Carbon Chemist

Tag: department of defense

  • Senators Warn the Pentagon: Get a Handle on China’s Telecom Hacking

    Senators Warn the Pentagon: Get a Handle on China’s Telecom Hacking

    [ad_1]

    The senators also provide evidence in their letter that US telecoms have worked with third-party cybersecurity firms to conduct audits of their systems related to the telecom protocol known as SS7 but have declined to make the results of these evaluations available to the Defense Department. “The DOD has asked the carriers for copies of the results of their third-party audits and were informed that they are considered attorney-client privileged information,” the department wrote in answer to questions from Wyden’s office.

    The Pentagon contracts with major US carriers for much of its telecom infrastructure, which means that it inherits any potential corporate security weaknesses they may have but also the legacy vulnerabilities at the heart of their telephony networks.

    AT&T and Verizon did not respond to multiple requests for comment from WIRED. T-Mobile was also reportedly breached in the Salt Typhoon campaign, but the company said in a blog post last week that it has seen no signs of compromise. T-Mobile has contracts with the Army, Air Force, Special Operations Command, and many other divisions of the DOD. And in June, it announced a 10-year, $2.67 billion contract with the Navy that “will give all Department of Defense agencies the ability to place orders for wireless services and equipment from T-Mobile for the next 10 years.”

    In an interview with WIRED, T-Mobile chief security officer Jeff Simon said that the company recently detected attempted hacking activity coming from its routing infrastructure by way of an unnamed wireline partner that suffered a compromise. T-Mobile isn’t certain that the “bad actor” was Salt Typhoon, but whoever it was, Simon says the company quickly stymied the intrusion attempts.

    “From our edge routing infrastructure you can’t get to all of our systems—they’re somewhat contained there and then you need to try to move between that environment and another one in order to gain more access,” Simon says. “That requires them to do things that are rather noisy and that’s where we were able to detect them. We’ve invested heavily in our monitoring capabilities. Not that they’re perfect, they never will be, but when someone’s noisy in our environment, we like to think that we’re going to catch them.”

    In the midst of the Salt Typhoon chaos, T-Mobile’s assertion that it did not suffer a breach in this instance is noteworthy. Simon says that the company is still collaborating with law enforcement and the telecom industry more broadly as the situation unfolds. But it is no coincidence that T-Mobile has invested so extensively in cybersecurity. The company had suffered a decade of repeated, vast breaches, which exposed an immense amount of customer data. Simon says that since he joined the company in May 2023, it has undergone a significant security transformation. As one example, the company implemented mandatory two-factor authentication with physical security keys for all people who interact with T-Mobile systems, including all contractors in addition to employees. Such measures, he says, have drastically reduced the risk of threats like phishing. And other improvements in device population management and network detection have helped the company feel confident in its ability to defend itself.

    “The day we did the transition, we cut off a number of people’s access, because they hadn’t gotten their YubiKeys yet. There was a line out the door of our headquarters,” Simon says. “Every life form that accesses T-Mobile systems has to get a YubiKey from us.”

    Still, the fact remains that there are fundamental vulnerabilities in US telecom infrastructure. Even if T-Mobile successfully thwarted Salt Typhoon’s latest intrusion attempts, the espionage campaign is a dramatic illustration of long-standing insecurity across the industry.

    “We urge you to consider whether DOD should decline to renew these contracts,” the senators wrote, “and instead renegotiate with the contracted wireless carriers, to require them to adopt meaningful cyber defenses against surveillance threats.”

    Additional reporting by Dell Cameron.

    [ad_2]

    Source link

  • The US Army’s Vision of Soldiers in Exoskeletons Lives On

    The US Army’s Vision of Soldiers in Exoskeletons Lives On

    [ad_1]

    This newfound push appears to have yielded several fresh experiments with exoskeleton technology in recent years. In 2018, Lockheed Martin was awarded a $6.9 million contract to “enhance” its ONYX exosuit for future Army demonstrations (Accetta, the DEVCOM spokesman, tells WIRED that initiative was ended due to a “number of technical issues” and lack of funding). Similarly, the service has been testing the Dephy ExoBoot for at least the last several years. In August 2022, the Army unveiled an (unpowered) exoskeleton dubbed the Soldier Assistive Bionic Exosuit for Resupply (SABER) to reduce lower back pain and physical stress among service members in the field; according to a 2023 study, 90 percent of soldiers who used the exosuit during field artillery training exercises reported an increased ability to perform their assigned tasks. And the Army isn’t the only branch exploring exoskeletons: Later in 2022, the Air Force announced that the service was testing its own pneumatically powered exosuit developed by ROAM Robotics to help aerial porters load up cargo aircraft like the C-17 Globemaster III.

    The Fort Sill exoskeleton trial isn’t just the latest installment in a seven-decade push to meld man and machine; it’s also representative of the service’s cautious, restrained approach to the technology. Although US military planners may have long aspired to build an army of those so-called servo soldiers to dominate the future battlefield, current exoskeleton research efforts appear laser focused on more modest and potentially attainable applications like logistics and resupply rather than combat engagements. Slowly but surely, the Pentagon is carefully examining whether a robotic assist will help service members carry more for longer downrange.

    But the Pentagon doesn’t appear to have totally given up on its dream of a powered exoskeleton as the basis for an armored battlesuit just yet. The 2017 Army RAS strategy, despite its emphasis on lightening soldier loads, also posited the long-term goal of building a “warrior suit” with “integrated displays that aggregates a common operating picture, provides intelligence updates, and integrates indirect and direct fire weapons systems”—capabilities not unlike those imagined with a notional Starship Troopers mobile infantry or Iron Man suit-clad operator and explored with the TALOS initiative. As of a few years ago, at least one Army official was still talking about such a suit as a long-term effort that could potentially become a reality sometime in the 2040s.

    Today, however, that idea appears to be in hibernation, if not fully dead. When asked about the “warrior suit” effort, DEVCOM officials threw cold water on the entire concept as “the professional vision of one person” and “not to be considered (even at the time) as an official Army position,” despite its explicit mention in the 2017 RAS document.

    “The ‘warrior suit’ never existed as such, it was never considered a ‘warrior suit’—at least not by the Army—but a proof of concept, meaning, ‘Would something like this help manage load while on the move?’’ Accetta says. “The number of technical, integration, design, power, ergonomic, and so on concerns were not trivial.”

    “The project is not abandoned, it’s simply inactive,” he adds. “And if it ever were to become active, we doubt highly it would be called a ‘warrior suit.’”

    [ad_2]

    Source link

  • A Vigilante Hacker Took Down North Korea’s Internet. Now He’s Taking Off His Mask

    A Vigilante Hacker Took Down North Korea’s Internet. Now He’s Taking Off His Mask

    [ad_1]

    “That’s not nice, and it’s not a good norm,” says Schneider. She says that much of the US government’s slow approach to cyberattacks stems from its care to ensure it avoids unintentionally hitting civilians as well as breaking international law or triggering dangerous blowback.

    Still, Schneider concedes that Caceres and Angus have a point: The US could be using its cyber forces more, and some of the explanations for why it doesn’t amount to bureaucracy. “There are good reasons, and then there are bad reasons,” says Schneider. “Like, we have complicated organizational politics, we don’t know how to do things differently, we’re bad at using this type of talent, we’ve been doing it this way for 50 years, and it worked well for dropping bombs.”

    America’s offensive hacking has, by all appearances, gotten less aggressive and less nimble over the past half decade, Schneider points out. Starting in 2018, for instance, General Paul Nakasone, then the head of Cyber Command, advocated a “defend forward” strategy aimed at taking cyber conflict to the enemy’s network rather than waiting for it to occur on America’s turf. In those years, Cyber Command launched disruptive hacking operations designed to cripple Russia’s disinformation-spouting Internet Research Agency troll farm and take down the infrastructure of the Trickbot ransomware group, which some feared at the time might be used to interfere in the 2020 election. Since then, however, Cyber Command and other US military hackers appear to have gone relatively quiet, often leaving the response to foreign hackers to law enforcement agencies like the FBI, which face far more legal constraints.

    Caceres isn’t entirely wrong to criticize that more conservative stance, says Jason Healey, who until February served as a senior cybersecurity strategist at the US Cybersecurity and Infrastructure Security Agency. He responds to Caceres’ cyberhawk arguments by citing the Subversive Trilemma, an idea laid out in a 2021 paper by the researcher Lennart Maschmeyer: Hacking operations have to choose among intensity, speed, and control. Even in earlier, more aggressive years, US Cyber Command has tended to turn up the dial for control, Healey says, prioritizing it over those other variables. But he notes there may in fact be certain targets—such as ransomware gangs or hackers working for Russia’s no-holds-barred GRU military intelligence agency—who might warrant resetting those dials. “For those targets,” says Healey, “you really can release the hounds.”

    P4x Is Dead, Viva P4x

    As for Caceres himself, he says he’s not opposed to American hacking agencies taking a conservative approach to limiting their damage or protecting civilians—as long as they take action. “There’s being conservative,” he says, “and then there’s doing fuck all.”

    On the argument that more aggressive cyberattacks would lead to escalation and counterattacks from foreign hackers, Caceres points to the attacks those foreign hackers are already carrying out. The ransomware group AlphV’s catastrophic attack on Change Healthcare in February, for instance, crippled medical claim platforms for hundreds of providers and hospitals, effects about as disruptive for civilians as any cyberattack can be. “That escalation is already happening,” Caceres says. “We’re not doing anything, and they’re still escalating.”

    Caceres says he hasn’t entirely given up on convincing someone in the US government to adopt his more gloves-off approach. Ditching the P4x handle and revealing his real name is, in some sense, his last-ditch attempt to get the US government’s attention and restart the conversation.

    But he also says he won’t be waiting for the Pentagon’s approval before he continues that approach on his own. “If I keep going with this alone, or with just a few people that I trust, I can move a lot faster,” he says. “I can fuck shit up for the people who deserve it, and I don’t have to report to anyone.”

    The P4x handle may be dead, in other words. But the P4x doctrine of cyberwarfare lives on.

    [ad_2]

    Source link

  • US Lawmaker Cited NYC Protests in a Defense of Warrantless Spying

    US Lawmaker Cited NYC Protests in a Defense of Warrantless Spying

    [ad_1]

    The second slide in Turner’s presentation featured the tweet by Foldi, which likewise references a march on Schumer’s home. That protest, however, took place nearly a month after the first. HPSCI’s claim that Hamas may have incited the demonstration appears solely based on this remark by Foldi, who claims the protesters were responding to a call issued by a pro-Palestinian group known as Samidoun.

    However, that wasn’t the case.

    The only evidence of the Palestinian group’s involvement is that the protest was included on a calendar maintained by Samidoun on its website. The calendar currently lists more than 5,000 protests that have taken place around the world, from Australia and England to Finland, Nigeria, Iceland, and Japan. The same site bears a disclaimer that notes the list includes protests not organized by Samidoun, and visitors are encouraged to submit details about events being organized in their respective countries.

    Foldi went on to portray Samidoun as having been “banned from Germany and booted from numerous payment processors over suspicions of acting as a Hamas front group.”

    A German branch of Samidoun was dissolved in November, but not as a result of evidence it had ties to Hamas. Rather, the group, formed to protest the imprisonment of Palestinians, was accused of spreading “anti-Jewish conspiracy theories,” an allegation that the organizers vehemently deny, while noting their ranks boast many Jewish members.

    For obvious reasons, Germany has some of the strictest antisemitism laws in the world, enabling Berlin to issue blanket bans against protests aimed at raising awareness of the humanitarian crisis in Gaza. Such bans would be unlawful in the United States under its constitution.

    Branches of Samidoun have also faced bans by payment processors overseas. This also happens frequently in the United States. The bar for being banned by a payment process is notably far below having terrorism ties.

    Payment processors last year severed ties with a French branch of the group, known as Collectif Palestine Vaincra, a result of the French government attempting to dissolve the organization under allegations it was “anti-Jewish.” This attempt was blocked by a French court in May, however, after it found the Macron government’s allegations of “antisemitism” against the group “unfounded.”

    Neither Foldi nor Samidoun immediately responded to requests for comment.

    That the chairman of a US intelligence committee chose such questionable examples during a presentation aimed at garnering support for a US surveillance authority gave many Republican staffers pause.

    None of the House sources who spoke to WIRED work for lawmakers that could be credibly accused of showing anything but support for the Israeli government. Yet all agreed the issue of domestic surveillance transcends political ideology—one of the purest examples of the “pendulum politics” that define America’s two-party system.

    “What we know for sure is this,” a Republican aide says, “However the government decides to treat left-wing protesters today, that’s how we should expect protesters in our party to be treated under future administrations.”

    A House Democratic staffer—half-jokingly referencing the Cold War doctrine of “mutually assured annihilation”—says that they agreed “wholeheartedly” with the sentiment. “Our fates are aligned,” they say. “That’s the best defense we have.”

    “Political protest is literally how America was founded. It’s in our DNA,” says Jason Pye, senior policy analyst at the nonprofit FreedomWorks. “Whether you agree with these protestors or not is irrelevant.”

    [ad_2]

    Source link

  • The 4 Big Questions the Pentagon’s New UFO Report Fails to Answer

    The 4 Big Questions the Pentagon’s New UFO Report Fails to Answer

    [ad_1]

    But what, then, were those programs? Herein lies the most intriguing—and potentially ground-breaking—question that the Pentagon study leaves us wondering: What exactly are the secret compartmentalized programs that the whistleblowers and government witnesses misidentified as being related to UAP technology? What, exactly, are the Pentagon, intelligence community, or defense contractors working on that, from a concentric circle or two away inside the shadowy world of SAPs, looks and sounds like reverse-engineering out-of-this-world technology or even studying so-called “non-human biologics”?

    There are at least four clear possibilities.

    Secret Tech From Foreign Nations

    First, what exotic technological possibilities have been recovered from unknown terrestrial sources? For example, if the government is working on reverse-engineering technologies, those technologies are likely from advanced adversary nation-states like China, Russia, and Iran, and perhaps even quasi-allies like Israel that may be more limited in their technology-sharing with the US. What have other countries mastered that we haven’t?

    A Question of ‘Peculiar Characteristics’

    Second, what technologies has the US mastered that the public doesn’t know about? One of the common threads of UFO sightings across decades have been secret military aircraft and spacecraft in development or not yet publicly acknowledged. For example, the CIA estimated that the U-2 spy plane in the 1950s accounted for as much as half of reported UFO sightings. And the AARO report spends a half-dozen pages documenting how confusion over subsequent generations of secret US government aircraft appear to have also contributed to the great intergalactic game of telephone of UFO programs inside the government, including modern Predator, Reaper, and Global Hawk drones. AARO investigated one claim where a witness reported hearing a former US military service member had touched an extraterrestrial spacecraft, but when they tracked down the service member, he said that the conversation was likely a garbled version of the time he touched an F-117 Nighthawk stealth fighter at a secret facility.

    There are surely other secret craft still in testing and development now, including the B-21 stealth bomber, which had its first test flight in November and is now in testing at Edwards Air Force Base in California, as well as others we don’t know about. The government can still surprise us with unknown craft—like the until-then-unknown modified stealthy helicopter left behind on the Pakistan raid to kill Osama bin Laden. And some of these still-classified efforts are likely causing UFO confusion too: AARO untangled one witness’s claim of spotting a UAP with “peculiar characteristics” at a specific time and place and were able to determine, “at the time the interviewee said he observed the event, the DOD was conducting tests of a platform protected by a SAP. The seemingly strange characteristics reported by the interviewee match closely with the platform’s characteristics, which was being tested at a military facility in the time frame the interviewee was there.” So what was that craft—and what were its “peculiar characteristics?”

    Relatedly, the US military has a classified spaceship, the X-37B, that has regularly orbited around the Earth since its first mission in 2010—it just blasted off on its seventh and most recent mission in December—and its previous, sixth, mission lasted a record-breaking 908 days in orbit. The Pentagon has said remarkably little about what it does up there for years at a time. What secret space-related or aviation-related programs is the government running that outsiders confuse as alien spacecraft?

    A Material Matter

    The third likely area of tech development that might appear to outsiders to be UFO-related is more speculative basic research and development: What propulsion systems or material-science breakthroughs are defense contractors at work on right now that could transform our collective future? Again, AARO found such confusion taking place: After one witness reported hearing that “aliens” had observed one secret government test, AARO traced the allegation back to find “the conversation likely referenced a test and evaluation unit that had a nickname with ‘alien’ connotations at the specific installation mentioned. The nature of the test described by the interviewee closely matched the description of a specific materials test conveyed to AARO investigators.” So what materials were being tested there?

    There are some puzzling materials-science breadcrumbs wrapped throughout the AARO report. It found one instance where “a private sector organization claimed to have in its possession material from an extraterrestrial craft recovered from a crash at an unknown location from the 1940s or 1950s. The organization claimed that the material had the potential to act as a THz frequency waveguide, and therefore, could exhibit ‘anti-gravity’ and ‘mass reduction’ properties under the appropriate conditions.” Ultimately, though, the new report concluded, “AARO and a leading science laboratory concluded that the material is a metallic alloy, terrestrial in nature, and possibly of USAF [US Air Force] origin, based on its materials characterization.”

    A Knowledge Limit

    Fourth and lastly is the category of the truly weird: Scientists at the forefront of physics point out that we should be humble about how little of the universe we truly understand; as Harvard astronomy chair Avi Loeb explains, effectively all that we’ve learned about relativity and quantum physics has unfolded in the span of a single human lifespan, and astounding new discoveries continue to amaze scientists. Just last summer, scientists announced they’d detected for the first time gravitational waves criss-crossing the universe that rippled through space-time, and astrophysicists continue to suspect that the universe is far weirder than we think. (Italian astrophysicist Carlo Rovelli last year posited the existence of “white holes” that would be related to black holes, which, he pointed out, were still a mystery just 25 years ago when he was starting his career.)

    Answers here could be almost unfathomably weird—think parallel dimensions or the ability to travel at a fraction of the speed of light. And one of the most intriguing questions left by the UAP “game of telephone” is whether there are truly astounding advances in physics that government scientists, defense contractors, or research laboratories or centers could be feeling around that could also appear from the outside to be UFO-related.

    [ad_2]

    Source link

  • How the Pentagon Learned to Use Targeted Ads to Find its Targets—and Vladimir Putin

    How the Pentagon Learned to Use Targeted Ads to Find its Targets—and Vladimir Putin

    [ad_1]

    Most alarmingly, PlanetRisk began seeing evidence of the US military’s own missions in the Locomotive data. Phones would appear at American military installations such as Fort Bragg in North Carolina and MacDill Air Force Base in Tampa, Florida—home of some of the most skilled US special operators with the Joint Special Operations Command and other US Special Operations Command units. They would then transit through third-party countries like Turkey and Canada before eventually arriving in northern Syria, where they were clustering at the abandoned Lafarge cement factory outside the town of Kobane.

    It dawned on the PlanetRisk team that these were US special operators converging at an unannounced military facility. Months later, their suspicions would be publicly confirmed; eventually the US government would acknowledge the facility was a forward operating base for personnel deployed in the anti-ISIS campaign.

    Even worse, through Locomotive, they were getting data in pretty close to real time. UberMedia’s data was usually updated every 24 hours or so. But sometimes, they saw movement that had occurred as recently as 15 or 30 minutes earlier. Here were some of the best trained special operations units in the world, operating at an unannounced base. Yet their precise, shifting coordinates were showing up in UberMedia’s advertising data. While Locomotive was a closely held project meant for government use, UberMedia’s data was available for purchase by anyone who could come up with a plausible excuse. It wouldn’t be difficult for the Chinese or Russian government to get this kind of data by setting up a shell company with a cover story, just as Mike Yeagley had done.

    Initially, PlanetRisk was sampling data country by country, but it didn’t take long for the team to wonder what it would cost to buy the entire world. The sales rep at UberMedia provided the answer: For a few hundred thousand dollars a month, the company would provide a global feed of every phone on earth that the company could collect on. The economics were impressive. For the military and intelligence community, a few hundred thousand a month was essentially a rounding error—in 2020, the intelligence budget was $62.7 billion. Here was a powerful intelligence tool for peanuts.

    Locomotive, the first version of which was coded in 2016, blew away Pentagon brass. One government official demanded midway through the demo that the rest of it be conducted inside a SCIF, a secure government facility where classified information could be discussed. The official didn’t understand how or what PlanetRisk was doing but assumed it must be a secret. A PlanetRisk employee at the briefing was mystified. “We were like, well, this is just stuff we’ve seen commercially,” they recall. “We just licensed the data.” After all, how could marketing data be classified?

    Government officials were so enthralled by the capability that PlanetRisk was asked to keep Locomotive quiet. It wouldn’t be classified, but the company would be asked to tightly control word of the capability to give the military time to take advantage of public ignorance of this kind of data and turn it into an operational surveillance program.

    And the same executive remembered leaving another meeting with a different government official. They were on the elevator together when one official asked, could you figure out who is cheating on their spouse?

    Yeah, I guess you could, the PlanetRisk executive answered.

    But Mike Yeagley wouldn’t last at PlanetRisk.

    As the company looked to turn Locomotive from a demo into a live product, Yeagley started to believe that his employer was taking the wrong approach. It was looking to build a data visualization platform for the government. Yet again, Yeagley thought it would be better to provide the raw data to the government and let them visualize it in any way they choose. Rather than make money off of the number of users inside government that buy a software license, Mike Yeagley wanted to just sell the government the data for a flat fee.

    [ad_2]

    Source link