Russian spies claim they can now collect crypto keys

Posted on August 1, 2016August 1, 2016 by Denise Simon

Filed under Vlad’s Glad…ah ha ha

Russian spies claim they can now collect crypto keys—but don’t say how

Putin gave KGB’s successor agency two weeks to deal with encrypted services.

ArsTechnica: Russia’s intelligence agency the FSB, successor to the KGB, has posted a notice on its website claiming that it now has the ability to collect crypto keys for Internet services that use encryption. This meets a two-week deadline given by Vladimir Putin to the FSB to develop such a capability. However, no details have been provided of how the FSB is able to do this.

The FSB’s announcement follows the passage of Russia’s wide-ranging surveillance law, which calls for metadata and content to be stored for six months, plus access to encrypted services, as Ars reported back in June.

The new capability seems to go even further, since the FSB notice (in Russian) speaks of obtaining the “information necessary for decoding the electronic messaging received, sent, delivered, and (or) processed by users of the ‘Internet’ network.”

Being able to decode Internet communications would seem to imply getting hold of any crypto keys that are used. However, as an article on The Daily Dot points out, it is still not clear what the new laws will require: “No one seems to know what this new law means in the slightest. Or, more accurately, the people who do know are keeping mum.”

Three of the services that are likely to be most affected by the new requirements are Facebook’s WhatsApp, Telegram, and Viber. Ars has asked all three for clarification on what the Russian authorities have asked for, and what information the companies are or will be providing, but has not yet received any reply. This post will be updated with responses when they are received.

Related reading: Is the U.S. Hacking Back? Uh Huh

The Daily Dot quotes Russian technologist Anton Nesterov as saying that it’s not even clear whether the new legislation applies to VPNs or basic SSL keys, nor whether mainstream electronic payment systems must hand over their keys as a matter of routine.

Nesterov also points out the dangers involved in providing this information, not least because leaks of such valuable data are always a risk.

*****

In part from CSO: Networks at some 20 organizations in Russia — including scientific and military institutions, defense contractors, and public authorities — were found to be infected with the malware, the Russian Federal Security Service (FSB) said Saturday. The range of infected sites suggests that the targets were deliberately selected as part of a cyber-espionage operation, the FSB said.

Analysis of the attack showed that filenames, parameters and infection methods used in the malware are similar to those involved in other high-profile cyber-espionage operations around the world.

The software was adapted to the characteristics of each PC targeted, and delivered in a malicious email attachment, the FSB said.

Once installed, it downloaded additional modules to perform tasks such as monitoring network traffic, capturing and transmitting screenshots and keystroke logs, or recording audio and video using the PC’s microphone and webcam.

The FSB is working with ministries and other government agencies to identify all the victims of the malware, and to limit its effects, it said.

Russia is said to be the source, not the target, of another government-related cyber-attack. Last week, evidence emerged suggesting Russian involvement in an attack on computers at the Democratic National Committee, where recent data leaks have tarnished the campaign of presidential candidate Hillary Clinton.

Rival republican candidate Donald Trump last week suggested Russian spies should infiltrate Clinton’s email system in search of 30,000 messages allegedly missing from an investigation into her use of a private email server for official correspondence while secretary of state.

A Major Flaw at the DNC, Did you Catch it?

Posted on July 30, 2016July 30, 2016 by Denise Simon

Was this purposeful or just stupidity?

Russian ships displayed at DNC tribute to vets

MilitaryTimes: On the last night of the Democratic National Convention, a retired Navy four-star took the stage to pay tribute to veterans. Behind him, on a giant screen, the image of four hulking warships reinforced his patriotic message.

But there was a big mistake in the stirring backdrop: those are Russian warships.

While retired Adm. John Nathman, a former commander of Fleet Forces Command, honored vets as America’s best, the ships from the Russian Federation Navy were arrayed like sentinels on the big screen above.

These were the very Soviet-era combatants that Nathman and Cold Warriors like him had once squared off against.

The lady in the red jacket is a Congresswoman from Hawaii, Tulsi Gabbard. Tulsi served two tours of duty in the Middle East, and she continues her service as a Major in the Army National Guard.

“The ships are definitely Russian,” said noted naval author Norman Polmar after reviewing hi-resolution photos from the event. “There’s no question of that in my mind.”

Naval experts concluded the background was a photo composite of Russian ships that were overflown by what appear to be U.S. trainer jets. It remains unclear how or why the Democratic Party used what’s believed to be images of the Russian Black Sea Fleet at their convention.

A spokesman for the Democratic National Convention Committee was not able to immediately comment Tuesday, saying he had to track down personnel to find out what had happened.

The veteran who spotted the error and notified Navy Times said he was immediately taken aback.

“I was kind of in shock,” said Rob Barker, 38, a former electronics warfare technician who left the Navy in 2006. Having learned to visually identify foreign ships by their radars, Barker recognized the closest ship as the Kara-class cruiser Kerch.

“An immediate apology [from the committee] would be very nice,” Barker said. “Maybe acknowledge the fact that yes, they screwed up.”

The background — featured in the carefully choreographed hour leading up to the president’s Sept. 6 speech accepting the Democratic Party’s nomination — showed four ships with radar designs not used in the U.S. fleet.

For example, the ship in the foreground, on the far right, has a square radar antenna at the top of its masthead. That is the MR-700 Podberezovik 3-D early warning radar, commonly identified as “Flat Screen” for its appearance, a three-dimensional early warning radar mounted on the Kerch, said Eric Wertheim, editor of “Combat Fleets of the World.”

Similarly, the third ship has a MR-310 “Head Net” air search radar, shaped like two off-set bananas, at its masthead and is mostly likely the guided missile destroyer Smetlivyy. The first two ships seem to be Krivak-class frigates, but it’s hard to discern from the silhouette, experts said.

But the fact they are Russian ships is not in doubt. In addition to the ship’s radar arrays and hulls, which are dissimilar from U.S. warships, the photo features one more give-away: a large white flag with a blue ‘X’ at the ships’ sterns.

Polmar, who authored “The Naval Institute Guide to the Soviet Navy,” recognized the blue ‘X’-mark: “The X is the Cross of St. Andrew’s, which is a Russian Navy symbol,” Polmar said. (An anchored U.S. warship, by contrast, flies the American flag on its stern.)

Based on this specific group of these ship types, one naval expert concluded that this was most likely a photo of the Black Sea Fleet.

“Ships are all Black Sea Fleet,” A. D. Baker III, a retired Office of Naval Intelligence analyst, told Navy Times after looking at the image. “These four ships, at the time the photo was taken, constituted the entire major surface combatant component of the Black Sea Fleet,” Baker said, noting the photo was likely to be six years old or older. (The Kerch is now on the list to be scrapped, Baker said.)

Barker, the former sailor who first spotted the errors, believes the seven aircraft streaking by are F-5 jets, a trainer used by the U.S. Navy. Asked to explain how he reached that conclusion, the former airplane spotter ticked off a list: “Twin engine, single rudder, with hard points on the wingtips, with that silhouette is going to make them F-5s.”

Meanwhile, how about understanding what Russia is up to today?

Kommersant newspaper provided a few details about a new orbital surveillance system being developed for the Russian Ministry of Defense. The new system, consisting of three brand new Razdan-class satellites, is set to be lifted into orbit between 2019 and 2024 from the Plesetsk Cosmodrome. The system will complement and eventually replace the Persona-class optical-electronic satellites presently used by the military. The new satellite is being developed by the TsSKB-Progress research and production center.

Unfortunately, very little information has been made public about the new surveillance satellite’s capabilities. In any case, Kommersant reported that the Razdan will feature a significant improvement over the capabilities of its predecessors, including a new high-speed secure radio channel. The second and third satellites launched are also expected to feature new optics with an objective lens diameter of 2 meters.

Much more is known about Razdan’s predecessor, the 14F137 Persona. Between 2008 and 2015, the Russian military launched three Persona-class surveillance satellites. The first was lost in 2008 due to a technical fault. The second and third devices (launched in June 2013 and June 2015, respectively) remain in perfect working order, and rumor has it that they are being actively used in Russia’s anti-terrorist operation in Syria.

The satellites are charged with providing the Russian General Staff with highly detailed operational imagery. Moreover, the military’s need for operational intelligence in Syria has proven so great that the military has turned to using civilian satellites of the Resurs and Kanopus class. More here.

Is the U.S. Hacking Back? Uh Huh

Posted on July 30, 2016July 30, 2016 by Denise Simon

Like here perhaps? This could lead to a real devastating condition as it should be remembered what Russia did to Ukraine just a few months ago, hacked their power system.

Russia cyber attack: Large hack ‘hits government’

BBC: A “professional” cyber attack has hit Russian government bodies, the country’s intelligence service says.

A “cyber-spying virus” was found in the networks of about 20 organisations, the Federal Security Service (FSB) said.

The report comes as Russia stands accused over data breaches involving the Democratic Party in the US.

The Russian government has denied involvement and has denounced the “poisonous anti-Russian” rhetoric coming out of Washington.

The FSB did not say who it believed was responsible for hacking Russian networks, but said the latest hack resembled “much-spoken-about” cyber-spying, without elaborating.

What are Trump’s ties to Russia?

Democrat hack: Who is Guccifer 2.0?

It said the hack had been “planned and made professionally”, and targeted state organisations, scientific and defence companies, as well as “country’s critically important infrastructures”.

The malware allowed those responsible to switch on cameras and microphones within the computer, take screenshots and track what was being typed by monitoring keyboard strokes, the FSB said.

In the US, the Democratic National Committee (DNC) and the Democratic Congressional Campaign Committee have both suffered hacks in recent weeks.

Emails from the DNC were later distributed by the Wikileaks organisation, and showed party officials had been biased against Bernie Sanders in his primary race against Hillary Clinton.

US officials believe the cyber attacks were committed by Russian agents.

The Kremlin has repeatedly denied being responsible, and Mrs Clinton’s presidential rival Donald Trump said he had no ties to Russia.

The Clinton campaign said on Friday that an analytics data program, which it shared with other entities, had been accessed by hackers.

But, her press secretary Nick Merrill said, there was “no evidence that our internal systems have been compromised”.

The FBI said it was investigating the extent of any hacking.

The NSA Is Likely ‘Hacking Back’ Russia’s Cyber Squads

By Lee Ferran ASPEN, Color ado — Jul 30, 2016
U.S. government hackers at the National Security Agency are likely targeting Russian government-linked hacking teams to see once and for all if they’re responsible for the massive breach at the Democratic National Committee, according to three former senior intelligence officials. It’s a job that the current head of the NSA’s elite hacking unit said they’ve been called on to do many times before.

ABC: Robert Joyce, chief of the NSA’s shadowy Tailored Access Operations, declined to comment on the DNC hack specifically, but said in general that the NSA has technical capabilities and legal authorities that allow the agency to “hack back” suspected hacking groups, infiltrating their systems to gather intelligence about their operations in the wake of a cyber attack.

“In terms of the foreign intelligence mission, one of the things we have to do is try to understand who did a breach, who is responsible for a breach,” Joyce told ABC News in a rare interview this week. “So we will use the NSA’s authorities to pursue foreign intelligence to try to get back into that collection, to understand who did it and get the attribution. That’s hard work, but that’s one of the responsibilities we have.”

Predators Exploiting Personal Info in DNC Hack

‘Beyond a Reasonable Doubt,’ Russians Hacked DNC, Analyst Says

The NSA deferred direct questions about its potential involvement in the DNC hack investigation to the FBI, which is the leading agency in that probe. Representatives for the bureau have not returned ABC News’ request for comment. Lisa Monaco, President Obama’s homeland security and counterterrorism adviser whose responsibilities include cyber policy, declined to comment.

A former senior U.S. official said it was a “fair bet” the NSA was using its hackers’ technical prowess to infiltrate two Russian hacking teams that the cybersecurity firm Crowdstrike alleged broke into the DNC’s system and were link ed to two separate Russian intelligence agencies, as first reported by The Washington Post. In some past unrelated cases, the former official said, NSA hackers have been able to watch from the inside as malicious actors conduct their operations in real time.

Rajesh De, former general counsel at the NSA, said that if the NSA is targeting the Russian groups, it could be doing it under its normal foreign intelligence authorities, as the Russian government is “clearly … a valid intelligence target.” Or the NSA could be working under the FBI’s investigative authority and hacking the suspects’ systems as part of technical support for investigators, said De, now head of the cyber security practice at the law firm Mayer Brown.

In the aftermath of an attack, a CIA official said that if there is an “overseas component,” the NSA would be involved along with the CIA’s own newly formed Directorate of Digital Innovation. The two agencies would work, potentially along with others in government, to sniff out suspects’ “digital dust.”

“It turns out that the people who carry out these activities use their keyboards for other things too,” said Sean Roche, Associate Deputy Director for Digital Innovation at the CIA. Any attribution investigations, Roche said, would also include offline information — the product of old fashioned, on-the-street intelligence gathering.

Like Joyce, Roche said he was speaking generally and could not comment on the DNC hack.

While U.S. officials have told news outlets anonymously they concur with Crowdstrike and other private cybersecurity firms who have pointed to Russian culpability, the U.S. government has declined to publicly blame the Russians.

The Russian government has said the hacking allegations are “absurd”.

Director of National Intelligence James Clapper told the audience at the Aspen Security Forum Thursday that the U.S. intelligence community was “not quite ready to make a call on attribution,” though he said there were “just a few usual suspects out there.” The next day CIA Director John Brennan said that attribution is “to be determined” and a lot of people were “jumping to conclusions.”

Professional hackers often use proxies, Brennan said, so investigators have to make two or three “hops” before tracing cyber attacks back to a state’s intelligence agency, which makes the attribution process more difficult.

Kenneth Geers, a former cyber analyst at the Pentagon who recently published a book about Russian cyber operations, told ABC News earlier this week that he didn’t necessarily doubt it was the Russians, but said that even in the best cases when doing cyber investigations, “You can have a preponderance of evidence — and in nation-state cases , that’s likely what you’ll have — but that’s all you’ll have.”

That, he said, opens the possibility, however remote, that a very clever hacker or hacking team could be framing the Russians.

Michael Buratowski, the senior vice president of cybersecurity services at Fidelis Cybersecurity which studied some of the malicious code, said the evidence pointing to the Russians was so convincing, “it would have had to have been a very elaborate scheme” for it really to have been anyone else.

The NSA’s Joyce said that in general it’s very difficult to properly frame someone for a comp lex attack, since too many details have to be exactly right, requiring a tremendous amount of expertise and precision.

But Joyce said that before the U.S. government pins blame on anyone for a cyber attack publicly, the evidence has to pass an “extremely high bar.”

So when they do come forward, he said, perhaps based on the results of attribution techniques that have not been publicly described, “You should bank on it.”

The U.S. has had a Russian Problem of Espionage for Decades

Posted on July 29, 2016July 29, 2016 by Denise Simon

What is terrifying and pathetic is the Obama White House and both Secretaries of State Hillary Clinton and John Kerry have been stooges of Putin….groveling for normalcy just as they have with the regime of Iran. This is an administration that is normalizing relations with all terror regimes across the globe that include North Korea, Cuba and Venezuela. Hillary said that Bashir al Assad of Syria was a reformer when 400,000 Syrians are dead and 4-5 million have left their homes. Then, we all remember that the Obama White House negotiated with Qatar to released 5 Taliban commanders in exchange for one Army deserter. Talks have been ongoing with the Taliban for years until just recently.

But back to Russia….before the hacking, to sway and or interfere with U.S. elections.

No one is admitting that Russian in cadence with WikiLeaks has hacked Hillary’s campaign systems, DCC and the DNC as well as other government systems. Why? Perhaps diplomacy due to talks continued talks with Iran and ending the civil war in Syria. Remember that ‘red-line’ on chemical weapons use.

So, let’s go back a way, like over a decade and up to just a couple of years ago when it came to Russian spies in the United States, shall we? This is for perspective and how the Obama administration including his National Security Council and the State Department continue to ‘omit’ history…

Espionage continues and tactics have not changed for Russia where cyber intrusions have replaced in country operatives, however a look at those operatives’ skills and missions must not be overlooked or dismissed.

Image result for russian spies caught

Let’s begin with Anna Chapman, the Russian spy.

DailyNews: Sultry former Russian secret agent Anna Chapman ended an exchange with NBC News almost before it began when she was pressed about her playful Twitter marriage proposal to NSA leaker Edward Snowden.

Here is the official criminal complaint and summary of how the FBI tracked her actions filed in 2010. The file also includes an additional spy Mikhail Sememko. This actually began in 1990….yes 1990.

But actually there were 8 more Russian spies and this is the criminal complaint for that case. What is fascinating here is the many stopovers in Latin America…..

The spying spree finally came to its end in the summer of 2014, when the trio were propositioned by a self-described investor who wanted to develop casinos in Russia. The scheme immediately drew red flags among the group, with Sporyshev offering that the proposal felt “like some sort of set-up.”
But despite his misgivings, Sporyshev didn’t stop Buryakov from meeting with the supposed investor, who was, in fact, an FBI informant.
For six hours on Aug. 28, Buryakov and the informant met in the anemic gambling metropolis Atlantic City. The informant, who claimed he had a well-placed source in the U.S. government, handed Buryakov documents that were labeled “Internal Treasury Use Only” and contained a list of Russians who were essentially blacklisted from doing business with the United States.
The valuable document earned the informant another meeting that day, when he offered Buryakov another official document that contained “a list of Russian banks… on which to impose sanctions,” according to the criminal complaint. More from DailyBeast.

Then there was a dead Russian, Mikhail Lesin. found in a hotel in Dupont Circle, Washington DC. A story that came and went real fast.

Image result for russian Mikhail Lesin

Mr. Lesin was a major figure in Russian media after the fall of the Soviet Union, first as an advertising executive and later as a top government official and media executive.

He had deep connections to the Russian state at the time Mr. Putin was reasserting his authority over the country’s rambunctious and freewheeling media. He was a crucial figure in that process, which began with the takeover of Russia’s first independent television channel, NTV, in the early 2000s, and was viewed with bitterness by many Russian journalists at that time.

He was Russian press minister between 1999 and 2004 — a time of increasing government pressure on independent journalists and media outlets in the country — and later served as a presidential adviser, spearheading the development of the government’s growing media and technology apparatus.

More recently, Mr. Lesin became head of Gazprom-Media, the country’s largest media holding company, in 2013, but resigned from that position in late 2014.

While still with the company in 2014, Mr. Lesin’s personal wealth attracted suspicion in the United States. Senator Roger Wicker, Republican of Mississippi, called for a Justice Department investigation, raising the possibility of corruption and money-laundering charges based on what he alleged were millions of dollars in assets, including $28 million worth of real estate in Los Angeles, controlled by the former civil servant. It is unclear whether such an investigation occurred. More here from the NewYorkTimes.

(Note, one of Trump’s top foreign policy advisors, Carter Page is deeply connected to Gazprom.)

(Note: Three former U.S. officials said that a trip Flynn took last December to Moscow—where he was filmed sitting at the head table next to Russian President Vladimir Putin during a formal dinner—set off alarms within military and intelligence circles over whether Flynn had notified the U.S. government about his foreign travel, as his security clearance requires.
The Defense Intelligence Agency spokesman said that Flynn had given the proper notices. But a current senior defense official said that word of Flynn’s travel didn’t reach the office of Defense Secretary Ash Carter, and that Pentagon brass were taken by surprise that he didn’t notify the department.
That he would be working with the Trump campaign or pushing for better U.S.-Russian relations, even as the two nations are battling each other on the behalf of proxy forces in Syria, was less surprising, the official said.
“He’s always been a bit of a wild card,” he concluded.
Another former senior U.S. intelligence official who knows Flynn said that he recently praised Trump as a “skilled negotiator” during a meeting of security leaders and experts in Washington. This person said the pair had become so close that, were Trump to win the presidency, he would likely nominate Flynn as the next Director of National Intelligence, the top intelligence official in the government. Via DailyBeast)

Clinton Campaign Refused FBI Request for Computer Logs

Posted on July 29, 2016July 29, 2016 by Denise Simon

Details, dates and motivations are everything when it comes decisions to cooperate with the FBI or not. Seems the powerbrokers in the Clinton campaign headquarters in Brooklyn did not trust the FBI either but one department within the agency is different from another.

Image result for clinton campaign headquarters brooklyn Reuters

FBI warned Clinton campaign last spring of cyberattack

Yahoo: The FBI warned the Clinton campaign that it was a target of a cyberattack last March, just weeks before the Democratic National Committee discovered it had been penetrated by hackers it now believes were working for Russian intelligence, two sources who have been briefed on the matter told Yahoo News.

In a meeting with senior officials at the campaign’s Brooklyn headquarters, FBI agents laid out concerns that cyberhackers had used so-called spear-phishing emails as part of an attempt to penetrate the campaign’s computers, the sources said. One of the sources said agents conducting a national security investigation asked the Clinton campaign to turn over internal computer logs as well as the personal email addresses of senior campaign officials. But the campaign, through its lawyers, declined to provide the data, deciding that the FBI’s request for sensitive personal and campaign information data was too broad and intrusive, the source said.

A second source who had been briefed on the matter and who confirmed the Brooklyn meeting said agents provided no specific information to the campaign about the identity of the cyberhackers or whether they were associated with a foreign government. The source said the campaign was already aware of attempts to penetrate its computers and had taken steps to thwart them, emphasizing that there is still no evidence that the campaign’s computers had actually been successfully penetrated.

But the potential that the intruders were associated with a foreign government should have come as no surprise to the Clinton campaign, said several sources knowledgeable about the investigation. Chinese intelligence hackers were widely reported to have penetrated both the campaigns of Barack Obama and John McCain in 2008.

The Brooklyn warning also could raise new questions about why the campaign and the DNC didn’t take the matter more seriously. It came just four months after the DNC had also been contacted by FBI agents alerting its information technology specialists about a cyberattack on its computers, the sources told Yahoo News. As with the warning to the Clinton campaign, the FBI initially provided no details to the DNC.

As Yahoo News first reported this week, in early May a DNC consultant who was investigating Trump campaign chief Paul Manafort’s work for pro-Putin political figures in Ukraine alerted senior committee officials that she had been notified by Yahoo security that her personal email account had been targeted by “state-sponsored actors.” The DNC had already realized that it was the victim of a serious breach, but the red flag from the staffer prompted committee security officials to conclude for the first time that the suspected cyberhackers were likely associated with the Russian government.

By mid-May, Director of National Intelligence James Clapper was telling reporters that US. Intelligence officials “already had some indications” of hacks into political campaigns that were likely linked to foreign governments and that “we’ll probably have more.”

In a talk at the Aspen Security Forum Thursday, Clapper said the U.S. government is not “quite ready yet” to “make a public call” on who was behind the cyberassault on the DNC, but he suggested one of “the usual suspects” is likely to blame. “We don’t know enough [yet] to … ascribe a motivation, regardless of who it may have been,” Clapper said.

Clapper’s comments come amid a mounting debate within the Obama administration about whether to publicly blame the Russian government for the cyberattack on the DNC. (A senior law enforcement official told Yahoo News that the Russians were “most probably” involved in the cyberattack, but cautioned that the investigation is ongoing.) On Wednesday, Sen. Dianne Feinstein of California and California Rep. Adam Schiff, the ranking Democrats on the Senate and House Intelligence Committees, wrote President Obama calling for a stern response, asserting that if the accounts of Russian involvement are true, “It would represent an unprecedented attempt to meddle in American domestic politics.”

But Clapper is reportedly among a number of U.S. intelligence officials who have resisted calls to publicly blame the Russians, viewing it as likely the kind of activity that most intelligence agencies engage in. “[I’m] taken aback a bit by … the hyperventilation over this,” Clapper said during his Aspen appearance, adding in a sarcastic tone, “I’m shocked somebody did some hacking. That’s never happened before.”

The confirmation that the campaign was warned by the FBI as early as March of an attempted breach of its computers is a further indication that the scope of the possible Russian attack may have been far wider and extensive than the official DNC accounts.

The FBI’s request to turn over internal computer logs and personal email information came at an awkward moment for the Clinton campaign, said the source, familiar with the campaign’s internal deliberations. At the time, the FBI was still actively and aggressively conducting a criminal investigation into whether Clinton had compromised national security secrets by sending classified emails through a private computer server in the basement of her home in Chappaqua, N.Y. There were already press reports, to date unconfirmed, that the investigation might have expanded to include dealings relating to the Clinton Foundation. Campaign officials had reason to fear that any production of campaign computer logs and personal email accounts could be used to further such a probe. At the Brooklyn meeting, FBI agents emphasized that the request for data was unrelated to the separate probe into Clinton’s email server. But after deliberating about the bureau’s request, and in light of the lack of details provided by the FBI and the absence of a subpoena, the Clinton campaign chose to turn down the bureau’s request, the source said.