Gorbachev Warning Cold War, Useful Idiots

The phrase ‘useful idiots’, supposedly Lenin’s, refers to Westerners duped into saying good things about bad regimes.
Vladimir Lenin and Joseph Stalin used the term “polyezniy idiot” or “useful idiot” to describe sympathizers in the West who blindly supported Communist leaders.
The adulation of left-wing dictators and strongmen by Western intellectuals, journalists, and celebrities didn’t begin with Stalin (in 1921 Duranty had hailed Lenin for his “cool, far-sighted, reasoned sense of realities”), and it certainly didn’t end with him. Mona Charen chronicled the phenomenon in her superb 2003 book “Useful Idiots,” which recalls example after jaw-dropping example of American liberals defending, flattering, and excusing the crimes of one Communist ruler and regime after another. Fidel Castro, Ho Chi Minh, Mao Zedong, the Khmer Rouge, Leonid Brezhnev, Kim Il Sung, the Sandinistas: Over and over the pattern was repeated, from the dawn of the Bolshevik Revolution to the collapse of the Iron Curtain — and beyond.
And so now we have a former Russia leader Gorbachev sounding the clarion call to the West, especially Europe that not only are you idiots but you are ‘irrelevant as a global power’, The matter did not begin with Lenin and Stalin and will not end with Putin until it goes far beyond Ukraine and into the Baltics, of which the KGB ‘useful idiot’ program for recruiting and indoctrination is already underway.
By Bettina Borgfeld 
BERLIN (Reuters) – Former Soviet leader Mikhail Gorbachev warned in a speech in Berlin on Saturday that East-West tensions over the Ukraine crisis were threatening to push the world into a new Cold War, 25 years after the fall of the Berlin Wall.

Gorbachev, who is credited with forging a rapprochement with the West that led to the demise of communist regimes across Eastern Europe, accused the West, and the United States in particular, of not fulfilling their promises after 1989.

“The world is on the brink of a new Cold War. Some say that it has already begun,” said Gorbachev, who is feted in Germany for his pivotal role in helping create the conditions for the Berlin Wall’s peaceful opening on Nov. 9, 1989, heralding the end of the Cold War.

“And yet, while the situation is dramatic, we do not see the main international body, the U.N. Security Council, playing any role or taking any concrete action.”

The conflict in eastern Ukraine has killed more than 4,000 people since the start of an uprising by pro-Russian separatists in mid-April.

Russia blames the crisis on Kiev and the West, but NATO says it has overwhelming evidence that Russia has aided the rebels militarily in the conflict.

Gorbachev, 83, also criticized Europe and said it was in danger of becoming irrelevant as a global power.

“Instead of becoming a leader of change in a global world, Europe has turned into an arena of political upheaval, of competition for spheres of influence and finally of military conflict,” he said.

“The consequence inevitably is Europe weakening at a time when other centers of power and influence are gaining momentum. If this continues, Europe will lose a strong voice in global affairs and gradually become irrelevant.”

Speaking at an event at Berlin’s Brandenburg Gate, Gorbachev said the West had exploited Russia’s weakness after the collapse of the Soviet Union in 1991.

“Euphoria and triumphalism went to the heads of Western leaders,” he said. “Taking advantage of Russia’s weakening and the lack of a counterweight, they claimed monopoly leadership and domination of the world, refusing to heed words of caution from many of those present here,” he said.

Gorbachev said the West had made mistakes that upset Russia with the enlargement of NATO, with its actions in the former Yugoslavia, Iraq, Libya and Syria and with plans for a missile defense system.

“To put it metaphorically, a blister has now turned into a bloody, festering wound,” he said. “And who is suffering the most from what’s happening? I think the answer is more than clear: It is Europe.”

(Writing by Erik Kirschbaum; Editing by Rosalind Russell)

By Nicolas Miletitch

Donetsk (Ukraine) (AFP) – Armoured convoys headed to bolster rebel positions in east Ukraine Sunday as shelling rocked separatist stronghold Donetsk and fears mounted of a return to full-scale fighting.

Shelling rumbled on throughout the afternoon on the edge of Donetsk, where government forces regularly exchange heavy fire with insurgent fighters, but was less intense than overnight when mortar fire was heard close to the centre for around two hours, an AFP journalist reported.

It was among the fiercest combat in the city since the September 5 signing of a frequently-violated ceasefire that halted all-out confrontations across most of the conflict zone but failed to end constant bombardments at strategic hotspots.

An AFP crew saw a convoy of 20 military vehicles and 14 howitzer cannons without number plates or markings driving through the rebel town of Makiivka in the direction of the nearby frontline around Donetsk.

The Organisation for Security and Cooperation in Europe (OSCE) voiced concern Saturday after its monitors witnessed unmarked columns of tanks and troop carriers moving through east Ukraine in territory held by pro-Russia separatists.

The sightings of armoured columns came after Ukraine’s military said Friday a large convoy of tanks and other heavy weapons entered the country from Russia across a section of border that has fallen under the control of rebel fighters.

Russia denies being involved in the fighting in the east.

However, it openly gives the rebels political and humanitarian backing and it is not clear how the insurgents could themselves have access to so much sophisticated and well-maintained weaponry.

In March, Russian soldiers without identification markings took over the southern Ukrainian region of Crimea. Moscow annexed the peninsula shortly after.

The OSCE reports from the east came as fears mounted of a total breakdown in the two-month truce, with the war having already killed some 4,000 people, according to UN figures.

Ukraine’s military said Sunday that three servicemen were killed and thirteen injured as shelling hit government positions around the region.

Rebel leader Alexander Zakharchenko risked heavy fire Sunday morning as he toured the insurgents’ forward positions around the ruins of the Donetsk airport, where Ukrainian troops are battling fiercely to maintain a toe-hold, Russian outlet LifeNews reported.

“They continue to bombard our aiport, nothing is changing,” Zakharchenko was filmed as saying.

– Tanks, cannons, tankers –

Unidentified military columns have been seen increasingly by foreign journalists in the east in recent days, and Ukraine’s military on Sunday repeated allegations that Russia is covertly deploying troops to bolster rebels ahead of a fresh offensive.

The OSCE’s statement gives weight to concerns that the stuttering peace process could soon be ditched definitively.

“More than 40 trucks and tankers” were seen driving on a highway on the eastern outskirts of Makiivka, said the OSCE representatives, who are in Ukraine monitoring the ceasefire.

“Of these, 19 were large trucks –- Kamaz type, covered, and without markings or number plates –- each towing a 122mm howitzer and containing personnel in dark green uniforms without insignia. Fifteen were Kraz troop carriers,” the report said.

Separately, the OSCE monitors said they had seen “a convoy of nine tanks moving west, also unmarked” just southwest of Donetsk.

The OSCE said all these forces were on territory controlled by the separatists’ self-declared Donetsk People’s Republic.

The Swiss foreign minister and OSCE chairperson-in-office, Didier Burkhalter, said he was “very concerned about a resurgence of violence in the eastern regions of Ukraine”, and urged all sides to act responsibly.

– New Cold War? –

The conflict has sent relations between Western backers of Ukraine and Russia to their lowest level in decades.

Russian President Vladimir Putin is gearing up for a fraught week of diplomacy with visits to the Asia-Pacific Economic Cooperation summit in Beijing and Group of 20 meeting in Brisbane, Australia, where he looks likely to face a hostile reception from Western leaders.

The last Soviet leader, Mikhail Gorbachev, said the world “is on the brink of a new Cold War” sparked by Ukraine.

“Some are even saying that it has already begun,” Gorbachev said at an event Saturday marking the 25th anniversary of the fall of the Berlin Wall.

Russia’s economy is suffering from European Union and US sanctions imposed in response to Moscow’s support for the separatists.

With Russia welcoming last week’s rebel elections, which were billed as boosting the separatists’ claim to independence, the sanctions look set to remain in place — and possibly be reinforced.

Mexico, a Deadly State

The entire government of Mexico is infiltrated by barbaric drug cartels. We don’t hear much news about Mexico due mostly in part to journalists and media being kidnapped or killed. Mexico is a failed state, it is lawless and the leadership is morally bankrupt. Mexico is gruesome and that must be understood. Where is that ubiquitous United Nations Human Rights Council?

In 2013, the Bodies were headless and buried.

According to Mexico’s Attorney General’s Office, conflict between organized criminal groups has resulted in the beheading of 1,303 people in five years, a grisly tactic becoming the hallmark of the war between the country’s cartels.

El Universal reported that decapitations steadily increased during President Felipe Calderon’s term in office: just 32 beheadings were registered in 2007, while 2011 registered 493 such deaths between January and November.

The count will likely be similarly high for 2012. Last May saw the discovery of 49 headless and dismembered bodies in Nuevo Leon state, attributed to the Zetas, who are closely associated with the tactic.

MEXICO CITY, May 20 (Reuters) – Mexican soldiers have arrested an alleged perpetrator of the massacre of 49 people whose corpses were decapitated, dismembered and dumped on a highway last week.

Daniel Elizondo, alias “The Madman,” a leader of the Zetas drug cartel, was detained in the northern state of Nuevo Leon, a spokesman for the army said Sunday.

The list is long.

But the most recent outrage has sparked protests across Mexico and are calling fro President Nieto to resign over the missing students.

Federal police are investigating a case of 43 missing students last seen being put into police vehicles. Widespread protests have criticized the government’s handling of the case.

Protests occurred Nov. 8 throughout Mexico including the capital and the state of Guerrero. A group in Mexico City broke off from the main protest and tried to storm the ceremonial presidential palace. Hundreds descended on the Guerrero government headquarters, burning several vehicles.

“Ya me canse (I’ve had enough).” Jesus Murillo   

The comments by Murillo Nov. 7 at the end of press conference helped spark protests the next day. #YaMeCanse and #estoycansado were among the most trending Twitter hashtags in Mexico.

 

“We received a group of about 40 people… Some of them were unconscious or already dead.” 

Three suspects confessed to killing the students at a garbage dump in a video released by the attorney general’s office Nov. 7. The suspects said they burned the bodies using tires, logs and gasoline before putting the remains in trash bags and dumping them in a river. Authorities are testing bags they recovered.

Chilling video of gang members confessing to mass murder of missing Mexican students
Tens of thousands of people marched in Mexico City on Nov. 5 in protest of the government's inability to find the missing students 40 days after they were abducted. Some protesters have started to call for Mexican President Enrique Pena Nieto to resign.Copyright 2014 Reuters

Tens of thousands of people marched in Mexico City on Nov. 5 in protest of the government’s inability to find the missing students 40 days after they were abducted. Some protesters have started to call for Mexican President Enrique Pena Nieto to resign.

Iguala, Guerrero, Mexico

The students were last seen Sept. 26 in Iguala, Guerrero, during protests over job discrimination against rural teachers. Police opened fire on their buses. Six people died and more than 20 were wounded. 43 students were taken away, and were last seen being bundled into police vans.

©Mapbox ©OpenStreetMap Improve this map
Mass grave found in Mexican town where 43 students went missing
Mass grave found near Mexico town
Mass graves with charred victims found in southern Mexico
Iguala Mayor Jose Luis Abarca (pictured) and wife Maria de los Angeles Pineda were arrested early Nov. 4 after evading police for weeks. Mexico's attorney general called the pair "the probable masterminds" behind the disappearance of the students. They were found in rented accommodation in Mexico City.Copyright 2014 Reuters

Iguala Mayor Jose Luis Abarca (pictured) and wife Maria de los Angeles Pineda were arrested early Nov. 4 after evading police for weeks. Mexico’s attorney general called the pair “the probable masterminds” behind the disappearance of the students. They were found in rented accommodation in Mexico City.

Mexican mayor, wife arrested in case of missing students
José Ramón Salinas on Twitter: “Confirmada la detención en el DF por Policía Federal de José Luis Abarca y esposa.”

AG Jesus Murillo believes the mayor and his wife gave orders to police the day of the shootings and disappearances. Police shot and killed a student, and detained others before handing them over to the Guerreros Unidos gang, Murillo said. Sidronio Casarrubias, the gang’s leader, was arrested a week earlier.

Guerrero Gov. Angel Aguirre, 58, quit his post through a leave of absence Oct. 23 “to favor the political climate” after outcry over the disappearances and mass graves. He could not resign, according to Mexican law. Guerrero’s Congress elected Rogelio Ortega Oct. 26 to replace him through 2015.

Authorities arrested four suspected members of the Guerreros Unidos gang on Oct. 27. Dozens of police with ties to the gang have also been arrested. Several mass graves have been found in the aftermath of the students’ disappearance, but none contained the remains of the missing young people.

The Mexican government said Oct. 19 that federal police assumed control 13 towns within a 125-mile radius of Iguala, Guerrero. Police departments in those towns are under investigation for the students’ disappearance. The government announced Oct. 20 a reward of $111,000 for information on the students.

Terrorists Among Us

Who is in the United State of America living among us that are tied to terror organizations? ICE along with JTTF did some good work as noted below. However, what is being overlooked or waved off with regard to investigations?

 

ICE deports Afghan doctor with ties to terrorist group

PHILADELPHIA – An Afghan doctor convicted of immigration fraud was deported late Tuesday and turned over to authorities in Kabul, Afghanistan, by U.S. Immigration and Customs Enforcement’s (ICE) Enforcement and Removal Operations (ERO).

Hayatullah Dawari, 62, of Philadelphia was sentenced to two years in federal prison Sept. 19 after an investigation found the man had ties to the Hezb-e-Islami Gulbuddin anti-western insurgent group active in Afghanistan and Pakistan. Dawari pleaded guilty to two counts of immigration fraud, and the judge suspended the sentence in favor of immediate deportation.

Dawari became a lawful permanent resident Nov. 11, 2008, and applied for U.S. citizenship in November 2013. In his plea, he admitted that he lied about his ties to the organization in his application for U.S. citizenship and omitted that he had a previous arrest in Russia in the late 1980s.

“Our county is undoubtedly safer without this man whose ties to potential threats are alarming,” said Philadelphia ERO Field Office Director Tom Decker. “It’s a testament to the diligence of special agents and officers that this man was found out and is now back in the hands of the Afghanistan authorities.”

An investigation by ICE Homeland Security Investigations (HSI), the FBI’s Joint Terrorism Task Force (JTTF) and the Philadelphia Police Department found Dawari still maintained contact with the group’s associates in the United States and Pakistan. HSI and JTTF special agents executed a search warrant at his home in January and seized a book sent from Pakistan that had a secret, coded message glued between two pages.

As part of Dawari’s guilty plea, it required that he would be sentenced to two years in prison but suspended due to an accompanying order requiring his transfer without undue delay into ICE custody for uncontested removal from the United States. He also agreed to relinquish his status as a lawful permanent resident, and he is now rendered permanently inadmissible to the United States.

——–

An Islamic village in Texas is reportedly a “jihadist enclave” and was investigated for possible links to terrorism by the FBI. Ryan Mauro, the journalist who broke the national security story, discussed the information released in FBI declassified during a Fox News interview this morning.

According to Mauro’s research, the Texas Islamic village is operated by the Muslims of the Americas group. The organization has reportedly been linked to Jamaat ul-Fuqra, a radical militant group in Pakistan. Group members are allegedly followers of Sheikh Mubarak Ali Gilani, an allegedly extremist Pakistani cleric.

——-

Several dozen suspected terrorist bomb-makers, including some believed to have targeted American troops, may have mistakenly been allowed to move to the United States as war refugees, according to FBI agents investigating the remnants of roadside bombs recovered from Iraq and Afghanistan.

The discovery in 2009 of two al Qaeda-Iraq terrorists living as refugees in Bowling Green, Kentucky — who later admitted in court that they’d attacked U.S. soldiers in Iraq — prompted the bureau to assign hundreds of specialists to an around-the-clock effort aimed at checking its archive of 100,000 improvised explosive devices collected in the war zones, known as IEDs, for other suspected terrorists’ fingerprints.

——-

A federal grand jury investigation going on all summer in St. Paul, Minnesota has been focused on a group of 20-30 Somali-Americans allegedly conspiring to join the fight with ISIS in Syria. Most of the youths being investigated have been going to the Al Farooq Youth and Family Center and mosque in Bloomington, where sources told the Star Tribune that 31-year-old Amir Meshal, an American of Egyptian descent, may have influenced them to join the jihadist movement.

Just do an internet search for yourself to determine who among us is a terrorist and imagine what we don’t know. The beheading in Moore, Oklahoma is but one of many clues at the risks in America. It is time to truly challenge the FBI and DHS.

Make the Deal with Iran in Spite of Allies

Cast aside allies, Cast aside the truth. Cast aside the potential for a Middle East nuclear arms race. If John Kerry and the White House write letters in secret, ask what other actions have commenced that are secret? We know that Bashir al Assad is relieved that he remains the tyrannical leader of Syria. We know that the Obama administration has fully legitimized Iran on the world stage. We know this is just bad.

Official: Israel independently learned of secret U.S. letter to Iran

Information in Israel’s hands suggests the letter stressed the need to reach a nuclear deal and made clear U.S.-led strikes in Syria aren’t aimed at toppling Assad.

Israel learned independently about the secret letter U.S. President Barack Obama sent to Iranian Supreme Leader Ali Khamenei, according to a Jerusalem official who asked to remain anonymous due to the sensitivity of the matter.

The official said Israel learned about the letter shortly after it was sent. The information arrived indirectly, through channels that are not part of Israel’s official contacts with the American administration.

The Wall Street Journal broke the story, reporting that the U.S. president had suggested to the Iranian leader to cooperate in the struggle against the Islamic State (also known as ISIS or ISIL), on condition that the Islamic Republic reach a nuclear agreement with the Western powers by November 24.

 

The information in Israel’s hands indicated that Obama was trying to allay Iranian fears. Obama made clear in the letter that the international coalition that had been established, and the air strikes in Syria, were meant for a war solely against ISIS, and that the U.S. administration had no aspirations of toppling President Bashar Assad’s regime.

Likewise, Obama stressed to Khamenei his desire to reach an agreement with Iran on a nuclear program, and that such a deal would release Iran from its international isolation.

The fact that the Obama administration kept Israel out of the loop, and that Israel found out about the letter indirectly, adds to already deep suspicions in the Prime Minister’s Office about the White House on the Iranian issue. The letter also strengthened fears in Israel that the struggle against ISIS in Iraq and Syria – two areas with a massive Iranian presence – will make the United States soften its position regarding Iranian nukes.

 

While the letter was kept secret, there was quiet Israeli-American dialogue on the issue. The matter probably arose during talks the Israeli delegation, headed by National Security Adviser Yossi Cohen, held with a group of senior American officials, headed by U.S. National Security Advisor Susan Rice 10 days ago in Washington.

A senior Israeli official briefed on details of the talks remarked that Rice and Under Secretary for Political Affairs Wendy Sherman, who heads the U.S. negotiation team with Iran, noted that, despite continuous diplomatic efforts, they did not think they could reach a permanent deal with Iran by the November 24 deadline.

Cohen, together with the head of the Foreign Ministry’s strategic division, Jeremy Issacharoff, and other senior Israeli officials who participated in the talks, said that America’s handling of the negotiations is hardening Iran’s position.

The Israeli officials reportedly told their U.S. counterparts that the Iranians think the Americans want to reach a deal more than they do, and so they don’t want to close a deal now. They added that Foreign Minister Mohammad Javad Zarif wants to be flexible, but Khamenei won’t let him.

Marie Harf, deputy spokesperson for the U.S. Department of State, said that “both the subjects and the details in that account of our recent consultations with the Israelis are inaccurate.” “Any attempt to misrepresent what has been a very constructive dialogue with our Israeli friends on the Iranian nuclear negotiations is disappointing,” she added.

Jerusalem responded harshly to the letter over the weekend. “I think the struggle with ISIS doesn’t need to come at the expense of preventing Iran from obtaining nuclear arms,” said Prime Minister Benjamin Netanyahu, before meeting with the European Union’s new foreign policy chief, Federica Mogherini. “One has to act in both these directions, and not tie one to the other.”

Foreign Minister Avigdor Lieberman also said Israel opposed linking ISIS with Iranian nukes. “It’s not our job to advise the U.S. president, but we disagree on this matter,” Lieberman said ats a press conference with Mogherini. “We oppose this approach … we think it is a mistake … Iran is not an acceptable partner for any moderate coalition against ISIS, or any type of dialogue in the Middle East.”

The White House and U.S. State Department in Washington declined to comment on the existence of the Obama-Khamenei letter over the weekend, but did engage in damage control. “There is no linkage whatsoever of the nuclear discussions with any other issue, and I want to make that absolutely clear,” said Secretary of State John Kerry, at a press conference in Beijing yesterday. “The nuclear negotiations are on their own.”

A decisive trilateral summit opens today in Muscat, involving Kerry, Zarif and the EU’s negotiator on Iran, Catherine Ashton. Senior Iranian and U.S. officials stressed over the weekend that the summit’s goal is to make a breakthrough in the stalled talks.

According to website Al-Monitor, Ali Akbar Velayati – Khamenei’s foreign policy adviser – is expected to join the meeting. Velayati’s participation in the talks could signal that Iran’s supreme leader is preparing for the possibility of making decisive concessions on the nuclear issue, ones likely to lead to signing a deal by November 24.

Significant gaps remain between the Iranian positions and those of the United States and the five world powers. Prime Minister Netanyahu is reportedly very concerned about the summit in Oman, which revolves around the final round of negotiations set to commence in Vienna on November 18. Netanyahu, who reportedly believes Obama is set on a deal with Tehran, suspects the Americans and Iranians are cooking up a secret bargain, which will leave a large portion of nuclear infrastructure in Iran’s hands, and present the deal as a fait accompli to the rest of the world.

Netanyahu said at a press conference with Mogherini in Jerusalem on Friday that it would be a mistake to allow Iran to become a threshold nuclear state.

“If Iran is left with residual capacity to enrich uranium for a nuclear bomb, ultimately this will destabilize the world – not just our region, not just pose a direct threat at Israel, whom Iran spells out for eradication, but also I think for all the Middle East and well beyond the Middle East,” he said. “I think this is something that should be prevented.”

Netanyahu added: “Better no deal than a bad deal that leaves Iran with a capacity to enrich uranium for a nuclear bomb.”

By Haaretz

 

Dragonfly vs. America, Courtesy of Russia

Can you live without electricity for a day or two? Yes of course if you in advance right? Can you live without power for a week or so? Yes of course with advanced notice right? Can you live without power for a month, 4 months or 18 months? NOPE. It is time to not only think about preparations, but to get prepared and then to practice procedures for short term and long term power outages and the reason is Russia.

There is a sad truth to what is below, the United States is not prepared and what is worse we are not declaring war to stop Russia either. Russia has hacked into U.S. government sites, hacked into corporate sites and hacked into the financial industry all without so much as a whimper as a U.S. reply. We have no countermeasures, we have no offensive measures and have not even written a strongly worded letter.

 

Russia has gone to the dragons against America, well actually to the Dragonflies and this is what you need to know and do. Remember the entire infrastructure is tied to SCADA, that includes water systems, transportation systems, water, hospitals, schools and retail.

Dragonfly: Western Energy Companies Under Sabotage Threat

Cyberespionage campaign stole information from targets and had the capability to launch sabotage operations.

An ongoing cyberespionage campaign against a range of targets, mainly in the energy sector, gave attackers the ability to mount sabotage operations against their victims. The attackers, known to Symantec as Dragonfly, managed to compromise a number of strategically important organizations for spying purposes and, if they had used the sabotage capabilities open to them, could have caused damage or disruption to energy supplies in affected countries.

Among the targets of Dragonfly were energy grid operators, major electricity generation firms, petroleum pipeline operators, and energy industry industrial equipment providers. The majority of the victims were located in the United States, Spain, France, Italy, Germany, Turkey, and Poland.

The Dragonfly group is well resourced, with a range of malware tools at its disposal and is capable of launching attacks through a number of different vectors. Its most ambitious attack campaign saw it compromise a number of industrial control system (ICS) equipment providers, infecting their software with a remote access-type Trojan. This caused companies to install the malware when downloading software updates for computers running ICS equipment. These infections not only gave the attackers a beachhead in the targeted organizations’ networks, but also gave them the means to mount sabotage operations against infected ICS computers.

This campaign follows in the footsteps of Stuxnet, which was the first known major malware campaign to target ICS systems. While Stuxnet was narrowly targeted at the Iranian nuclear program and had sabotage as its primary goal, Dragonfly appears to have a much broader focus with espionage and persistent access as its current objective with sabotage as an optional capability if required.

In addition to compromising ICS software, Dragonfly has used spam email campaigns and watering hole attacks to infect targeted organizations. The group has used two main malware tools: Backdoor.Oldrea and Trojan.Karagany. The former appears to be a custom piece of malware, either written by or for the attackers.

Prior to publication, Symantec notified affected victims and relevant national authorities, such as Computer Emergency Response Centers (CERTs) that handle and respond to Internet security incidents.

Background
The Dragonfly group, which is also known by other vendors as Energetic Bear, appears to have been in operation since at least 2011 and may have been active even longer than that. Dragonfly initially targeted defense and aviation companies in the US and Canada before shifting its focus mainly to US and European energy firms in early 2013.

The campaign against the European and American energy sector quickly expanded in scope. The group initially began sending malware in phishing emails to personnel in target firms. Later, the group added watering hole attacks to its offensive, compromising websites likely to be visited by those working in energy in order to redirect them to websites hosting an exploit kit. The exploit kit in turn delivered malware to the victim’s computer. The third phase of the campaign was the Trojanizing of legitimate software bundles belonging to three different ICS equipment manufacturers.

Dragonfly bears the hallmarks of a state-sponsored operation, displaying a high degree of technical capability. The group is able to mount attacks through multiple vectors and compromise numerous third party websites in the process. Dragonfly has targeted multiple organizations in the energy sector over a long period of time. Its current main motive appears to be cyberespionage, with potential for sabotage a definite secondary capability.

Analysis of the compilation timestamps on the malware used by the attackers indicate that the group mostly worked between Monday and Friday, with activity mainly concentrated in a nine-hour period that corresponded to a 9am to 6pm working day in the UTC +4 time zone. Based on this information, it is likely the attackers are based in Eastern Europe.

figure1_9.png
Figure. Top 10 countries by active infections (where attackers stole information from infected computers)

Tools employed
Dragonfly uses two main pieces of malware in its attacks. Both are remote access tool (RAT) type malware which provide the attackers with access and control of compromised computers. Dragonfly’s favored malware tool is Backdoor.Oldrea, which is also known as Havex or the Energetic Bear RAT. Oldrea acts as a back door for the attackers on to the victim’s computer, allowing them to extract data and install further malware.

Oldrea appears to be custom malware, either written by the group itself or created for it. This provides some indication of the capabilities and resources behind the Dragonfly group.

Once installed on a victim’s computer, Oldrea gathers system information, along with lists of files, programs installed, and root of available drives. It will also extract data from the computer’s Outlook address book and VPN configuration files. This data is then written to a temporary file in an encrypted format before being sent to a remote command-and-control (C&C) server controlled by the attackers.

The majority of C&C servers appear to be hosted on compromised servers running content management systems, indicating that the attackers may have used the same exploit to gain control of each server. Oldrea has a basic control panel which allows an authenticated user to download a compressed version of the stolen data for each particular victim.

The second main tool used by Dragonfly is Trojan.Karagany. Unlike Oldrea, Karagany was available on the underground market. The source code for version 1 of Karagany was leaked in 2010. Symantec believes that Dragonfly may have taken this source code and modified it for its own use. This version is detected by Symantec as Trojan.Karagany!gen1.

Karagany is capable of uploading stolen data, downloading new files, and running executable files on an infected computer. It is also capable of running additional plugins, such as tools for collecting passwords, taking screenshots, and cataloging documents on infected computers.

Symantec found that the majority of computers compromised by the attackers were infected with Oldrea. Karagany was only used in around 5 percent of infections. The two pieces of malware are similar in functionality and what prompts the attackers to choose one tool over another remains unknown.

Multiple attack vectors
The Dragonfly group has used at least three infection tactics against targets in the energy sector. The earliest method was an email campaign, which saw selected executives and senior employees in target companies receive emails containing a malicious PDF attachment. Infected emails had one of two subject lines: “The account” or “Settlement of delivery problem”. All of the emails were from a single Gmail address.

The spam campaign began in February 2013 and continued into June 2013. Symantec identified seven different organizations targeted in this campaign. The number of emails sent to each organization ranged from one to 84.

The attackers then shifted their focus to watering hole attacks, comprising a number of energy-related websites and injecting an iframe into each which redirected visitors to another compromised legitimate website hosting the Lightsout exploit kit. Lightsout exploits either Java or Internet Explorer in order to drop Oldrea or Karagany on the victim’s computer. The fact that the attackers compromised multiple legitimate websites for each stage of the operation is further evidence that the group has strong technical capabilities.

In September 2013, Dragonfly began using a new version of this exploit kit, known as the Hello exploit kit. The landing page for this kit contains JavaScript which fingerprints the system, identifying installed browser plugins. The victim is then redirected to a URL which in turn determines the best exploit to use based on the information collected.

Trojanized software
The most ambitious attack vector used by Dragonfly was the compromise of a number of legitimate software packages. Three different ICS equipment providers were targeted and malware was inserted into the software bundles they had made available for download on their websites. All three companies made equipment that is used in a number of industrial sectors, including energy.

The first identified Trojanized software was a product used to provide VPN access to programmable logic controller (PLC) type devices. The vendor discovered the attack shortly after it was mounted, but there had already been 250 unique downloads of the compromised software.

The second company to be compromised was a European manufacturer of specialist PLC type devices. In this instance, a software package containing a driver for one of its devices was compromised. Symantec estimates that the Trojanized software was available for download for at least six weeks in June and July 2013.

The third firm attacked was a European company which develops systems to manage wind turbines, biogas plants, and other energy infrastructure. Symantec believes that compromised software may have been available for download for approximately ten days in April 2014.

The Dragonfly group is technically adept and able to think strategically. Given the size of some of its targets, the group found a “soft underbelly” by compromising their suppliers, which are invariably smaller, less protected companies.

Two additional links are below for more information and key use.

http://energy.gov/sites/prod/files/Large%20Power%20Transformer%20Study%20-%20June%202012_0.pdf

http://www.fgdc.gov/usng/