America's Next Cyberwar
Please visit our sponsor.
Ted Vera expected a report on Anonymous. What he got was a plan for total cyberwar against Venezuela
Hacker spat reveals secret US strategy for cyberwar
A battle between a group of hackers from Anonymous and corporate hackers recruited by the Bank of America in 2012 reveals quite by chance a secret US study for cyberwar against Hugo Chavez's Venezuela - a 1962 Cuban Missile scenario updated to 2010, with Venezuela hosting Iranian nuclear missile launch sites and the US responding with all-out cyberwar.
It all began with the efforts of Wikileaks in 2009 to publicize confidential data on Bank of America which pointed, claimed Wikileaks, toward a fraud committed by the bank over previous years. The complex and story of what happened next has been told before, most notably by Peter Ludlow in an article published in The Nation last month, and was even the subject of one of Stephen Colbert's funniest bits ever in 2011.
In brief, Bank of America hired a number of IT security consultant firms at the suggestion of the Department of Justice and their preferred legal firm Hunton and Williams, and these IT contractors formed 'Team Themis', a dirty-tricks team dedicated to the destruction of Wikileaks, their 'protectors' Anonymous, and any journalists seen as supporting them, most notably Glenn Greenwald, then of Salon.
The mode of operation was to be to hack into targets' hard drives, insert damaging or false material, and then point out these anomalies to the public when the material surfaced. Their operations were also intended to discredit ChamberWatch, the public group which campaigns for a switch in US Chamber of Commerce environmental policy. All these actions ' illegal hacking, identity theft, libel ' were to be carried out with the implicit blessing of the DOJ.
It is not the purpose of this article to retell the story told so well by Ludlow and so hilariously by Colbert. But the fallout from that Team Themis skirmish continues to build, as the documents hacked from the servers of HBGary are retreived from dumps around the world and subjected to analysis, even as the FBI move heaven and earth to close them down. The story of how this US plan for total cyberwar in Venezuela came to light is intimately connected to the 2011 battle between corporate and rebel hackers, and so the outline of the story must be told here.
The efforts of 'Team Themis' as a corporate dirty-tricks squad were led by Aaron Barr, CEO of IT security consultant HBGaryFederal. He co-ordinated efforts of the other components of the team: Palantir Technologies, Berico Technologies, and Endgame Systems Inc, of Atlanta, Ga. Plans to fix Greenwald were far advanced. Greenwald would, "if pushed... choose professional preservation over cause" when faced by the mass of disinformation pushed by Team Themis, wrote Barr in a confidential email to his colleagues, "such is the mentality of most business professionals". Barr felt confident that he could take Anonymous down with his superior hacking skills. "I have pwned them!" he boasted.
The Barr masterplan came unraveled in a very short time in February 2011. Far from Barr hacking into Wikileaks and Anonymous sites to fatally weaken them and take them down, the Anonymous group, in a preemptive strike, hacked into Barr's HBGary network. They sucked out all the confidential data from the company servers, wiped Barr's PC and iPad, and published Barr's most embarrassing personal details, including his World of Warcraft account (he was a level 42 mage with a 'Wyrmhide helmet'). The humiliation of Barr, spoofed on TV by Stephen Colbert, was also the end of Team Themis' plan to sabotage Wikileaks,Greenwald and the ChamberWatch group. Barr resigned as CEO at the end of the month 'to rebuild my reputation'.
The enormous pile of pillaged documents was allegedly compiled by journalist Barrett Brown in an online dump called 'ProjectPM'. Soon the HBGary papers were revealing that the US government was contracting IT firms to provide 'sock puppets' (multiple false identities) in order to flood social media sites with the official US line. This and many other revelations were reported and discussed thoroughly soon after the big hack. It was supposed at that time, February 2011, that the campaign by HBGaryFederal against Anonymous had ended in disaster and that they would give up. Certainly Team Themis partners Palantir and Berico broke with them publicly and apologized for their misdeeds.
But this defeat was by no means the end of HBGary's involvement with Endgame Systems in joint efforts to target Anonymous. Eleven months later, another email, revealed by another hack of the HBGary network, revealed that operations against Anonymous were ongoing. In January 2012 Barr's replacement as CEO of HBGaryFederal, Ted Vera, wrote to Endgame Systems Inc's executives:
- From: Ted Vera <****@hbgary.com>
Date: January 20, 2011 12:37:23 PM EST
To: Thomas Zebley <****@iptrust.com>
We are doing a talk at an upcoming security expo related to analysis we are conducting on the Anonymous group. I wonder if this group is using any botnets to help attack their targets. Can EndGames search their database for specific targets (like the one below) during an operational window (date/time span) to see if any botnet(s) are participating in attacks? Below is an attack which is currently ongoing. I can also send you previous attacks to see if you have any historical data. If EndGames can provide any relevant data that we can cite in our report we'll give you credit for your contributions.
Operation Payback ITA ---NOW--- #OpVenezuela:http://bit.ly/dI8Oyt |
The Anonymous target in question, which Ted Vera had thought a suitable laboratory to study Anonymous operations, was Hugo Chavez's 'Bolivarian Republic of Venezuela'. Anonymous had at that time (January 2012) launched an 'internet freedom op' to oppose Chavez' tightening of internet controls. To promote this campaign they hacked important government websites, particularly those of the Venezuelan police and Chavez' department of the presidency.
Ted Vera chose Venezuela because Anonymous was active there, and for no other reason. What he could not have known is that the IT techs at Endgame, considered the elite of commercial hackers, already knew Venezuela intimately. Just after lunch the reply came back to Vera's email, from Alan Carroll of Endgame Systems:
- From: S. Alan Carroll <****@endgames.us>
Date: Thu, Jan 20, 2011 at 12:00 PM
Subject: RE: Question
To: "firstname.lastname@example.org" <****@hbgary.com>
Cc: Thomas Zebley <****@iptrust.com>, Kevin Skapinetz <****@endgames.us>
We have done some preliminary analysis on the Anonymous group (see attached). It is a cursory view of Anonymous and their activities. I have also included a Venezuela report we did concerning the possible US-reachable missile housings from Iran.
Not sure what we will be able to dig up, but I will definitely take a look into possible data collection surrounding your target example.
Any other details you might have would help in the lookup routines.
Let me know if any of this information helps or if you have any other questions.
S. Alan Carroll
This exchange of emails, about the annoying activities of Anonymous hackers and the steps to be taken against them, suddenly takes a radical spin and plunges into the world of hostile nuclear threats and secret strategy. Into this discussion of hacking and counterhacking comes "a Venezuela report we did concerning the possible US-reachable missile housings from Iran."
It is often said that 'my enemy's enemy is my friend', but in fact very often my enemy's enemy is simply another enemy. Such is the case here. It is pure coincidence that Ted Vera's choice of Venezuela as a target for Anonymous operations should elicit from Endgame's Carroll a report on possible Iranian nuclear threats to be based in Venezuela.
The HBGary exec surely expected to receive from his contacts in Endgame some research on Anonymous, which indeed he got; he cannot have imagined that Endgame Systems had prepared a complete US response to the strategic threat of nuclear weapons in Chavez's Latin American republic.
What they had sent him was a plan for total cyberwar against Venezuela, with test hacks carried out against the main servers for military and civilian communications, as well as the government and infrastructure centers including the water supply, and even 'Hugo Chavez's Personal Blog'. All were vulnerable to the Endgame Systems proprietory hacks.
The Endgame report begins with an assessment of the involvement of the Chavez government with the Iranian nuclear missile program:
- According to media reports, Iran has made a recent agreement with Venezuela to place medium-range missiles in military bases in Venezuela capable of reaching the United States. These military bases are to be manned by Iranian officers and soldiers of the Iranian Revolutionary Guard (IRGC) in addition to Venezuelan missile officers; the Qods Force (IRGC-QF), an elite force within the IRGC, has long had capabilities worldwide, including in Venezuela.
The source for this information, linking Chavez directly with Iran in the 'present-day' of 2010 as well as in a future scenario of Iranian medium-range missiles, is the Defense Department report to Congress "Unclassified Report on Military Power of Iran. April 2010." The only reference to Venezuela in that Congressional report states the following:
- IRGC-QF maintains operational capabilities around the world. It is well established in the Middle East and North Africa, and recent years have witnessed an increased presence in Latin America, particularly Venezuela. If U.S. involvement in conflicts in these regions deepens, contact with the IRGC-QF, directly or through extremist groups it supports, will be more frequent and consequential.
No sources are provided for that information, and despite the Endgame claim of "media reports", this reporter has been unable to find any media report from 2009-2010 in any source that links Iranian missiles to Venezuela. The Congressional Report makes no mention of any kind of missiles to be emplaced in Venezuela. This is in fact pure Endgame fantasy.
The second part of the report is an analysis of how badly infected Venezuelan networks were in November 2010 (when Anonymous was attacking the country and Endgame was watching). Most of these are just run-of-the-mill infections for the Endgame techs, except for an item in one Caracas server which is classed as 'Dshield (suspicious)'.
Dshield.org is an open source community-built firewall system and monitoring service that offers some measure of protection against cyberattacks. That the Venezuelan 'Corporaci?n Andina de Fomento' (Andes Public Works Department) is using open-source network protection set up by an international volunteer group may be suspicious to Endgame. To most people it wouldn't ring many alarm bells. It is my no means the level of network protection that would protect against a concerted cyberattack, if, for example, Chavez were setting up a secret Iranian missile base with this civil department as cover.
The third part of the report is the cyberwar 'simulation'. It is only a simulation in the sense that Endgame took no hostile action against Venezuela's networks. But it was a full-scale cyberattack designed to measure the vulnerabilities of the country.
Endgame Systems Inc (Slogan: "Business Ready, Battle Proven") has a range of unadvertised but well-known (within the IT industry) proprietary "hacks and cracks" which go by the more techie name of Zero Day Exploits. These hacks are offered to Endgame subscribers at the cost of $2.5 million per year, IT support included. With these, Endgame clients are guaranteed to be able to break in to all 'normal' networks ' that is, all nodes and servers in the world except the strongest national security networks.
Neither the technical department nor Endgames Systems Inc president Ray Gazaway has responded to the inquiries of this reporter concerning the scope of this report and the identity of its client. Neither did they wish to confirm the existence of these commercially-available Zero Day hacks.
However, from the report it is clear what Endgame did: they hacked the 24 of the most important network servers in the country to check them for vulnerability, as well as a similar number of nodes in the Sim?n Bolivar University in Caracas. Only five sites, running Wordpress, Mediawiki or Roundcube as the site engine, resisted their 'EGS' hack. All others were reported to be 'EGS Vuln.[erable]'.
Most of these vulnerable sites used SQL-Joomla, in case you're worried about similar hacking coming to you; though of course, since this incident occurred nearly 3 years ago now, vulnerabilities will have changed significantly since then and the report must be considered technically out-of-date, even if it still reflects US strategic thinking.
Who was the client for this comprehensive but mendacious assessment of Iranian-Venezuelan nuclear missile capabilities? Who ordered the cyber-wargame? At no point in the report itself nor in the email exchange in which it was attached is the client specified.
But a recent assessment of the work that Edward Snowden did as an 'infrastructure analyst' with top secret clearance as an employee of a private contractor (Booz Allen Hamilton) working exclusively on NSA projects, has this to say about his role:
- ...a secret presidential directive on cyberactivities unveiled by Mr. Snowden ' discussing the primary new task of the N.S.A. and its military counterpart, Cyber Command ' makes clear that when the agency's technicians probe for vulnerabilities to collect intelligence, they also study foreign communications and computer systems to identify potential targets for a future cyberwar.
Infrastructure analysts like Mr. Snowden, in other words, are not just looking for electronic back doors into Chinese computers or Iranian mobile networks to steal secrets. They have a new double purpose: building a target list in case American leaders in a future conflict want to wipe out the computers' hard drives or shut down the phone system.
This captures perfectly the focus of the Endgame Report from December 2010. The final part of the report is in fact just such a cyberwar target list, with confirmed vulnerabilities for key national systems in Venezuela. These include the military and political command structures, as you would expect, as well as civilian communications, transport infrastructures including air traffic control, and the state-owned water, gas, electricity and petrochemical companies.
So now we see a sketch of the coming cyberwars. Although the Times report comments on the obvious giant threats of China and Iran, it seems much more likely that a weaker and less dangerous country (like Venezuela) is likely to be the first nation to experience total cyberwar.
Alan Murphy, Contributing Writer: Alan Murphy, born London, England 1964. Citizen of the Republic of Ireland. Resident in Catalonia. (more...)