Assassinations of Russians, a Trend or Long Game?

A registry of foreign agents to Russia, compiled by the Justice Department, includes many of Washington’s most powerful legal, communications and lobbying firms, including Sidley Austin, Venable, APCO and White & Case. A review of those records, by the Center for Responsive Politics, found 279 registrations of Russian agents in the United States. More here.

***

“Putin’s inner circle is already subject to personal U.S. sanctions, imposed over Russia’s 2014 annexation of Ukraine’s’ Crimea region,” the Reuters news agency points out. … “But the so-called ‘oligarchs’ list’ that was released on Tuesday … covers many
people beyond Putin’s circle and reaches deep into Russia’s business elite.”

Prime Minister Dmitry Medvedev is among the 114 senior political figures in Russia’s government who made the list, along with 42 of Putin’s aides, Cabinet ministers such as Foreign Minister Sergey Lavrov, and top officials in Russia’s leading spy agencies, the FSB and GRU. The CEOs of major state-owned companies, including energy giant Rosneft and Sberbank, are also on the list.

So are 96 wealthy Russians deemed “oligarchs” by the Treasury Department, which said each is believed to have assets totaling $1 billion or more. Some are the most famous of wealthy Russians, among them tycoons Roman Abramovich and Mikhail Prokhorov, who challenged Putin in the 2012 election. Aluminum magnate Oleg Deripaska, a figure in the Russia investigation over his ties to former Trump campaign chairman Paul Manafort, is included.

Russian Deputy Prime Minister Arkady Dvorkovich dismissed the list as simply a “who’s who” of Russian politics. He told Russian news agencies Tuesday he wasn’t surprised to find his name on the list, too, saying that it “looks like a ‘who’s who’ book.” Dvorkovich stopped short of saying how Russia would react to it, saying the Kremlin would “monitor the situation.” More here.

*** So when there are murder cases of Russian asylees in Britain, what are the agencies in the United States thinking?

Putin foe shot dead on Moscow street | New York Post photo

photo

Litvinenko: Not first Putin critic to end up dead - CNN.com photo

Well there was Mikhail Lesin, a former friend of Putin found dead in his hotel in Dupont Circle, Washington DC. Then there was Operation Ghost Stories, the massive spy swap.

Imagine what the context and case reference is for the FBI when it comes to Russian operations in the United States and in allied countries.Or how many planes have been shot out of the sky where clues and evidence point to Russia? More explained in video below.

Beyond the attempted assassination of Skripal and his daughter in Salisbury two weeks ago, there was yet another confirmed death.

Whoever is behind the murder of a prominent Russian exile, who believed he was on a Kremlin hit list, managed to get inside his home without breaking in, police believe.

Nikolai Glushkov, 68, was found dead at home last week at his home in southwest London, and officers are now hunting for the culprits. His official cause of death is “compression to the neck.”

Before his death, Glushkov warned that a close friend of his had been murdered, and that he would be next.

In a Monday morning update on the investigation, the Metropolitan Police said they examined Glushkov’s house and found no signs of forced entry.

*** How bad is this trend?

Genocide of White Farmers in S. Africa

A White Farmer Is Killed Every Five Days in South Africa and Authorities Do Nothing about It, Activists Say

*** The world is silent on this….question is why?

In 2017:

The couple, who had lived in the area for 20 years, were tied up, stabbed, and tortured with a blowtorch for several hours. The masked men stuffed a plastic bag down Mrs Howarth’s throat, and attempted to strangle her husband with a bag around his neck.

The couple were bundled into their own truck, still in their pyjamas, and driven to a roadside where they were shot. Mrs Howarth, 64, a former pharmaceutical company executive, was shot twice in the head. Mr Lynn, 66, was shot in the neck.

Miraculously he survived, and managed to flag down a passer-by early on Sunday morning. Mrs Howarth, who police said was “unrecognisable” from her injuries, had multiple skull fractures, gunshot wounds and “horrific” burns to her breasts.

“Sue was discovered amongst some trees, lying in a ditch,” writes Jana Boshoff, reporter for the local Middelburg Observer newspaper. “Her rescuers managed to find her by following her groans of pain and then noticing drag marks from the road into the field.

In any other country, such a crime would be almost unthinkable. But in South Africa, these kinds of farm attacks are happening nearly every day. This year so far, there have been more than 70 attacks and around 25 murders in similar attacks on white farmers.

Earlier this month, for example, 64-year-old Nicci Simpson was tortured with a power drill during an attack involving three men at her home on a farm in the Vaal area, about two hours drive from Johannesburg.

When paramedics arrived, they found three dead dogs, and the woman lying in a pool of blood, spokesman Russel Meiring told News24. “They used a drill to torture her,” police spokesman Lungelo Dlamini said.

Read more here.

Citigroup Pentagon Payment Portal 1.3 Million Weekend Hack Attempts

There are 47 pages of regulations for Department of Defense personnel using Citigroup credit cards while traveling.

Pentagon confirms hack attempt against Defense Department credit card holders

  • The Pentagon on Thursday confirmed that there was a hacking attempt against an online financial services portal that Citigroup manages for the Defense Department.
  • Citigroup had told CNBC that a “malicious actor” attempted to gain access to several Citi credit card accounts tied to the Department of Defense.
  • The attack, which included 1.3 million attempts, occurred over this past weekend.

The Pentagon on Thursday confirmed that there was a hacking attempt this past weekend against an online financial services portal that Citigroup manages for Defense Department credit card holders.

The confirmation comes a day after Citigroup told CNBC that a “malicious actor” attempted to gain access to information for Pentagon-linked credit card accounts.

The bank had responded to CNBC’s inquiry regarding an attempted hack this past weekend. The Pentagon, citing information from Citigroup, confirmed to CNBC on Thursday that there was an attack over the weekend of March 10.

Pentagon Paying For Transgender Soldier's - One News Page ...

The bank told the Defense Department that the attack came from a computer system that was randomly guessing cardholder account usernames and passwords.

The program hit Citigroup’s Pentagon online account application more than 1.3 million times. The hackers did successfully guess 318 Pentagon cardholders’ usernames and passwords, but they did not get past a secondary layer of account authentication.

“No data compromise occurred,” Citi told the Pentagon.

Citi provides financial services for the Government Travel Charge Card, or GTCC, which is used by Department of Defense personnel to pay for authorized expenses when on official travel.

CitiManager is the online portal used by the Defense Department to view statements online, make payments and confirm account balances.

The Pentagon’s Defense Travel Management Office oversees the processing of the GTCC.

*** Back in 2016, there was a hacker contest held by the Pentagon under Secretary Ash Carter….guess they missed that payment portal vulnerability possibility.

When the Pentagon announced the “Hack the Pentagon” event back in March, many wondered what kinds of vulnerabilities hackers would find when checking government websites for bugs. Now we know.

According to Defense Secretary Ash Carter, more than 250 participants out of the 1,400 submitted at least one vulnerability report, with 138 of those vulnerabilities determined to be “legitimate, unique and eligible for a bounty,” he said. The bounties ranged per person from $100 to around $15,000 if someone submitted multiple bugs.

The pilot program, which ran from April 18 to May 12, cost about $150,000, with around half of that going to participants. The results were released on Friday, according to the Department of Defense’s website.

“Hack the Pentagon” was deemed a cost-effective way to scour five of the US defense departments’ websites (defense.gov, dodlive.mil, dvidshub.net, myafn.net and dimoc.mil, according to a DoD spokesman) for security bugs. Instead of going to outside security firms, which would’ve cost upwards of $1 million, the government instead recruited amateur hackers to do it for much less, some who were only in high school.

In addition to reporting on the number of bugs, Carter also said that the government has worked with HackerOne, a bug bounty platform, to fix the vulnerabilities and that the department has “built stronger bridges to innovative citizens who want to make a difference to our defense mission.” Carter wants the “bug bounty” program to extend to other areas of the government and wants to ensure that hackers and researchers can report bugs without a dedicated program.

“When it comes to information and technology, the defense establishment usually relies on closed systems,” he said. “But the more friendly eyes we have on some of our systems and websites, the more gaps we can find, the more vulnerabilities we can fix, and the greater security we can provide to our warfighters.”

Many website already have bug bounty programs in place, but it was the first time the federal government had come up with such a program. It’s good experience for young hackers and security fiends who want to try and hack a government agency, although that’s a small amount of money for their time.

4 Days of Food Left…Panic? National Grid Hacked

If there is no transportation, there is no food, medicine or basic supplies….what country is ready to deal with this?

British cities would be uninhabitable within days and the country is only a few meals from anarchy if the National Grid was taken down in a cyber attack or solar storm, disaster and security experts have warned.

Modern life is so reliant on electricity that a prolonged blackout would quickly lead to a loss of water, fuel, banking, transport and communications that would leave the country “in the Stone Age”.

Russia plot to cut off UK with hackers taking down ... photo

The warning comes weeks after the Defence Secretary, Gavin Williamson, said Russia had been spying on the UK’s energy infrastructure and could cause “thousands and thousands and thousands” of deaths if it crippled the power supply.

***

The U.S. government has just released an important cybersecurity alert that confirms Russian government cyberattacks targeting energy and other critical infrastructure sectors in the United States.

While there has recently been a significant rise in cyberattacks in these industries, up to now we’ve only been able to speculate on who the actors are, or what their motives may be. In this case the threat actor and their strategic intent has been clearly confirmed, something the U.S. government rarely does publicly.

In addition, the US-CERT alert provides descriptions of each stage of the attack, detailed indicators of compromise (IOCs), and a long list of detection and prevention measures. Many of the attack tactics are like Dragonfly 2.0, so much so that one might call this an expanded playbook for Dragonfly. The Nozomi Networks solution ships today with an analysis toolkit that identifies the presence of Dragonfly 2.0 IOCs.

This article is intended to help you gain perspective on this recent alert, provide additional guidance on what security measures to take, and describe how the Nozomi Networks solution can help.

Russian-Cyberattacks-on-Infrastructure

U.S. energy facilities, like this one, are one of the critical infrastructure targets of the Russian cyberattacks.

Multi-Stage Campaigns Provide Opportunities for Early Detection

The US-CERT alert characterizes this attack as a multi-stage cyber intrusion campaign where Russian cyber actors conducted spear phishing and gained remote access into targeted industrial networks. After obtaining access, the threat vectors conducted network reconnaissance, moved laterally, and collected information pertaining to Industrial Control Systems (ICS).

This pattern of behavior is typical of APTs (Advanced Persistent Threats). APTs occur over an extended period, meaning there is an opportunity to detect and stop them before damage is done. With the right technology monitoring the industrial network, it is much harder for them to go unobserved before their final attack.

In this case the Russian cyberattacks started by infecting staging targets, which are peripheral organizations, such as trusted third-party suppliers, as pivot points for attacking the final intended targets.

The attackers used a multitude of tactics involving information relevant to industrial control professionals for initial infection of the staging targets. Examples include:

  • Altering trade publication websites
  • Sending emails containing resumes for ICS personnel as infected Microsoft Word attachments
  • Analyzing publicly available photos that inadvertently contained information about industrial systems

The credentials of staging targets’ staff were in turn used to send spear phishing emails to the staff of the intended targets. They received malicious .docx files, which communicated with a command and control (C2) server to steal their credentials.

The SMB (Server Message Block) network protocol was used throughout the spear phishing phases to communicate with external servers, as was described for the Dragonfly 2.0 attacks.This is a distinctive tactic. SMB is usually only used to communicate within LANs, not for outbound communications. Now that this is known, asset owners should ensure their firewalls are locked down for outbound service restrictions.

The credentials of the intended targets were used to access victim’s networks. From there, the malware established multiple local administrator accounts, each with a specific purpose. The goals ranged from creation of additional accounts to cleanup activity. For the report, click here.

***

What Is Known

Forensic analysis shows that the threat actors sought information on network and organizational design and control system capabilities within the organization. In one instance, the report says, the threat actors downloaded a small photo from a publicly accessible human resource page, which, when expanded, was a high-resolution photo that displayed control systems equipment models and status information in the background. The threat actors also compromised third-party suppliers to download source code for several intended targets’ websites. They also attempted to remotely access corporate web-based email and virtual private network (VPN) connections.

Once inside the intended target’s network, the threat actors used privileged credentials to access domain controllers via remote desktop protocols (RDP) and then used the batch scripts to enumerate hosts and users, as well as to capture screenshots of systems across the network.

The threat is inside. US-CERT on March 15 warned that threat actors associated with the Russian government had infiltrated ICS and SCADA systems at power plants using a variety of tactics. This image is a DHS reconstruction of a screenshot fragment of a human machine interface (HMI) that the threat actors accessed. Source: US-CERT

The threat is inside. US-CERT on March 15 warned that threat actors associated with the Russian government had infiltrated ICS and SCADA systems at power plants using a variety of tactics. This image is a DHS reconstruction of a screenshot fragment of a human machine interface (HMI) that the threat actors accessed. Source: US-CERT

Along with publishing an extensive list of indicators of compromise, the DHS and FBI recommended that network administrators review IP addresses, domain names, file hashes, network signatures, and a consolidated set of YARA rules for malware associated with the intrusion authored by the National Cybersecurity and Communications Integration Center. YARA is an open-source and multiplatform tool that provides a mechanism to exploit code similarities between malware samples within a family.

Facebook, Artificial Intelligence Op, Manipulating You

Is any of this illegal? Well, yet to be determined because no one asks the questions, much less do we know what questions to ask….

It boils down to this: ‘facts don’t matter, it is what readers believe’ or as is in A Few Good Men, a dream world is it does not matter what I believe, it matters what I can prove. Artificial intelligence is proven, believed and kinda sorta factual?

photo

Facebook says it has saved more than $2 billion from its investments in Open Compute. But five years is an eternity on the Internet, and now every big tech company is out to conquer a different problem. Serving up content cheaply can be done, but figuring out what kind of content to serve among billions of posts is still a challenge. So, just as Facebook set out to rebuild the hardware industry half a decade ago with the Open Compute project, it has more recently created an internal platform to harness artificial intelligence so it can deliver exactly the content you want to see. And it wants to build this “machine learning” platform to scale. (“Machine learning” is a form of artificial intelligence that allows computers to learn how to operate without being pre-programmed.) “We’re trying to build more than 1.5 billion AI agents—one for every person who uses Facebook or any of its products,” says Joaquin Candela, the head of the newly created Applied Machine Learning group. “So how the hell do you do that?”

FBLearner Flow combines several machine-learning models to process several billion data points, drawn from the activity of the site’s 1.5 billion users, and forms predictions about thousands of things: which user is in a photograph, which message is likely to be spam. The algorithms created from FBLearner Flow’s models help define what content appears in your News Feed and what advertisements you see.

It would be easy to jump to the conclusion that Facebook’s use of artificial intelligence will help eliminate some of the company’s 13,000 employees. The reality couldn’t be more different, says chief technology officer Mike Schroepfer. AI is helping Facebook augment the capabilities of its human engineers. “We’re able to do things that we have not able to do before,” he says. More here.

***

Stop clicking the bait on Facebook, you are participating in psychometic testing for Facebook.

Predicting individual traits and attributes based on various cues, such as samples of written text (8), answers to a psychometric test (9), or the appearance of spaces people inhabit (10), has a long history. Human migration to digital environment renders it possible to base such predictions on digital records of human behavior. It has been shown that age, gender, occupation, education level, and even personality can be predicted from people’s Web site browsing logs (1115). Similarly, it has been shown that personality can be predicted based on the contents of personal Web sites (16), music collections (17), properties of Facebook or Twitter profiles such as the number of friends or the density of friendship networks (1821), or language used by their users (22). Furthermore, location within a friendship network at Facebook was shown to be predictive of sexual orientation (23).

This study demonstrates the degree to which relatively basic digital records of human behavior can be used to automatically and accurately estimate a wide range of personal attributes that people would typically assume to be private. The study is based on Facebook Likes, a mechanism used by Facebook users to express their positive association with (or “Like”) online content, such as photos, friends’ status updates, Facebook pages of products, sports, musicians, books, restaurants, or popular Web sites. Likes represent a very generic class of digital records, similar to Web search queries, Web browsing histories, and credit card purchases. For example, observing users’ Likes related to music provides similar information to observing records of songs listened to online, songs and artists searched for using a Web search engine, or subscriptions to related Twitter channels. In contrast to these other sources of information, Facebook Likes are unusual in that they are currently publicly available by default. However, those other digital records are still available to numerous parties (e.g., governments, developers of Web browsers, search engines, or Facebook applications), and, hence, similar predictions are unlikely to be limited to the Facebook environment. More here.

***

Everything you need to know about Facebook and Cambridge ... photo

So why does Facebook feel like it is a victim of Cambridge Analytica? Well it seems Cambridge Analytica was a customer of Facebook and bought customer data for their own use. Facebook feels betrayed but how about that relationship? Facebook censors and mines data for their own political missions and frankly Cambridge Analytica does the same thing. These two companies along with several others and hired outside data and espionage types are changing the whole balance and equilibrium of the globe, question is to what end?

***

The data company that helped push Donald Trump to victory is now hoping it will win two lucrative contracts to boost White House policy messaging and to expand sales for the Trump Organization.

Cambridge Analytica, a data mining firm that uses personality profiling, claims Steve Bannon as a board member, who will soon officially be Mr Trump’s chief strategist.

The firm is backed by billionaire investor Robert Mercer, whose daughter Rebekah sits on the 16-person Trump transition team.

The London-based firm said it has marketing and psychological data on around 230 million Americans, which could help Mr Trump to increase his real estate business, or scope out the policy landscape for his government. More here.

In case you are wondering about global opposition research and affecting power to power with global leaders, check out this video:

Now this cat may appear to be quite an odd whistleblower but….

Christopher Wylie, who worked for data firm Cambridge Analytica, reveals how personal information was taken without authorisation in early 2014 to build a system that could profile individual US voters in order to target them with personalised political advertisements. At the time the company was owned by the hedge fund billionaire Robert Mercer, and headed at the time by Donald Trump’s key adviser, Steve Bannon. Its CEO is Alexander Nix.