Category Archives: Cyber War

Spoofing the GPS, Navy Sailors Arrested

Posted on by

My first conclusion was Iran hacked the GPS and described this with evidence on January 14th.

Story You Aren’t Being Told About Iran Capturing Two American Vessels

Submitted by Tyler Durden on 01/20/2016

Zerohedge The airwaves in the United States were filled with images of sailors on their knees while a US Navy vessel was searched. Unjustified outrage swept the nation. The US Secretary of Defense blamed the incident on a simple navigation error, however a chain of events leading back to 2009 demonstrates the facts are a little more complicated than first appear. The chain of events leads defense analysts to one unmistakable conclusion: Iran has the ability to disrupt US GPS systems. For western military analysts, the thought is terrifying. The West uses GPS for much more than replacing a compass and a map.

In 2009, Lockheed Martin’s RQ-170 Sentinel showed up on a runway in Kandahar, Afghanistan. The aircraft entered service two years earlier, but the public was unaware. The bat wing styled drone is reminiscent of the Stealth Bomber. The similarities extend beyond the cosmetic, and the RQ-170 is the premier spy drone in the US fleet. This was the drone used to map out Bin Laden’s compound. It was tasked with keeping an eye on Iran’s nuclear program. That’s when things got interesting.

On December 4, 2011 a RQ-170 Sentinel crashed into the Iranian countryside. Iran claimed its electronic warfare unit brought the plane down. The US Department of Defense stated the aircraft was flying over western Afghanistan and crashed near or in Iran. The aircraft was 140 miles inside Iran’s borders. The west laughed at the idea of Iran’s military obtaining the capability to down one the most sophisticated drones in the world. One military official remarked it was like:

“dropping a Ferrari into an ox-cart technology culture.”

They probably shouldn’t have been so quick to laugh. It appears the Iranians didn’t just down the aircraft, they took control of it mid-flight. Dailytech.com explained:

“Using its knowledge of the frequency, the engineer claims, Iran intiated its ‘electronic ambush’ by jamming the bird’s communications frequencies, forcing it into auto-pilot.  States the source, ‘By putting noise [jamming] on the communications, you force the bird into autopilot. This is where the bird loses its brain.’

 

“The team then use a technique known as ‘spoofing’ — sending a false signal for the purposes of obfuscation or other gain.  In this case the signal in questions was the GPS feed, which the drone commonly acquires from several satellites.  By spoofing the GPS feed, Iranian officials were able to convince it that it was in Afghanistan, close to its home base.  At that point the drone’s autopilot functionality kicked in and triggered the landing.  But rather than landing at a U.S. military base, the drone victim instead found itself captured at an Iranian military landing zone.

 

“Spoofing the GPS is a clever method, as it allows hackers to ‘land on its own where we wanted it to, without having to crack the [encrypted] remote-control signals and communications.’

 

“While the technique did not require sophistication from a cryptography perspective, it was not entirely trivial, either, as it required precise calculations to be made to give the drone the proper forged distance and find and fine an appropriate altitude landing strip to make sure the drone landed as it did in Afghanistan.

 

The Iranian engineers knew the details of the landing site, because the drone had been confirmed in grainy photos to be landing at a base in Khandar, Afghanistan.

 

“Despite the careful calculations, the drone still sustained a dent in its wing and underbody (though it did not have the usual signs of a high-speed collision).  During its press conferences, the Iranian military covered this damage with anti-American banners.

 

“The engineer explained this damage commenting, ‘If you look at the location where we made it land and the bird’s home base, they both have [almost] the same altitude.  There was a problem [of a few meters] with the exact altitude so the bird’s underbelly was damaged in landing; that’s why it was covered in the broadcast footage.’The approach echoes an October security conference presentation [PDF] in Chicago, in which ETH Zurich researchers laid out how to use interference and GPS spoofing to more gently down a drone.”

The Aviationist agreed and suggested the US “reconsider their drones’ equipment, countermeasures and combat operation procedures as well as Iran’s electronic and cyberwarfare capabilities.” It should be noted the “ox-cart technology culture” has since reverse engineered the drone.

The gross underestimation of the Iranian military led to the recent incident in the Persian Gulf. The story being repeated in the western press is one of ten sailors getting lost and ending up in Iranian territorial waters (if the outlet mentions that part). According to Secretary of Defense Carter, “All the contributing factors to that we don’t know yet, and we’re still talking to those folks, and we’ll find out more … but they were clearly out of the position that they intended to be in.”

Two boats lost their GPS abilities at the same time, and the Secretary of Defense isn’t sure what happened? A few US outlets, such as the L.A. Times, reported on the other malfunctions during the incident. Both boats lost radio communication and all other communication during the incident. A single vehicle losing its GPS abilities can happen. It’s rare, but it can happen. Two vehicles losing the systems at the same time borders on implausible, but there is still a possibility of it occurring through Murphy’s Law. The loss of all communication equipment and GPS systems on two boats at the same time means one thing: electronic warfare.

The unwillingness to admit the US military has spent billions on a system that has apparently been defeated by Iran is the most likely culprit behind the western media’s attempt to focus on the “ill treatment” of US sailors. Even the L.A. Times, which was willing to report on the communications failures, placed the following quote in a bold offset in the same article:

“The way those sailors were treated was entirely inappropriate. … The U.S. Navy would never demand Iranian sailors hold their hands on their heads and coerce a confession.– James Stavridis, retired U.S. admiral”

The U.S. Navy’s installation at Guantanamo Bay has been the scene of the worst treatment of detainees by the US government in decades. The sailors captured by Iran were not waterboarded, deprived of sleep or food, sexually abused, or otherwise tortured. The United States does not have the moral authority to object to how another nation treats detainees.

The burning question now relates to whether or not Iran’s actions constitute an attack on the U.S. It’s not a simple question. Electronic warfare and cyber warfare have become common place. It is also worth noting the two US vessels were within just a few miles of Farsi Island. Farsi Island is the home of the Revolutionary Guards’ Navy (RGN). The RGN is Iran’s maritime unconventional warfare force. For comparison, imagine a scenario in which a nation that has attacked a US civilian airliner and whose political leaders have constantly threatened war sent two boats to  pass extraordinarily close to the home base of a U.S. Seal Team. The reader can decide if Iran’s actions were appropriate.

The most important takeaway from this incident is to remember the high-tech military of the United States has an exposed vulnerability. It’s a vulnerability that was exploited by Iran. Iran is not a nation many in military circles would see as technologically advanced. The drone warfare system has a fatal flaw. If Iran can exploit it, China and Russia certainly can. Even North Korea has been able to successfully disrupt the GPS system. Beyond simple navigation, the U.S. employs the GPS system to guide missiles. If the Iranians can jam and spoof their way into controlling a drone, it isn’t a huge leap to believe have the ability, or will soon have the ability, to do the same thing with guided missiles.

It should be noted that GPS jammers are available on the civilian market and have been detected in use inside the United Kingdom. This revelation may also be the reasoning behind the U.S. decision to require drone operators to register their aircraft.

 

Perspective: The Real Violation of Hillary with SAP on Her Server

Posted on by

Humm, was Hillary ever in a SCIF?

(Sensitive Compartmented Information Facility)

The smoking gun?  

By Anthony DeChristopher

TheHill: Special Access Programs (SAP) is a game changer.  It is now undeniably clear that the results of the FBI investigation will be the end of one of two things:  Hillary’s bid for the White House or the legitimacy of the FBI—at least when it comes to prosecuting cases on the mishandling of classified material.

In 2006, a Special Forces Operational Detachment Alpha (ODA) from my company was deployed to Afghanistan.  Theirs was a particular mission that differed from the combat missions the typical ODAs were conducting at that time.  Everyone on that team maintained a Top Secret Sensitive and Compartmented Information (TS/SCI) clearance and was “read-on” to their special program.  A few months into their deployment, their Intelligence Sergeant lost a thumb-drive that possessed classified information.  A week later the thumb drive was found for sale at a local bazaar.

In response to the events, Col. Ken Allard (ret.) stated, “You’ve got a situation in which the U.S. is going to be forced to change an awful lot of its operational techniques.”

Beyond the compromise of classified information, a lot did change.  New protocols for the handling of classified material were established, and the transportation of classified material on thumb drives was strictly forbidden.  The knee jerk reaction even went as far as to disable USB ports on our work computers—in case we forgot.

Since then I’ve deployed to several locations where, at times, we operated in small teams with only non-secure cellphones with which to communicate.  We often found ourselves with a lot of information that needed to be sent up in reports, but due to the nature of our mission we were forced to sit on it for a few days until we were able to type it up and send it through a secure medium.  I’d be lying if I said we didn’t concoct elaborate plans with “foolproof” ways to communicate the information over non-secure channels, but in the end, no one was willing to take the risk of our “fail-safes” failing.

As more information from Hillary Clinton’s server has been made available, it is clear that the contents of the server contained Imagery Intelligence (IMINT), Human Intelligence (HUMINT), and Signal Intelligence (SIGINT).  Understanding that much of the information has been retroactively classified, there are a few facts that are tough to grasp—at least from the perspective of an intelligence practitioner.

First, when imagery that is classified SECRET//NOFORN (no foreign national) is viewed, regardless of the absence of classification markings, it is distinctly evident. Second, any documents that contain or reference HUMINT is always classified SECRET, and if specific names of sources or handlers are mentioned, they are at a minimum SECRET//NOFORN.  Third, SIGINT is always classified at the TS level.  It’s not uncommon for some SI to be downgraded and shared over SECRET mediums, however, it is highly unlikely that a Secretary of State would receive downgraded intelligence.  Finally, SAP intelligence has been discovered on Clinton’s private server, and many are now calling this the smoking gun.  SAP is a specialized management system of additional security controls designed to protect SAR or Special Access Required.  SAR has to do with extremely perishable operational methods and capabilities, and only selected individuals who are “read on” or “indoctrinated” are permitted access to these programs.  The mishandling of SAP can cause catastrophic damage to current collection methods, techniques and personnel.

In other words, if you have worked with classified material for more than a day, it seems highly implausible that someone could receive any of the aforementioned over an un-secure medium without alarm bells sounding.  However, reading about a Special Access Program on an unclassified device would make anyone even remotely familiar with intelligence mess their pantsuit.

With more damming information being released almost weekly now, it’s interesting that during last Sunday’s Democratic debate, Clinton resoundingly stated: “No one is too big for jail.”Although the context was referencing bank CEOs and Hedge fund managers, the obvious correlation left many scratching their heads and wondering—did Hillary Clinton just say, “I dare you” to the FBI?”

DeChristopher is a 9-year veteran of the United States Army Special Forces.  He holds an M.A. in Strategic Security Studies from National Defense University’s College of International Security Affairs with a concentration in Irregular Warfare.  He currently works as an Independent Intelligence Consultant.

***

The State Department Inspector General who investigated the Hillary server, had security clearance but to complete the assignment to investigate deeper the issues and data on the server, he had to go through and additional process to get the highest security clearance. It must also be mentioned that some top intelligence community professionals are now part of the investigation and they are in fact stationed to do nothing but investigate the actual communications and determine what was, should have been classified even though ‘some’ communications had designations removed.

****

FNC: Some of Hillary Clinton’s emails on her private server contained information so secret that senior lawmakers who oversee the State Department cannot read them without fulfilling additional security requirements, Fox News has learned.

The emails in question, as Fox News first reported earlier this week, contained intelligence classified at a level beyond “top secret.” Because of this designation, not all the lawmakers on key committees reviewing the case have high enough clearances.

A source with knowledge of the intelligence review told Fox News that senior members of the Senate Foreign Relations Committee, despite having high-level clearances, are among those not authorized to read the intelligence from so-called “special access programs” without taking additional security steps — like signing new non-disclosure agreements.

These programs are highly restricted to protect intelligence community sources and methods.

As Fox News previously reported, a Jan. 14 letter from Intelligence Community Inspector General I. Charles McCullough III to senior lawmakers said an intelligence review identified “several dozen” additional classified emails — including specific intelligence from “special access programs” (SAP).

That indicates a level of classification beyond even “top secret,” the label previously given to two emails found on her server, and brings even more scrutiny to the Democratic presidential candidate’s handling of the government’s closely held secrets.

Fox News is told that the reviewers who handled the SAP intelligence identified in Clinton’s emails had to sign additional non-disclosure agreements even though they already have the highest level of clearance — known as TS/SCI or Top Secret/Sensitive Compartmented information. This detail was first reported by NBC News.

This alone seems to undercut the former secretary of state’s and other officials’ claims that the material is “innocuous.”

In an interview with NPR, Clinton claimed the latest IG finding doesn’t change anything and suggested it was politically motivated.

“This seems to me to be, you know, another effort to inject this into the campaign, it’s another leak,” she said. “I’m just going to leave it up to the professionals at the Justice Department because nothing that this says changes the fact that I never sent or received material marked classified.”

Despite Clinton’s claims, it is the content that is classified; the markings on the documents do not affect that.

A former Justice Department official said there is another problem — warnings from State Department IT employees and others that she should be using a government account.

“If you have a situation where someone was knowingly violating the law and that they knew that what they were doing was prohibited by federal law because other people were saying, you’re violating the law, knock it off, and they disregarded that advice and they went ahead, that’s a very difficult case to defend,” Thomas Dupree said.

Obama is a Shia?

Posted on by

While the world burns and there is a major war between the Shia and the Sunnis, given all the Obama love for Iran, I said to myself he must be a Shia or least a Shia loyalist. Low and behold this below…..What the heck?

 

Top Dubai Policeman Says Obama has “Shia Roots”: The Internet Laughs Back // Global Voices Online » Iran

Barack and Michelle Obama photoshopped in Islamic attire in front of the Imam Redha shrine, in Mashhad, Iran, a revered Shia site. The text, in Persian, reads “Very soon..” Image source unknown

The Internet has been in stitches ever since Dubai’s deputy chief of police Dhahi Khalfan announced on Twitter that US President Barack Obama has “Shia roots” and is likely to visit Shia religious centres in Iran soon.

The tweets, seen by many as reeking with Shia-phobia, were made following the lifting of sanctions imposed on Iran, agreed upon during the nuclear negotiations between Iran, the P5+1 and the United States in July.

In his words, Khalfan tweets:

أوباما الذي يعود لأصول شيعية انتخب لتقريب وجهات النظر بين إيران وأمريكا لإيقاف برنامج إيران النووي العسكري.نجحت الخطة .

— ضاحي خلفان تميم (@Dhahi_Khalfan) January 19, 2016

Obama, who has Shia roots, was elected to bridge the gap between Iran and the US to stop Iran’s military nuclear programme. Mission accomplished.

In another tweet, he adds:

من المتوقع أن يزور أوباما قم ومشهد وكبرى الحسينيات في إيران. !!

— ضاحي خلفان تميم (@Dhahi_Khalfan) January 19, 2016

It is expected that Obama visits Qom, Mashhad and all the big Shia religious congregation halls

Many responded to Khalfan with mockery. AIfie shares this photograph with Khalfan:

Embedded image permalink

@Dhahi_Khalfan pic.twitter.com/QQOCao84fw

— Alfie (@AIfie_Twit) January 19, 2016

Faisal Alhbabi asks:

@Dhahi_Khalfan انت كيف صرت رئيس شرطة دبي وهذا فكرك

— FAISAl (@faisalalhbabi) January 19, 2016

How did you become chief of police when this is the level of your thinking?

And Abbas Zahri shares this photograph of a Photoshopped Obama performing Shia rituals mourning the death of one of their Imams:

Embedded image permalink

معك حق والدليل هذه الصورة @POTUS @BarackObama @Dhahi_Khalfan pic.twitter.com/WtPb8t7ZYE

— عباس زهري (@zahri_abbas) January 19, 2016

You are right and this is proof!

More photoshopped pictures follow. Ammar Ali shares another doctored photograph of the US president, this time performing in a Shia mourning ritual, associated with Ashura:

Embedded image permalink

صورة له و هو يقري لطمية ف حسينية @Dhahi_Khalfan pic.twitter.com/ZZfKd1BFkw

— عمّــــاار عليّ (@ammar_ali94) January 19, 2016

This is a photograph of him mourning in a Hussainiya

A Hussainiya is a Shia congregation centre, used for gatherings to mark Shia rituals.

Hussain M shares this photograph of Obama, saying its a leaked photograph from a religious learning centre in Qom, the epicentre of Shia learning in Iran:

Embedded image permalink

@Dhahi_Khalfan صور مسربة لاوباما عند تخرجه من حوزة قم في ايران . pic.twitter.com/fBgNy9NJJZ

— hossien m. (@69mansourM) January 20, 2016

 

Here’s a leaked photograph of Obama after his graduation from a Shia learning centre on Qom, Iran

Iranians have documented different reactions to Obama’s relationship with Shia Islam. One Iranian blogger posted a picture from a November 2015 anti-U.S. rally in Tehran. Here protesters carried pictures of Obama, where his likeness is compared to that of Shemr, a villainous figure in Shia Islam.

Embedded image permalink

#Obama depicted as Shemr, the most evil figure in history for #Shia followers today’s anti-US rallies pic.twitter.com/tGO8zPvkFb

— potkin azarmehr (@potkazar) November 4, 2015

Other Iranians who shared the news on their social media illustrated their amusement at such far fetched theories. One Iranian-American blogger, Holly Dagress, attached the news to the hashtag #ShiaScare.

Dubai’s ex-police chief says US President Barack #Obama is of Shia origin due to #IranDeal #ShiaScare https://t.co/TuZJ6DK9t5

— Holly Dagres (@hdagres) January 20, 2016

Mohsen Milani, an Iranian academic based in the United States shared the news with a laughing emoji.

Ex head of Dubai Police Khalfan:#Obama is of #Shia origin elected to bring #Iran & US closer. https://t.co/TZQEwkBdGB via @DrAbbasKadhim

— Mohsen Milani (@MohsenMilani) January 20, 2016

Various conspiracy theories have circulated about Obama’s Shia background in the past. During the 2008 elections, Iran’s state run newspapers ran unsubstantiated claims about Obama’s Shia past and connections to southwestern Iran. In June 2015, Iraqi member of parliament Taha al-Lahibi released a YouTube video explaining Obama’s Shia background to be part of the conspiracy of Iran’s Shia forces fighting the Islamic State in Iraq, alongside the evolving nuclear negotiations between Iran and the United States.

These theories are typically commented on by Iranians on social media with ridicule. In response to the al-Lahibi conspiracy, one Iranian Twitter user @sobhan348 sarcastically exclaims the nuclear negotiations were turning Obama into a Shia.

مذاکره با ایران اوباما را شیعه کرد! +فیلم http://t.co/T7XUdNPjJS

— علمی مذهبی کوثر (@sobhan348) June 10, 2015

Nuclear negotiations with Iran have made Obama into a Shia! +film

Dubai’s deputy chief of police’s statements come after the United Arab Emirates backed Saudi Arabia in the recent conflict with Iran that led the two nations to end diplomatic ties. In reaction, the Emirates downgraded their relationship by reducing the number of diplomats in Iran and recalling its ambassador. They have not severed ties however, due to a long history of trade with Iran.

Written by Amira Al HussainiWritten by Mahsa Alimardani

Obama is of Shi’ite origin: Dubai former police chief

EgyptIndependent: US President Barack Obama is of Shi’ite origin, according to former Dubai police chief and current head of the General Security for the Emirate of Dubai, Dahi Khalfan, who is known for his controversial tweets.
“Obama, who has a Shi’ite origin, was elected to converge between the points of views of Iran and the US to stop the Iranian nuclear military project. The plan succeeded,” Khalfan wrote in a series of tweets on his account Tuesday.
He added: “The US elections are led by undercover hands that achieve Israel’s security in the first place. Bravo sons of Zion!”
“In Anthroposophy, people study how to ward off danger, and this is what the sons of Zion did after studying the nature of Iranians. They brought them someone of a Shi’ite Kenyan origin. Bravo!”
Khalfan continued: “Will Obama visit Iran before leaving presidency?” “(Hassan) Rouhani could invite Obama to visit Iran”.
Khalfan pointed out that he was expecting Obama’s moves toward the Iranian nuclear project since the first day he was sworn in.
Khalfan was Dubai’s police chief until late 2013. He has 1.24 million followers on Twitter and over 65,000 tweets.
He caused diplomatic tensions between Egypt and the UAE back in 2013 when he attacked toppled President Mohamed Morsi on Twitter, after which Egypt’s Foreign Ministry summoned the ambassador of the UAE to demand a “clarification from the United Arab Emirates about statements that do not go along with the nature of the special relationship between the two countries,” according to Reuters.
Khalfan wrote on Twitter after Morsi won the presidential bid: “An unfortunate choice. The repercussions of this choice will not be light for poor ordinary people.”
Khalfan also said that Morsi would “come to the UAE crawling to request pardon and forgiveness,” adding that the UAE would not receive him on a red carpet. He accused Morsi of winning the presidential elections with the aid of Iran.
In July 2013, he accused the Muslim Brotherhood of posing a greater threat to Arabs than Israel.

Ruh Roh, State Dept. Knew of Hillary’s Emails

Posted on by

While Hillary blamed her ‘Blackberry’ for malfunctions, she knew so little that it was the server, not her NON-issued mobile device(s). Huma pushed back hard to several at the State Department, calling for more secure conditions, calling them silly. State even offered generators to ensure that private server would not fail. What????

EXCLUSIVE: Clinton Aides Resisted State Department Suggestion That Clinton Use State.gov Account

Great job to DC and Chuck:

Bombshell emails from the State Department show that a top official at the agency suggested to Hillary Clinton’s aide, Huma Abedin, in Aug. 2011 that the then-secretary of state begin using a government email account to protect against unexpected outages of her private email server.

But as the emails show, Abedin pushed back on the suggestion, telling the official, Stephen D. Mull, then the executive secretary of the State Department, that a State-issued Blackberry equipped with a state.gov email address “doesn’t make a lot of sense.”

Besides showing that Clinton’s top aides were against the idea of her using a state.gov email account, the emails show for the first time that top State Department officials were aware of Clinton’s private email server arrangement.

The Daily Caller obtained the emails through a Freedom of Information Act lawsuit filed on its behalf by the government watchdog group, Cause of Action.

The State Department — and Clinton — have resisted questions about who inside the State Department knew about and signed off on the private server, which Clinton kept at her house in New York. The FBI seized that device in August after it was discovered that two “top secret” emails had been sent to Clinton.

Besides Mull, the emails show that Patrick Kennedy, the under secretary for management at the State Department, knew of the private server. Kennedy is a powerful figure within the State Department. The career diplomat handles logistical issues within the agency and was the official responsible for requesting emails from Clinton and her aides.

The first email in the Aug. 30, 2011 chain was sent from Mull and addressed to Mills, though Abedin, Kennedy, and Monica Hanley, another Clinton aide, were copied on the correspondence.

“Thanks for alerting me to the communications issues the Secretary has been having,” Mull wrote.

In the email, Mull mentioned Clinton’s use of the personal email server and also proposed providing Clinton with a new Blackberry equipped with a state.gov email account.

“We are working to provide the Secretary per her request a Department issued Blackberry to replaced her personal unit which is malfunctioning,” wrote Mull, noting that the device was malfunctioning “possibly because of [sic] her personal email server is down.”

He offered to prepare two Blackberries, one of which would include “an operating State Department email account.”

And curiously, Mull noted that the official version “would mask her identity” but “would also be subject to FOIA requests.”

Mull also suggested a new communications package for Clinton which, he wrote, “will include things that anticipate the normally unexpected such as hurricanes, power outages, earthquakes, locusts, etc.”

The package included “generators, uninterrupted power supplies, supplementary satellite capabilities, including satellite phones for when local infrastructure fails.”

Other emails released by the State Department have showed that Clinton’s email sever crashed at least three other times. The crash in and around Aug. 30, 2011 seems to be the fourth documented outage. Other crashes occurred in Oct. 2012, well after Mull offered suggestions to Clinton’s staff, suggesting that the problem was never fixed.

Likewise, Mull’s suggestion that Clinton begin using a state.gov-equipped Blackberry device was met with resistance from Abedin, the emails show.

“Let’s discuss the state blackberry, doesn’t make a whole lot of sense,” Abedin wrote.

The State Department has claimed in court filings that Clinton was not provided a government-issued Blackberry. In August, the agency stated in response to another FOIA lawsuit that it “does not believe that any personal computing device was issued by the Department to former Secretary of State Hillary Clinton, and has not located any such device at the Department.”

The filing made no mention of the effort to provide Clinton with an official device.

In her email to Mull, Abedin also asserted that “even the white house attested” that outages were a “pretty wide spread problem, not just affecting us.”

“Thanks for reminding all of this very helpful context,” Mull responded solely to Abedin.

She emailed back: “Its pretty silly and she knows it.” It is unclear if Abedin was referring to Clinton or to Mills, who was the first to email Mull about the communications issues.

 

Stephen Mull Emails to Cheryl Mills

No comment from the State Department…Hillary?

 

 

 

 

Soviet Loyalists, Patriotic Hackers

Posted on by

IN 2014: Russian Hackers Amass Over a Billion Internet Passwords

NYT: A Russian crime ring has amassed the largest known collection of stolen Internet credentials, including 1.2 billion user name and password combinations and more than 500 million email addresses, security researchers say.

The records, discovered by Hold Security, a firm in Milwaukee, include confidential material gathered from 420,000 websites, including household names, and small Internet sites. Hold Security has a history of uncovering significant hacks, including the theft last year of tens of millions of records from Adobe Systems.

“Hackers did not just target U.S. companies, they targeted any website they could get, ranging from Fortune 500 companies to very small websites,” said Alex Holden, the founder and chief information security officer of Hold Security. “And most of these sites are still vulnerable.” Full story here.

In 2015: Russian Hackers Read Obama’s Unclassified Emails, Officials Say

‘Patriotic hackers’ attacking on behalf of Mother Russia

FNC: A proxy war is underway in cyberspace, according to I.T. security analysts, and it is pitting numerous foreign institutions against Russian-speaking cyber militias beholden to President Vladimir Putin.

As has been evidenced by a steady wave of sophisticated cyberattacks targeting nation states and private sector organizations whose policies run counter to that of Moscow, Fox News is told groups of patriotic Eastern European hackers are using cyberattacks as a means to achieve Russia’s geopolitical goals.

Intelligence sources with knowledge of these cyberattacks tell Fox News the cyber militias are acting on behalf of the Putin regime. Furthermore, Fox is told security analysts have found evidence that Russian government-linked individuals have distributed cyberattack tools to these groups via underground web forums.

Over the last two years, analysts have researched web-based attacks leveraged against NATO, France’s TV5Monde, segments of the Polish financial sector, and the Dutch Safety Board – which concluded that doomed Malaysia Airlines flight 17 was actually brought down by a Russian-made missile. Researchers found evidence that each of those cyberattacks was carried out by different Russian-speaking cyber militias.

“We see this confluence of motive, where what looks like some recycled criminal malware has been upgraded in a sophisticated way,” said Keith Smith, vice president of threat intelligence for Colorado-based cybersecurity firm root9B. “A lot of people suspect that that’s Russia’s attempt to force us as analysts to ascribe to a criminal organization what is in fact the actions of a nation state – Russia.”

The United States is in these hackers’ crosshairs as well. As economic sanctions were leveled against Russia after its incursion into Crimea and Eastern Ukraine, the cyber militias began widespread attacks aimed at U.S. government officials and segments of the financial and defense sectors. The hack attacks were in furtherance of a campaign dubbed “Operation Pawn Storm” by cybersecurity firm Trend Micro.

The Office of the Director of National Intelligence declined to comment on this activity, but in congressional testimony last year, DNI James Clapper publicly acknowledged the pervasiveness of Russian cyber activity aimed at the United States.

“The Silicon Valley of talent that exists in the world on a cyberattack and cybercrime perspective exists in Eastern Europe,” according to Trend Micro chief cybersecurity officer Tom Kellermann. “Most of those actors – who are the best hackers in the world, period – are beholden and pay homage to the legacy and the power of the former Russian and Soviet regime. They do so by acting out patriotically.”

Perhaps the most dramatic show of patriotic Russian cyber aggression came on December 23 when some 800,000 Ukrainians were left in the dark following a widespread power outage.

Soon after the incident, researchers at U.S. cyber intelligence firm iSight Partners found evidence that the blackout was the result of a cyber intrusion by one such patriotic hacking militia. The culprit, as determined by iSight’s analysis, was likely a Russian-speaking group dubbed “Sandworm Team,” whose name comes from its references to the science fiction series “Dune.”

ISight drew its conclusion after a piece of malicious computer code was found on the Ukrainian Power Authority’s system. That destructive malware, known as BlackEnergy3, is unique to that particular hacking group, according to iSight.

Sandworm has been implicated by the company for having carried out numerous cyberattacks with Russian interests in mind; most notably, attacks carried out against the Ukrainian government and NATO in 2014. And according to iSight officials, the group is one of many.

“We are actively monitoring seven different cyber espionage groups right now that we believe are of Russian origin,” said Steve Ward, iSight Partners senior director.

Researchers have found that the attackers utilized wiper malware to disable Ukrainian Power Authority computer systems, which is similar in nature to the destructive malware used in the 2014 cyberattack on Sony Pictures. But what makes the December hack on the Ukrainian grid a watershed moment, according to researchers, is the combination of the destructive component and the actual target of the attack.

According to Trend Micro’s Tom Kellermann, the December 23 incident is the first instance in which a specifically directed cyberattack was used to take down the energy sector in a given nation state.

And while experts argue that achieving a similar result against the U.S. power grid would be a far more complex task, nonetheless, this recent cyber-induced blackout has added fuel to already loud concerns over hackers’ mounting abilities to cause physical harm and destruction.

“You’re seeing this cyber manifestation of attacks that can change, alter and diminish your physical reality,” said Kellermann. “What you have in cyberspace right now is a free fire zone.”