Source: Justice Dept. investigates former vice chairman of Joint Chiefs of Staff
By Barbara Starr
The former vice chairman of the U.S. Joint Chiefs of Staff is under investigation by the Justice Department regarding material in a book by David Sanger, a correspondent for The New York Times, a source directly familiar with the situation said Thursday.
The source could not confirm that the investigation involving Retired Marine Gen. James Cartwright is specifically about the Stuxnet computer virus, which Sanger writes about in his 2013 book "Confront and Conceal: Obama's Secret Wars and Surprising Use of American Power."
NBC News reported Thursday, citing legal sources, that Cartwright has been told he's under investigation for allegedly leaking classified information about Stuxnet, a complex virus that infected computers in Iranian nuclear facilities in 2010.
That leak was one of a series of national security-related leaks last year and had details of how the United States and Israel were behind the Stuxnet attack.
FULL STORYHackers appear to probe U.S. energy infrastructure, suspicions about Iran
By Chris Lawrence
The United States is investigating "a string of malicious" cyber incidents that appear to be focused on probing energy infrastructure, a U.S. official familiar with the latest intelligence tells CNN.
The official, who spoke anonymously due to the sensitivity of the information, said the suspected hacking did not appear to be intended to steal trade secrets or exploit technology for commercial reasons. It appeared to be aimed at identifying weaknesses in fuel and electrical systems in the United States.
While the official did not identify any suspected origins of the apparent hacking, a U.S. lawmaker raised suspicions about Iran.
The United States has over the past year become more concerned about Iran and cyber security.
Iran claims nuclear sabotage
Iran's atomic energy organization is warning against "terrorists" and "saboteurs" that are trying to damage Iran's nuclear program. This time it was the power lines leading to its heavily-fortified nuclear enrichment facility – at Fordo – that came under attack, according to Iran.
Republicans demand (again) special investigator to investigate leaks
By Pam Benson
A group of Republican senators continued to fire away Tuesday at the Obama administration for its failure to appoint a special counsel to investigate leaks of classified information.
Sen. John McCain, R-Arizona, once again led the charge at a Capitol Hill news conference, criticizing Attorney General Eric Holder for his decision to appoint two Justice Department prosecutors to investigate the recent leaks to the media.
"To think that two people appointed prosecutors from Mr. Holder's office, overseen by Mr. Holder, is also offensive," McCain said. "We need a special counsel. We need someone who the American people can trust and we need to stop the leaks that are endangering the lives of those men and women who are serving our country."
Holder responded to the accusations at a June 12 congressional hearing. He said the Justice Department and the FBI are keeping a careful eye on any potential conflict of interest, but said of the prosecutors, "We have people who have shown independence, an ability to be thorough, and who have the guts to ask tough questions. And the charge that I've given them is to follow the leads wherever they are ... wherever it is in the executive branch or some other component of government."
FIRST ON CNN: Intel chief rolls out new measures aimed at plugging leaks
By Suzanne Kelly
Director of National Intelligence James Clapper is rolling out new measures Monday aimed at ending what recently has been a spate of leaks regarding classified programs and operations.
Among Clapper's recommendations, to be instituted across the 16 intelligence agencies, are an enhanced counterintelligence polygraph test for employees who have access to classified information, and the establishment of a task force of intelligence community inspectors general that will have the ability to conduct independent investigations across agencies in coordination with the Office of the National Counterintelligence Executive.
Clapper has also called for a review of current policies that relate to interaction with members of the media, and how that interaction must be reported.
The new question that will be added to the current counterintelligence polygraph test - which intelligence community employees who handle classified information are required to take - will specifically ask whether the employee has disclosed classified information to a member of the media.
Doing battle in cyber
It's the largest, most extensive cyber espionage tool to date.
Researchers say the computer virus dubbed Flame stole secrets on Iran's nuclear program and it likely went on for years, discovered only after a cyberattack on Iran's oil infrastructure.
Now The Washington Post cites "western officials with knowledge of the effort" as saying Flame was jointly-developed between the United States and Israel.
Intelligence Correspondent Suzanne Kelly reports on U.S. strategy in going to battle in cyberspace.
Feinstein: "Avalanche of leaks"
by Suzanne Kelly
As lawmakers call for formal investigations into the sources of recent leaks that have divulged details of highly classified national security programs, Sen. Dianne Feinstein is looking to the Intelligence Authorization Bill as a way to make people who leak such information more accountable.
In an interview with Wolf Blitzer on the Situation Room, Feinstein said, "I think what we're seeing, Wolf, is an avalanche of leaks and it is very, very disturbing. It's dismayed our allies. It puts American lives in jeopardy. It puts our nation's security in jeopardy."
Ranking members of both the Senate and House Intelligence Committees have joined Feinstein, D-California, in her calls for adding provisions that would require that lawmakers be notified in a more timely fashion when authorized disclosures are made, and for individuals to report the rationale behind those decisions. Other provisions are expected to call for more robust investigations of unauthorized disclosures of information and are expected to ask for additional authorities that would make it easier to drill down on the source of leaks and then prosecute those found to be responsible.
Government employees with access to highly classified information are violating federal laws and nondisclosure agreements if they pass classified information to persons who have not been cleared to receive it.
The Senate Intelligence Committee is expected to add the leak provisions when it takes up the FY13 intelligence authorization bill later this month. The plan is for the full Senate to vote on the measure before the summer recess. Although the House has already passed a version of the bill without the leak provisions, they would likely be added during a conference with the Senate.
CNN's Pam Benson contributed to this report
Flame malware: Does bigger mean better?
Editors Note: James Lewis is a Senior fellow and Director of the Technology and Public Policy Program at the Center for Strategic and International Studies. He offers this commentary on Flame, a recently discovered malware program infecting computer systems in Iran and elsewhere.
By James Lewis, Special to CNN
Is it wrong to be blasé about the most frightening malware ever invented? Some people worry that Flame is "bigger" than Stuxnet, weighing in at 20 megabytes. Flame is "bigger" than Stuxnet, but size and sophistication aren't the same.
Let's look at some of the tricks Flame uses. Recording keystrokes (a "keylogger") is about 20 years old. Turning on the microphone of your computer is also mid-90s (turning on the camera is more recent, but also not news). The same is true for taking screen shots of your e-mail. You can buy some of these features on the black market. This is not cutting-edge stuff - somebody cobbled together existing exploits into a big package.
Flame raises the cyberwar stakes
The "Flame" virus, the most complex computer bug ever discovered, has been lurking for years inside Iranian government computers, spying on the country's officials.
In a statement posted on its website on Monday, the Iranian National Computer Emergency Response Team (CERT) said it discovered Flame after "multiple investigations" over the past few months.
The Iranian CERT team said it believes there is a "close relation" between Flame two previous cyber attacks on Iran, known as the Stuxnet and Duqu computer worms. Stuxnet is widely believed to have been launched by either the U.S. or Israel (or both countries).
This isn't traditional war. The Internet has leveled the playing field, allowing governments that would never launch military attacks on one another to target one another in cyberspace.
"In warfare, when a bomb goes off it detonates; in cyberwarfare, malware keeps going and gets proliferated," said Roger Cressey, senior vice president at security consultancy Booz Allen Hamilton, at a Bloomberg cybersecurity conference held in New York last month.
"Once a piece of malware is launched in wild, what happens to that code and its capability?" he added. "Things like Stuxnet are being reverse-engineered."
Russian lab discovers sophisticated malware spy tool
A Russian lab has discovered a malware program so sophisticated that some are referring to it as ushering in a new era of cyber espionage. CNN's Suzanne Kelly explains the threat.
@natlsecuritycnn on Twitter
