Category Archives: Cyber War

Pro-Kremlin Machine Right in Front of YOU

Posted on by

Vladimir Putin has his propaganda machine working in full speed. We are being sucked into it and not recognizing the clues much less asking harder questions against his agenda.

There is a two part series on the Pro-Kremlin operation. Part 1 video is here. Part 2 video is here.

Now, the movement behind the machine is something called ‘The Agency’ which is a location in St. Petersberg, Russia called the Internet Research Agency.

Graph showing shared use of Google Analytics, server software and social media

From DenisonForum: The Agency’s origins can be traced to the 2011 anti-government protests, organized because of the growing evidence of fraud in the Parliamentary elections that year. The protests had been organized largely via Facebook, Twitter, and LiveJournal and the government wanted to ensure that similar protests were far more difficult to put together in the future.  So the next year, Vyascheslav Volodin was named the new deputy head of Putin’s administration and given the task of gaining better control over the internet. In addition to starting the Agency, laws were passed that required bloggers to register with the state and the government was allowed to censor websites without a court order. Putin justified the new laws “by calling the Internet a ‘C.I.A. project,’ one that Russia needed to be protected from.”

The full background investigation on the Internet Research Agency, or rather the Kremlin troll factory is found here.

For the software and internet geeks out there, below is the proof of the machine where evidence was peeled back by using open source analytic tools.

From Global Voices Online: In April of this year, Radio Free Europe/Radio Liberty and the Guardian reported on the website вштабе.рф, a large photo gallery of pro-Russian memes and “demotivator” graphics. Most of these crude caricatures ridicule US, Western, and Ukrainian leaders, whilst portraying Vladimir Putin as strong and heroic.

The site gives no credit or attribution for its design, and offers no indication as to who might be behind it. Intrigued by this anonymity, I used Maltego open-source intelligence software to gather any publicly-available information that might provide clues.

The Secrets of Google Analytics
My use of Maltego revealed that the site was running Google Analytics, a commonly used online analytics tool that allows a website owner to gather statistics on visitors, such as their country, browser, and operating system. For convenience, multiple sites can be managed under a single Google analytics account. This account has a unique identifying “UA” number, contained in the Analytics script embedded in the website’s code. Google provides a detailed guide to the system’s structure.

Whilst investigating the network of sites tied to account UA-53176102, I discovered that one, news-region.ru, had also been linked to a second Analytics account: UA-53159797 (archive).

This number, in turn, was associated with a further cluster of nineteen pro-Kremlin websites. Subsequent examinations of these webpages revealed three more Analytics accounts, with additional sites connected to them. Below is a network diagram of the relationships I have established to date.

Most notably, Podgorny is listed in the leaked employee list of St. Petersburg’s Internet Research Agency, the pro-Kremlin troll farm featured in numerous news reports and investigations, including RuNet Echo’s own reports.

Podgorny’s date of birth, given on his public VK profile, is an exact match for that shown in the leaked document.

Podgorny's date of birth, as shown on his VK profile, compared with listing in the leaked Internet Reseach Agency document.

Podgorny is also VK friends with Igor Osadchy, who is named as a fellow employee in the same list. Osadchy has denied working for the Internet Reseach Agency, calling the leaks an “unsuccessful provocation.”

*** This internet researcher will continue the investigation and report more. For expanded details on the first cut of the investigation, click here.

Cyberwar, Deeper Truth on China’s Unit 61398

Posted on by

The NSA has been hacking China for years, so it is a cyberwar. What the United States cyber experts have known at least since 2009 spells out that there has been no strategy to combat cyber intrusions much less a declaration that these hacks are an act of war.

The NSA Has A Secret Group Called ‘TAO’ That’s Been Hacking China For 15 Years

China hacking charges: the Chinese army’s Unit 61398
Operating out of a tower block in Shanghai, Unit 61398 allegedly hacks Western companies in support of the Chinese government’s political and economic aims.

From DarkReading:

According to the DOJ indictment, Huang Zhenyu was hired between 2006 and 2009 or later to do programming work for one of the companies (referred to as “SOE-2” in the indictment). Huang was allegedly tasked with constructing a “secret” database to store intelligence about the iron and steel industry, as well as information about US companies.

“Chinese firms hired the same PLA Unit where the defendants worked to provide information technology services,” according to the indictment, which the US Department of Justice unsealed Monday. “For example, one SOE involved in trade litigation against some of the American victims herein hired the Unit, and one of the co-conspirators charged herein, to hold a ‘secret’ database to hold corporate ‘intelligence.'”

The for-hire database project sheds some light on the operations of China’s most prolific hacking unit, Unit 61398 of the Third Department of China’s People’s Liberation Army (also known as APT1), where the alleged hackers work. US Attorney General Eric Holder announced an unprecedented move Monday: The Justice Department had indicted the five men with the military unit for allegedly hacking and stealing trade secrets of major American steel, solar energy, and other manufacturing companies, including Alcoa, Allegheny Technologies Inc., SolarWorld AG, Westinghouse Electric, and US Steel, as well as the United Steel Workers Union.

It has never been a secret, it has only been a topic debated with no resolutions behind closed doors. China has a database on Americans and is filling it with higher details, growing their intelligence on everything America.

China has launched a strategic plan when one examines the order of hacks of American companies, the timing and the data. A full report was published on Unit 61398.

New York Times report

Hacked in the U.S.A.: China’s Not-So-Hidden Infiltration Op

From Bloomberg: The vast cyber-attack in Washington began with, of all things, travel reservations.

More than two years ago, troves of personal data were stolen from U.S. travel companies. Hackers subsequently made off with health records at big insurance companies and infiltrated federal computers where they stole personnel records on 21.5 million people — in what apparently is the largest such theft of U.S. government records in history.

Those individual attacks, once believed to be unconnected, now appear to be part of a coordinated campaign by Chinese hackers to collect sensitive details on key people that went on far longer — and burrowed far deeper — than initially thought.

 

But time and again, U.S. authorities missed clues connecting one incident to the next. Interviews with federal investigators and cybersecurity experts paint a troubling portrait of what many are calling a serious failure of U.S. intelligence agencies to spot the pattern or warn potential victims. Moreover, the problems in Washington add new urgency to calls for vigilance in the private sector.

In revealing the scope of stolen government data on Thursday, Obama administration officials declined to identify a perpetrator. Investigators say the Chinese government was almost certainly behind the effort, an allegation China has vehemently denied.

‘Facebook of Intelligence’

Some investigators suspect the attacks were part of a sweeping campaign to create a database on Americans that could be used to obtain commercial and government secrets.

“China is building the Facebook of human intelligence capabilities,” said Adam Meyers, vice president of intelligence for cybersecurity company CrowdStrike Inc. “This appears to be a real maturity in the way they are using cyber to enable broader intelligence goals.”

The most serious breach of records occurred at the U.S. Office of Personnel Management, where records for every person given a government background check for the past 15 years may have been compromised. The head of the government personnel office, Katherine Archuleta, resigned Friday as lawmakers demanded to know what went wrong.

The campaign began in early 2013 with the travel records, said Laura Galante, manager of threat intelligence for FireEye Inc., a private security company that has been investigating the cyber-attacks.

Stockpiling Records

By mid-2014, it became clear that the hackers were stockpiling health records, Social Security numbers and other personal information on Americans -– a departure from the country’s traditional espionage operations focusing on the theft of military and civilian technology.

“There was a clear and apparent shift,” said Jordan Berry, an analyst at FireEye.

Recognition came too late for many of the victims. Vendors of security devices say health-care companies are spending tens of millions of dollars this year to upgrade their computer systems but much of the data is already gone.

U.S. intelligence agencies were collecting information on the theft of personal data but failed to understand the scope and potential damage from the aggressive Chinese operation, according to one person familiar with the government assessment of what went wrong.

In the last two years, much of the attention of U.S. national security agencies was focused on defending against cyber-attacks aimed at disrupting critical infrastructure like power grids.

 

General Dunford Said Russia is #1 Threat, Here is Why

Posted on by

Anyone read the book ‘Disinformation’ by Ronald Rychlak and LtG. Ion Pacepa?

General Joseph Dunford is next in line to replace General Dempsey as the Chairman of the Joint Chiefs of Staff. His assessment today about who represented the topic threat to America’s National Security shocked the lawmakers when his response was Russia.

Peeling back some layers, we will come to understand why the General’s alarming conclusions are exactly right. Russia is operating a stealth KGB operation and it has been effective.

Wikileaks Release Indicates Hacking Team Sold To FSB, Russia’s Secret Police

Hacking Team Galileo console

From Forbes:

Now that Wikileaks has released the emails included in the 415GB leaked by the hackers who breached Italian “lawful intercept” provider Hacking Team TISI NaN%, the world has easy access to a trove of information blowing open the inner workings of the private surveillance industry. Amongst the files seen by FORBES so far, emails detailing Hacking Team’s sales to Russia’s secret police, the FSB.

Previous analysis of the leaks had sold its Galileo Remote Control System (RCS) to KVANT, a Russian state-owned military technology company. This inspired questions from  Dutch politician and European Member of Parliament Marietje Shaake about the potential breach of European Union sanctions about the sale of such goods to Russia, which has been put on blacklists for its operations in war-torn Ukraine. Selling to the FSB would likely concern onlookers more, given the agency’s widespread access to communications in Russia. Many more details here.

Going beyond the next layer

Cyber Caliphate Hackers Not Linked to Islamic State

State Department warns IS online threat ‘unmatched’
by: Bill Gertz, FreeBeacon

The hacker group Cyber Caliphate that was thought to be an online arm of the Islamic State has no ties to the terror group despite its cyber attacks in support of the ultra-violent al-Qaeda offshoot, according to a State Department security report.

“Although Cyber Caliphate declares to support ISIL, there are no indications—technical or otherwise—that the groups are tied,” the two-page report from the Overseas Security Advisory Council states. The Islamic State (IS) is also known by the acronyms ISIL or ISIS.

Instead, Russian hackers now appear to be linked to the Cyber Caliphate, a fact discovered by French government authorities after a cyber attack on TV5Monde television in France last April.

In addition to the announcing the lack of a connection between IS and the Cyber Caliphate, the State Department warned that the terrorist group nevertheless continues to have unprecedented online recruitment and propaganda capabilities.

“ISIL’s online presence for propaganda and recruitment purposes continues to be unmatched by other terrorist organizations,” the report said.

The Islamic State uses Internet sites and social media strategies to disseminate and control its Islamist message.

“ISIL’s use of Twitter has been deemed particularly effective; a Brookings study reported at least 46,000 Twitter accounts in use by ISIL supporters during the timeframe of September through December 2014,” the report said.

IS also deftly exploits modern technology and has mastered online propaganda in appealing to young and computer-savvy foreigners, including known hackers who support its ends.

“Although ISIL continues to demonstrate success in using online tools for propaganda, recruitment, and fundraising purposes, the suspected link of Russian hackers to the TV5Monde attack reinforces the assessment that ISIL still lacks the ability to carry out a technically sophisticated cyberattack,” the report concludes.

President Obama on Monday defended the administration strategy against ISIL—despite the group’s expansion from Iraq and Syria to other parts of the world.

Obama said ISIL is “particularly effective” in recruiting foreigners, including Americans, and is using online methods to spread its ideology.

The president said that to defeat ISIL and al Qaeda, “it is going to also require us to discredit their ideology.”

However, the president and his administration continue to play down the Islamist nature of the threat, preferring the non-religious term “violent extremism.”

“Ideologies are not defeated with guns. They’re defeated by better ideas, [a] more attractive and more compelling vision,” Obama said.

“So the United States will continue to do our part by working with partners to counter ISIL’s hateful propaganda, especially online.”

The State Department report, “Who Is Cyber Caliphate? Re-examining the Online ISIL Threat,” was produced by a unit of the Department’s Office of Diplomatic Security, which supports American businesses overseas. It describes Cyber Caliphate as a relatively unsophisticated group that has conducted cyber attacks against perceived enemies of the Islamic State.

“This included targeting various media outlets, issuing threats against U.S. military spouses, and the highly publicized hacking of U.S. Central Command’s Twitter account and YouTube channel,” the report said.

Most of the group’s technical activities involved website defacements and hacking of Twitter accounts. The cyber vandalism seems to have beeen intended to spread IS propaganda and to build notoriety for the group.

However, the TV5Monde cyber attack that disrupted live broadcasts, staff email accounts, and the station’s web page for some 20 hours demonstrated new capabilities, the report said.

“The methodology employed in the attack was atypical of previous Cyber Caliphate activity, and further investigation by French authorities and U.S. private cyber security companies instead pointed to nation-state actors,” the report said.

Among the information said to have been compromised during the TV5Monde attack were personal information about relatives of French soldiers fighting IS. France is among the coalition of nations engaged in military operations against IS.

According to the report, IP addresses traced to the TV5Monde attack were traced to the Russian hacker group known as APT28.

“The [APT28] hacking group was formerly observed targeting the North Atlantic Treaty Organization, entities in Eastern Europe, security companies, and journalists,” the report said.

“APT28 is assessed to conduct operations to benefit the Russian government, and was not previously seen using hacktivists or terrorist organizations as cover.”

The origin of Cyber Caliphate and its members remains unclear. Initially, it was believed by security authorities that the group started by a British hacker, 20-year-old Junaid Hussain, who was linked to a hack against former British Prime Minister Tony Blair.

Hussain then was said to have moved from Britain to Syria where he sought to recruit hackers.

The Cyber Caliphate has not been officially endorsed by IS but it has gained from the free publicity its hacker attacks have generated.

The group’s attack on TV5Monde was described in the report as an anomaly for the hackers. Several theories are under consideration by experts regarding the nature of the group’s actions.

Some analysts believe the group was testing its cyber capabilities in preparation for expanded strikes on new targets.

Other analysts said the television station cyber attack was retaliation based on strained ties between Moscow and Paris.

Russia was angered by France’s recent decision to cancel a $1.3 billion deal for two Mistral-class helicopter carriers for the Russian Navy after Russia’s military aggression against Ukraine.

According to the report, the cyber security firm iSight Partners has assessed the Cyber Caliphate as a “false front for anti-western Russian actors.”

Another theory is that Cyber Caliphate is part of a Russian disinformation operation used by Moscow’s hackers as cover for their cyber attacks. The report noted “Russia’s long history of disinformation campaigns.”

The Size and Scope of Anonymous, Hacktivists

Posted on by

Now that we are beginning to understand how big the hacker network is, what is the real agenda and mission of those inside the group? One cannot estimate yet it appears to have many variances. Anonymous does get involved in policy issues and members and or sympathizers participate.

Anonymous marchers
Masked Anonymous supporters march away from the U.S. Capitol during a 2013 demonstration. Reuters/Jim Bourg
  • Anonymous holding baby
    A woman wearing an Anonymous mask holds up a baby during a Brazil demonstration in 2013. Reuters/Nacho Doce

 

 

There is a documentary on ‘We Are Legion’,

How big is Anonymous? Maybe bigger than you thought

By: CS Monitor An analysis from a University of Copenhagen graduate student suggests the online-phenomenon-turned-protest movement is more globally connected on the Web than previously thought.

  • close
    Protesters wearing Guy Fawkes masks held signs that read “Anonymous is here for our countrymen” during an April rally against a political corruption in Guatemala City.
     

The actual size and reach of the shadowy hacktivist collective Anonymous has long been the fodder of online squabbles. It’s diminished by detractors and puffed up by ardent devotees.

So, a University of Copenhagen graduate student set out to determine the actual extent of Anonymous’ influence around the world. And, it turns out that Anonymous appears to have a wider scope and is more international than previously imagined.

Even academics who study Anonymous were surprised. “The Anonymous network is larger than many of us thought,” said Gabriella Coleman, an anthropology professor at McGill University and author of “Hacker, Hoaxer, Whistleblower, Spy: The Many Faces of Anonymous.”

Recommended: Revealing Anonymous and its web of contradictions

The analysis looks at Facebook pages connected with Anonymous to gain insight into its international prowess. Yevgeniy Golovchenko, a graduate student in the school’s sociology department, examined 2,770 Anonymous Facebook pages that generated a collective 22.2 million “likes.” This is just the “absolute minimal size” of the entire global Anonymous network, Mr. Golovchenko explained in an interview.

The point of the study was to “show the enormity and connectivity of the Anonymous movement at a global level,” he said. The end result revealed a network greater than he expected. It was even “a lot bigger than my Anon informants thought it would be,” said Golovchenko.

Professor Coleman, considered the leading expert on Anonymous, says the data reveals “a parallel world, or really worlds, that live on Facebook” instead of other social media sites such as Twitter and Internet Relay Chat services.

It is far more likely there are more Anonymous Facebook pages than the ones in Golovchenko’s study. Facebook pages belonging to Anonymous included in his analysis had to meet at least one of the following criteria: Pages directly identified as Anonymous (“we are Anonymous”), shared or organized “operations,” or used Anonymous symbols beyond the Guy Fawkes mask.

“The [Anonymous’ network is also dynamic,” he noted, since when “some pages die out, others are born.” The average Anonymous page was connected to 18 other Anonymous pages. Golovchenko used Facebook “likes” as a way to establish connections, because a “like” acts as an “acknowledgement,” and shows the admin of one page is aware of another Anonymous contingent, in most cases in a different country. The “Offiziell Anonymous Page” had the most connections with 517 likes. It should be noted that “Offiziell Anonymous Page” hasn’t updated since December 2014.

Golovchenko was drawn to Anonymous’ Facebook pages given these pages are a public and easily accessible aspect of the relatively secretive hacktivist collective. These Facebook pages exist to either share information, or promote and help organize projects, and if they were harder to access, they’d alienate the average person.

Looking at all this Facebook data reveals several patterns. The position of the “node groupings was done by an algorithm, but it magically describes the realities of where people live in the world, to some extent,” said Golovchenko. An example of this are the German Anonymous Facebook pages, like the Anonymous Deutschland node, which are shown as blue dots:

German Anonymous Facebook pages. Yevgeniy Golovchenko

Another example of this regional breakdown is the Anonymous Unified Korea node, which is primarily focused in West Asia, except for that one supportive Belgian Facebook page:

Anonymous Unified Korea node, which is primarily focused in West Asia, except for one supportive Belgian Facebook page. Yevgeniy Golovchenko

Looking at the Anonymous Angola node reveals an even smaller network comprised of only a few African countries with the exception being Brazil (see below). Anonymous Hacker Brazil has a much larger international network.

Through this visualization, it is easy to identify allies of certain sects, or regional Anonymous crews. For example, quite a few Brazilian Anonymous pages are connected to Anonymous in Iceland, of all countries. The Occupy Brazil node is connected to various Anonymous Facebook pages in Canada, which could explain why so much traffic during a recent operation against Canadian government websites came from Brazil.

Yevgeniy Golovchenko

All these networks within networks reveal an incredibly complicated communication stratus. “Even if only one-third of the likes represent actual Facebook users,” noted Golovchenko, “the network is surprisingly immense … . Only few mainstream media can match the movement’s enormous internet infrastructure.”

Sequester Destroying Military Readiness

Posted on by

A hearing on Capitol Hill yesterday revealed that a2 year program funded with $500 million to train local forces to fight against Islamic State has only reached a achievement of 60 troops when the goal is 5000 by the end of the year 2015.

The Syrian recruits must meet several criteria in order to be trained by the United States, including taking a pledge to fight ISIS rather than the regime of Assad. The trainees must also agree to abide by the laws of war.

The requirement to not fight Assad is a particularly high hurdle; most of the Syrian rebels have been fighting the government in a long-running civil war.

The meager training figure gave new ammunition to critics who say the administration’s ISIS strategy is flailing.

Sen. Joe Manchin (D-W.Va.), a member of the committee, said his constituents were confused about the rebel-training program, which cost $500 million in 2015 and will cost $600 million next year. 

“They’re confused about in Syria, trying to spend the money to find people to train when you acknowledged that we only had 60 of them successful right now and the amount of effort we’re spending there,” he said.

It gets worse….

The Russians are taking over the Arctic.

From the Washington Times: Coast Guard Commandant Paul F. Zukunft says that the U.S. is essentially ceding the Arctic’s emerging trade routes and natural resources to Russia.
Warming temperatures have opened up the trade routes and access to natural resources, which Russia is taking advantage of with its increased military presences and 27 icebreakers. The U.S. has two icebreakers.
“We’re not even in the same league as Russia right now,” said Adm. Zukunft, who oversees 88,000 personnel, Newsweek reported. “We’re not playing in this game at all.”

Fran Ulmer, chair of the U.S. Arctic Research Commission, told Newsweek that if the U.S. wants to devote resources to the region this late in the game, then it will be difficult to catch up. Mr. Ulmer said “it takes years,” to build a single icebreaker, with each one costing roughly $1 billion.
The magazine reported that in addition to the resources Russia is sending to the Arctic, it also has filed claims with the U.N. to claim an additional 200 miles of land extending off its continental shelf. The claims will then be examined by U.N. scientists operating under a treaty called the United Nations Convention on the Law of the Sea.

Still gets worse….

From the Army Times:

The Army plans to cut 40,000 soldiers from its ranks over the next two years, a reduction that will affect virtually all its domestic and foreign posts, the service asserts in a document obtained by USA Today.

The potential troop cut comes as the Obama administration is pondering its next moves against the Islamic State militant group in Iraq and Syria. President Obama said Monday he and military leaders had not discussed sending additional troops to Iraq to fight the Islamic State. There are about 3,500 troops in Iraq.

“This will not be quick — this is a long-term campaign,” Obama said at the Pentagon after meeting top military brass in the wake of setbacks that have prompted critics to call for a more robust U.S. response against the Islamic State.
[12:33:48 PM] The Denise Simon Experience: An additional 17,000 Army civilian employees would also be laid off under the plan officials intend to announce this week. Under the plan, the Army would have 450,000 soldiers by the end of the 2017 budget year. The reduction in troops and civilians is due to budget constraints, the document says.

The Army declined to comment on the proposed reductions in its forces.

Meanwhile, all NYSE trading stopped early Wednesday due to a ‘technical glitch’ when the Chinese markets are tanking, cyber attacks continue and United Airlines went offline as well.

Danger lurks and the threat matrix expands.