On July 5, Thai police arrested a man in Bangkok named Alexandre Cazes, a 26-year-old Canadian, for running an expansive online criminal bazaar called AlphaBay. Previously only known to law enforcement by his online moniker DeSnake, Cazes reportedly made the mistake of using his personal Hotmail email address to communicate ...

The top U.S. cyber diplomat will no longer have the direct ear of Secretary of State Rex Tillerson. The impending closure of the U.S. State Department’s Office of the Coordinator for Cyber Issues, established under President Barack Obama in 2011, has left some in dismay on how cybersecurity plays into ...

Beset by disruptive digital attacks, espionage, and cyber-enabled influence campaigns intended to sway public opinion, the United States and its allies are looking for ways to stop the onslaught of computer breaches into their systems. Many nations’ security services are bolstering their offensive military cyber capabilities and response frameworks to ...

Time and time again companies, organizations, and government agencies have proven that they can’t completely secure their computer networks from hackers – particularly nation-states with the resources to pursue access persistently. Instead of focusing solely on network defense, the United States can adopt a deterrence strategy that dissuades foreign governments ...

Disruptive and intrusive cyber activity pervades much of modern international relations. The trend towards the jockeying for global influence and geopolitical positioning through cyber means is only going to grow as more countries and non-state actors play out conflicts in the virtual domain. The responsibility for defending U.S. interests from ...

Tradecraft. A term popularized in the novels of John le Carré, but practiced by spies throughout history. Tradecraft includes a number of methodologies, ranging from chalk-marked dead drops, and honey traps, to wiretapping, losing a tail, and safe houses. Spies have to master their craft if they are to be ...

Intelligence officers must often use a false identity – a legend or cover. How has social media and digital technology changed how they create and preserve these cover identities, and what have counterintelligence units traditionally looked for when trying to identify foreign spies? The Cipher Brief’s Levi Maxey spoke with ...

Intelligence officers’ tradecraft is highly guarded for good reason. One of its most important aspects is establishing a cover identity so foreign governments and hostile groups are not aware who is spying on them. The Cipher Brief’s Levi Maxey spoke with Daniel Hoffman, a former CIA station chief, about what ...

Despite the many logistical and operational challenges of a transition, many acknowledge that U.S. Cyber Command must eventually separate from the National Security Agency. According to news reports, the Trump Administration is now finalizing plans to separate Cyber Command from its parent organization, the National Security Agency. While the details ...

Reports of intrusions into industrial control systems (ICS) broke late last week – this time in several U.S. power plants, including the Wolf Creek nuclear facility in Kansas.  The alleged perpetrator? Russia, leading many to compare these incidents to the successful and damaging Russian attacks against the electrical grid in ...

It’s Labor Day, September 4, 2017, and the National Security Agency has just intercepted communications between the senior leadership of the Iranian Revolutionary Guard Corps, the militant purveyors of the 1979 Iranian Revolution, and employees of the Iranian companies ITSecTeam and Mersad. The communications reveal future disruptive cyber attacks against ...

With the advent of digital communications, people thousands of miles apart can engage with each other seamlessly, and businesses can operate at a scale previously unknown, thanks to a burgeoning consumer electronics industry. But not all aspects of this industry are positive. Some contribute to global insecurity and human suffering. ...

Terrorism, political corruption, and human rights violations in sub-Saharan Africa are like any other business: management identifies and provides a needed product or service to willing buyers, thereby generating profits and reinvesting them. In the tragedy currently playing out in the Great Lakes region of Central Africa, especially in the ...

Last February, President Donald Trump issued an Executive Order calling on the Department of Treasury to review the 2010 Dodd-Frank Wall Street Reform and Consumer Protection Act enacted in the wake of the 2008 financial crisis. One Dodd-Frank provision the Trump Administration would like to suspend  is Section 1502, which requires U.S. companies that ...

Few security challenges muddle the distinction between government and business roles as those emanating from cyberspace. National security issues no longer remain solely under the purview of government agencies, and companies continue to find themselves in the sights of foreign adversaries. Moreover, attacks against commercial products have geopolitical ramifications. Software ...

Statecraft and business have always been closely linked, but the advent of digital technology has blurred the roles more than ever. Systems crucial to the economic well-being and national security of the United States rest in the hands of private companies. The two sectors must cooperate by sharing information at ...

The United Kingdom has revamped the way its intelligence agencies collaborate with private industry by establishing a new National Cyber Security Centre that leans towards more open and meaningful exchanges to help secure the country against malicious cyber attacks. The Cipher Brief’s Levi Maxey spoke with Sir David Omand, the ...

Terrorists’ tactics evolve with the times. Just as we have seen an adaption of terrorist methods for sowing fear and distrust, so, too, we have seen their propaganda machines evolve to inspire audiences globally. Gone are the days of printed manifestos, pamphlets, or fuzzy VHS tapes. The internet now facilitates ...

Continuing terror attacks around the world indicate law enforcement and intelligence agencies face difficulty in trying to identify and disrupt the plans of globally disparate and loosely affiliated entities. Terrorist groups have adapted to each step security services take against terror, including the severing of financial lifelines. With growing terrorist ...

Discussion of malicious cyber activity has mainly focused on criminal activity and countries’ intelligence efforts. Entities other than national governments – particularly terrorist groups – seem to be making their way, if slowly, into the cyber realm through hacking and leaking techniques, and commandeering social media sites. Beyond savvy messaging, ...

Today China began enforcing its controversial new Cybersecurity Law, which broadly demands that multinational companies make data accessible to the Chinese government while strengthening the regime's control over content found inappropriate. Such measures have been made under the auspices of bolstering Chinese national security, but could have profoundly negative impacts ...

One of the emerging trends in today’s expanding cyber espionage landscape has been China’s emergence as the leading practitioner of economic cyber espionage. What does the trajectory of Chinese economic espionage look like, and where do we still see barriers to the establishment of effective norms barring the practice before ...

When Beijing got the word that the United States was accelerating the deployment of its Terminal High Altitude Area Defense (THAAD) system to South Korea as a response to North Korea’s latest missile tests, senior Communist Party officials went, no pun intended, ballistic. The official Chinese news agency Xinhua wrote ...

Over the weekend, businesses and critical services like banks, hospitals, telecommunications services and transportation hubs around the world were hit with a cyber attack that locked users out of their own systems using a form of ransomware known as WannaCry. The potential loss of data may lead not only to ...

Who’s to blame for the astonishingly successful ransomware attack sweeping the planet? Microsoft, the information technology giant whose popular Windows operating systems harbored the flaw malicious hackers exploited to paralyze at least 200,000 computers and systems in 150 countries, is pointing the finger at Washington. “Repeatedly, exploits in the hands ...

Friday’s global attack on computers in some 150 countries was clearly a wake-up call. It took government systems offline, affected corporations of all kinds, took critical infrastructure systems out of service and even changed the agenda of the G7 meeting in Italy. But, it was an attack carried out without ...

The National Security Agency recently announced changes to its intelligence collection practices under Section 702 of the Foreign Intelligence Surveillance Act (FISA). The Cipher Brief spoke with Chris Inglis, the former deputy director of the NSA, about what these changes mean, why they might have come about, and how significant ...

The NSA recently said it would stop collecting signals intelligence solely “about” foreign targets by tapping the backbone of the internet resident within the United States. The announcement comes ahead of congressional consideration of the NSA’ s broader authorities outlined in Section 702 of the Foreign Intelligence Surveillance Act (FISA), ...

Ever wonder whether the National Security Agency picked up your text message or email because you mentioned ISIS leader Abu Bakr al Baghdadi to a friend? Claims of privacy infringement on Americans by the National Security Agency have been in headlines for years. Much of the criticism has related to ...

As people’s lives become more attached to the internet, cyber attacks will have more of an impact. One of the most pressing threats is the growth of botnets, or networks of compromised computers that can be leveraged for a variety of nefarious purposes. The Cipher Brief spoke with Omri Iluz, ...

Imagine an army of computers, acting under the instructions of a criminal syndicate, terrorist group, or foreign government. The sheer size of this network of devices augments the computing power of a single hacker, allowing them to coordinate attacks capable of knocking offline crucial websites belonging to banks, social media, ...

With the proliferation of smart devices connected to the public internet the population of botnets – networks of compromised devices that can be leveraged for large-scale cyber attacks – has exploded. The Cipher Brief spoke with Kevin Reid, Vice President of National Security and Chief Information Officer at KeyLogic and ...

In 2010, then-Deputy Secretary of Defense William J. Lynn III made a pivotal decision for the future of cyberspace and the U.S. military: He saw to it that the U.S. Department of Defense declared cyberspace a “domain” of warfare. This decision created the organizational impetus for the DoD to organize ...

The two separate worlds of electronic warfare and cybersecurity are beginning to overlap, if not collide. In the U.S. military, electronic warfare and cyber capabilities live in different military domains, delivered by operators who exist in different military units and who largely grew up in different career fields. The National ...

The isolation of cyber as an entirely independent domain of warfare is both inaccurate and dangerous. Today, the Pentagon faces an essential task, to integrate cyber capabilities with warfighting in the physical world. Cyber capabilities cannot be detached from other domains of warfare, such as electromagnetic, air, land, sea, and ...

A false flag operation – pretending to be someone else while conducting spycraft or warfare – is an age-old tactic. With the advent of cyber espionage and digital warfare, those maneuvering in the virtual domain can use false flags. In the Digital Age, determining the origins of cyber attacks is ...

False flag operations have been routine ploys in espionage and warfare for centuries. Now they have turned up in cyber operations. The Cipher Brief spoke with Tim Maurer, co-director of the Cyber Policy Initiative at the Carnegie Endowment for International Peace, about the history of these subterfuges and how governments ...

How can a government, or a company, determine who launched a cyber attack? Attribution becomes even more difficult when the attackers disguise themselves as others. The Cipher Brief asked Hank Thomas, a partner and Chief Operating Officer at Strategic Cyber Ventures, what so-called false flags in cyberspace look like and ...

Few topics lend themselves to more polemics than government collection and exploitation of zero-day vulnerabilities, or security flaws in commercial software and hardware not yet disclosed to the vendors, to facilitate intelligence gathering efforts. The choices for intelligence agencies are, in short, to either collect and retain zero-day vulnerabilities to ...

With the seemingly constant barrage of leaks revealing the U.S. intelligence community’s hacking capabilities, many are wondering where government draws the line between priorities of intelligence collection versus assisting companies to secure their products in order to keep the digital lives of U.S. citizens and companies secure. The Cipher Brief ...

Wikileaks’ “Vault7” disclosure last month of apparent CIA hacking tools marked the third recent incident in which an inadvertent public release of alleged government hacking techniques has sent the private sector scrambling to protect users. The two others involved a release of alleged NSA tools by group that calls itself ...

China continues to deploy military equipment to contested islands in the South China Sea, raising concerns among regional players and U.S. forces stationed in the Pacific.    A Chinese government strategy document published last month by China’s state-owned news agency Xinhua signals that Beijing is building up its military cyber ...

In September 2015, Chinese President Xi Jinping and President Barack Obama reached an agreement that neither nation would “conduct or knowingly support cyber-enabled theft of intellectual property, including trade secrets or other confidential business information, with the intent of providing competitive advantages to companies or commercial sectors.” Many astute observers ...

China is a burgeoning great power. It is continually figuring out the various dimensions of power – not least of which is power in cyberspace – and putting them to use. Like other great powers dealing in an unknown medium, it is, to quote Deng Xiaoping, crossing the river by ...

Connectivity continues to enmesh businesses, governments, societies and people – a trend that will only accelerate with the growth of public cloud services and devices linked together in the Internet of Things. But some of the most sensitive sectors are attempting to cordon off their networks from the outside. Highly ...

In the world of network security, the term air gap refers to a situation in which the computer network is physically separated from other networks, particularly, less secure and public networks such as the internet. Today, air-gapped networks are widely used in military defense systems, critical infrastructure, the financial sector, ...

An air gap – meaning, a computer without direct network access of any kind – seems like the perfect solution to the gossamer threads of connectivity. You can’t hack something you can’t connect to. But air gapped systems aren’t unhackable. That’s not to say air gaps don’t have their place.  ...

European countries are becoming increasingly wary of foreign disinformation and subversion operations in their own internal politics following Russian interference in last year’s U.S. elections. The small Baltic states of Estonia, Latvia, and Lithuania, however, understand the threat of Russian hybrid warfare – a coordinated mix of conventional military action, ...

Where will Russian President Vladimir Putin strike next? With the 2018 Russian election around the corner, former Soviet states are nervous. Foreign adventures are the quickest way for a politician to get a bump in the polls. What does this mean for cybersecurity? In the internet era, one thing is ...

Russian offensive cyber capabilities are as sophisticated as those of other major cyber powers, such as the United States and China, and they likely exceed Baltic states’ ability to defend critical infrastructures. A successful large-scale cyberattack during peace time, or prior to or in concert with a conventional attack – ...