A Major Flaw at the DNC, Did you Catch it?

Posted on July 30, 2016July 30, 2016 by Denise Simon

Was this purposeful or just stupidity?

Russian ships displayed at DNC tribute to vets

MilitaryTimes: On the last night of the Democratic National Convention, a retired Navy four-star took the stage to pay tribute to veterans. Behind him, on a giant screen, the image of four hulking warships reinforced his patriotic message.

But there was a big mistake in the stirring backdrop: those are Russian warships.

While retired Adm. John Nathman, a former commander of Fleet Forces Command, honored vets as America’s best, the ships from the Russian Federation Navy were arrayed like sentinels on the big screen above.

These were the very Soviet-era combatants that Nathman and Cold Warriors like him had once squared off against.

The lady in the red jacket is a Congresswoman from Hawaii, Tulsi Gabbard. Tulsi served two tours of duty in the Middle East, and she continues her service as a Major in the Army National Guard.

“The ships are definitely Russian,” said noted naval author Norman Polmar after reviewing hi-resolution photos from the event. “There’s no question of that in my mind.”

Naval experts concluded the background was a photo composite of Russian ships that were overflown by what appear to be U.S. trainer jets. It remains unclear how or why the Democratic Party used what’s believed to be images of the Russian Black Sea Fleet at their convention.

A spokesman for the Democratic National Convention Committee was not able to immediately comment Tuesday, saying he had to track down personnel to find out what had happened.

The veteran who spotted the error and notified Navy Times said he was immediately taken aback.

“I was kind of in shock,” said Rob Barker, 38, a former electronics warfare technician who left the Navy in 2006. Having learned to visually identify foreign ships by their radars, Barker recognized the closest ship as the Kara-class cruiser Kerch.

“An immediate apology [from the committee] would be very nice,” Barker said. “Maybe acknowledge the fact that yes, they screwed up.”

The background — featured in the carefully choreographed hour leading up to the president’s Sept. 6 speech accepting the Democratic Party’s nomination — showed four ships with radar designs not used in the U.S. fleet.

For example, the ship in the foreground, on the far right, has a square radar antenna at the top of its masthead. That is the MR-700 Podberezovik 3-D early warning radar, commonly identified as “Flat Screen” for its appearance, a three-dimensional early warning radar mounted on the Kerch, said Eric Wertheim, editor of “Combat Fleets of the World.”

Similarly, the third ship has a MR-310 “Head Net” air search radar, shaped like two off-set bananas, at its masthead and is mostly likely the guided missile destroyer Smetlivyy. The first two ships seem to be Krivak-class frigates, but it’s hard to discern from the silhouette, experts said.

But the fact they are Russian ships is not in doubt. In addition to the ship’s radar arrays and hulls, which are dissimilar from U.S. warships, the photo features one more give-away: a large white flag with a blue ‘X’ at the ships’ sterns.

Polmar, who authored “The Naval Institute Guide to the Soviet Navy,” recognized the blue ‘X’-mark: “The X is the Cross of St. Andrew’s, which is a Russian Navy symbol,” Polmar said. (An anchored U.S. warship, by contrast, flies the American flag on its stern.)

Based on this specific group of these ship types, one naval expert concluded that this was most likely a photo of the Black Sea Fleet.

“Ships are all Black Sea Fleet,” A. D. Baker III, a retired Office of Naval Intelligence analyst, told Navy Times after looking at the image. “These four ships, at the time the photo was taken, constituted the entire major surface combatant component of the Black Sea Fleet,” Baker said, noting the photo was likely to be six years old or older. (The Kerch is now on the list to be scrapped, Baker said.)

Barker, the former sailor who first spotted the errors, believes the seven aircraft streaking by are F-5 jets, a trainer used by the U.S. Navy. Asked to explain how he reached that conclusion, the former airplane spotter ticked off a list: “Twin engine, single rudder, with hard points on the wingtips, with that silhouette is going to make them F-5s.”

Meanwhile, how about understanding what Russia is up to today?

Kommersant newspaper provided a few details about a new orbital surveillance system being developed for the Russian Ministry of Defense. The new system, consisting of three brand new Razdan-class satellites, is set to be lifted into orbit between 2019 and 2024 from the Plesetsk Cosmodrome. The system will complement and eventually replace the Persona-class optical-electronic satellites presently used by the military. The new satellite is being developed by the TsSKB-Progress research and production center.

Unfortunately, very little information has been made public about the new surveillance satellite’s capabilities. In any case, Kommersant reported that the Razdan will feature a significant improvement over the capabilities of its predecessors, including a new high-speed secure radio channel. The second and third satellites launched are also expected to feature new optics with an objective lens diameter of 2 meters.

Much more is known about Razdan’s predecessor, the 14F137 Persona. Between 2008 and 2015, the Russian military launched three Persona-class surveillance satellites. The first was lost in 2008 due to a technical fault. The second and third devices (launched in June 2013 and June 2015, respectively) remain in perfect working order, and rumor has it that they are being actively used in Russia’s anti-terrorist operation in Syria.

The satellites are charged with providing the Russian General Staff with highly detailed operational imagery. Moreover, the military’s need for operational intelligence in Syria has proven so great that the military has turned to using civilian satellites of the Resurs and Kanopus class. More here.

Is the U.S. Hacking Back? Uh Huh

Posted on July 30, 2016July 30, 2016 by Denise Simon

Like here perhaps? This could lead to a real devastating condition as it should be remembered what Russia did to Ukraine just a few months ago, hacked their power system.

Russia cyber attack: Large hack ‘hits government’

BBC: A “professional” cyber attack has hit Russian government bodies, the country’s intelligence service says.

A “cyber-spying virus” was found in the networks of about 20 organisations, the Federal Security Service (FSB) said.

The report comes as Russia stands accused over data breaches involving the Democratic Party in the US.

The Russian government has denied involvement and has denounced the “poisonous anti-Russian” rhetoric coming out of Washington.

The FSB did not say who it believed was responsible for hacking Russian networks, but said the latest hack resembled “much-spoken-about” cyber-spying, without elaborating.

What are Trump’s ties to Russia?

Democrat hack: Who is Guccifer 2.0?

It said the hack had been “planned and made professionally”, and targeted state organisations, scientific and defence companies, as well as “country’s critically important infrastructures”.

The malware allowed those responsible to switch on cameras and microphones within the computer, take screenshots and track what was being typed by monitoring keyboard strokes, the FSB said.

In the US, the Democratic National Committee (DNC) and the Democratic Congressional Campaign Committee have both suffered hacks in recent weeks.

Emails from the DNC were later distributed by the Wikileaks organisation, and showed party officials had been biased against Bernie Sanders in his primary race against Hillary Clinton.

US officials believe the cyber attacks were committed by Russian agents.

The Kremlin has repeatedly denied being responsible, and Mrs Clinton’s presidential rival Donald Trump said he had no ties to Russia.

The Clinton campaign said on Friday that an analytics data program, which it shared with other entities, had been accessed by hackers.

But, her press secretary Nick Merrill said, there was “no evidence that our internal systems have been compromised”.

The FBI said it was investigating the extent of any hacking.

The NSA Is Likely ‘Hacking Back’ Russia’s Cyber Squads

By Lee Ferran ASPEN, Color ado — Jul 30, 2016
U.S. government hackers at the National Security Agency are likely targeting Russian government-linked hacking teams to see once and for all if they’re responsible for the massive breach at the Democratic National Committee, according to three former senior intelligence officials. It’s a job that the current head of the NSA’s elite hacking unit said they’ve been called on to do many times before.

ABC: Robert Joyce, chief of the NSA’s shadowy Tailored Access Operations, declined to comment on the DNC hack specifically, but said in general that the NSA has technical capabilities and legal authorities that allow the agency to “hack back” suspected hacking groups, infiltrating their systems to gather intelligence about their operations in the wake of a cyber attack.

“In terms of the foreign intelligence mission, one of the things we have to do is try to understand who did a breach, who is responsible for a breach,” Joyce told ABC News in a rare interview this week. “So we will use the NSA’s authorities to pursue foreign intelligence to try to get back into that collection, to understand who did it and get the attribution. That’s hard work, but that’s one of the responsibilities we have.”

Predators Exploiting Personal Info in DNC Hack

‘Beyond a Reasonable Doubt,’ Russians Hacked DNC, Analyst Says

The NSA deferred direct questions about its potential involvement in the DNC hack investigation to the FBI, which is the leading agency in that probe. Representatives for the bureau have not returned ABC News’ request for comment. Lisa Monaco, President Obama’s homeland security and counterterrorism adviser whose responsibilities include cyber policy, declined to comment.

A former senior U.S. official said it was a “fair bet” the NSA was using its hackers’ technical prowess to infiltrate two Russian hacking teams that the cybersecurity firm Crowdstrike alleged broke into the DNC’s system and were link ed to two separate Russian intelligence agencies, as first reported by The Washington Post. In some past unrelated cases, the former official said, NSA hackers have been able to watch from the inside as malicious actors conduct their operations in real time.

Rajesh De, former general counsel at the NSA, said that if the NSA is targeting the Russian groups, it could be doing it under its normal foreign intelligence authorities, as the Russian government is “clearly … a valid intelligence target.” Or the NSA could be working under the FBI’s investigative authority and hacking the suspects’ systems as part of technical support for investigators, said De, now head of the cyber security practice at the law firm Mayer Brown.

In the aftermath of an attack, a CIA official said that if there is an “overseas component,” the NSA would be involved along with the CIA’s own newly formed Directorate of Digital Innovation. The two agencies would work, potentially along with others in government, to sniff out suspects’ “digital dust.”

“It turns out that the people who carry out these activities use their keyboards for other things too,” said Sean Roche, Associate Deputy Director for Digital Innovation at the CIA. Any attribution investigations, Roche said, would also include offline information — the product of old fashioned, on-the-street intelligence gathering.

Like Joyce, Roche said he was speaking generally and could not comment on the DNC hack.

While U.S. officials have told news outlets anonymously they concur with Crowdstrike and other private cybersecurity firms who have pointed to Russian culpability, the U.S. government has declined to publicly blame the Russians.

The Russian government has said the hacking allegations are “absurd”.

Director of National Intelligence James Clapper told the audience at the Aspen Security Forum Thursday that the U.S. intelligence community was “not quite ready to make a call on attribution,” though he said there were “just a few usual suspects out there.” The next day CIA Director John Brennan said that attribution is “to be determined” and a lot of people were “jumping to conclusions.”

Professional hackers often use proxies, Brennan said, so investigators have to make two or three “hops” before tracing cyber attacks back to a state’s intelligence agency, which makes the attribution process more difficult.

Kenneth Geers, a former cyber analyst at the Pentagon who recently published a book about Russian cyber operations, told ABC News earlier this week that he didn’t necessarily doubt it was the Russians, but said that even in the best cases when doing cyber investigations, “You can have a preponderance of evidence — and in nation-state cases , that’s likely what you’ll have — but that’s all you’ll have.”

That, he said, opens the possibility, however remote, that a very clever hacker or hacking team could be framing the Russians.

Michael Buratowski, the senior vice president of cybersecurity services at Fidelis Cybersecurity which studied some of the malicious code, said the evidence pointing to the Russians was so convincing, “it would have had to have been a very elaborate scheme” for it really to have been anyone else.

The NSA’s Joyce said that in general it’s very difficult to properly frame someone for a comp lex attack, since too many details have to be exactly right, requiring a tremendous amount of expertise and precision.

But Joyce said that before the U.S. government pins blame on anyone for a cyber attack publicly, the evidence has to pass an “extremely high bar.”

So when they do come forward, he said, perhaps based on the results of attribution techniques that have not been publicly described, “You should bank on it.”

The U.S. has had a Russian Problem of Espionage for Decades

Posted on July 29, 2016July 29, 2016 by Denise Simon

What is terrifying and pathetic is the Obama White House and both Secretaries of State Hillary Clinton and John Kerry have been stooges of Putin….groveling for normalcy just as they have with the regime of Iran. This is an administration that is normalizing relations with all terror regimes across the globe that include North Korea, Cuba and Venezuela. Hillary said that Bashir al Assad of Syria was a reformer when 400,000 Syrians are dead and 4-5 million have left their homes. Then, we all remember that the Obama White House negotiated with Qatar to released 5 Taliban commanders in exchange for one Army deserter. Talks have been ongoing with the Taliban for years until just recently.

But back to Russia….before the hacking, to sway and or interfere with U.S. elections.

No one is admitting that Russian in cadence with WikiLeaks has hacked Hillary’s campaign systems, DCC and the DNC as well as other government systems. Why? Perhaps diplomacy due to talks continued talks with Iran and ending the civil war in Syria. Remember that ‘red-line’ on chemical weapons use.

So, let’s go back a way, like over a decade and up to just a couple of years ago when it came to Russian spies in the United States, shall we? This is for perspective and how the Obama administration including his National Security Council and the State Department continue to ‘omit’ history…

Espionage continues and tactics have not changed for Russia where cyber intrusions have replaced in country operatives, however a look at those operatives’ skills and missions must not be overlooked or dismissed.

Image result for russian spies caught

Let’s begin with Anna Chapman, the Russian spy.

DailyNews: Sultry former Russian secret agent Anna Chapman ended an exchange with NBC News almost before it began when she was pressed about her playful Twitter marriage proposal to NSA leaker Edward Snowden.

Here is the official criminal complaint and summary of how the FBI tracked her actions filed in 2010. The file also includes an additional spy Mikhail Sememko. This actually began in 1990….yes 1990.

But actually there were 8 more Russian spies and this is the criminal complaint for that case. What is fascinating here is the many stopovers in Latin America…..

The spying spree finally came to its end in the summer of 2014, when the trio were propositioned by a self-described investor who wanted to develop casinos in Russia. The scheme immediately drew red flags among the group, with Sporyshev offering that the proposal felt “like some sort of set-up.”
But despite his misgivings, Sporyshev didn’t stop Buryakov from meeting with the supposed investor, who was, in fact, an FBI informant.
For six hours on Aug. 28, Buryakov and the informant met in the anemic gambling metropolis Atlantic City. The informant, who claimed he had a well-placed source in the U.S. government, handed Buryakov documents that were labeled “Internal Treasury Use Only” and contained a list of Russians who were essentially blacklisted from doing business with the United States.
The valuable document earned the informant another meeting that day, when he offered Buryakov another official document that contained “a list of Russian banks… on which to impose sanctions,” according to the criminal complaint. More from DailyBeast.

Then there was a dead Russian, Mikhail Lesin. found in a hotel in Dupont Circle, Washington DC. A story that came and went real fast.

Image result for russian Mikhail Lesin

Mr. Lesin was a major figure in Russian media after the fall of the Soviet Union, first as an advertising executive and later as a top government official and media executive.

He had deep connections to the Russian state at the time Mr. Putin was reasserting his authority over the country’s rambunctious and freewheeling media. He was a crucial figure in that process, which began with the takeover of Russia’s first independent television channel, NTV, in the early 2000s, and was viewed with bitterness by many Russian journalists at that time.

He was Russian press minister between 1999 and 2004 — a time of increasing government pressure on independent journalists and media outlets in the country — and later served as a presidential adviser, spearheading the development of the government’s growing media and technology apparatus.

More recently, Mr. Lesin became head of Gazprom-Media, the country’s largest media holding company, in 2013, but resigned from that position in late 2014.

While still with the company in 2014, Mr. Lesin’s personal wealth attracted suspicion in the United States. Senator Roger Wicker, Republican of Mississippi, called for a Justice Department investigation, raising the possibility of corruption and money-laundering charges based on what he alleged were millions of dollars in assets, including $28 million worth of real estate in Los Angeles, controlled by the former civil servant. It is unclear whether such an investigation occurred. More here from the NewYorkTimes.

(Note, one of Trump’s top foreign policy advisors, Carter Page is deeply connected to Gazprom.)

(Note: Three former U.S. officials said that a trip Flynn took last December to Moscow—where he was filmed sitting at the head table next to Russian President Vladimir Putin during a formal dinner—set off alarms within military and intelligence circles over whether Flynn had notified the U.S. government about his foreign travel, as his security clearance requires.
The Defense Intelligence Agency spokesman said that Flynn had given the proper notices. But a current senior defense official said that word of Flynn’s travel didn’t reach the office of Defense Secretary Ash Carter, and that Pentagon brass were taken by surprise that he didn’t notify the department.
That he would be working with the Trump campaign or pushing for better U.S.-Russian relations, even as the two nations are battling each other on the behalf of proxy forces in Syria, was less surprising, the official said.
“He’s always been a bit of a wild card,” he concluded.
Another former senior U.S. intelligence official who knows Flynn said that he recently praised Trump as a “skilled negotiator” during a meeting of security leaders and experts in Washington. This person said the pair had become so close that, were Trump to win the presidency, he would likely nominate Flynn as the next Director of National Intelligence, the top intelligence official in the government. Via DailyBeast)

Clinton Campaign Refused FBI Request for Computer Logs

Posted on July 29, 2016July 29, 2016 by Denise Simon

Details, dates and motivations are everything when it comes decisions to cooperate with the FBI or not. Seems the powerbrokers in the Clinton campaign headquarters in Brooklyn did not trust the FBI either but one department within the agency is different from another.

Image result for clinton campaign headquarters brooklyn Reuters

FBI warned Clinton campaign last spring of cyberattack

Yahoo: The FBI warned the Clinton campaign that it was a target of a cyberattack last March, just weeks before the Democratic National Committee discovered it had been penetrated by hackers it now believes were working for Russian intelligence, two sources who have been briefed on the matter told Yahoo News.

In a meeting with senior officials at the campaign’s Brooklyn headquarters, FBI agents laid out concerns that cyberhackers had used so-called spear-phishing emails as part of an attempt to penetrate the campaign’s computers, the sources said. One of the sources said agents conducting a national security investigation asked the Clinton campaign to turn over internal computer logs as well as the personal email addresses of senior campaign officials. But the campaign, through its lawyers, declined to provide the data, deciding that the FBI’s request for sensitive personal and campaign information data was too broad and intrusive, the source said.

A second source who had been briefed on the matter and who confirmed the Brooklyn meeting said agents provided no specific information to the campaign about the identity of the cyberhackers or whether they were associated with a foreign government. The source said the campaign was already aware of attempts to penetrate its computers and had taken steps to thwart them, emphasizing that there is still no evidence that the campaign’s computers had actually been successfully penetrated.

But the potential that the intruders were associated with a foreign government should have come as no surprise to the Clinton campaign, said several sources knowledgeable about the investigation. Chinese intelligence hackers were widely reported to have penetrated both the campaigns of Barack Obama and John McCain in 2008.

The Brooklyn warning also could raise new questions about why the campaign and the DNC didn’t take the matter more seriously. It came just four months after the DNC had also been contacted by FBI agents alerting its information technology specialists about a cyberattack on its computers, the sources told Yahoo News. As with the warning to the Clinton campaign, the FBI initially provided no details to the DNC.

As Yahoo News first reported this week, in early May a DNC consultant who was investigating Trump campaign chief Paul Manafort’s work for pro-Putin political figures in Ukraine alerted senior committee officials that she had been notified by Yahoo security that her personal email account had been targeted by “state-sponsored actors.” The DNC had already realized that it was the victim of a serious breach, but the red flag from the staffer prompted committee security officials to conclude for the first time that the suspected cyberhackers were likely associated with the Russian government.

By mid-May, Director of National Intelligence James Clapper was telling reporters that US. Intelligence officials “already had some indications” of hacks into political campaigns that were likely linked to foreign governments and that “we’ll probably have more.”

In a talk at the Aspen Security Forum Thursday, Clapper said the U.S. government is not “quite ready yet” to “make a public call” on who was behind the cyberassault on the DNC, but he suggested one of “the usual suspects” is likely to blame. “We don’t know enough [yet] to … ascribe a motivation, regardless of who it may have been,” Clapper said.

Clapper’s comments come amid a mounting debate within the Obama administration about whether to publicly blame the Russian government for the cyberattack on the DNC. (A senior law enforcement official told Yahoo News that the Russians were “most probably” involved in the cyberattack, but cautioned that the investigation is ongoing.) On Wednesday, Sen. Dianne Feinstein of California and California Rep. Adam Schiff, the ranking Democrats on the Senate and House Intelligence Committees, wrote President Obama calling for a stern response, asserting that if the accounts of Russian involvement are true, “It would represent an unprecedented attempt to meddle in American domestic politics.”

But Clapper is reportedly among a number of U.S. intelligence officials who have resisted calls to publicly blame the Russians, viewing it as likely the kind of activity that most intelligence agencies engage in. “[I’m] taken aback a bit by … the hyperventilation over this,” Clapper said during his Aspen appearance, adding in a sarcastic tone, “I’m shocked somebody did some hacking. That’s never happened before.”

The confirmation that the campaign was warned by the FBI as early as March of an attempted breach of its computers is a further indication that the scope of the possible Russian attack may have been far wider and extensive than the official DNC accounts.

The FBI’s request to turn over internal computer logs and personal email information came at an awkward moment for the Clinton campaign, said the source, familiar with the campaign’s internal deliberations. At the time, the FBI was still actively and aggressively conducting a criminal investigation into whether Clinton had compromised national security secrets by sending classified emails through a private computer server in the basement of her home in Chappaqua, N.Y. There were already press reports, to date unconfirmed, that the investigation might have expanded to include dealings relating to the Clinton Foundation. Campaign officials had reason to fear that any production of campaign computer logs and personal email accounts could be used to further such a probe. At the Brooklyn meeting, FBI agents emphasized that the request for data was unrelated to the separate probe into Clinton’s email server. But after deliberating about the bureau’s request, and in light of the lack of details provided by the FBI and the absence of a subpoena, the Clinton campaign chose to turn down the bureau’s request, the source said.

Hey FBI, the Investigation into the DNC Hacking is Over Here

Posted on July 26, 2016July 26, 2016 by Denise Simon

Anyone ever see that Jack Ryan movie ‘Shadow Recruit’? It is playing out in a more nefarious form in real time.

May 2016: Director of National Intelligence James Clapper said today that presidential campaigns are a target for cyber intruders and that this political season has already seen some attempted hacks.

“We have already had some indications of that,” he said in response to a question about campaign website hacking, after speaking at the Center for Bipartisan Policy in Washington, D.C.

“I anticipate as the campaigns intensify, we will probably have more of it,” he added. He did not provide specifics about any attacks, but it has been reported that some hacking groups, such as Anonymous, have threatened to launch “total war” against Donald Trump‘s presidential campaign. Read more from ABC here.

**** So –>> Director of National Intelligence James Clapper says the FBI is helping campaigns tighten up to protect against the threat and how has that worked out so far?

*****

Via ThreatConnect: In our initial Guccifer 2.0 analysis, ThreatConnect highlighted technical and non-technical inconsistencies in the purported DNC hacker’s story as well as a curious theme of French “connections” surrounding various Guccifer 2.0 interactions with the media. We called out these connections as they overlapped, albeit minimally, with FANCY BEAR infrastructure identified in CrowdStrike’s DNC report.

Now, after further investigation, we can confirm that Guccifer 2.0 is using the Russia-based Elite VPN service to communicate and leak documents directly with the media. We reached this conclusion by analyzing the infrastructure associated with an email exchange with Guccifer 2.0 shared with ThreatConnect by Vocativ’s Senior Privacy and Security reporter Kevin Collier. This discovery strengthens our ongoing assessment that Guccifer 2.0 is a Russian propaganda effort and not an independent actor.

Analyzing the Headers from Guccifer 2.0 Emails

On June 21, 2016, TheSmokingGun reported they communicated with Guccifer 2.0 via a French AOL account. We examined the French language settings observed in Guccifer 2.0’s Twitter metadata as well as a pattern of Twitter follows that suggested Guccifer 2.0’s account was created from a French IP address. We hypothesized at the time that Guccifer 2.0 might be using French infrastructure to interact with the media.

During the Email Import process ThreatConnect analyzes an email message header and highlights indicators of interest with a color code that reveals if the indicators already exist within the platform. This helps overburdened eyes or greenhorn analysts quickly understand what they are seeing. At the same time ThreatConnect excludes legitimate or benign details that are not of value to our investigation.

As we can see here within ThreatConnect, Guccifer 2.0’s AOL email message reveals the originating IP address as 95.130.15[.]34 (DigiCube SaS – France). This is the IP address of the host which authenticated into AOL’s web user interface and sent the email. We can also tell this IP was not spoofed because the metadata was added by AOL when sent from within their infrastructure with appropriate DomainKeys Identified Mail (DKIM) configurations.

The fact that Guccifer 2.0 is indeed leveraging a French AOL account stands out from a technical perspective. Very few hackers with Guccifer 2.0’s self-acclaimed skills would use a free webmail service that would give away a useful indicator like the originating IP address. Most seasoned security professionals will be familiar with email providers that are more likely to cooperate with law enforcement and how much metadata a provider might reveal about their users. Taken together with inconsistencies in Guccifer 2.0’s remarks that make his technical claims sound implausible, this detail makes us think the individual(s) operating the AOL account are not really hackers or even that technically savvy. Instead, propagandist or public relations individuals who are interacting with journalists.

Drilling into Guccifer 2.0 Infrastructure: Picture of a VPN Starts to Emerge

As we focused in on IP Address 95.130.15[.]34 we queried public sources such as Shodan as well as Censys to discover what services might be enabled on this host. The goal of this was to better understand if this infrastructure is owned and operated, leased or co-opted by Guccifer 2.0 and how the infrastructure might be used to create space between an originating “source” network and investigators, or curious journalists.

According to Shodan, OpenSSH (TCP/22), DNS (UDP/53) and Point-to-Point Tunneling Protocol (PPTP) (TCP/1723) services have been enabled on this host. Secure shell (SSH) and point-to-point tunneling protocol services strongly suggest a VPN and/or a proxy, both of which would allow the Guccifer 2.0 persona to put distance between his originating network and those with whom he is communicating.

The SSH fingerprint can be used as an identifier, linking other IP addresses that use the same SSH encryption key. The SSH fingerprint for 95.130.15[.]34 (DigiCube SaS – France) is Fingerprint: 80:19:eb:c8:80:a1:c6:ea:ea:37:ba:c0:26:c6:7f:61. Searching for other servers that share this fingerprint at the time of writing, we discovered six additional IP Addresses over the course of our research (95.130.9[.]198; 95.130.15[.]36; 95.130.15[.]37; 95.130.15[.]38; 95.130.15[.]40; 95.130.15[.]41).

Each IP address falls within the 95.130.8.0/21 network range. This range is assigned to Digicube SAS, a French hosting provider which is assigned the Autonomous System AS196689. An IP address is analogous to the apartment numbers in an apartment building. The entire building is owned and operated by AS196689, but certain IP addresses may be let out to other companies and organizations.

The fact that Guccifer 2.0 would use a proxy service is not surprising, and our first stop was to check with various TOR proxy registration sites. None of these seven IP addresses are part of reported TOR infrastructure from what we were able to uncover. Read the full comprehensive detailed cyber investigation as published here by ThreatConnect.

*****

Meanwhile: FAS: The headquarters complex of the Foreign Intelligence Service (SVR) of the Russian Federation has expanded dramatically over the past decade, a review of open source imagery reveals.

Since 2007, several large new buildings have been added to SVR headquarters, increasing its floor space by a factor of two or more. Nearby parking capacity appears to have quadrupled, more or less.

The compilation of open source imagery was prepared by Allen Thomson. See Expansion of Russian Foreign Intelligence Service HQ (SVR; Former KGB First Main Directorate) Between 2007 and 2016, as of July 11, 2016.

Whether the expansion of SVR headquarters corresponds to changes in the Service’s mission, organizational structure or budget could not immediately be learned.

Russian journalist and author Andrei Soldatov, who runs the Agentura.ru website on Russian security services, noted that the expansion “coincides with the appointment of the current SVR director, Mikhail Fradkov, in 2007.” He recalled that when President Putin introduced Fradkov to Service personnel, he said that the SVR should endeavor to help Russian corporations abroad, perhaps indicating a new mission emphasis.

Russian intel buildings Russian intel from air Photos courtesy of FAS