Tag Archive for: comms

EDGE Group adds secure comms to portfolio


https://3d.markforged.com/2022-9-14-MakersLivestreamANZ_Defece_USETHIS-LiveWebinar.html?mfa=apdr&utm_source=Asia+Pacific+Defence+Reporter&utm_campaign=4d4355d668-RSS_News+BuEMAIL_CAMPAIGN&utm_medium=email&utm_term=0_513319f9bb-4d4355d668-26866497EDGE Group PJSC has expanded the scope of its existing electronic warfare and intelligence capabilities to now include secure communications under the Electronic Warfare & Cyber Technologies (EW&CT) cluster, which has seen the addition of leading secure communications company, DIGITAL14. The cluster also includes other entities SIGN4L and BEACON RED.

EDGE’s expanded cyber capabilities will ensure the Group brings global experience, world-leading systems and solutions, and field-proven technologies to help its customers operate effectively, securely, and decisively, ensuring they can defend their assets and operations against threats, monitor and gain intelligence on adversaries, ensure robust communications in battlefield and security realms, and recruit and upskill the personnel required to achieve operational success.

Mansour AlMulla, Managing Director and CEO of EDGE, said: “We are delighted to strengthen EDGE’s Electronic Warfare & Cyber Technologies cluster with innovative and complementary solutions that will greatly expand our cyber capabilities and allow us break into new markets in the defence and civilian sectors as a global leader in this domain. We are redefining advanced technology synergies, creating valuable opportunities, and accelerating our business growth and offerings, while meeting the perpetual demand for superior cyber security solutions in the UAE and further afield.”

SIGN4L, a leading provider of electronic warfare and intelligence solutions in the UAE, enables customers with the required tactical advantage, exceptional situational awareness, and electromagnetic spectrum superiority across military and intelligence operations. BEACON RED provides security and intelligence training and advanced cyber solutions, tackling complex national security threats, disrupting conventional ways of thinking, and developing people, processes, and technologies to ensure preparedness for future security challenges. DIGITAL14 will provide secure communication solutions embedding quantum-resistant cryptography and other advanced technologies, centred on four core business units: Networks, Ultra Secure Mobile Devices, Applications, and Satellite Communications. As a…

Source…

China using top consumer routers to hack Western comms networks


Long-standing vulnerabilities in popular consumer and home office Wi-Fi routers made by the likes of Cisco, D-Link, Netgear and ZyXel are being routinely exploited by threat actors backed by the Chinese government as a means to compromise the wider telco networks behind them, according to an advisory from the US Cybersecurity and Infrastructure Security Agency (CISA) and its partners at the FBI and NSA.

In the advisory, the authorities explain how China-sponsored actors readily exploit routers and other devices such as network attached storage (NAS) devices to serve as access points that they can use to route command and control (C2/C&C) traffic and conduct intrusions on other identities.

“Over the last few years, a series of high-severity vulnerabilities for network devices provided cyber actors with the ability to regularly exploit and gain access to vulnerable infrastructure devices. In addition, these devices are often overlooked by cyber defenders, who struggle to maintain and keep pace with routine software patching of internet-facing services and endpoint devices,” the agency said in its advisory.

CISA said these actors typically conduct their intrusions through servers or “hop points” from China-based IP addresses that resolve to various Chinese ISPs. Most usually they obtain these by leasing them from hosting providers. These are used to register and access operational email accounts, host C2 domains, and interact with their target networks. They also serve as a useful obfuscator when doing so.

The agencies warned the groups behind these intrusions are consistently evolving and adapting their tactics, techniques and procedures (TTPs), and have even been observed monitoring the activity of network defenders and changing things up on the fly to outwit them. They also mix their customised tools with publicly available ones – notably ones native to their target environments – to blend in, and are quick to modify their infrastructure and toolsets if information on their campaigns becomes public.

Many of the vulnerabilities used are well-known ones, some of them dating back four years or more. They include CVE-2018-0171, CVE-2019-1652, CVE-2019-15271, all…

Source…

You’d Think The FBI Would Be More Sensitive To Protecting Encrypted Communications Now That We Know The Russians Cracked The FBI’s Comms

On Monday, Yahoo News had a bit of a new bombshell in revealing that the closures of various Russian compounds in the US, along with the expulsion of a bunch of Russian diplomats — which many assumed had to do with alleged election interference — may have actually been a lot more about the Russians breaching a key FBI encrypted communications system.

American officials discovered that the Russians had dramatically improved their ability to decrypt certain types of secure communications and had successfully tracked devices used by elite FBI surveillance teams. Officials also feared that the Russians may have devised other ways to monitor U.S. intelligence communications, including hacking into computers not connected to the internet. Senior FBI and CIA officials briefed congressional leaders on these issues as part of a wide-ranging examination on Capitol Hill of U.S. counterintelligence vulnerabilities.

These compromises, the full gravity of which became clear to U.S. officials in 2012, gave Russian spies in American cities including Washington, New York and San Francisco key insights into the location of undercover FBI surveillance teams, and likely the actual substance of FBI communications, according to former officials. They provided the Russians opportunities to potentially shake off FBI surveillance and communicate with sensitive human sources, check on remote recording devices and even gather intelligence on their FBI pursuers, the former officials said.

That all seems like a fairly big deal. And, it specifically targeted the FBI’s encrypted communications phone system:

That effort compromised the encrypted radio systems used by the FBI’s mobile surveillance teams, which track the movements of Russian spies on American soil, according to more than half a dozen former senior intelligence and national security officials. Around the same time, Russian spies also compromised the FBI teams’ backup communications systems — cellphones outfitted with “push-to-talk” walkie-talkie capabilities. “This was something we took extremely seriously,” said a former senior counterintelligence official.

The Russian operation went beyond tracking the communications devices used by FBI surveillance teams, according to four former senior officials. Working out of secret “listening posts” housed in Russian diplomatic and other government-controlled facilities, the Russians were able to intercept, record and eventually crack the codes to FBI radio communications.

While this is all interesting in the “understanding what the latest spy v. spy fight is about,” it’s even more incredible in the context of the FBI still fighting to this day to weaken encryption for everyone else. The FBI, under both James Comey and Christopher Wray, have spent years trashing the idea that encrypted communications was important and repeatedly asking the tech industry to insert deliberate vulnerabilities in order to allow US officials to have easier access to encrypted communications. The pushback on this, over and over, is that any such system for “lawful access” will inevitably lead to much greater risk of others being able to hack in as well.

Given that, you’d think that the FBI would be especially sensitive to this risk, now that we know the Russians appear to have cracked at least two of the FBI’s encrypted communications systems. Indeed, back in 2015, we highlighted how the FBI used to recommend that citizens use encryption to protect their mobile phones, but they had quietly removed that recommendation right around the time Comey started playing up the “going dark” nonsense.

Of course, it’s possible that the folks dealing with the Russians cracking FBI encrypted comms are separate from the people freaking out about consumer use of encryption, but the leadership (i.e., Comey and Wray) certainly had to understand both sides of this. This leaves me all a bit perplexed. Were Comey and Wray so completely clueless that they didn’t think these two situations had anything to do with one another? Or does it mean that they thought “hey, if we had our comms exposed, so should everyone else?” Or do they just not care?

Permalink | Comments | Email This Story

Techdirt.

Riseup, providing encrypted comms for over 15 years, could run out of money next month

Riseup.net, the non-profit collective which has been providing dissidents a way to encrypt their communications since 1999, without revealing your location or logging your IP address, is running out of money:

The news is not good

We hate to be bad news birds, but we need to tell you that Riseup will run out of money next month. We had a number of unexpected hardware failures, lower-than-expected regular donations, and a record year of new Riseup users which puts more financial pressure on us than ever before.

We need your help to keep things going this year, so we are starting a campaign to ask Riseup users to give us just one dollar!

Can you give us a dollar? There are a lot of easy ways to do it: https://riseup.net/donate

It seems that Riseup.net saw a boom in new users in the wake of the Edward Snowden revelations, but has not managed to match that growth with sufficient regular donations.

If Riseup.net shuts down, that also means the end for 150,000 email accounts and over 18,000 mailing lists that depend on the service for their privacy and security.

It would be sad to see Riseup.net close its doors. I hope people who value online liberty will support this noble cause.

(Yes, I already donated.)

Graham Cluley