The Complex

Icefog: The Hacker Crew Trying to Break Into Your Weapons

A new cyber-theft ring from Asia is committing a string of smash and grab-style attacks against suppliers to major military contractors. This isn't just any hacker crew; its targeting of defense subcontractors means it could easily undermine the integrity of the world's weapons.

This new crew, dubbed Icefog by Kaspersky Lab, is small and nimble, and it appears to know exactly what it wants to steal from its victims. Unlike some other advanced hacker outfits that linger on victims' networks for months or years after gaining access, the Icefog crew doesn't stick around waiting to get caught.

"They will infiltrate an organization. They know exactly what they are looking for, pull it out, and as soon as they complete their assignment they move on -- they actually clean things up and move on," said Kurt Baumgartner, a security researcher with Kaspersky, during a speech in Washington today.

Kaspersky researchers think the people behind Icefog are based in China, South Korea, and Japan.

Icefog attacked several hundred victims -- everything from TV stations, satellite operators, maritime logistics firms, communications businesses, defense contractors, and shipbuilders, according to Kaspersky. Most of the victims are in South Korea and Japan, but victims have been found everywhere from China to Belarus. There are also "strong suggestions that there were Western targets, including the U.S.," said Baumgartner.

The crew steals "sensitive documents and company plans, e-mail account credentials, and passwords to access various resources inside and outside the victim's network," reads Kaspersky's press release. "They look for specific filenames, which are quickly identified, and transferred to" Icefog.

Most alarming are the crew's attacks against smaller parts suppliers to major defense contractors. Icefog's hackers could break into the poorly defended network of a defense subcontractor and plant destructive malware inside its products before they are placed in a weapon such as a fighter jet.

This "creates a lot of problems because not only is there potential for economic espionage ... there's the chance for low-scale sabotage with destructive attacks that bring a whole new set of challenges," said Baumgartner.

One South Korean company that Icefog was interested in "provides heads-up displays for F-15s, and they provide radar jamming for F-16s" used by Seoul's air force, said Baumgartner. He would not reveal whether the firm, LIG Nex1, had actually been penetrated by Icefog.

This past July, David Shedd, deputy director of the U.S. Defense Intelligence Agency, warned that foreign intelligence agencies are trying to do exactly that to American military suppliers.

"Our adversaries are very active in trying to introduce material into the supply chain in ways that threaten our security from the standpoint of their abilities to collect [intelligence] and disrupt" U.S. military operations, said Shedd.

Making things worse is that the United States doesn't have a true understanding of how vulnerable its supply chain is to this style of attack.

"I'm generally an optimist, [but] in the supply chain area, I'm very concerned," said Shedd, given that he doesn't truly know the full extent of adversary penetration into DOD weapons systems. "You don't know what you don't know, and the old adage of the weakest link is obviously what we need to be concerned about."

That's exactly the link Icefog is pounding. Baumgartner said the small, well-funded crew of "cyber-mercenaries" develops new attack techniques for each target. This makes Icefog incredibly hard to track since researchers have a hard time connecting individual attacks to one another - before it's too late.

Kaspersky Lab

The Complex

America Is Paying Its Embassy Guards in Kenya a Dollar an Hour

Nairobi sits in one of the world's tougher neighborhoods - that's clear from the recent attack on the Westgate mall. But the security contractor hired by the State Department to keep Americans there safe may not exactly be world-class. The company protecting the U.S. embassy in Nairobi pays its guards as little as a dollar per hour. In fact, those guards were so poorly compensated by their employer, KK Security, that last summer they went on strike.

Who and how America defends its diplomatic posts has become an enormous issue in the year since the assault on the U.S. mission in Benghazi, Libya. The local guard force hired by the American government to protect the place fled during the fighting.  And those guards were paid $4 per hour -- about four times what their counterparts in Kenya are getting.

And while Nairobi is booming economically, it can still be an extremely dangerous place. Western governments have warned of the high risk of terrorist attacks in Kenya for more than a year prior to last weekend's terrorist assault on a Nairobi shopping mall. It was an incident in Kenya by which most Americans first learned of al Qaeda after the organization bombed the U.S. embassy in Nairobi in 1998.

KK Security boasts that it pays Nairobi embassy guards between 25,000 and 150,000 Kenyan shillings per month - the equivalent of $787 to $1,715. That's roughly $9 to $57 U.S. dollars a day for that potentially deadly job.

At the low end, it's roughly the same as what the average Kenyan makes. However, it wasn't enough to keep KK employees from walking off the job last June in a strike that "disrupted security" at the embassy, according to the African news site The People.

The People reports that KK guards' wages were closer to $2 to $4 per day when they went on strike. The firm was also accused of withholding wages that had been agreed to in a labor agreement from the last decade.

"The company owes the employees more than Sh116 [sic] million for the period running from June 1, 2012 to March 1, 2013 alone. Employees currently earn a gross pay of Sh 5,490 per month per guard and the [2005 collective bargaining agreement] was agreed after a lull of 11 years, meaning they have gone 16 years without a wage increase," according to The People.

Other reports quote striking guards as saying they make 14,000 Kenyan shillings, or $160 dollars per month.

KK Security did not respond to requests to comment for this story.  The U.S. State Department's Bureau of Diplomatic Security did not reply to queries about the firm by press time.

KK, formerly known as Kenya Kazi Security, has been paid tens of millions of dollars from the U.S. State Department to provide security to American diplomats in Nairobi over the last decade.

Founded in the 1990s, accodrding to its website, KK bills itself as a one-stop shop for anything security- and safety-related across Central and East Africa. It does everything from guarding U.N. agencies in Tanzania to protecting oil and gas installations on the continent. In addition to providing security guards, KK provides a slew of technologies ranging from biometric identification tools and automatic license plate scanners to software that tracks money being sent around the continent.

The blue chip clients listed on KK's website include the U.S. State Department, the British High Commission, the Canadian government, the EU, the U.N., Sheraton Hotels, Alcatel, Toyota and even Heineken. In 2012, it hired Adam Miller, formerly head of worldwide private security giant G4S's East Africa practice, to serve as its commercial director.

"They have a good reputation and if you talk to Kenyans, they're pretty happy with them in general," said Doug Brooks, a private security consultant with extensive experience in East Africa. "It's a huge company in Kenya . . . and they're pretty dominant in East Africa"

KK also attracts its share of controversy. In May, Bill Lay took over the company's oil and gas division following a two year stint at the Kenyan auto company CMC Holdings, where he "sparked a shareholder war that caused the ouster of a number of directors and strained the company's dealings with key suppliers," according to Business Daily Africa.

The following month, KK's guards at the American embassy went on strike.


KK Security