Category Archives: Cyber War

Yes, China is Surrounding the S. China Sea, but what about Florida?

Posted on by

The two faced dragon….tie to really recalibrate the relationship between the United States and China AGAIN….Previously n this website, I have discussed not only by a post but several times on radio about how the former intelligence/snooping base owned by Russia in Cuba known as the Lourdes SIGINT station was sold to China….no one in media or the national security realm seems to give it much attention…but now…we have an additional problem with China and that is the Bahamas.

How about the largest Chinese embassy in the world with hundreds of Chinese intelligence officers deployed there…..Embassy of China in Nassau in Nassau, Bahamas (Google Maps)

In part from FNC:

“The People’s Republic of China has been making diplomatic, economic and even military and quasi-military inroads into the Caribbean, South and Central America for the past couple of decades,” retired Rear Adm. Peter Brown, former Homeland Security advisor to President Donald Trump, told Fox News Digital.

Brown pointed to the rise in dual-use infrastructure projects along the Bahamas coastline, which is located just 50 miles off the coast of Florida.

“It doesn’t take a lot of imagination for the People’s Republic of China to use its commercial footprint in the Bahamas to monitor, exploit and perhaps even do worse to [the] U.S.,” he said. Pointing to the Chinese-controlled British Colonial Hotel in Nassau, Bahamas, Brown said that its location directly across from the U.S. Embassy could give way to intelligence gathering on U.S. personnel.

The hotel is owned by a Chinese company, Chow Tai Fook Enterprises, which has raised geopolitical concerns given its location. Fox News Digital has reached out to the British Colonial Hotel for comment.

China has invested heavily in the Bahamas through a range of additional high-profile projects, including a $40 million grant for a national stadium, a $3 billion mega-port in Freeport, and $40 million for the North Abaco Port and Little Abaco Bridge.

In 2019, now-Secretary of State Marco Rubio warned in a Miami Herald op-ed that the devastation caused by the natural disaster could create an opening for the People’s Republic of China to use aid as a Trojan horse to gain a foothold near American shores.

“By targeting the Bahamian government in this period of crisis, Beijing would be making the same opportunistic play to access critical foreign infrastructure,” Rubio wrote in 2019. “But in this case, the national security threat is especially perilous, as it would give China a foothold just 50 miles from the coast of Florida.”

***

How about another look at things in the Caribbean…Chinese expansion

Chinese Expansion in the Caribbean (Extra) - Virtual Mirage

China’s Influence in the Caribbean:

China is a member of both the Inter-American Development Bank (IDB) and the Caribbean Development Bank (CDB) and an observer at the Organization of American States (OAS). Alongside Italy and Germany, China is the third largest shareholder at the CDB with 5.6% of overall shares, exponentially higher than the majority of Caribbean countries.

The People’s Republic of China’s (PRC) engagement in the Caribbean has largely focused on investments in infrastructure and developing trade relationships. As of 2022, ten Caribbean countries have signed up to Belt and Road (BRI) – Cuba, Jamaica, Dominican Republic, Antigua & Barbuda, Dominica, Barbados, Grenada, Trinidad & Tobago, Guyana, and Suriname.

The PRC is working towards diminishing the region’s ties to Taiwan as the region contains the largest bulk of Taiwan’s diplomatic allies. Today, St. Lucia, St. Vincent and the Grenadines, St. Kitts and Nevis, Haiti, and Belize remain the only Caribbean nations that recognize Taiwan.

China’s Trade and Economic Investment in the Caribbean

While the Caribbean’s trade with China has grown at a slower pace than overall trade with the region, it increased from $1 billion in 2002 to $8 billion in 2019, with an estimated $6.1 billion in Chinese exports and $1.9 billion in imports.

China is a major trading partner of Cuba’s and Chinese businesses are involved in the Cuba’s telecommunications, tourism, mining, and energy sectors.

Cuba is highly dependent on China and ongoing economic challenges resulted in the reconstructing of an estimated $4 billion in debt to China in 2011 and another restructuring in 2015. For more reading click here.

The U.S. Must Join China’s Belt and Road In Developing The Caribbean ...

The U.S. Must Join China’s Belt and Road In Developing The Caribbean ...

Iran’s Mint Sandstorm, are you a Victim?

Posted on by

So, a senior official in the Trump campaign was the victim of an email phishing trick and it worked….countless emails were hacked/stolen and began to be distributed. Microsoft has confirmed this and several Iranian cyber signatures from previous hack are providing some pretty good attributions to Iran as the hackers. But no worries, the FBI, likely the Pittsburgh office as agreed t investigate.

Just last night after some recent promoting the SPACES event hosted by Donald Trump and Elon Musk was delayed for an estimated 45 minutes due to a DDOS hit. Again, that too had the signature tactics of Iran. Mint Sandstorm Campaign's Targeted Cyber Attacks on Middle Eastern Experts source

Per CSOOnline in part:

The hackers allegedly obtained sensitive data as a result of a successful phishing campaign against Trump officials. Cheung cited the Microsoft report which said in June 2024, Mint Sandstorm, a group run by the Islamic Revolutionary Guards Corp (IRGC) intelligence unit, sent a spear-phishing email to a high-ranking official of a presidential campaign from a compromised email account of a former senior advisor.

“On Friday, a new report from Microsoft found that Iranian hackers broke into the account of a ‘high ranking official’ on the US presidential campaign in June 2024, which coincides with the close timing of President Trump’s selection of a vice-presidential nominee,” Cheung added. More here.

In part:

Threat actor Mint Sandstorm, believed to be linked to Iran, has been observed using bespoke phishing lures to attack high-profile targets while leveraging a new custom backdoor called MediaPI.

In a Jan. 17 blog post, Microsoft Threat Intelligence said the attacks were on individuals working at a high level on Middle Eastern affairs at universities and research organizations in Belgium, France, Gaza, Israel, the United Kingdom, and the United States.

The Microsoft researchers said Mint Sandstorm — also known as APT35 and APT42 — used legitimate, yet compromised accounts to send phishing lures. The researchers said Mint Sandstorm continues to improve and modify the tooling used in targets’ environments, activity that might help the group persist in a compromised environment and better evade detection.

“Based on the identities of the targets observed in this campaign and the use of lures related to the Israel-Hamas war, it’s possible this campaign is an attempt to gather perspectives on events related to the war from individuals across the ideological spectrum,” wrote the researchers.

Mint Sandstorm operates as a state-sponsored actor from Iran and, as a result, serves government agency and potential military objectives, explained Balazs Greksza, threat response lead at Ontinue. Greksza said the group employs tactics such as watering hole attacks and phishing emails, to target governments, NGOs, private entities, and academia for espionage. They often pose as journalists, government officials, or academics on social media and their primary objective is to get hold of sensitive information.

“Actors like APT35 have primary goals around geopolitics, national security, counter-intelligence,” said Greksza. “As openly shared by different intelligence agencies in the past, intelligence goals may shift rapidly based on the needs of national interests, current political and military leadership and their decision and intelligence needs.”

Ngoc Bui, cybersecurity expert at Menlo Security, added that the deployment of the custom backdoor MediaPI, along with the use of other tools like MischiefTut, indicates a shift in the operational tactics of Mint Sandstorm, marking an evolution in their cyber espionage capabilities.

***

This all begs the question, just exactly what is being done to not only protect a political campaign and election, but every website or American out there from Iran, Russia, China or North Korea and their team of hackers?

CSOOnline goes on to read –>

Iran, found extremely capable in the past of conducting cyberattacks against its foes in the Middle East, earlier in 2022 had threatened to avenge the killing of General Qassem Soleimani by the United States in a drone strike ordered by the Trump administration.

During this time, among many other efforts, Mandiant reported that the news site EvenPolitics, a Tehran-controlled disinformation site, had published articles covering the 2022 US midterm elections. An inauthentic amplification network promoting the site was taken down by the X platform that same year, yet EvenPolitics continues to operate, releasing approximately ten articles per week.

Microsoft, in its report, added that Iranian cyber-enabled influence operations “have been a consistent feature of at least the last three US election cycles”.

Iran’s mission to the United Nations, in response to inquiries about the Trump campaign’s allegations, denied any involvement. Speaking to The Associated Press, the mission stated, “We dismiss these reports entirely. The Iranian government has neither the capability nor the intention to interfere in the United States presidential election.”

Have you Met John Mark Dougan, a Former Florida Deputy Sheriff?

Posted on by

I continue to see friends on Facebook and a few other social media sites claiming that Ukraine’s President Zelensky and his wife are using millions if not billions of U.S. aid money to buy fancy cars and mansions….ehhh….c’mon people do that work please and stop getting punked by a former Marine and sheriff deputy from Florida that too fled to Russia….yes…fled and he is loving his deep fake life there and you are helping him win the bot/disinformation/propaganda war…and many members of Congress have bought into all this….but save yourself the humiliation and read on…

***

It is not just here in the United States by the way…Europe is getting pummeled too:

The article looks real enough, though petrolheads may note the misspelling of Tourbillon. It even cites as evidence a video recorded by a dealership employee describing the supposed sale, and a picture of a Bugatti invoice for €4.5 million made out to Mrs. Olena Zelenska. If you were under any doubt, the site’s name should lay your fears to rest: Verite Cachee or, in English, hidden truth.

In fact, the video is a deepfake, the invoice is falsified, and the entire site is part of a Kremlin-linked influence operation, using AI-generated content to deliver a payload of Russian talking points. The false attack on Zelenska was designed, it seems, to hint at corruption.

Veritecachee.fr is one of two sites set up less than two weeks after French president Emmanuel Macron announced a surprise election, the other called France en Colere (Angry France). The Bureau of Investigative Journalism (TBIJ) and the Tow Center have connected both to a network of websites linked to John Dougan, an American former police officer now living in Moscow and known for spreading Kremlin-backed disinformation. This network was first identified by researchers at Clemson University in December last year.

Even as this Dougan-affiliated network has targeted the French election, another Russia-linked disinformation operation, unmasked by French authorities earlier this year, has ramped up its activity in Europe. In June, the “Portal Kombat” network launched ten new sites, mostly aimed at Europe. Another five targeting Eastern Europe were set up in April and May. Read it all here for further context. Zelensky just bought a brand new $4.5 Million Dollar Bugatti for his ...

*** In part below:

It starts with a NewsGuard analyst happening upon what appeared to be a fledgling Washington D.C.-based news site promoting Russian propaganda. Unbeknownst to her, this was six months after her boss and his family had been threatened in a YouTube video that included an aerial shot of his home and calls to his unlisted phone number by a Russian disinformation operative working from a studio in Moscow. It turns out that this D.C. website, those threats to NewsGuard’s co-CEO, and what NewsGuard discovered were dozens of similar hostile information operations — including a “documentary” that the Russians used as an excuse to invade Ukraine — were all orchestrated by the same man — John Mark Dougan, a former Florida deputy sheriff who fled to Moscow after being investigated for computer hacking and extortion.

As of this writing, NewsGuard has discovered 167 Russian disinformation websites that appear to be part of Dougan’s network of websites masquerading as independent local news publishers in the U.S. and 15 films on Dougan’s since-removed YouTube channel. Ranging from Ukrainian President Volodymyr Zelensky siphoning off money meant to aid the war against Russia so he could buy an estate in England owned by King Charles, to a non-existent U.S. bioweapons lab in Ukraine being the reason the Russians had to invade that country, these concocted stories have been amplified on social media accounts to reach a broad global audience of more than 37 million views—including 1,300,000 views of just the narrative about Zelensky buying the king’s estate.

As a journalist based in Washington who scrutinizes the credibility of news outlets as a profession, I was familiar with the landscape of trusted local publications in the area. DCWeekly did not appear to be one of them.

I first noticed the site when it published an article reporting that the Ukrainian Azov Battalion was recruiting in France. It carried the byline “Jessica Devlin,” who was described as a “distinguished and highly acclaimed journalist.” Another scoop: The U.S. had bought a mansion for Ukrainian President Volodymyr Zelensky in Vero Beach, Florida.

Everything about the website and these articles was a red flag: The site presented itself as a credible new local news source yet was propagating fabricated narratives that smelled of Russian influence.

It turned out that “DCWeekly” is not actually based in the nation’s capital. Nor is “Jessica Delvin” a real person. As uncovered by researchers at Clemson University, the site operates from Moscow, hosted on an IP address belonging to John Mark Dougan.

His is a name I would come to know well over the coming months.

In further briefings, I learned that Dougan, a former marine, had been an officer in the Sheriff’s Department in Palm Beach County, Florida, until 2016, when he fled to Russia and was granted asylum after being targeted in a computer hacking scheme. Since then, I was told, he had become well known to the FBI and, as they put it, “our sister security agencies” as a Russian operative who specialized in producing some of the Russians’ most elaborate disinformation campaigns and narrating them as if he were an independent American journalist. 

Relatedly, it appeared that the aerial video of my home in Dougan’s video was not a simple Google satellite shot. Instead, it had probably been taken by a drone that someone had hired. [Dougan denies this; see below.] I was also told that those same sister agencies reported that Dougan was still in Russia. “So he poses no imminent threat to you,” the lead agent on the case said.

But he knows where I live and the Russians must have people all over the United States, I said. And he must have followers here on his YouTube channel that could act on their own. The FBI agents agreed. This was more serious than a few random crank emails. In a meeting a few days later with three agents and my wife sitting at our dining room table, we agreed on a multifaceted security plan to be implemented by a private security company.

I now live in a home surrounded by twelve motion-detecting security cameras, monitored remotely by the security service, and filled with dead-bolt window and door locks and other reminders of Dougan’s video—which produced multiple new death threats.

***

Related reading from the BBC 

RUSSIA’S BOT FARM OPERATES ON X, US AND ITS ALLIES WARN

Posted on by

In full disclosure, years ago I did a radio interview with Pierluigi…due to his long validated resume….I continue to trust his work…as a result this is fair warning to validate information at with at least 3 unique sources.

(Officially shut down –> you be the judge)

Russia has officially made one dystopian prediction about artificial intelligence (AI) come true: it used AI to lie better, faster, and more believably. Last week, the U.S. Department of Justice, along with counterparts in Canada and the Netherlands, disrupted a Russian bot farm that was spreading pro-Russian propaganda. The FBI director and deputy attorney general in a press release highlighted the use of AI to create the bot farm as a disturbing new development. What they did not say, however, is that the West is unprepared to defend itself against this new threat.

This capability enables quick reactions on a huge scale to highly divisive world events. For example, the Russian operation could choose to spread divisive messages about the assassination attempt on former president Trump. In the past, this would have been a labor-intensive task of crafting a variety of credible messages designed to outrage both ends of the political spectrum, then iterating until a divisive note hit a nerve. Now, AI can craft the message, alter it for different audiences, and distribute it rapidly. Russia could enter the chat almost immediately.

***Yandex's Russian AI Bot Shows Promise in Rivalry with US-Based ChatGPT .... Additional reading here

The US and its allies disrupted an AI-powered Russia-linked bot farm on the social media platform X relying on the Meliorator AI software.

The U.S. FBI and Cyber National Mission Force, along with Dutch and Canadian intelligence and security agencies, warned social media companies about Russian state-sponsored actors using covert AI software, Meliorator, in disinformation campaigns. Affiliates of Russia’s media organization RT used Meliorator to create fake online personas to spread disinformation on X. The campaigns targeted various countries, including the U.S., Poland, Germany, the Netherlands, Spain, Ukraine, and Israel.

“Although the tool was only identified on X, the authoring organizations’ analysis of Meliorator indicated the developers intended to expand its functionality to other social media platforms.” reads the report. “The authoring organizations’ analysis also indicated the tool is capable of the following:

  • Creating authentic appearing social media personas en masse;
  • Deploying content similar to typical social media users;
  • Mirroring disinformation of other bot personas;
  • Perpetuating the use of pre-existing false narratives to amplify malign foreign influence; and
  • Formulating messages, to include the topic and framing, based on the specific archetype of the bot.”

As early as 2022, RT had access to the AI-powered bot farm generation and management software Meliorator. By June 2024, it was operational only on X (formerly Twitter), with plans to expand to other platforms. The software includes an admin panel called “Brigadir” and a seeding tool named “Taras,” and is accessed via a virtual network computing (VNC) connection. Developers managed Meliorator using Redmine software, hosted at dtxt.mlrtr[.]com.

The identities (also called “souls”) of these bots are determined by selecting specific parameters or archetypes. The experts said that any unselected fields are auto-generated. Bot archetypes group ideologically aligned bots through an algorithm that constructs each bot’s persona, including location, political ideologies, and biographical data. Taras creates these identities and the AI software registers them on social media platforms. The identities are stored in a MongoDB, enabling ad hoc queries, indexing, load-balancing, aggregation, and server-side JavaScript execution.

Meliorator manages automated scenarios or actions for a soul or group of souls through the “thoughts” tab. The software can instruct personas to like, share, repost, and comment on others’ posts, including videos or links. It also allows for maintenance tasks, creating new registrations, and logging into existing profiles.

“The creators of the Meliorator tool considered a number of barriers to detection and attempted to mitigate those barriers by coding within the tool the ability to obfuscate their IP, bypass dual factor authentication, and change the user agent string.” continues the joint advisory. “Operators avoid detection by using a backend code designed to auto-assign a proxy IP address to the AI generated persona based on their assumed location.”

The report also provides the infrastructure associated with the bot farm and mitigations.

 

The War has Begun in the S. China Sea, but it is a Quiet One

Posted on by

So quiet…no one domestically is reporting it….Electronic warfare/jamming and cyber are cheap tools of destruction…and then there is space. So, has the Commander in Chief…if there is one…approved real Rules of Engagement….anywhere?

(below is word for word)

***

Over the vast expanse of the South China Sea, a war without gunfire quietly unfolded, its unique impact capturing the world’s attention. On June 30th, a brief yet meaningful tweet from the official Weibo account of China’s Southern Theater Command—“Thick smoke deep in the blue sea, good night”—sparked a massive online reaction, leaving netizens speculating about the secrets behind it.

Recently, there have been widespread rumors online of an intense electronic warfare between China and the United States in the South China Sea, ending with the US deciding to withdraw.

Reports indicate that the skies over northern Philippines recently fell into an unprecedented silence, with all electronic signals cut off. Satellite phones, GPS navigation, television signals—everything reliant on electronic communication seemed to lose its vitality overnight. The twelve-hour “blackout” shocked local residents and global public opinion. This was a direct result of an intense electronic warfare over the South China Sea.

The story begins with a minor conflict between the Philippines and China. Following a fierce confrontation at Ren’ai Reef, the Philippines felt aggrieved by China’s legitimate actions, and the US, as its backer, seized the opportunity. A joint military exercise involving 29 countries was held in the South China Sea, ostensibly to showcase “unity” and “strength,” but with hidden motives—the US military intended to use this opportunity to lay newly developed anti-submarine devices on the seabed, spying on the movements of China’s strategic nuclear submarines and further restricting China’s strategic space.

However, China’s response was swift and decisive. When the US military’s P-8A anti-submarine patrol aircraft quietly dropped high-tech monitoring equipment in the South China Sea, it was promptly detected by the PLA. The Chinese Coast Guard quickly launched a recovery operation. The US military panicked, as losing this equipment would mean wasted effort, and the advanced technology could not fall into PLA hands. This sparked a sensitive reaction, leading to a battle over these critical pieces of equipment.

The US hastily deployed a joint fleet to intercept the Chinese Coast Guard vessels. With the addition of the Shandong carrier strike group, a standoff formed between Chinese and US fleets in the South China Sea. Seeing the unfavorable situation, the US immediately dispatched electronic warfare aircraft to assist the joint fleet in launching severe interference against the Chinese fleet. In response, China rapidly deployed its Y-9 electronic warfare aircraft and 815A electronic reconnaissance ship.

In this battlefield without smoke, electronic warfare took center stage. The US deployed Growler electronic warfare aircraft and RC-135 electronic reconnaissance aircraft in an all-out effort to paralyze the command systems of the Chinese fleet with strong electronic interference. However, the Chinese forces did not retreat; the Y-9 electronic warfare aircraft and 815A electronic reconnaissance ship quickly countered, engaging in fierce electronic offensive and defensive operations over the South China Sea.

The intense electronic warfare near the northern Philippines far exceeded external expectations. Ultimately, the US fleet faced an unprecedented crisis—screens full of static and a total loss of GPS signals. In modern naval warfare, losing communication and navigation capabilities is akin to losing sight and hearing. Confronted with such a scenario, the US had to choose to retreat to avoid greater losses.

The entire electronic warfare lasted a full twelve hours, plunging northern Philippines into complete communication paralysis and sparking widespread global attention and discussion. According to Taichung News, the mysterious battle gained an official tone, with retired generals critiquing the US military’s outdated electronic warfare equipment, asserting it is a full generation behind China’s.