Threat Level Thursday: The NSA, Emergency 911 Vulnerabilities, China, and North Korea
This week's Threat Level Thursday features two new revelations about the NSA, 911 cybersecurity, more hacking from China, and North Korea puffs its chest out. Again.
NSA and FBI Spy on U.S. Muslims and NSA Incidentally Collects Lots of Data on Regular People
A new report from The Intercept reveals that the NSA and FBI have been keeping tabs on five prominent Muslims for no apparent reason.
According to The Intercept, the monitoring was labeled in Snowden's archives as "FISA recap." FISA stands for the Foreign Intelligence Surveillance Act. Under FISA, law enforcement officials such as the NSA and FBI can ask a judge in the secret FISA court to grant them warrants against American citizens by claiming they could be agents of outside threats.
The five Muslims in question include a political candidate, civil rights activists, academics and lawyers. While there is no solid evidence why their emails were monitored, Asim Ghafoor, an attorney who has taken on terrorism-related cases believes his name and past are all the reasons the government needed.
"I believe that they tapped me because my name is Asim Abdur Rahman Ghafoor, my parents are from India, I travelled to Saudi Arabia as a young man, and I do the pilgrimage," said Ghafoor after being told that no non-Muslim attorneys who defended terror suspects were on the list. "Yes, absolutely I believe that had something to do with it."
Before The Intercept revealed those spy activities, The Washington Post published an exposé on the day after Independence Day showing that the NSA also collects data from vast numbers of untargeted individuals — i.e., regular people who happen to electronically cross paths with a target. According to the report, which we covered in great detail, nine out of 10 accounts in the secret FISA data files collected by the NSA, and subsequently leaked by Snowden, weren't targeted for surveillance. But the NSA retains that data anyway.
Emergency 911
Threats from hackers aren't just limited to digital slipups. In fact, they could get in the way of real-life medical emergencies. Jeremy Willingham from TeleCommunication Systems stressed at the National Emergency Number Association seminar on cybersecurity that measures for public safety access points (PSAPs) are incredibly important, yet lacking. PSAPs are responsible for routing emergency 911 calls to proper responders.
"There are many different ways for them to attack-traditional trafficking, malware, physical attack," Willingham said. "Telephony denial service is one of the biggest ways to attack PSAPs."
Even the underlying infrastructure is at risk.
"When someone attacks your modem, they can shut down, alter, or worse, redirect communication," he said.
Don't worry, there's got to be a bright side to the horrific reality of having your 911 system hacked through malicious software... right?
Not really. In fact, Willingham also stressed the reality that many attacks end up involving insiders. Whether it's disgruntled employees or incompetent ones disclosing information they shouldn't, companies need to help their workers understand the level of trust involved, Willingham said.
"The thing to remember is that you never know how or why someone may come after you," said Willingham.
China's Crude Hacks
The Department of Homeland Security confirmed that Chinese hackers had snuck into federal computers containing the information of all federal employees. Whether or not they are connected to the government has not been confirmed, but officials are worried because although there are attempts every second on U.S. records, they usually do not get through. What's worse is that the records in question seemed to be personnel with high security clearances.
An emergency team is being assembled to assess the situation, and Homeland Security has said that it has not "identified any loss of personally identifiable information."
Even more evidence of Chinese hacking U.S. targets surfaced recently thanks to cybersecurity firm CrowdStrike. This time it's hacker group "DEEP PANDA," which is affiliated with the Chinese government, says CrowdStrike co-founder and chief technology officer Dmitri Alperovitch.
According to CrowdStrike data, DEEP PANDA began targeting Middle East experts at major U.S. think tanks involved in Iraq and Middle East issues. The group usually goes after Asia experts, so why the "radical" change? CrowdStrike happened to notice that DEEP PANDA became interested in the Middle East after Sunni extremists gained control of Iraq's largest oil refinery. Coincidence? Remember that China is the largest investor in Iraq oil and that is the fifth-largest exporter of crude oil to China's.
"Thus, it wouldn't be surprising if the Chinese government is highly interested in getting a better sense of the possibility of deeper U.S. military involvement that could help protect the Chinese oil infrastructure in Iraq," Alperovitch said in a blog post. "In fact, the shift in targeting of Iraq policy individuals occurred on June 18, the day that ISIS began its attack on the Baiji oil refinery."
North Korea Doubles Its Cyber Army
North Korea is at it again, this time attacking the South through cyberwarfare. The country has reportedly almost doubled its cyberwar unit over the last two years.
"The communist country operates a hacking unit under its General Bureau of Reconnaissance, which is home to some 1,200 professional hackers," said an unnamed military source in an AFP report.
North Korea, naturally, has denied any wrongdoing, although there has been plenty of evidence in the past that attacks on South Korean government agencies, TV stations, military institutions and banks originated from there.
For more stories like this, follow us on Twitter!