Category Archives: China

So, What Really Goes in Space to Have a Space Force?

Posted on by

Primer: Did you know there is something called the OuterSpace Treaty? Yup, it covers arms control, verification and compliance. Sounds great right? Problem is it is dated 2002.

Then there is the NASA summary of the 1967 Space Treaty.

GPS is operated and maintained by the U.S. Air Force. GPS.gov is maintained by the National Coordination Office for Space-Based Positioning, Navigation, and Timing.

Like the Internet, GPS is an essential element of the global information infrastructure. The free, open, and dependable nature of GPS has led to the development of hundreds of applications affecting every aspect of modern life. GPS technology is now in everything from cell phones and wristwatches to bulldozers, shipping containers, and ATM’s.

GPS boosts productivity across a wide swath of the economy, to include farming, construction, mining, surveying, package delivery, and logistical supply chain management. Major communications networks, banking systems, financial markets, and power grids depend heavily on GPS for precise time synchronization. Some wireless services cannot operate without it.

GPS saves lives by preventing transportation accidents, aiding search and rescue efforts, and speeding the delivery of emergency services and disaster relief. GPS is vital to the Next Generation Air Transportation System (NextGen) that will enhance flight safety while increasing airspace capacity. GPS also advances scientific aims such as weather forecasting, earthquake monitoring, and environmental protection.

Finally, GPS remains critical to U.S. national security, and its applications are integrated into virtually every facet of U.S. military operations. Nearly all new military assets — from vehicles to munitions — come equipped with GPS.

***

There is a robust debate within Washington and the Pentagon if whether or not a new branch of Armed Services is really needed. Presently, the Air Force has most exclusive authority of all things space except for research and exploration which is performed by NASA.

There is even a debate within the Air Force which was raised last February.

US Air Force Chief of Staff General David L. Goldfein predicted it’ll only be a “matter of years” before American forces find themselves “fighting from space.” To prepare for this grim possibility, he said the Air Force needs new tools and a new approach to training leaders. Oh, and lots of money.

“[It’s] time for us as a service, regardless of specialty badge, to embrace space superiority with the same passion and sense of ownership as we apply to air superiority today,” he said.

These are some of the strongest words yet from the Air Force chief of staff to get the Pentagon thinking about space—and to recognize the U.S. Air Force as the service branch best suited for the job. “I believe we’re going to be fighting from space in a matter of years,” he said. “And we are the service that must lead joint war fighting in this new contested domain. This is what the nation demands.”

The USAF and other military officials have been saying this for years, but Goldfein’s comments had an added sense of urgency this time around. Rep. Mike Rogers, the Strategic Forces Subcommittee chairman, recently proposed the creation of a new “Space Corps,” one that would be modeled after the Marines. The proposed service branch, it was argued, would keep the United States ahead of rival nations like Russia and China. The idea was scrapped this past December—at least for now. Needless to say, Rogers’ proposal did not go over well with the USAF; the creation of the first new uniformed service branch in 70 years would see Pentagon funds siphoned away from the Air Force. Hence Goldfein’s speech on Friday, in which he argued that the USAF is the service branch best positioned to protect American interests in space.

But in order to protect “contested environments,” the US Air Force will need to exercise competency in “multi-domain operations,” he said. This means the ability to collect battlefield intelligence from “all domains,” including air, ground, sea, cyber, and space. “I look forward to discussing how we can leverage new technology and new ways of networking multi-domain sensors and resilient communications to bring more lethality to the fight,” said Goldfein.

Indeed, the USAF has plenty of work to do make this happen, and to keep up with its rivals. China, for example, recently proposed far-fetched laser-armed satellite to remove space junk, while also demonstrating its ability to shoot down missiles in space. Should a major conflict break out in the near future, space will most certainly represent the first battlefield.

“When you think of how dependent the US military is on satellites for everything from its communication and navigation to command and surveillance, we are already fighting in space, even if it’s not like the movies depicted,” Peter W. Singer, fellow at New America and author of Ghost Fleet: A Novel of the Next World War, told Gizmodo. “If we were ever to fight another great power, like a China or Russia, it is likely the opening round of battle would be completely silent, as in space no one would hear the other side jamming or even destroying each other’s satellites.”

To prepare the United States for this possibility, Goldfein said the Air Force needs to invest in new technologies and train a new generation of leaders. On that last point, the CSAF ordered Lt. Gen. Steven Kwast, the commander of Air Education and Training Command, to develop a program to train officers and non-commissioned officers for space ops. “We need to build a joint, smart space force and a space-smart joint force,” Goldfein said.

As reported in SpaceNews, the USAF is asking for $8.5 billion for space programs in the 2019 budget, of which $5.9 billion would go to research and development, and the remaining for procurement of new satellite and launch services. Over next five years it hopes to spend $44.3 billion on development of new space systems, which is 18 percent more than it said it would need last year to cover the same period.

 

Trouble Ahead After DPRK’s FM Visit to Tehran

Posted on by

So, it appears there is more to the teaming up between Tehran and Pyongyang.

The Iranian President Rouhani told the North Korean Foreign Minister in a recent confab to NOT trust the United States.

Meanwhile, SecState, Mike Pompeo issued a proposal to North Korea calling for a timeline Pompeo that would mandate North Korea hand over 60 to 70 percent of its nuclear warheads to a third party within six to eight months, according to the report.

North Korea has reportedly rejected a formal timeline for its denuclearization proposed by Secretary of State Mike Pompeo.

Vox reported Wednesday that Pyongyang has rejected the timeline several times over the past two months amid continued negotiations over North Korea’s nuclear program.

The timeline Pompeo proposed would mandate North Korea hand over 60 to 70 percent of its nuclear warheads to a third party within six to eight months, according to the report.

However, it is unclear how many warheads North Korean leader Kim Jong Un has, making it difficult to verify that Pyongyang has actually turned over an agreed-upon percentage.

Trump administration officials in recent weeks have expressed frustration with North Korea’s efforts to denuclearize despite President Trump hailing his June summit with Kim in Singapore as a success.

“The ultimate timeline for denuclearization will be set by Chairman Kim, at least in part,” Pompeo told Channel NewsAsia in an interview last week.

“The decision is his. He made a commitment, and we’re very hopeful that over the coming weeks and months we can make substantial progress towards that and put the North Korean people on a trajectory towards a brighter future very quickly.”

White House national security adviser John Bolton told Fox News on Tuesday that “North Korea that has not taken the steps we feel are necessary to denuclearize.”

Iran fires attack on Trump as it tells North Korea: ‘US ... photo

Then we have yet another emerging hacking warning from CERT.

The Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI) have identified a Trojan malware variant—referred to as KEYMARBLE—used by the North Korean government. The U.S. Government refers to malicious cyber activity by the North Korean government as HIDDEN COBRA.

US-CERT encourages users and administrators to review Malware Analysis Report (MAR) MAR-10135536-17 and the US-CERT page on HIDDEN COBRA – North Korean Malicious Cyber Activity for more information.

Not to leave out Iran’s cyber attack warnings.

Iranian hackers have laid the groundwork to carry out extensive cyber attacks against private U.S. and European companies, U.S. officials warn, according to NBC News. Although experts don’t believe any such attack is imminent, the preparations could enable denial-of-service attacks on infrastructure including electric grids and water plants, plus health care and technology companies across the U.S., Europe, and Middle East, say U.S. officials at the 2018 Aspen Security Forum.

A spokesperson for the Iranian mission to the United Nations, Alireza Miryousefi, told NBC News that the U.S. is more aggressive in terms of cyber attacks, and Iran’s moves are merely defensive.

***

As sanctions reimposed in response to its nuclear program begin to bite, Iran seems poised to follow the trail North Korea blazed in cyberspace: state-directed hacking that aims at direct theft to redress economic pain. Accenture researchers have been tracking ransomware strains, many of them requiring payment in Bitcoin or other cryptocurrencies, and they’ve concluded that they represent an incipient Iranian campaign against targets of opportunity that offer the prospect of quick financial gain. Tehran’s state-directed hackers have a reputation as being relatively less sophisticated than those run by Russia and China (and indeed those run by major Western powers, the Five Eyes and their closest friends) but they also have a reputation as determined fast-learners.

CCN: As the US gets ready to impose sanctions on Iran, hackers in that country are working on ransomware to secure bitcoin, according to cybersecurity experts interviewed by The Wall Street Journal.

Accenture PLC’s cybersecurity intelligence group has followed five Iranian built ransomware variations in the last two years. The hackers are hoping to secure payments in cryptocurrencies, according to Jim Guinn, who oversees the industrial cybersecurity business at Accenture.

Several clues link the ransomware to Iran. Samples include messages in Farsi that are connected to Iran based computers.

A recent Accenture report noted the ransomware could be driven by Iranian government supported parties, criminals, or both.

Scourge Continues

Ransomware has plagued both businesses and governments for years, having disabled payment systems at the San Francisco Municipal Transportation Agency, U.K hospitals and cargo shipments. Government supported hackers in some instances have obtained cryptocurrency payments from victims.

One variant of ransomware that iDefense discovered has been linked to Iran’s government, according to CrowdStrike Inc., another cybersecurity firm. The software, called Tyrant, was developed to discourage Iranian citizens from downloading software designed to discourage government snooping, CrowdStrike noted.

Palo Alto Networks Inc. and Symantec Corp. issued reports last month that described a pair of data stealing operations connected to Iran.

Crypto Mining Linked To Iran

Crypto mining software, which robs computers of their processing power to mine cryptocurrencies, has also been linked to Iran.

Accenture cited crypto mining software installed on Middle Eastern customer networks equipped with digital clues to Iran.

Crypto mining software has created problems in gas and oil facilities in the Middle East, Guinn said. He estimated millions of dollars of compute cycles have been stolen in the last year.

Iran Denies Culpability

Iran has claimed it has not been involved in cyber attacks, and that it has been a hacking victim.

A cyber attack called Stuxnet initiated by the U.S. and Israel about a decade ago disabled uranium-enrichment centrifuges for Iran’s nuclear program. Iran has since focused on enhancing its own cyber capabilities, according to government officials and security researchers.

Keith Alexander, chief executive of IronNet Cybersecurity Inc. and former director of the U.S. Cyber Command and the National Security Agency said crypto mining and theft is a way for cash-strapped countries to make fast profits.

Guinn said hackers have also stolen intellectual property.

Chinese/Russian Subs Prowling East Coast, Atlantic

Posted on by

In a press gaggle today, a member of the media asked Secretary of Defense Mattis:

Q:  Mr. Secretary, you stated you’re watching submarines in the North Atlantic and elsewhere.  But are Russia and China putting more submarines out to look at the United States than they have since the Cold War?   

SEC. MATTIS:  Yes, we always keep an eye on the — on the submarines at sea.  And I’d prefer not to say anymore than that.  Thanks.

Humm, okay let’s go deeper.

The Navy reactivated a the fleet responsible for overseeing the East Coast and the North Atlantic. The 2nd Fleet was deactivated in 2011 and Secretary Mattis upped the defense strategy earlier this year.

We do know that the Russians are snooping around all undersea telecommunications cables used by NATO. The Russian submarines are equipped with anti-submarine missiles and little is published about the Chinese submarines. Meanwhile, the United States has deployed patrols using manned and unmanned surface ships, attack submarines and air surveillance by the P-8 Poseidon, a sub hunting warplane.

Crew | USS SOUTH DAKOTA SSN 790

The most advanced US advanced fast attack submarine named the USS South Dakota is equipped with the most advanced technology including advanced stealth features.

“China is improving the lethality and survivability of its attack submarines and building quieter, high-end diesel and nuclear-powered submarines,” he said.
Both China and Russia have also increased their presence in the Indo-Asia-Pacific region, where Harris said 230 of the world’s 400 foreign submarines are operating.
Roughly 160 of those 230 submarines belong to China, North Korea, and Russia, according to Harris.
Forbes said the United States must also develop a strategy to counter Chinese and Russian activity in “gray zones” where they are incrementally expanding their presence by strategically “fighting and competing” through military posturing.
China’s claims in the South China Sea represent one glaring example as to how they’ve been able to successfully implement this type of strategy in a way that allows them to expand their military reach without engaging in direct confrontation, according to Forbes.

Meanwhile, a significant upgrade has taken place and that is to SOSUS.

Now, in what may be the biggest upgrade to the Navy’s fixed undersea surveillance system since the Cold War, General Dynamics has been recently awarded a contract by the Office of Naval Research to develop the Deep Reliable Acoustic Path Exploitation System (DRAPES). DRAPES appears to be part of a suite of upgrades to the Navy’s submarine detection capabilities to cope with expanding fleets of advanced submarines around the world.

When the Cold War ended, the U.S. Navy no longer faced a “peer threat” to its control of the seas and many capabilities and weapons necessary for defeating advanced adversary ships and submarines were decommissioned. Research for more advanced follow-on technology was also put on hold. After operating 30 undersea surveillance sites around the world during the Cold War, the Navy has only three operational today. But as Russia, and especially China, have developed larger and more advanced submarine fleets, the U.S. Navy has had to re-learn old Cold War anti-submarine warfare competencies while developing new capabilities to tackle more challenging modern submarine technology.

While the Navy says relatively little about the advanced sub-hunting capabilities of the Integrated Undersea Surveillance System (IUSS), of which SOSUS is a part, some IUSS systems have received more public attention. The afloat Surveillance Towed Array Sensor System (SURTASS) is a small fleet of civilian-crewed ships that carry sensitive towed listening (passive) arrays that can detect submarines from great distances. These ships grabbed headlines in 2009 when the SURTASS ship USNS Impeccable was harassed by Chinese Maritime Militia while operating in the vicinity of China’s South China Sea submarine bases on Hainan Island. The SURTASS ships have also received technical upgrades since the Cold War. The introduction of the Low Frequency Active (LFA) capability, an “active” system that transmits low frequency “pings” that bounce off of submarine hulls and are then picked up by the existing passive SURTASS arrays dramatically increases their ability to detect submarines at great distances.

By contrast, little is known publicly about the SOSUS networks after the Cold War. Defense Systems reports that DRAPES, like SOSUS, will be a fixed passive listening system with a new communications capability to transmit its data. Mobile systems like SURTASS have the advantage of being able to get closer to possible contacts and follow them, but can only be in one place at a time, and must eventually return to port. Fixed systems like SOSUS, and now DRAPES, have the advantage of providing permanent coverage over target areas and then “cueing” a mobile sensor capability, like a ship or aircraft, to zero in on a submarine it detects.

One reason there were 30 IUSS sites during the Cold War is that the SOSUS systems had to be connected to collection facilities by underwater cable, requiring sites to be relatively local to the target area. But DRAPES will apparently use a new underwater communications system to transmit the acoustic data it collects to the three remaining Navy Operational Processing Facilities (NOPFs). These facilities combine data from the static SOSUS networks and SURTASS ships to provide “detection, localization, and tracking of submarines.” DRAPES’ ability to provide wide coverage from a fixed location in the ocean, apparently without the need for additional NOPF facility footprints, would be a substantial improvement over the old SOSUS network.

As China and Russia have asserted themselves anew as “pacing competitors,” as described by Undersecretary of Defense Robert Work, the U.S. Navy has taken a renewed interest in its traditional Cold War antisubmarine warfare mission. Together, DRAPES and SURTASS promise to provide a persistent, long-range ability to detect adversary submarines around the globe. Using cueing data from those platforms, improved local anti-submarine assets like the P-8 Poseidon sub hunter aircraft (which replaces the 50 year-old P-3 Orion) and surface combatants with new, improved towed sonar arrays of their own, like the Multi-Function Towed Array, can then close on a target, and track or engage it as needed.

Russia Posturing to Own Space, then China?

Posted on by

The U.S. military will soon be using lasers to shoot down ...

photo

Right now, miles above your head, there are fleets of robotic, weaponized satellites poised to do battle as the world’s superpowers await the opening salvo in a very real cosmic chess match.

When it comes to Russia, the real cause for concern surrounds a mysterious object known cryptically as 2014-28E. The object first appeared in space soon after the launch of three Russian military communication satellites. Initially, many believed 2014-28E was just another piece of debris left over from the launch. Not long afterward, however, this hunk of space junk began to swiftly change orbit, demonstrating an onboard propulsion system. What exactly 2014-28E is is still unknown, as the Russians have remained tight-lipped on the matter. Many experts fear that these actions signal that the Russians have revived their allegedly-defunct operation known as Istrebitel Sputnik (meaning “Satellite Fighter”), a covert Soviet-era ASAT program.

Russian and Chinese officials have continuously accused the United States of spying on the Chinese Space Station with a top-secret space toy known officially as X-37B. This craft is essentially an unmanned version of the Space Shuttle with a payload bay that’s roughly the size of a pickup truck bed. However, what exactly will be carried and what has been carried on its previous three missions is classified. So too is the entire X-37B budget. Many aeronautic experts dispute claims that the U.S. is using this craft to spy on the Chinese Space Station — but, the complete lack of transparency from U.S. officials hasn’t helped thaw frigid relations between the involved parties.

And the X-37B definitely isn’t the only trick the U.S. has up its proverbial sleeve. Some of America’s most sophisticated ASAT technology is in development as we speak. DARPA, the research and development wing of the U.S. Department of Defense, is now quickly moving along with its Phoenix initiative. The program is based around the concept of a series of robotic craft with the ability to repair damaged satellites from the scraps parts of other defunct satellites already in orbit. Again, from a foreign military perspective, if a satellite has the ability to build something, that satellite also has the intrinsic ability to dismantle something — say, an enemy satellite. More here from Digital Trends.

Russia Will Fight to Be World’s Top Space Power, Agency Chief Says

Russia is ready to do “serious battle” for the title of leading space power in the world, the head of the country’s state space agency has said.

Moscow’s Roscosmos has become the subject of some ridicule, following budget cuts and high-profile setbacks, including a recent botched launch that resulted in the loss of a multimillion dollar silo of satellites. The agency still regards itself as heir to Russia’s Soviet legacy of space exploration and Russian President Vladimir Putin has repeatedly urged officials to recapture that status in the world, telling agency employees last month that Roscosmos needed “breakthrough successes” to do so.

Roscosmos Director Dmitry Rogozin gave a defiant message on the agency’s ambitions.

“We are not looking to surrender leadership in space to anyone,” Rogozin said at the opening of a satellite equipment manufacturing plant in Yaroslavl region. The director, who served as Russia’s deputy prime minister until May, admitted that the agency had “fallen behind from the leading positions” in recent years.

08_06_Rogozin Moscow Mayor Sergei Sobyanin (front left) gestures at Russian President Vladimir Putin (front center) and others as they visit a space exhibition in Moscow, on April 12. Maxim Shipenkov/AFP/Getty Images

Roscosmos unveiled a brand new spaceport in eastern Russia in 2016, although Putin reportedly reprimanded senior officials in private after the launching ceremony, which he had gone to watch, suffered a 24-hour delay. More here.

Just two years ago:

So why is there so much global interest in space at the moment, including in Australia, and what are countries around the world doing up there right now?

Space remains ‘hugely contested’ in 2018

Modern militaries rely on satellites that feed them vital intelligence.

As a result, “counterspace” weapons have become a rising area of interest, and earlier this year, US intelligence agencies warned that China and Russia were both working on “destructive counterspace weapons” for use in a future conflict.

The potential weapons US intelligence agencies were concerned about included both ground-launched missiles capable of taking out enemy satellites, as well as “directed-energy weapons” that could blind or damage the sensors on satellite instruments.

The US intelligence agencies said in their report that both China and Russia would probably have operational weapons within a few years.

China last month launched a communications satellite named Magpie Bridge that is currently sitting in a special orbit near the moon, giving it a view of both the Earth and the so-far-unexplored dark side of the Moon.

That feat was praised in official Chinese state media Xinhua as a “world first”.

The plan is for the satellite to beam continuous images of the dark side of the moon, with China looking set to become the first country to land a rover there later this year.

China is also planning on setting up a permanent robotic base on the lunar surface in the next 10 years, and is hoping for a manned mission in the 2030s.

Eligible Receiver 97, Red Team Being Applied Today for Cyber Hacks?

Posted on by

An early classified Defense Department cybersecurity exercise named “Eligible Receiver 97” (ER97) featured a previously unpublicized series of mock terror attacks, hostage seizures, and special operations raids that went well beyond pure cyber activities in order to demonstrate the potential scope of threats to U.S. national security posed by attacks in the cyber domain, according to recently declassified documents and a National Security Agency (NSA) video posted today by the nongovernmental National Security Archive at The George Washington University.

“Joint Exercise Eligible Receiver 97”, run during the Clinton presidency, is frequently pointed to as a critical event in the United States’ appreciation of threats in cyber space. The exercise led directly to the formation of what would eventually become United States Cyber Command (USCYBERCOM) and informed key studies such as the formative Marsh Report on critical infrastructure protection. Despite the significance of ER97, however, very little is publicly known about the exercise itself.

ER97 involved an NSA Red Team playing the role of North Korean, Iranian and Cuban hostile forces whose putative aim was to attack critical infrastructure as well as military command-and-control capabilities to pressure the U.S. government into changing its policies toward those states. An interagency Blue Team was required to provide recommendations to personnel enacting defensive responses. Until now, only two phases out of three (infrastructure and command-and-control) had been publicly known.  The video and documents posted today provide new details about the third phase involving kinetic attacks in the physical domain – i.e. more traditional terrorist assaults on civilian targets – which were built upon intelligence gathered through the Red Team’s successes. Read more here on the declassified files.

*** With all the cyber terror going on today in the United States, are we doing more ‘red team’ exercises? Perhaps some of those tactics are paying off many years later.

3 Carbanak (FIN7) Hackers Charged With Stealing 15 Million ...

Three Members of Notorious International Cybercrime Group “Fin7” in Custody for Role in Attacking Over 100 U.S. Companies

Victim Companies in 47 U.S. States; Used Front Company ‘Combi Security’ to Recruit Hackers to Criminal Enterprise

          SEATTLE – Three high-ranking members of a sophisticated international cybercrime group operating out of Eastern Europe have been arrested and are currently in custody facing charges filed in U.S. District Court in Seattle, announced U.S. Attorney Annette L. Hayes, Assistant Attorney General Brian A. Benczkowski of the Justice Department’s Criminal Division and Special Agent in Charge Jay S. Tabb Jr. of the FBI’s Seattle Field Office.

According to three federal indictments unsealed today, Ukrainian nationals Dmytro Fedorov, 44, Fedir Hladyr, 33, and Andrii Kolpakov, 30, are members of a prolific hacking group widely known as FIN7 (also referred to as the Carbanak Group and the Navigator Group, among other names).  Since at least 2015, FIN7 members engaged in a highly sophisticated malware campaign to attack more than 100 U.S. companies, predominantly in the restaurant, gaming, and hospitality industries.  As set forth in the indictments, FIN7 hacked into thousands of computer systems and stole millions of customer credit and debit card numbers which were used or sold for profit.

In the United States alone, FIN7 successfully breached the computer networks of businesses in 47 states and the District of Columbia, stealing more than 15 million customer card records from over 6,500 individual point-of-sale terminals at more than 3,600 separate business locations.  Additional intrusions occurred abroad, including in the United Kingdom, Australia, and France.  Companies that have publicly disclosed hacks attributable to FIN7 include such familiar chains as Chipotle Mexican Grill, Chili’s, Arby’s, Red Robin and Jason’s Deli.  Additionally here in Western Washington FIN7 targeted the Emerald Queen Casino (EQC) and other local businesses.  The Emerald Queen Casino was able to stop the intrusion and no customer data was stolen.

“Protecting consumers and companies who use the internet to conduct business – both large chains and small ‘mom and pop’ stores — is a top priority for all of us in the Department of Justice,” said U.S. Attorney Annette L. Hayes.  “Cyber criminals who believe that they can hide in faraway countries and operate from behind keyboards without getting caught are just plain wrong.  We will continue our longstanding work with partners around the world to ensure cyber criminals are identified and held to account for the harm that they do – both to our pocketbooks and our ability to rely on the cyber networks we use.”

“The three Ukrainian nationals indicted today allegedly were part of a prolific hacking group that targeted American companies and citizens by stealing valuable consumer data, including personal credit card information, that they then sold on the Darknet,” said Assistant Attorney General Benczkowski.  “Because hackers are committed to finding new ways to harm the American public and our economy, the Department of Justice remains steadfast in its commitment to working with our law enforcement partners to identify, interdict, and prosecute those responsible for these threats.”

“The naming of these FIN7 leaders marks a major step towards dismantling this sophisticated criminal enterprise,” said Special Agent in Charge Jay S. Tabb Jr., of the FBI’s Seattle Field Office.  “As the lead federal agency for cyber-attack investigations, the FBI will continue to work with its law enforcement partners worldwide to pursue the members of this devious group, and hold them accountable for stealing from American businesses and individuals.”

Each of the three FIN7 conspirators is charged with 26 felony counts alleging conspiracy, wire fraud, computer hacking, access device fraud, and aggravated identity theft.

In January 2018, at the request of U.S. officials, foreign authorities separately arrested Ukrainian Fedir Hladyr and a second FIN7 member, Dmytro Fedorov.  Hladyr was arrested in Dresden, Germany, and is currently detained in Seattle pending trial.  Hladyr allegedly served as FIN7’s systems administrator who, among other things, maintained servers and communication channels used by the organization and held a managerial role by delegating tasks and by providing instruction to other members of the scheme.  Hladyr’s trial is currently scheduled for October 22, 2018.

Fedorov, a high-level hacker and manager who allegedly supervised other hackers tasked with breaching the security of victims’ computer systems, was arrested in Bielsko-Biala, Poland.  Fedorov remains detained in Poland pending his extradition to the United States.

In late June 2018, foreign authorities arrested a third FIN7 member, Ukrainian Andrii Kolpakov in Lepe, Spain.  Kolpakov, also is alleged to be a supervisor of a group of hackers, remains detained in Spain pending the United States’ request for extradition.

According to the indictments, FIN7, through its dozens of members, launched numerous waves of malicious cyberattacks on numerous businesses operating in the United States and abroad.  FIN7 carefully crafted email messages that would appear legitimate to a business’ employee, and accompanied emails with telephone calls intended to further legitimize the email. Once an attached file was opened and activated, FIN7 would use an adapted version of the notorious Carbanak malware in addition to an arsenal of other tools to ultimately access and steal payment card data for the business’ customers. Since 2015, many of the stolen payment card numbers have been offered for sale through online underground marketplaces. (Supplemental document “How FIN7 Attacked and Stole Data” explains the scheme in greater detail.)

FIN7 used a front company, Combi Security, purportedly headquartered in Russia and Israel, to provide a guise of legitimacy and to recruit hackers to join the criminal enterprise.  Combi Security’s website indicated that it provided a number of security services such as penetration testing.  Ironically, the sham company’s website listed multiple U.S. victims among its purported clients.

 

The charges in the indictments are merely allegations, and the defendants are presumed innocent until proven guilty beyond a reasonable doubt in a court of law.

The indictments are the result of an investigation conducted by the Seattle Cyber Task Force of the FBI and the U.S. Attorney’s Office for the Western District of Washington, with the assistance of the Justice Department’s Computer Crime and Intellectual Property Section and Office of International Affairs, the National Cyber-Forensics and Training Alliance, numerous computer security firms and financial institutions, FBI offices across the nation and globe, as well as numerous international agencies. Arrests overseas were executed in Poland by the “Shadow Hunters” from CBŚP (Polish Central Bureau of Investigation); in Germany by LKA Sachsen – Dezernat 33, (German State Criminal Police Office) and the Polizeidirektion Dresden (Dresden Police); and in Spain by the Grupo de Seguridad Logica within the Unidad de Investigación Technologica of the Cuerpo Nacional de Policía (Spanish National Police).

This case is being prosecuted by Assistant U.S. Attorneys Francis Franze-Nakamura and Steven Masada of the Western District of Washington, and Trial Attorney Anthony Teelucksingh of the Justice Department’s Computer Crime and Intellectual Property Section.

how_fin7_attacked_and_stole_data.pdf