May 22, 2020

Swiss intelligence agency admits to CIA and MI6 that its counter-terrorism data has been stolen

(LiveHacking.Com) –  It looks like the Swiss intelligence agency (NDB) has suffered a massive theft of data relating to counter-terrorism. Since this data was shared with the Swiss by foreign governments it means that the information could be potentially harmful for many of the world’s intelligence services including those in the USA and UK.

Covert organizations like the U.S. Central Intelligence Agency and Britain’s Secret Intelligence Service (MI6) have routinely given the Swiss access to counter-terrorism data as well as other spy data. As a result the United States and Britain were among those who were warned that the data could have been put in jeopardy,

The theft is purported to have been made by a senior IT technician for the NDB. He was arrested last summer and then later released while an investigation was conducted. It is thought he intended to sell the stolen data to foreign officials or commercial buyers. Having become disgruntled at his job, it is alleged that he downloaded terabytes of data onto portable hard drives and then walked out with the devices in a backpack.

Although the Swiss authorities seized the portable drives with the stolen data when the rogue administrator was arrested and although they believe that they retrieved the drives before he had an opportunity to sell anything, the Swiss can’t be 100% sure that he didn’t pass on any of the information before his arrest. That is why they were obliged to notify their foreign intelligence partners about the compromise.

In the months running up to his arrest the employee did display some classic warning signs that should have been spotted earlier. At one point the man stopped showing up for work all together. However the NDB didn’t know that something was wrong until UBS, the largest Swiss bank, flagged a potentially suspicious attempt to open a new numbered bank account. The account was traced to the technician.

US Air Force Makes Statement About Drone Malware Infection

In a rare move, the US Air Force has made a public statement about the keylogger malware which was rumoured to have infected the consoles used to fly the unmanned Predator and Reaper drones. The statement was issued to correct recent reporting that the malware detected on stand-alone systems on Creech Air Force Base, Nevada had affected drone operations.

According to the statement the Air Force first detected the malware on 15 September. It was found on a portable hard drives used for transferring information between systems. Subsquetnly it was isolated and forensic investigation was started to track the origin of the malware and clean the infected systems.

“It’s standard policy not to discuss the operational status of our forces,” said Colonel Kathleen Cook, spokesperson for Air Force Space Command. “However, we felt it important to declassify portions of the information associated with this event to ensure the public understands that the detected and quarantined virus posed no threat to our operational mission and that control of our remotely piloted aircraft was never in question.”

The malware, which was detected on a Windows machine, in the end turned out to be a credential stealer for Mafia Wars, not a keylogger.

The infected computers were part of the ground control system that supports RPA operations. The ground system is separate from the flight control system Air Force pilots use to fly the aircraft remotely; the ability of the RPA pilots to safely fly these aircraft remained secure throughout the incident.

Keylogger Virus Infects US Military Drones

(LiveHacking.Com) – Computers controlling American military Predator and Reaper drones have been infected with a keylogger that tracks pilots’ keystrokes as they remotely fly the unmanned machines around the world, according to Wired. And despite their best efforts to remove it, the virus is remaining persistent.

According to a the mole who leaked the information, the malware was detected about two weeks ago but no classified information has been stolen or lost.

“We keep wiping it off, and it keeps coming back,” said a source familiar with the situation. “We think it’s benign. But we just don’t know.”

The drones are unmanned aerial vehicles used primarily by the United States Air Force and the CIA. Along with cameras and other sensors they can carry fire Hellfire missiles.

The virus was found in the consoles that are used to fly the drones at the Creech Air Force Base, Nevada. Each drone is controlled by a pilot using computers with video feeds and a joystick.

According to Sophos, the chances are that the malware is just a common keylogging Trojan horse, designed to steal banking information, that as somehow made its way onto these systems.

“But if they are having problems keeping their systems malware-free, and have not identified the infection accurately, they should presume that it is more serious instead.”