Posted on

Facing limits of remote hacking, Army cybers up the battlefield

Enlarge / FORT IRWIN, California – Spc. Nathaniel Ortiz, Expeditionary CEMA (Cyber Electromagnetic Activities) Team (ECT), 781st Military Intelligence Battalion, "conducts cyberspace operations" at the National Training Center at Fort Irwin, Calif., May 9, 2017. (credit: Bill Roche, U.S. Army Cyber Command)

The US military and intelligence communities have spent much of the last two decades fighting wars in which the US significantly over-matched its opponents technologically—on the battlefield and off. In addition to its massive pure military advantage, the US also had more sophisticated electronic warfare and cyber capabilities than its adversaries. But those advantages haven't always translated into dominance over the enemy. And the US military is facing a future in which American forces in the field will face adversaries that can go toe to toe with the US in the electromagnetic domain—with disastrous physical results.

That's in part why the Army Cyber Command recently experimented with putting "cyber soldiers" in the field as part of an exercise at the Army's National Training Center at Fort Irwin, California. In addition to fielding troops to provide defensive and offensive cyber capabilities for units coming into NTC for training, the Army has also been arming its opposition force (the trainers) with cyber capabilities to demonstrate their impact.

That impact was demonstrated clearly in May, when an armored unit staging a simulated assault at NTC was stopped dead in its tracks by jamming of communications. As the unit's commanders attempted to figure out what was wrong, a simulated artillery barrage essentially took the unit out of action.

Read 6 remaining paragraphs | Comments

Posted on

Facing limits of remote hacking, Army cybers up the battlefield

Enlarge / FORT IRWIN, California – Spc. Nathaniel Ortiz, Expeditionary CEMA (Cyber Electromagnetic Activities) Team (ECT), 781st Military Intelligence Battalion, "conducts cyberspace operations" at the National Training Center at Fort Irwin, Calif., May 9, 2017. (credit: Bill Roche, U.S. Army Cyber Command)

The US military and intelligence communities have spent much of the last two decades fighting wars in which the US significantly over-matched its opponents technologically—on the battlefield and off. In addition to its massive pure military advantage, the US also had more sophisticated electronic warfare and cyber capabilities than its adversaries. But those advantages haven't always translated into dominance over the enemy. And the US military is facing a future in which American forces in the field will face adversaries that can go toe to toe with the US in the electromagnetic domain—with disastrous physical results.

That's in part why the Army Cyber Command recently experimented with putting "cyber soldiers" in the field as part of an exercise at the Army's National Training Center at Fort Irwin, California. In addition to fielding troops to provide defensive and offensive cyber capabilities for units coming into NTC for training, the Army has also been arming its opposition force (the trainers) with cyber capabilities to demonstrate their impact.

That impact was demonstrated clearly in May, when an armored unit staging a simulated assault at NTC was stopped dead in its tracks by jamming of communications. As the unit's commanders attempted to figure out what was wrong, a simulated artillery barrage essentially took the unit out of action.

Read 6 remaining paragraphs | Comments

Posted on

Infragard Atlanta, an FBI affiliate, hacked by LulzSec

Infragard logoIn a self-titled hack attack called “F**k FBI Friday” the hacking group known as LulzSec has published details on users and associates of the non-profit organization known as Infragard.

Infragard describes itself as a non-profit focused on being an interface between the private sector and individuals with the FBI. LulzSec published 180 usernames, hashed passwords, plain text passwords, real names and email addresses.

Where did the plain text passwords come from? Considering LulzSec was able to decrypt them it would imply that the hashes were not salted, or that the salt used was stored in an insecure manner.

One interesting point to note is that not all of the users passwords were cracked… Why? Because these users likely used passwords of reasonable complexity and length. This makes brute forcing far more difficult and LulzSec couldn’t be bothered to crack them.

In addition to stealing data from Infragard, LulzSec also defaced their website with a joke YouTube video and the text “LET IT FLOW YOU STUPID FBI BATTLESHIPS” in a window titled “NATO – National Agency of Tiny Origamis LOL”.

Infragard Atlanta's defaced website

Aside from defacing their site and stealing their user database, they tested out the users and passwords against other services and discovered many of the members were reusing passwords on other sites – an violation of FBI/Infragard guidelines.

LulzSec singled out one of these users, Karim Hijazi, who used his Infragard password for both his personal and corporate Gmail accounts according to the hackers.

They’ve published a BitTorrent with what they claim are nearly 1000 of Hijazi’s corporate emails and a IRC chat transcript that proclaims to be a conversation they had with him.

They also disclosed a list of personal information including his home address, mobile phone and other details.

It’s hard to say when these attacks will end, but a great start would be to carefully analyze your security practices and ensure that your data is properly encrypted and to regularly scan your servers for vulnerabilities.

As for LulzSec? It appears they have declared war on one of the premier police forces in the world… Their fate remains a mystery.