Worldwide Threats Briefing: 5 Takeaways, From Russia to China

On Tuesday, the heads of the NSA, CIA, FBI, and ODNI—America's intelligence community brain trust—gathered before members of the Senate Select Committee on Intelligence to discuss various worldwide threats. And while most of the topics were familiar, the hearing also included a few revelatory moments, insights into fears that were either detailed or confirmed.

The following doesn't comprise every single morsel shared by NSA chief Mike Rogers, CIA head Mike Pompeo, FBI director Christopher Wray, and Director of National Intelligence Dan Coats on Tuesday. But it does take a closer look at what keeps US intelligence agencies up at night—and what they're doing about it.

Russia's Not Done Meddling in the US

Coats made clear from the beginning of the hearing that the chaos Russia created during the 2016 election was only the beginning. “Persistent and disruptive cyber operations will continue against the United States and our European allies, using elections as opportunities to undermine democracy, sew discord, and undermine our values,” DNI Coats said during his opening remarks.

"There should be no doubt that Russia perceived its past efforts as successful, and views the 2018 US midterm elections as a potential target for Russian influence operations."

'There should be no doubt that Russia perceived its past efforts as successful.'

Dan Coats, Director of National Intelligence

His intelligence community colleagues, and members of Congress, clearly agreed with that assessment. It's less clear, though, what the country has actually done to mitigate those threats. Asked by senator Kamala Harris whether the intelligence community has any written policy laying out whose responsibility it is to handle the abuse of social media by foreign adversaries, Coats said he was unsure, and would need to get back to her.

Both Coats and Wray agreed social media companies have been increasingly cooperative with intelligence, but senator Warner expressed skepticism that companies like Facebook and Twitter can adequately police themselves. “I think the companies are slow to recognize this threat,” Warner said. “I don’t believe we have a full plan.”

Despite the unanimous agreement by the intelligence officials that Russian interference would continue to be a threat in the 2018 and 2020 elections, senators repeatedly noted that President Trump has made no such acknowledgement. Instead, Trump has often conflated the issues of Russian interference with the investigation into his own campaign’s possible coordination with Russian actors.

“I wish you could persuade the president as a matter of national security to separate these two issues,” said senator Angus King from Maine. “We cannot confront this threat, which is a serious one, with a whole of government response when the leader of the government continues to deny that it exists.”

Russia's Not Done Attacking Ukraine Either

Although not included in his oral testimony, Coats also provided a written “Global Threat Assessment” to Congress. In it, the intelligence community ticks off expected digital threats from North Korean theft to Chinese hacking of defense contractors to Iranian disruptive attacks against Saudi Arabia and Israel.

The document is clear that Russia has been laying the groundwork for similar attacks on American infrastructure, and isn’t stopping now.

Perhaps most disturbing among those is a warning that Russia will continue to escalate its attacks on Ukraine, where it’s been testing critical infrastructure hacking technique that have included the first-ever hacker-induced blackouts. “We expect that Russia will conduct bolder and more disruptive cyber operations during the next year, most likely using new capabilities against Ukraine,” it reads. “The Russian Government is likely to build on the wide range of operations it is already conducting, including disruption of Ukrainian energy distribution networks, hack-and-leak influence operations, distributed denial-of-service attacks, and false flag operations.”

While that might sound like a faraway Ukrainian problem, the document is clear that Russia has been laying the groundwork for similar attacks on American infrastructure, and isn’t stopping now. “In the next year, Russian intelligence and security services will continue to probe US and allied critical infrastructures,” it reads.

Pompeo Alludes to the CIA's Secret Deterrence Plan

Given repeated testimony that Russia will likely attempt to meddle in the 2018 midterm elections and other upcoming democratic NATO elections around the world, some senators pressed the question of how to deter cyberattacks proactively, and how to respond if and when they occur.

"We've had more than a year to get our act together and address the threat posed by Russia and implement a strategy to deter further attacks," Warner said. "I believe we still don't have a comprehensive plan."

Again, many of the senators noted the disparity between Trump's remarks about the Russian threat and the intelligence community's conclusions.

"Has the president directed you and your agency to take specific actions to confront and blunt Russian influence activities that are ongoing?" asked senator Jack Reed of Rhode Island.

"We're taking a lot of specific efforts to blunt Russia," Wray answered. But he added when pressed, "Not as specifically directed by the President."

Some senators also expressed frustration that President Trump did not enact sanctions Congress passed against Russia in response to 2016 election meddling. "There are no repercussions," senator King said, noting that the inaction existed during the Obama Administration as well. "We have no doctrine of deterrence. How are we ever going to get them to stop doing this if all we do is patch our software and try to defend ourselves?"

'It's important that the adversary know it; it is not a requirement that the whole world know it.'

CIA Director Mike Pompeo

But Pompeo offered a soft rebuttal, alluding to retaliatory cyberattacks or other clandestine operations. "While I can’t say much in this setting, I would argue that your statement that we have done nothing does not reflect the responses that, frankly, some of us at this table have engaged in and the United States government has engaged in both during and before this administration," Pompeo said. Though observers widely assume that the US participates in "hacking back," it is rare to hear acknowledgement of these campaigns.

Senator King pressed that "deterrence doesn't work unless the other side knows it." To which Pompeo replied, "It's important that the adversary know it; it is not a requirement that the whole world know it."

Chinese Companies—And Students—May Pose a Risk

Senators on both sides of the aisle showed early anxiety over China's role in the world Tuesday. “I’m not sure in the 240-some-odd year history of this nation we’ve ever faced an adversary to have this scale, scope, and capacity,” said senator Marco Rubio of Florida.

Both Democrat Mark Warner and Republican Tom Cotton expressed fears over the close relationship between Chinese tech companies like Huawei and the Chinese government. In particular, they expressed concerns that this technology could be used for surveillance purposes. During the hearing, Cotton asked the full panel of intelligence experts to raise their hands if they would recommend consumers use products made by Huawei or ZTE, another Chinese telecom giant. None raised their hands.

This mounting pressure on Capitol Hill is already prompting changes in the private sector. Last month, Verizon reportedly decided it would no longer sell Huawei phones—under pressure from the US government—following AT&T’s decision to also pull out of a deal to sell the Chinese company’s new phone.

In a statement, a Huawei spokesperson said the company is "aware of a range of U.S. government activities seemingly aimed at inhibiting Huawei's business in the U.S. market" and that its technology "poses no greater cybersecurity risk" than any other vendor.1

Rubio’s line of inquiry extended beyond business to the world of academia, asking the FBI director Christopher Wray about the “risk posed to US national security by Chinese students, particularly those in advanced programs in science and mathematics.” Wray said that the use of “non-traditional collectors” of intelligence is common in academic settings.

“They’re exploiting the very open research and development environment we have, which we all revere, but they’re taking advantage of it,” Wray said. Even if his comments have a kernel of truth, Wray's comments still amount to a sweeping generalization about students from China, one that could complicate an already fraught period in immigration policy in America.

Pompeo Denies Shadow Brokers Negotiations—And Confirms Them

Pompeo also expressed displeasure with a pair of articles last week that described how the US government attempted to negotiate with Russians in an attempt to buy back highly NSA secret documents and hacking tools obtained by an unknown group calling itself the Shadow Brokers. In response to questions from senator Susan Collins, he called media reports from The New York Times and the Intercept “atrocious, ridiculous, totally inaccurate.”

Pompeo flatly denied that the CIA had offered any money to Russian sources, countering the Times and Intercept accounts that those sources were offered $1 million, and received $100,000, in US government funds as an initial payment. “The Central Intelligence Agency did not provide any resources or money to these individuals who proffered government information, directly or indirectly, at any time,” Pompeo said.

But Pompeo’s denial itself contained confirmations of elements of the story. He argued, for instance, that the agency hadn’t sought any of the compromising information, or “kompromat,” about Russian collusion with Donald Trump that the Russian sources had offered unsolicited—exactly as the articles stated. And he reinforced the articles’ central accounts: That the US government had in fact negotiated to achieve the return of the NSA’s secrets. “The information we were working to try to retrieve might well have been stolen from the US government,” Pompeo said. “It was unrelated to to the issue of kompromat that appears in each of those two articles.”

Andy Greenberg, Issie Lapowsky, and Lily Hay Newman contributed to this report.

1Update: 9:12 AM ET 02/14/2017 This story has been updated to include comment from Huawei.

Threat Level

Read more:

How a 22-Year-Old Discovered the Worst Chip Flaws in History

In 2013, a teenager named Jann Horn attended a reception in Berlin hosted by Chancellor Angela Merkel. He and 64 other young Germans had done well in a government-run competition designed to encourage students to pursue scientific research.

In Horn’s case, it worked. Last summer, as a 22-year-old Google cybersecurity researcher, he was first to report the biggest chip vulnerabilities ever discovered. The industry is still reeling from his findings, and processors will be designed differently from now on. That’s made him a reluctant celebrity, evidenced by the rousing reception and eager questions he received at an industry conference in Zurich last week.

Interviews with Horn and people who know him show how a combination of dogged determination and a powerful mind helped him stumble upon features and flaws that have been around for over a decade but had gone undetected, leaving most personal computers, internet servers and smartphones exposed to potential hacking.

Other researchers who found the same security holes months after Horn are amazed he worked alone. "We were several teams, and we had clues where to start. He was working from scratch," said Daniel Gruss, part of a team at Graz University of Technology in Austria that later uncovered what are now known as Meltdown and Spectre.

Horn wasn’t looking to discover a major vulnerability in the world’s computer chips when, in late April, he began reading Intel Corp. processor manuals that are thousands of pages long. He said he simply wanted to make sure the computer hardware could handle a particularly intensive bit of number-crunching code he’d created.

But Zurich-based Horn works at Project Zero, an elite unit of Alphabet Inc.’s Google, made up of cybersleuths who hunt for "zero day" vulnerabilities, unintended design flaws that can be exploited by hackers to break into computer systems.

Read more: A QuickTake Q&A on the big chip security weakness

So he started looking closely at how chips handle speculative execution — a speed-enhancing technique where the processor tries to guess what part of code it will be required to execute next and starts performing those steps ahead of time — and fetching the required data. Horn said the manuals stated that if the processor guessed wrong, the data from those misguided forays would still be stored in the chip’s memory. Horn realized that, once there, the information might be exposed by a clever hacker.

"At this point, I realized that the code pattern we were working on might potentially leak secret data," Horn said in emailed responses to Bloomberg questions. "I then realized that this could — at least in theory — affect more than just the code snippet we were working on."

That started what he called a "gradual process" of further investigation that led to the vulnerabilities. Horn said he was aware of other research, including from Gruss and the team at Graz, on how tiny differences in the time it takes a processor to retrieve information could let attackers learn where information is stored.

Horn discussed this with another young researcher at Google in Zurich, Felix Wilhelm, who pointed Horn to similar research he and others had done. This led Horn to what he called "a big aha moment." The techniques Wilhelm and others were testing could be "inverted" to force the processor to run new speculative executions that it wouldn’t ordinarily try. This would trick the chip into retrieving specific data that could be accessed by hackers.

Having come across these ways to attack chips, Horn said he consulted with Robert Swiecki, an older Google colleague whose computer he had borrowed to test some of his ideas. Swiecki advised him how best to tell Intel, ARM Holdings Plc. and Advanced Micro Devices Inc. about the flaws, which Horn did on June 1.

That set off a scramble by the world’s largest technology companies to patch the security holes. By early January, when Meltdown and Spectre were announced to the world, most of the credit went to Horn. The official online hub for descriptions and security patches lists more than ten researchers who reported the problems, and Horn is listed on top for both vulnerabilities.

Wolfgang Reinfeldt, Horn’s high school computer-science teacher at the Caecilienschule in the medieval city of Oldenburg about 20 miles from Germany’s north coast, isn’t surprised by his success. “Jann was in my experience always an outstanding mind,” he said. Horn found security problems with the school’s computer network that Reinfeldt admits left him speechless.

As a teenager he excelled at mathematics and physics. To reach the Merkel reception in 2013, he and a school friend conceived a way to control the movement of a double pendulum, a well-known mathematical conundrum. The two wrote software that used sensors to predict the movement, then used magnets to correct any unexpected or undesired movement. The key was to make order out of chaos. The pair placed fifth in the competition that took them to Berlin, but it was an early indicator of Horn’s ability.

Mario Heiderich, founder of Berlin-based cybersecurity consultancy Cure53, first noticed Horn in mid-2014. Not yet 20, Horn had posted intriguing tweets on a way to bypass a key security feature designed to prevent malicious code from infecting a user’s computer. Cure53 had been working on similar methods, so Heiderich shot Horn a message, and before long they were discussing whether Horn would like to join Cure53’s small team.

Heiderich soon discovered that Horn was still an undergraduate at the Ruhr University Bochum, where Heiderich was doing post-doctoral research. Ultimately, he became Horn’s undergraduate thesis supervisor, and Horn signed on at Cure53 as a contractor.

Cybersecurity specialist Bryant Zadegan and Ryan Lester, head of secure messaging startup Cyph, submitted a patent application alongside Horn in 2016. Zadegan had asked Horn, through Cure53, to audit Cyph’s service to check for hacking vulnerabilities. His findings ended up as part of the patent and proved so significant that Zadegan felt Horn more than merited credit as one of the inventors. The tool they built would ensure that, even if Cyph’s main servers were hacked, individual user data were not exposed.

“Jann’s skill set is that he would find an interesting response, some interesting pattern in how the computer works, and he’s just like ‘There’s something weird going on’ and he will dig,” Zadegan said. “That’s the magic of his brain. If something just seems a little bit amiss, he will dig further and find how something works. It’s like finding the glitch in the Matrix.”

Before long, Cure53’s penetration testers were talking about what they called "the Jann effect" — the young hacker consistently came up with extremely creative attacks. Meltdown and Spectre are just two examples of Horn’s brilliance, according to Heiderich. "He’s not a one-hit wonder. This is what he does."

After two years at Cure53 and completing his undergraduate program, Horn was recruited by Google to work on Project Zero. It was a bittersweet day for Heiderich when Horn asked him to write a recommendation letter for the job. "Google was his dream, and we didn’t try to prevent him from going there," he said. "But it was painful to let him go."

Horn is now a star, at least in cybersecurity circles. He received resounding applause from fellow researchers when he presented his Spectre and Meltdown findings to a packed auditorium at a conference in Zurich on Jan. 11, a week after the attacks became public. 

With bowl-cut brown hair, light skin and a thin build, Horn walked his fellow researchers through the theoretical attacks in English with a German accent. He gave little away that wasn’t already known. Horn told the crowd that after informing Intel, he had no contact with the company for months until the chipmaker called him in early December to say other security researchers had also reported the same vulnerabilities. Aaron Stein, a Google spokesman, has a different account though: "Jann and Project Zero were in touch with Intel regularly after Jann reported the issue."

When a fellow researcher asked him about another possible aspect of processor design that might be vulnerable to attack, Horn said, with a brief-but-telling smile: "I’ve been wondering about it but I have not looked into it."

    Read more:

    Australia’s government turns the heat up on encrypted messaging apps

    The Australian government is cracking down on encrypted apps.
    Image: Getty Images

    The jig is up for encrypted messaging, in the eyes of the Australian government.

    Australian Prime Minister Malcolm Turnbull announced Friday morning the government will bring in new laws to force tech companies to hand over data protected by encrypted messaging apps such as WhatsApp, Telegram, and Signal.

    It’s in light of increased use of encryption in cases related to terrorism, drugs trafficking, and paedophilia rings. The Australian Federal Police (AFP) said 65 percent of serious investigations now involve some sort of encryption.

    “At the end of the day, what has happened here is legislation has not yet kept pace with technology,” AFP’s deputy commissioner, Michael Phelan, said during a press conference.

    The new laws will be modelled on the UK’s Investigatory Powers Act, which gives intelligence agencies the power to de-encrypt communications.

    But here’s the problem: Messaging apps like WhatsApp, Telegram and Signal use end-to-end encryption, which means the key to accessing these messages is held by the sender and the receiver, and not by the company.

    So will these companies have to build a backdoor to these encrypted apps, creating a vulnerability that can be taken advantage by hackers with the right tools?

    Well, Turnbull isn’t explicitly asking for a backdoor. Authorities will force companies to give access to these encrypted communications “lawfully” via a warrant or a court order.

    “What we need is the cooperation where we can compel it, but we will need the cooperation from the tech companies to provide access in accordance with the law,” Turnbull said.

    Encryption keys are devised by a mathematical formula. Asked if whether the laws of mathematics would curb the government’s bid to crack end-to-end encryption, Turnbull said Australia’s laws would overrule. No, you read that right.

    “Well, the laws of Australia prevail in Australia, I can assure you of that. The laws of mathematics are very commendable but the only law that applies in Australia is the law of Australia,” he said.

    Given terrorists aren’t just using readily available messaging apps, it remains to be seen how the government’s proposed laws will deal with the problem of the dozens of encryption packages out there.

    It likely won’t work in reality

    Matthew Warren, a cyber security professor at Deakin University, said intelligence agencies will potentially focus their efforts on how they can intercept messages in realtime. But that’s unlikely to work.

    “The problem is if it would work in reality. It would only work if you knew the terrorist target that you were tracking, and actually knew what technologies they were using,” he explained.

    “In order for this to work in realtime it means the intelligence organisations will need access to the encryption keys. Apple and Facebook and WhatsApp aren’t going to do that.”

    Even if certain companies agree to create a backdoor to their apps, Warren said those looking to break the law could simply change to one of the many dozen encrypted apps available on the market.

    Nevertheless, he expects “a number of countries” will look to implement similar legal powers, after a G20 statement on countering terrorism encouraged companies to collaborate with law enforcement on providing “lawful and non-arbitrary access to available information.”

    Facebook and Apple stand firm on encryption

    Following a series of terrorist attacks, Facebook announced it will be using artificial intelligence and employed a team of 150 counterrorism experts to stop terrorist activity on its platform. But it will stop short of weakening encryption for authorities.

    “We appreciate the important work law enforcement does, and we understand their need to carry out investigations,” a Facebook spokesperson said via email.

    “That’s why we already have a protocol in place to respond to requests where we can. At the same time, weakening encrypted systems for them would mean weakening it for everyone.”

    WhatsApp, which Facebook owns, won’t succumb to pressure either. Its co-founder Brian Acton stated in January it will “fight any government request to create a backdoor.”

    Apple wouldn’t comment directly on the Australian government’s pressure on encrypted messaging, but pointed to a statement by CEO Tim Cook in which he said the company will never allow backdoor access to its products to any government agency.

    We’ll find out if the Australian government’s plans hold much if any water, when the legislation is put to the country’s Parliament by the end of the year.

    Read more: