Pentagon, CIA, FBI “Cyber-Warriors” Planting “False Information on Facebook”

[John Dolva]

By Soraya Sepahpour-Ulrich | Global Research

On November 22, 2012, the Los Angeles Times published an alarming piece of news entitled “Cyber Corps program trains spies for the digital age”. The “cyber-warriors” who are headed for organizations such as the CIA, NSC, FBI, the Pentagon and so on, are trained to stalk, “rifle through trash, sneak a tracking device on cars and plant false information on Facebook [emphasis added]. They also are taught to write computer viruses, hack digital networks, crack passwords, plant listening devices and mine data from broken cellphones and flash drives.”

Not surprisingly, less than a month later, it was rumored that Iran ’s Supreme Leader, Ayatollah Khamenei had started a Facebook page. The style and content of the site ruled out its authenticity, but the State Department was amused. In spite of the potential for alarm, State Department Spokeswoman Victoria Nuland jokingly expressed Washington ’s curiosity to see how many “likes’ Khamenei would receive. This is no joking matter. Any message on this page would be attributed to Khamenei with a potential for dangerous ramifications.

Barely a month later, on January 24, 2013, Guardian’s blaring headlines exposed fake blogs and Facebook pages made for BBC Persian’s Iranian journalists with claims that these were made in order to harass, intimidate, and discredit the journalists. These fake blogs, according to The Guardian charges, are not by the American Cyber Corps warriors, but are alleged to be the creation of the Iranian ‘Islamic cyber-activists’ in “what appears [emphasis added] to be an operation sponsored by the authorities”.

While truth is the first casualty of war, journalists are also fair game thanks — in large part owing to the provisions of the Information Operations Road Map of 2003 (signed by the then Defense Secretary Donald Rumsfeld and pursued by Defense Secretary Leon Panetta). As part of the plan, “public affairs officers brief journalists”. In 2005 it came to light that the Pentagon paid the Lincoln Group (a private company) to plant ‘hundreds of stories’ in Iraqi papers in support of U.S. Policies.The plan also called for “a range of technologies to disseminate propaganda in enemy territory: unmanned aerial vehicles, “miniaturized, scatterable public address systems”, wireless devices, cellular phones and the internet. “

In light of such wide spread propaganda, deception and digital warfare by the Pentagon, and with the recent Los Angeles Times revelations of the Cyber Corps training, truth has become indistinguishable from falsehood and thus accepting or rejecting the authenticity of allegations by the Guardian becomes subjective, in spite of the reality of the victimhood of BBC journalists (ditto Radio Farda, VOA) whose reporting is not welcomed in Iran.

The broadcast of BBC Persian into Iran is problematic. Leaving aside the illegality of it (see article), BBC Persian which was launched in early 2009, receives significant funding from the United States . To many Iranians, no doubt including the Iranian government, BBC’s role was (and continues to be) a dark reminder of its past role in destroying Iran’s democracy in 1953 when, by its own admission, the BBC spearheaded Britain’s propaganda and broadcast the code which sparked the coup and the overthrow of Prime Minister Mossadegh.

As if in a reenactment, the role of BBC Persian in the 2009 post-election unrest was significant. Claiming that BBC Persian Services was basing its reporting on “citizen journalists” and on the receiving end of “eight user generated communications per minute”, their own report indicates that some of the reporting was impossible to verify. Unlike BBC Persian (and VOA, Radio Farda, etc.), Wired Magazine did its homework fully. In its report aptly titled “Iran: Before You Have That Twitter-Gasm…” , it revealed that the “ U.S. media is projecting its own image of Iran into what is going here on the ground.” BBC Persian, true to its track record, and thanks to State Department funding, had a desire to trumpet in a new era in Iran ’s history – A historical change planned from without, with help from within. Unlike 1953, it failed.

Once again, with the Iranian elections on the horizon, indications are that the recent elections in the United States and Israel will not produce a break-through in the US-Iran relations, or the foreign policy agenda of the United States toward Iran — warfare by other means, including propaganda. Cognizant of this fact, either the Iranian government is bracing itself for a propaganda war by discrediting sites with a potential to propagate misinformation, which may explain duplicating the BBC (admittedly, a clever move), or, the American Cyber Corps has outdone itself with the ability to point the finger at Iran.

Either way, in launching its cyber warfare, the United States has crossed the Rubicon. Cyber warfare, much like germ warfare, is dangerous, relentless, and without boundaries. The casualties of such warfare will continue to rise – unstoppable.

Soraya Sepahpour-Ulrich is a Public Diplomacy Scholar, independent researcher and writer with a focus on U.S. foreign policy and the role of lobby groups.

[Steven Gaal]

PLEASE LET ME ADD

********************************************

Jake Whitney Daily Beast 2/21/13

=============================

(According to the war correspondent Michael Hastings, DoD now employs 27,000 media professionals at $4.7 billion per year and even creates phony Facebook and Twitter accounts of pro-American Afghans.) This huge PR machine has been accompanied by a strategy of public disengagement—through policies like the elimination of the draft, a refusal to raise wartime taxes, and an increasing reliance on long-range weapons like drones. All of this makes war far less impactful to most Americans.

############################

The Great Cyber-Warfare Scam

China-bashing made easy

by Justin Raimondo, February 20, 2013

The War Party never sleeps: there are always new variations of war propaganda coming ’round the bend. With the coming of the internet, the latest manufactured "threat" to rear its head is "cyber-warfare," which is now being touted by the Obama administration and its media fan club as the Next Big Scary Thing – but what are the facts?

The first fact we need to integrate into our analysis is that "cyber-security" isn’t a science, it’s an industry: that is, the entities issuing alarming reports of this lurking threat are for profit companies mainly if not exclusively concerned with selling a product. And while the "threat landscape," as the jargon phrases it, is potentially very diverse, with a number of countries and non-state actors potential combatants, our cyber-warriors have targeted China as the main danger to our cybernetic security – the Yellow Peril of the Internet Age. They’re stealing our technology, our secrets, and infiltrating our very homes! This is largely baloney, as Jeffrey Carr, founder of Project Grey Goose and Taia Global, a cyber-security firm, and author of Inside Cyber Warfare, points out:

"t’s good business today to blame China. I know from experience that many corporations, government and DOD organizations are more eager to buy cyber threat data that claims to focus on the PRC than any other nation state. When the cyber security industry issues PRC-centric reports like this one without performing any alternative analysis of the collected data, and when the readership of these reports are government and corporate officials without the depth of knowledge to critically analyze what they’re reading (i.e., when they trust the report’s authors to do the thinking for them), we wind up being in the position that we’re in today – easily fooled into looking in one direction when we have an entire threat landscape left unattended. We got into that position because InfoSec vendors have been left alone to define the threat landscape based upon their product offerings. In other words, vendors only tell customers to worry about the threats that their products can protect them from and they only tell them to worry about the actors that they can identify (or think that they can identify). This has resulted in a security awareness clusterxxxx of epic proportions."

The "cyber-threat" from China has been much in the news lately, and any number of self-proclaimed "experts" with a financial stake in hyping this latest bogeyman have been pointing an accusing finger at Beijing whenever some government agency or big corporation discovers cyber-vandals in its domain. The latest is a report issued by a private cyber-security firm, Mandiant, which claims these attacks are occurring under the auspices of the People’s Liberation Army (PLA). It is, of course, just a coincidence that this accusation limns a recent National Intelligence Estimate, which – according to the New York Times, itself supposedly victimized by Chinese hackers – "makes a strong case that many of these hacking groups are either run by army officers or are contractors working for commands like [PLA] Unit 61398."

Yet, as Carr discusses here, the Mandiant report has several analytic flaws. To begin with, the "mission area," i.e. the nature and alleged goal of these intrusions, is supposed to identify China as the culprit because the latest APT (cyber-security jargon for "advanced persistent threat") "steals intellectual property from English-speaking organizations," and that these thefts coincide with the technical requirements of China’s current Five-Year Plan.

This kind of "logic" ought to make your BS-detector go haywire, recalling Carr’s warning that there’s a bad case of perception bias at work here: that’s because other nations, and non-state actors such as criminal gangs, also launch cyber-attacks on English-speaking organizations, which in many instances parallel the interests contained in China’s Five-Year Plan. Russia, France, Israel, and a number of other countries have advanced cyber-warfare capabilities, and haven’t hesitated to use them for purposes of industrial espionage, among other reasons: Eastern European gangsters are also players in this game. Yet there is no mention of these alternatives in the Mandiant report: according to them, it’s all about China.

Mandiant claims that because the rash of recent intrusions have involved operations requiring hundreds of operators, that only a nation-state with "military-grade operations" could possibly have carried them out. Yet more than 30 nations are currently running "military-grade" operations, as Carr informs us: why pick on China?

Well, says Mandiant, because the intrusions they analyzed used a Shanghai phone number to register an email account, for one. Yet this proves exactly nothing. Okay then, what about the fact that "two of four network ‘home’ Shanghai blocs are assigned to the Pudong New Area," where the PLA’s Unit 61398 is located? This also proves exactly nothing: the Pudong New Area has over 5 million inhabitants. It is smack dab in the center of China’s booming commercial and hi-tech metropolis. Ask yourself how many IP addresses originate from this area. Oh, but one of the "PLA" hackers’ "self-identified location is the Pudong New Area." Really? So what? Aside from the demographic information supplied above, one has to wonder if these people really believe everything they see on the Internet is true. C’mon, guys!

The New York Times has been pushing the Yellow Cyber-Peril theme ever since their computer system was hacked, but the question of who exactly was responsible for that intrusion is by no means proved. In a Times piece on the subject – with the rather whiney headline "Hackers in China Attacked The Times for Last 4 Months" – we again come across Mandiant pointing to the Chinese military as the culprit, but their case against the PLA falls apart under the most cursory inspection. For example, Mandiant’s "analysis" is based in part on the observation that these alleged Chinese

"Hacker teams regularly began work, for the most part, at 8 a.m. Beijing time. Usually they continued for a standard work day, but sometimes the hacking persisted until midnight. Occasionally, the attacks stopped for two-week periods, Mandiant said, though the reason was not clear."

Bull hockey. There are a number of other countries in the same time zone that have active hacker communities. The idea that the timing of these attacks somehow pinpoints "Chinese hackers" associated with the PLA is laughable. As Carr puts it:

"The hackers could have been from anywhere in the world. The time zone that Mandiant imagines as a Beijing workday could easily apply to a workday in Bangkok, Singapore, Taiwan, Tibet, Seoul, and even Tallinn – all of whom have active hacker populations."

Mandiant – hired by the Times to investigate the intrusion, and currently in negotiations with the New York Times Company over a possible ongoing business relationship – cites the fact that the intrusions supposed originated at some of the “same universities used by the Chinese military to attack U.S. military contractors in the past.” Yet there are many universities located in the Jinan area Mandiant homes in on, and geolocation in this instance, as Carr says, "means absolutely nothing." He also raises an important point: if the Chinese military was behind the Times hack, then why would they launch these attacks from a location previously identified with the PLA? That’s seems rather too obvious, especially in view of the lengths to which hackers go to cover their tracks. Wouldn’t China’s Ministry of State Security, their official intelligence agency, be assigned that task? Yet their facilities are located in Beijing, over 200 miles away from Jinan.

Most people are ignorant of the technical details utilized by commercial enterprises like Mandiant to gin up an alleged "threat." One supposedly scary tool used by the "Chinese" hackers is a Remote Access Tool, and we are told that the specific methods used in the past by alleged Chinese hackers are matched to the Times intrusion. This is just plain wrong, however, as Carr explains:

"The article mentioned the hackers use of a Remote Access Tool (RAT). One such widely used tool is called GhostRAT. The fact that it was used in an attack against the Dalai Lama in 2008 (GhostNet) doesn’t mean that all of the later attacks which used this tool originated with the same group. In fact, even the GhostNet researchers refrained from attributing this attack to China’s government.

"Another tool whose use is often blamed on Chinese hackers is the ‘xKungFoo script.’ Like GhostRAT, the xKungFoo script is widely available for anyone to use so even if it was originally created by a Chinese hacker, it doesn’t mean that it is used by Chinese hackers in all instances. I personally know Russian, English, and Indian hackers who write and speak Chinese."

This is simple logic: you don’t have to be a cyberwarfare "expert" to realize there are many possibilities when it comes to identifying the people behind the methods. If you’ve already decided who is the perpetrator, however, then Mandiant’s accusations directed at Beijing fit neatly into the available "evidence." That’s how confirmation bias works.

The major piece of "evidence" supposedly pointing to the Chinese government is the timing of the intrusion: just as research for a Times story on the financial dealings of a top Chinese government official, Wen JaiBo, was "nearing completion." According to the Times, the hackers gained access to email accounts belonging to Shanghai bureau chief David Barboza, author of the Wen expose, as well as Jim Yardley, bureau chief covering South Asia. Yet the Wen connection is contradicted in the very next paragraph of the Times‘s own account, which says:

"’Computer security experts found no evidence that sensitive e-mails or files from the reporting of our articles about the Wen family were accessed, downloaded or copied,’ said Jill Abramson, executive editor of The Times."

So what’s the connection to the Wen story? In addition, Yardley had nothing to do with the Wen story, and yet his email was also breached, along with the passwords of 53 employees who are not in the Times newsroom. So what does this add up to? A big fat zero, as far as evidence of China’s involvement is concerned. China is merely the go-to cyber-villain of the moment, and this is certainly true where Mandiant is concerned.

The same kind of dicey "evidence" is being used to accuse Iran – you saw this coming, didn’t you? Again, the tech-ignorant New York Times is in the lead, with a story echoing the claims of US officials that Tehran was behind the recent cyber-attacks launched against several American banks. You can almost hear the spooky music in the first two paragraphs of the piece, by Nicole Perlroth and Quentin Hardy, which gives an account of how the hackers slowed down and disabled banking sites, and then goes on to say:

"There was something disturbingly different about the wave of online attacks on American banks in recent weeks. Security researchers say that instead of exploiting individual computers, the attackers engineered networks of computers in data centers, transforming the online equivalent of a few yapping Chihuahuas into a pack of fire-breathing Godzillas."

Godzilla’s on the loose! And it’s an Iranian Godzilla! Yikes!

"The skill required to carry out attacks on this scale has convinced United States government officials and security researchers that they are the work of Iran, most likely in retaliation for economic sanctions and online attacks by the United States.

"’There is no doubt within the U.S. government that Iran is behind these attacks,’ said James A. Lewis, a former official in the State and Commerce Departments and a computer security expert at the Center for Strategic and International Studies in Washington."

The skill required to carry out these attacks was minimal. As Roel Schouwenberg, senior researcher at Kaspersky Labs, put it:

"We can confirm that the attacks being reported are happening; however, the malware being used, known as ItsOKNoProblemBro, is far from sophisticated. It’s really rather simple. It’s also only one part of the puzzle but it seems to be effective, which is all that matters to the attackers. Going strictly by the publicly known technical details, we don’t see enough evidence that would categorize this operation as something only a nation-state sponsored actor could pull off."

More "evidence" offered in support of the "Iran-did-it" theory is that these attacks did not garner any information: no data systems were breached. It was, in short, pure cyber-malice directed at American banks. If this is supposed to somehow prove the Iranians are the culprits, then it is weak tea indeed: because there are any number of groups who hate American bankers, including, I would venture, the vast majority of the American people. These DDOS attacks seem more like the sort of thing we might expect from a group like "Anonymous" than from a state actor such as Iran.

Of course, the paucity of evidence didn’t stop Sen. Joe Lieberman from declaring:

"I don’t believe these were just hackers who were skilled enough to cause disruption of the websites. I think this was done by Iran … and I believe it was a response to the increasingly strong economic sanctions that the United States and our European allies have put on Iranian financial institutions."

As is the case with Iran’s alleged nuclear weapons program, which our own spooks have said does not presently exist, the technical details are obscure to most of us, and therefore this realm is given over to "experts," both real and imagined. To Sen. Lieberman and all too many in the media, it’s just a matter of picking and choosing your "experts," and making the "facts" fit your preconceived notions.

Aside from ginning up conflict with the War Party’s chosen targets, the whole cyber-war scare-mongering campaign, whether the alleged "threat" is said to be emanating from China, Iran, or wherever, is also very convenient for proponents of Internet regulation who want to install back doors on every web site, and every software system, so the feds can "trace" these alleged "cyber-terrorists." It is, in short, a scam, part and parcel of a political campaign to rein in the wild and wooly – and largely unregulated – Internet, and make it more amenable to the interests of our wise rulers.

The mystification of science, and the culture of "expertise," has greatly aided the War Party in their propaganda efforts. Instead of making up stories about babies being bayoneted in their cribs – although there is still some of that – we are given mind-numbingly technical explanations that point to purported acts of "cyber-terrorism" carried out by China, Iran, or the villain-of-the-moment. Except that the supposed "evidence" turns out to based on non-credible assumptions and faulty technical analysis.

Remember, we’ve been through this sort of thing before: all the "intelligence" supposedly pointed to the irrefutable "fact" that Iraq

"weapons of mass destruction," which it was about to launch against its neighbors. That turned out to be a lie. Much of this baloney came wrapped up in impressive-sounding technical jargon, and was validated by the media’s chosen "experts."

Has anybody learned anything from that experience? I’m thinking in particular of the members of the Fourth Estate, otherwise known as "journalists." The answer, unfortunately, seems to be no.

Edited March 2, 2013 by Steven Gaal