As tensions eased and protests continued this past weekend in Baltimore, a small squadron of aircraft circled neighborhoods affected by the riots and other violence of April 27—providing Baltimore City Police with an eye in the sky to monitor the protests and other “possible criminal activity,” as an FBI official told the Washington Post. These aircraft (or at least some of them) were part of the FBI’s secret surveillance air force—small planes with sensors perfected for battlefield intelligence in Iraq an
Researchers craft network attack to “hack” surgical robot (sort of) University of Washington study tests the remote security risks of telemedicine. by Sean Gallagher – May 8, 2015 11:54am EDT Share Tweet 14 Have you ever performed surgery remotely and had someone try to jam you by drone? You will. UW BioRobotics Lab As part of a series of experiments, a group of researchers at the University of Washington’s BioRobotics Lab launched denial-of-service attacks against a remotely operated surgical robot,
A screenshot posted by “w0rm” showing he had dumped the user table from a Wall Street Journal database.
Dow Jones & Co. took two servers that store the news graphics for The Wall Street Journal website offline yesterday evening after a confirmed intrusion by a hacker calling himself “w0rm.” The hacker was offering what he claimed was user information and server access credentials that would allow others to “modify articles, add new content, insert malicious content in any page, add new users, delete users, and so on,” Andrew Komarov, chief executive officer of cybersecurity firm IntelCrawl, told The Wall Street Journal.
Documents obtained by former National Security Agency contractor Edward Snowden show that the NSA has covertly intercepted and recorded nearly all of the calls made to, from, or between cell phones in The Bahamas. The surveillance, reported by The Intercept, used legal monitoring access obtained by the Drug Enforcement Administration.
A document included in the trove of National Security Agency files released with Glenn Greenwald’s book No Place to Hide details how the agency’s Tailored Access Operations (TAO) unit and other NSA employees intercept servers, routers, and other network gear being shipped to organizations targeted for surveillance and install covert implant firmware onto them before they’re delivered.
These Trojan horse systems were described by an NSA manager as being “some of the most productive operations in TAO because they pre-position access points into hard target networks around the world.”
The document, a June 2010 internal newsletter article by the chief of the NSA’s Access and Target Development department (S3261) includes photos (above) of NSA employees opening the shipping box for a Cisco router and installing beacon firmware with a “load station” designed specifically for the task.
The drone that the United States Air Force sees as the replacement for the venerable U-2 spy plane is now flying surveillance missions over Nigeria as part of the search for 276 schoolgirls kidnapped by the Boko Haram terrorist group. A Northrop Grumman RQ-4 Global Hawk flew a mission over Nigeria on Tuesday, according to an NBC News report.
The Global Hawk, which first flew in 1998, can stay airborne for up to 28 hours and has a range of 8,700 miles. It has a wingspan close to that of a Boeing 747, weighs more than 32,000 pounds, and carries the Hughes Integrated Surveillance and Reconnaissance (HISAR) sensor system, a down-market version of the infrared, optical, and synthetic aperture radar gear Hughes developed for the U-2.
The Iranian military claims to have successfully duplicated the RQ-170 Sentinel drone that was captured in Iran in 2011, and it has put the drone on display alongside the original. The home-built version, Islamic Revolutionary Guard officers claim, could be used to attack US Navy ships in the Persian Gulf. But outside observers believe the copy is about as capable of that as the mock-up of a US aircraft carrier Iran built, allegedly for a movie set.
On May 11, Iranian television broadcast a report from an exhibition by the Islamic Revolutionary Guard Corps Aerospace Force in Tehran, where Ayatollah Ali Khamenei was shown the two unmanned aircraft by military officers. “Our engineers succeeded in breaking the drone’s secrets and copying them,” an officer said in the video broadcast. “It will soon take a test flight.”
The RQ-170, built by Lockheed Martin, is a turbofan-powered unmanned aircraft flown by the 30th Reconnaissance Squadron, part of the Air Force’s 432nd Wing (the Air Force’s drone command). The aircraft first gained notoriety as the secretive “beast of Kandahar” during operations in Afghanistan in 2007. The Air Force is believed to have purchased 20 Sentinels.
Little is known about their operational role, though their “flying-wing” airframe appears to have been designed for stealthy reconnaissance and surveillance missions. It’s believed that the aircraft captured in 2011 by the Iranians was being used to conduct surveillance of nuclear facilities.
The Iranians claimed that they were able to jam the Air Force’s data link to the drone and take control of it, bringing it down for an almost soft landing. They also claimed that the drone was recovered nearly intact and that the Revolutionary Guard was able to download data from its onboard systems. While the US government disputed those claims, later reports indicated that it was within the realm of possibility that the Iranians had managed to take over control of the drone.
Just what sort of “secrets” the RQ-170 surrendered to the Iranians is not clear. But aviation industry analysts who saw the footage of the Iranian clone of the RQ-170 have said it appears to be a fake—nothing more than a cheap fiberglass mockup put together for propaganda purposes, similar to the mockup of a stealth fighter the Iranians displayed last year. (Footage of that plane “flying” appeared to actually be of a small radio-controlled model.)
“It seems their fiberglass work has improved a lot,” an industry source familiar with the RQ-170 told US Naval Institute News. “It also seems that if it were a functional copy, versus a detailed replica, it wouldn’t necessarily have the exact same landing gear, tires, etc. They would probably just use whatever extra F-5 parts or general aviation parts they had lying around.”
In his new book No Place to Hide, Glenn Greenwald revealed a number of additional details on the “craft” and tools used by the NSA and its British counterpart, the GCHQ. While many of the capabilities and activities Greenwald details in the book were previously published in reports drawing from Edward Snowden’s vast haul of NSA documents, a number of new pieces of information have come to light—including the NSA’s and GCHQ’s efforts to use airlines’ in-flight data service to track and surveil targeted passengers in real time.
The systems—codenamed “Homing Pigeon” by the NSA and “Thieving Magpie” by the GCHQ—allowed the agencies to track which aircraft individuals under surveillance boarded based on their phone data.
The US Army and other military services began development of software-defined radios to replace aging analog systems in 1997—long before Wi-Fi, broadband cellular, and high-definition television were even on the drawing board. The Joint Tactical Radio System (JTRS) program was supposed to revolutionize battlefield communications, turning soldiers and vehicles into nodes in an all-digital network that allowed data and video to flow as easily as voice traffic.
Little did the people working on the JTRS program know that the product of their labors would take 20 years to start being deployed in volume to troops—and how little of the original scope of the program would ever make it into service. The Army just announced this month its roadmap for rolling out JTRS-based Handheld, Man-Pack, and Small Form Factor (HMS) program radio systems in volume—three years from now. That means it may be 2018 before most soldiers see the radios in the field.
On May 2, at Fort Bliss, Texas, the Army’s HMS program team conducted its first “terrain walk-around” test of the AN/PRC-155 Manpack Radio, General Dynamics’ backpack offering for the program. The tests were in advance of a Network Integration Evaluation test at White Sands—the same evaluation exercise where, in 2011, the Ground Mobile Radio program met its Waterloo. The Army cancelled the GMR program after those tests and after an investment of $6 billion.
The Massachusetts Health Connector is getting its plug pulled.
Nevada, Maryland, Massachusetts, Minnesota, and Oregon are members of a club that no one wants to join—all of these states have largely failed at getting their electronic health insurance exchange sites to work properly (or, in some cases, at all). Given the legislatively mandated deadline, the delays in delivery of requirements by the federal government, and the scale of the task that faced states developing their own healthcare exchange sites under the Affordable Care Act, people familiar with government information technology projects might tell you that it’s surprising that any of the websites worked at all.
But if any state had a greater shot at success, it was Massachusetts—the state that served as the model upon which the Affordable Care Act was based. Now, Massachusetts’ health exchange has decided to shutter its own site at least temporarily, switching to the federal exchange to buy time for a better fix.
States running their own exchanges need to be ready by November 15 for the next round of open enrollment for health plans. That has put a number of states with floundering exchange sites in a pinch. Oregon was the first state with its own exchange to completely abandon its own website after spending more than $300 million in federal grants on the project.
Oregon officials have publicly blamed the database giant Oracle, the state’s primary contractor for the site, for its failure. In March, the Government Accountability Office announced that it would conduct an investigation of the Cover Oregon exchange project; last week, The Wall Street Journal reported that the FBI is now conducting its own investigation.
In an official statement in April, an Oracle spokesperson said that “Oracle looks forward to providing any assistance the state needs in moving parts of Oregon’s health care exchange to the Federal system if it ultimately decides to do so.” Last week, the board of the exchange voted to move to the federal exchange.
The Federal Aviation Administration has slapped a camera-equipped quadrocopter operator with a $2,200 fine after he “endangered the safety of the national airspace system” with his three-pound aircraft last September. The fine comes just a few weeks after a federal administrative judge ruled in another case that the FAA has no jurisdiction over small remote-controlled aircraft—a ruling the FAA has appealed. The fine was levied on David Zablidowsky, a 34-year old Brooklynite and bassist for the 1980s cover band Rubix Kube, who flew his camera-equipped DJI Phantom quadrocopter off of a building on East 38th Street in Manhattan on September 30, 2013. In the process, he crashed the aircraft into multiple nearby buildings before it plummeted more than 20 stories to a sidewalk below, crashing 20 feet from a pedestrian. The pedestrian then took the drone and reported the incident to police. via FAA fines ’80s band bassist for violating NYC airspace with quadrocopter | Ars Technica.
David Helkowski stood waiting outside a restaurant in Towson, Maryland, fresh from a visit to the unemployment office. Recently let go from his computer consulting job after engaging in some “freelance hacking” of a client’s network, Helkowski was still insistent on one point: his hack, designed to draw attention to security flaws, had been a noble act.
The FBI had a slightly different take on what happened, raiding Helkowski’s home and seizing his gear. Helkowski described the event on reddit in a thread he titled, “IamA Hacker who was Raided by the FBI and Secret Service AMAA!” Recently Ars sat down with him, hoping to get a better understanding of how this whitehat entered a world of gray. Helkowski was willing to tell practically everything—even in the middle of an ongoing investigation.
Until recently, Helkowski worked for The Canton Group, a Baltimore-based computer consulting firm serving, among other clients, the University of Maryland. Helkowski’s job title at The Canton Group was “team lead of open source solutions,” but he began to shift his concerns toward security after identifying problems on a University of Maryland server.
Read more at Ars Technica: In his words: How a whitehat hacked a university and became an FBI target | Ars Technica.