of 2017, the non-profit Tor Project, began to “upgrade the privacy and security of the so-called, “onion services,” or “hidden services,” that enable the Dark Net’s anonymity,” Andy Greenberg wrote in a January 1, 2017 article posted to WIRED.com. “While the majority of people who run the Tor Project’s software use it to browse the web anonymously; and, circumvent censorship in countries like Iran and China, the group also maintains code that allows anyone to host an anonymous website or server, — the basis for the Dark Net,” he added.

“The next generation of hidden services [upgrades in 2017] will use a clever method to protect the secrecy of those addresses.”Mr. Greenberg wrote. “Instead of declaring their .onion address to hidden service directories, they’ll derive a unique cryptographic key from that address, and give that key to Tor’s hidden service directories. Any Tor user looking for a particular hidden service can perform that same derivation to check the key and route themselves to the correct Dark Net site. But, the hidden service directory can’t derive the .onion address from the key, preventing snoops from discovering any secret Dark Net address,” Mr. Greenberg wrote. “The Tor network isn’t going to give you any way to learn about an onion address you don’t already know,” said Nick Mathewson, co-founder of Tor.

“The result,” Mathewson says “will be Dark Net sites with new, stealthier applications.” “A small group of collaborators could, for instance, host files on a computer known only to them,” Mr. Greenberg wrote. “No one else could ever find that machine, much less access it. You could host a hidden service on your own computer, creating a way to untraceably connect to it from anywhere in the world, while keeping its existence secret from snoops. Mathewson himself, hosts a password protected family wiki and calendar on a Tor hidden service, and now says he’ll be able to do away with the site’s password protection without fear of anyone learning his family’s weekend plans. (Tor already offers a method to make hidden services inaccessible to all but certain Tor browsers, but it involves finicky changes to the browsers configuration files. The new system, Mathewson says, makes that level of secrecy — far more accessible to the average user),” Mr. Greenberg wrote.

“The next generation of hidden services will also switch from using 1024-bit RSA encryption keys to shorter, but tougher-to-crack ED-25519 elliptic curve keys. And, the hidden service directory changes mean that hidden service urls will change to, from 16 characters to 50. But, Mathewson argues that change doesn’t effect the Dark Web’s addresses’ usability since they’re already too long to memorize,” Mr. Greenberg noted.

DARPA Working On A Totally Anonymous Internet

Added to all of this, is news that the Pentagon’s research arm, DARPA, and the original creator of the Internet, is now working on a totally anonymous Internet. Dividbyo posted an April 14, 2019 article to the cyber security and technology website, DeepDotWeb noting that last summer/2018, DARPA quietly announced a new research program known as the Resilient Anonymous Communications for Everyone (RACE) program. The program aims “to develop a completely anonymous, and undetectable method for communicating over the Internet,” the site said. “It appears the RACE program will utilize network stenography to hide messages in other Internet traffic. The proposed distributed messaging system would allow for messages and metadata to be exchanged; and, it would not be possible to alter the information while it is in transit over the network. The RACE program seeks to avoid large-scale targeting, and large-scale compromises, through the use of a combination of stenography (or obfuscation) and encryption,” Dividedbyo wrote.

If it works — so much for the Dark Web; though, the Dark Web really isn’t all that dark as we know. Aside from the fact that this network would practically ensure anonymous digital communication for the individual, the creation of such an entity has huge implications for law enforcement, intelligence agencies, the military, people living in oppressed societies like North Korea, and of course the criminal element and/or the darker digital angels of our nature. The off-the-griders of course would also be interested. I hope DARPA has wargammed the pros and cons of such a system/network, and what some of the unintended consequences — both good and bad — are likely to be. Being able to communicate clandestinely digitally, as well as download and transmit information without the host knowing that you were ever in their network is a big advantage. Especially being able to download and transmit the info in an encrypted manner — without the data being corrupted in some fashion during the transfer — would also have significant intelligence, law enforcement, and other benefits. But, what is the downside of this technology? and, are we opening some kind of digital Pandora’s Box that could come back to haunt us in ways we do not expect or understand very well. The digital adversary…..gets a vote. And my guess is, the United States isn’t the only nation-state that is working on this kind of technology. China, Russia, and a few other nation states, not to mention some of the larger social media conglomerates are probably also pursuing similar technologies. And of course, I would guess that the Trusted Insider Threat would not be solved by this new technology/technique — so, the network or system would still have some vulnerability — beyond the threat that a user’s device might be compromised. One wonders if there is a way to include the ability to ferret out denial and deception, stay-behinds, and digital time bombs as well. What happens, if the anonymous network is breached in any significant fashion? Are stand-alone networks, dummy networks, infected networks, armored networks, hijacking networks, and so on — emerge? RCP, fortunascorner.com

The Strange Journey Of An NSA Zero-Day Vulnerability Into Multiple Enemies Hands; The Digital Boomerang Effect; Did Edward Snowden Play A Role?

The title above comes from Andy Greenberg’s May 7, 2019 article in the cyber security and technology publication, WIRED.com. Mr. Greenberg begins by explaining that “the notion of a zero-day vulnerability in software is supposed to mean, by definition, that it’s secret.The term refers to a hackable flaw in code that the software maker doesn’t know about, but, a hacker does — in some cases offering that hacker a powerful, stealthy, skeleton key into the hearts of millions of computers. But according to new findings from the cyber security and technology firm, Symantec, one extraordinarily powerful flaw in Microsoft software, at one point remained “Secret,” to Microsoft, while at least three active hacker groups knew about it,” Mr. Greenberg notes. “And, both before and after that secret became public in early 2017, it took a long, strange trip through the hands of intelligence agencies around the world, enabling years of espionage, and eventually, mayhem.”

On Monday, Symantec “revealed that it had traced how a hacker group it calls Buckeye — also known as APT3, or Gothic Panda, and widely believed to be a contractor of the Chinese Ministry of Security Services — used NSA hacking tools, apparently intercepted from the networks of NSA targets and repurposed those tools to use against other victims, including U.S. allies,” Mr. Greenberg wrote. “Most notably, Symantec said, the Chinese groups’ hacking had implanted an NSA backdoor on the network of its victims,’ using a zero-day vulnerability in Microsoft’s Server Message Block (SMB) software, also seemingly learned by studying [reverse engineering] NSA’s hacking tools.”

“That newly revealed hijacking of NSA’s intrusion [intelligence collection] techniques doesn’t just dredge up longstanding questions about how and when the NSA should secretly exploit software vulnerabilities to use for spying, rather than help software companies fix them,” Mr. Greenberg wrote. “It also adds another chapter to this strange story of this particular zero-day’s journey: Created by the NSA, intercepted by China, later stolen, and leaked by another mysterious hacker group known as the Shadow Brokers, and ultimately used by North Korea and Russia in two of the most damaging and costly cyber attacks in history.”

“Based on what we know historically, it’s extremely unusual to have a zero-day be utilized like this by multiple groups, some of them unbeknownst to each other, for years,” said Eric Chien, a Symantec security analyst. “I can’t think of another case where something like this has ever happened.”

“With the addition of the Symantec findings, here’s what we know about the timeline of that zero-day’s path,” Mr. Greenberg wrote.

Born At The NSA

“The SMB vulnerability — labelled as CVE-2017-0143V and CVE-2017-0144, in two slightly different forms — appears to have been first discovered by NSA sometime before 2016,” Mr. Greenberg wrote; “though, the NSA has never publicly admitted to having used it; it wouldn’t be tied to the agency until it leaked in 2017, revealing its integration in NSA tools called EternalBlue, EternalRomance, and EternalSynergy.”

“The SMB zero-day, no doubt represented a kind of precious specimen for the agency’s spies: Microsoft’s SMB feature allows the sharing of files between PCs,” Mr. Greenberg wrote. “But, NSA’s researchers found that it [the zero-day] could be tricked into confusing harmless data with executable commands that an attacker injected via SMB into a computer’s memory. That made it a rare entry point that the NSA’s hackers could use to run their own code on practically any Windows machine with no interaction from the target user, and one that offered access to the computer’s kernel, the deepest part of its operating system.” “It’s exactly the kind of vulnerability someone would want,” Chien said.”The target doesn’t have to open a document, or open a website. You have a machine on the Internet and I can get you with it. I immediately have the highest privileges available to me.”

Or, as Matthew Hickey, founder of the cyber security firm, Hacker House, at one point described it: “It’s Internet God mode.”

“Symantec found that by March 2016, the SMB zero-day had been obtained by the Chinese BuckEye [hacking] group, which was using it in a broad spying campaign,” Mr. Greenberg wrote. “The BuckEye hackers seemed to have built their own hacking tool from the SMB vulnerability; and just as unexpectedly, were using it on the victim’s computers to install the same backdoor tool, called DoublePulsar, that the NSA had installed on its targets’ machines. That suggests the hackers hadn’t merely chanced upon the same vulnerability in their research — what the security world calls bug collision; they seemed to somehow have obtained parts of the NSA’s [intelligence collection] toolkit.”

“Symantec researchers say they still don’t how the BuckEye hackers got the NSA’a hacking secrets,” Mr. Greenberg wrote. “But, Symantec’s Chien said “their theory is the tools were found in victims’ networks, reverse-engineered, and repurposed.” “It doesn’t look like they had the exploit executables,” said Jake Williams, a former NSA hacker and now founder of the cyber security firm, Rendition InfoSec, who reviewed Symantec’s findings. “But, it’s possible they were able to steal them [when they were] being thrown at targets by monitoring network communications.”

“Symantec said it detected BuckEye hackers in five different intrusions, stretching from March 2016, to August 2017, all using the combination of the SMB exploit, and the NSA’s backdoor exploit, DoublePulsar,” Mr. Greenberg wrote. “Those intrusions, all seemingly bent on espionage, hit telecommunications companies, as well as research and educational organizations in Hong Kong, the Philippines, Vietnam, Belgium, and Luxembourg.”


No comments:

Post a Comment