03/31/20

Rogue Nations Competing with the X-37B

By: Denise Simon | Founders Code

America’s four greatest adversaries are investing in systems that can take out satellites on orbit, including funding laser systems, nuclear power, and satellites that shadow American space vehicles.

Russia, China, Iran, and North Korea are each researching counter-space capabilities — kinetic or non-kinetic ways to taking out systems in space — according to the annual Global Counter-space Capabilities report, released by the Secure World Foundation.

Defense News was given an exclusive preview of the report, which will available later today and was edited by Brian Weeden and Victoria Samson.

For the first time, the report includes data on the space situational awareness (SSA) capabilities of countries — that is, the ability of nations to track what is moving in various orbits. Japan and India are two nations investing heavily in that area, according to the report, while Iran appears to lag behind.

“This is important because you can’t protect [against] what you can’t see,” said Samson, the organization’s Washington office director. “This doesn’t mean that developing an SSA capability is an indication of an offensive counter-space program, as there are many reasons why you would want that capability. But it is needed if you want to go offensive.”

She also highlighted the fact that in the last year, four of the countries with counter-space investments — India, Japan, France, and the U.S. — have launched new military organizations specifically to deal with space-related issues, including a focus, at least in part, on counter-space efforts. In addition, the NATO alliance declared space an “operational domain” in December.

The vast majority of counter-space capabilities continue to reside with Russia, China, and the United States, but other nations are funding programs as well. France, India, Japan, Iran, and North Korea are all known to be at least investing some money in counter-space efforts, whether through ballistic missile programs or non-kinetic means such as cyberattacks.

The most prominent counter-space example of the last year came from India, which in March controversially launched a missile at one of its satellites, blowing it up and spewing shrapnel around low-earth orbit.

So is a counter-space arms race underway? The authors say no, at least in the context of the nuclear arms race where each country is trying to match the other capability for capability.

Instead, “this is about developing a range of offensive and defensive capabilities to go after an opponent’s space assets while protecting your own,” said Weeden, the organization’s director of program planning. “And I think that’s unfortunately inevitable because more and more countries are using space for military purposes. That drives increased interest in how to counter those uses.”

Added Samson, “it now seems that if you want to be considered a major space power, it’s not enough to have your own satellites, or the ability to launch them, or even the ability to launch other country’s satellites. You want your own counter-space capability.”

The big three

When Pentagon and White House officials talked about the need for a Space Force last year, leaders emphasized a growing threat in space.

“For all their posturing about who’s ‘weaponizing’ space, the big three are all working on a lot of the same technologies and doing a lot of the same things,” particularly rendezvous and proximity operations (RPO) where satellites can maneuver near another nation’s system, said Weeden.

The big three, in this case, are China, Russian and the United States.

China has run multiple maneuvers with its space-based systems that may be RPO-related, but it’s hard to know whether those capabilities are being developed for counter-space use as opposed to intelligence gathering, the report said.

When it comes to Chinese capabilities, Weeden said to focus on the ground-based anti-satellite weaponry — perhaps not a surprise, given China declared itself a player in counter-space technology by destroying one of its own satellites in 2007.

Beijing is investing in at least one, and perhaps as many as three, kinetic anti-satellite capabilities, “either as dedicated counter-space systems or as mid-course missile defense systems that could provide counter-space capabilities,” according to the report.

“It was robustly tested and appears to be operationally deployed,” Weeden said of those capabilities. “As long as the U.S. still relies on small numbers of very expensive satellites in LEO, I think it will prove to be a significant deterrent.”

While China often becomes the focus of public comments from Defense officials, Weeden said to keep an eye on Moscow, as he was “a bit shocked by the breadth of Russian counter-space programs. For all the concern and hype in the U.S. about China, Russia seems to be putting the most into counter-space.”

Those efforts include the Nudol, a ground-launched ballistic missile designed to be capable of intercepting targets in low-earth orbit; three different programs focused on RPO capabilities; the rebirth of a 1980s era program involving a large laser, to either dazzle or damage a satellite, carried about an IL-76MD-90A transport aircraft; a newly-discovered program called Ekipazh, which involves a nuclear reactor to power a large payload of on-orbit jammers; and what Weeden describes as a “massive” upgrade to SSA capabilities.

“All of that spells a very potent, more operationally-integrated, and more battle-tested package than what I’m seeing in China,” he warned. He added that he believes the public focus on China to be “part of the broader narrative the Trump administration is trying to push with China being the long-term threat they want to focus on. It also helps sell the narrative they’re trying to push on human spaceflight and exploration as well.”

As for the United States, the military has focused more on SSA and defensive counter-space capabilities, a trend Weeden says is due to America being the most reliant on space of the three countries, and hence must “protect its capabilities if it hopes to win a future conflict against Russia or China.” America’s SSA capabilities, in particular, remain well ahead of the rest of the world.

Which isn’t to say the U.S. is skipping out on counter-space investments either. America has a number of options for electronic warfare in space, including proven capabilities to jam enemy receivers within an area of operations; assets with RPO capabilities; and operational midcourse missile defense interceptors that have been demonstrated against low orbit satellites. In addition, there are plans to invest in prototyping directed energy capabilities for space.

One capability to keep an eye on is the X-37B, a spaceplane program that has made five trips into orbit and back to earth. In total, the spacecrafts have spent 2,865 days on orbit cumulatively over its five missions, with its last trip consisting of 780 days in space — more than two years.

The Air Force has been secretive about X-37B missions, often talking broadly about it conducting experiments in space; analysts have long believed that the mission set has at least something to do with counter-space capabilities. That belief was only strengthened by what happened during its last trip during which researchers believe it was used to launch a trio of small CubeSats that were not registered in international tracking databases.

“The secret deployment of multiple small satellites raises additional questions about the mission of the X-37B. It suggests that the X-37B may have a mission to serve as a covert satellite deployment platform. The secrecy surrounding both the X-37B and the deployment may indicate they are part of a covert intelligence program, but it may also indicate the testing of offensive technologies or capabilities,” the authors wrote in the report. “The failure to even catalog the deployed satellites, something that is done even for classified U.S. military and intelligence satellites, calls into question the trustworthiness of the public SSA data provided by the U.S. military.”

And that creates potential diplomatic issues, at a time that the need for open discussions about space capabilities across nations should be growing, warned Samson.

“The Russians and Chinese have always pointed at the secrecy surrounding the X-37B program as evidence of malevolent intentions by the United States,” she said. “The fact that the U.S. released objects from the X-37B and didn’t register them feeds absolutely into that narrative and causes ripple effects that harm other multilateral discussions on space security and stability.”

03/31/20

Google Sent Users 40,000 Warnings

By: Denise Simon | Founders Code

Primer questions: Did other tech companies do the same and if so, how many? What does Congress know and where are they with a real cyber policy?

Google’s threat analysis group, which counters targeted and government-backed hacking against the company and its users, sent account holders almost 40,000 warnings in 2019, with government officials, journalists, dissidents, and geopolitical rivals being the most targeted, team members said on Thursday.

The number of warnings declined almost 25 percent from 2018, in part because of new protections designed to curb cyberattacks on Google properties. Attackers have responded by reducing the frequency of their hack attempts and with being more deliberate. The group saw an increase in phishing attacks that impersonated news outlets and journalists. In many of these cases, attackers sought to spread disinformation by attempting to seed false stories with other reporters. Other times, attackers sent several benign messages in hopes of building a rapport with a journalist or foreign policy expert. The attackers, who most frequently came from Iran and North Korea, would later follow up with an email that included a malicious attachment.

Color-coded Mercator projection of the world.

“Government-backed attackers regularly target foreign policy experts for their research, access to the organizations they work with, and connections to fellow researchers or policymakers for subsequent attacks,” Toni Gidwani, a security engineering manager in the threat analysis group, wrote in a post.

Top targets

Countries with residents that collectively received more than 1,000 warnings included the United States, India, Pakistan, Japan, and South Korea. Thursday’s post came eight months after Microsoft said it had warned 10,000 customers of nation-sponsored attacks over the 12 previous months. The software maker said it saw “extensive” activity from five specific groups sponsored by Iran, North Korea, and Russia.

Thursday’s post also tracked targeted attacks carried out by Sandworm, believed to be an attack group working on behalf of the Russian Federation. Sandworm has been responsible for some of the world’s most severe attacks, including hacks on Ukrainian power facilities that left the country without electricity in 2015 and 2016NATO and the governments of Ukraine and Poland in 2014, and according to Wired journalist Andy Greenberg, the NotPetya malware that created worldwide outages, some that lasted weeks.

The following graph shows Sandworm’s targeting of various industries and countries from 2017 to 2019. While the targeting of most of the industries or countries was sporadic, Ukraine was on the receiving end of attacks throughout the entire three-year period:

Sandworm’s targeting efforts (mostly by sector) over the last three years.
Enlarge / Sandworm’s targeting efforts (mostly by sector) over the last three years.
Google

Tracking zero-days

In 2019, the Google group discovered zero-day vulnerabilities affecting Android, iOS, Windows, Chrome, and Internet Explorer. A single attack group was responsible for exploiting five of the unpatched security flaws. The attacks were used against Google, Google account holders, and users of other platforms.

“Finding this many zeroday exploits from the same actor in a relatively short time frame is rare,” Gidwani wrote.

The exploits came from legitimate websites that had been hacked, links to malicious websites, and attachments embedded in spear-phishing emails. Most of the targets were in North Korea or were against individuals working on North Korea-related issues.

The group’s policy is to privately inform developers of the affected software and give them seven days to release a fix or publish an advisory. If the companies don’t meet that deadline, Google releases its own advisory.

One observation that Google users should note: of all the phishing attacks the company has seen in the past few years, none has resulted in a takeover of accounts protected by the account protection program, which among other things makes multifactor authentication mandatory. Once people have two physical security keys from Yubi or another manufacturer, enrolling in the program takes less than five minutes.

03/31/20

FBI Abuse Of FISA Much Worse Per New Report

By: Denise Simon | Founders Code

FBI problems with FISA warrants extend beyond Russia case, DOJ watchdog warns

The Justice Department’s chief watchdog issued an extraordinary warning Tuesday that the FBI is failing to follow its own rules when pursuing surveillance warrants in sensitive intelligence and terrorism cases, confirming that problems first exposed in the Russia collusion probe extend to other cases.

Among the problems cited was a failure by agents to substantiate allegations submitted to courts, similar to the missteps the FBI made in failing to ensure allegations in the Steele dossier back in 2016 were verified before securing a FISA warrant targeting the Trump campaign and former adviser Carter Page.

The report found that investigators:

  • could not review original Woods Files for four of the 29 selected FISA applications because the FBI has not been able to locate them and, in 3 of these instances, did not know if they ever existed;
  • identified apparent errors or inadequately supported facts in all of the 25 applications we reviewed;
  • identified deficiencies in documentary support and application accuracy;
  • interviewed FBI officials who indicated to us that there were no efforts by the FBI to use existing FBI and National Security Division oversight mechanisms to perform comprehensive, strategic assessments of the efficacy of the Woods Procedures or FISA accuracy.

Sen. Charles Grassley, R-Iowa, a senior member of the Judiciary Committee who played a key role in exposing FISA abuses during the Russia probe, said Horowitz’s memo shows the problems first exposed with the faulty Carter Page warrant were “just the tip of the iceberg.”

“Not a single application from the past five years reviewed by the inspector general was up to snuff. That’s alarming and unacceptable,” Grassley said.

“The FBI has an important job to protect our national security, but it does not have carte blanche to routinely erode the liberties of Americans without proper justification. Oversight mechanisms like the Woods Procedures exist for a reason, and if the FBI wants to restore its reputation among the American people, it had better start taking them seriously,” he added.

Sally Moyer not ‘Agent 5’ in IG report on FBI

The final report just issued in .pdf is found here.

Additionally, NR has this summary in part:

Horowitz’s office said in a report released Tuesday that of the 29 applications — all of which involved U.S. citizens – that were pulled from “8 FBI field offices of varying sizes,” the FBI could not find Woods Files for four of the applications, while the other 25 all had “apparent errors or inadequately supported facts.”

“While our review of these issues and follow-up with case agents is still ongoing—and we have not made materiality judgments for these or other errors or concerns we identified—at this time we have identified an average of about 20 issues per application reviewed, with a high of approximately 65 issues in one application and less than 5 issues in another application,” the report reveals.

The Woods Procedure dictates that the Justice Department verify the accuracy and provide evidentiary support for all facts stated in its FISA application. The FBI is required to share with the FISA Court all relevant information compiled in the Woods File when applying for a surveillance warrant.

“FBI and NSD officials we interviewed indicated to us that there were no efforts by the FBI to use existing FBI and NSD oversight mechanisms to perform comprehensive, strategic assessments of the efficacy of the Woods Procedures or FISA accuracy, to include identifying the need for enhancements to training and improvements in the process, or increased accountability measures,” the report states.

The OIG concludes by recommending that the FBI “systematically and regularly examine the results of past and future accuracy reviews to identify patterns or trends in identified errors” relating to the Woods Procedure, as well as double-checking “that Woods Files exist for every FISA application submitted to the FISC in all pending investigations.”

In a letter acknowledging the audit, FBI Associate Deputy Director Paul Abbate said that the issues “will be addressed” by the Bureau’s already-issued correctives after the Carter Page review, and added that “the FBI fully accepts the two recommendations.”

McCabe admitted in January that the FBI has an “inherent weakness in the process” of obtaining FISA warrants.