Category Archives: Cyber War

Pelosi Says ‘no war’ but What About the Gerasimov Doctrine?

Posted on by

The 800 lb. gorilla in the room, meaning in Congress is the 2002 AUMF, Authorization for Military Force. That was 18+ years ago and since that time warfare has changed. No longer will we see convention forces take the battlefield that looks that of Ramadi, North Korea or driving the Taliban from power in Afghanistan.

Modern warfare is best described today by the doctrine developed by Russian General Valery Gerasimov. This site has published several items on Gerasimov in recent years where in summary his military paper lays out theories of modern warfare and the new rules. The strategies include politics, cyber, media, leaks, space, fake news, conventional, asymmetric a tactics of extortion and influence.
The United States does not want war but bad guys do and they often get it.
As long as the United States responds and remains defensive on all fronts, we are in a forever war and the bad guys multiply.

The adversaries of our nation watch us more than we watch ourselves, there are divisions, departments, teams, units and various skill sets that are assigned and dedicated to all things United States all to pinpoint our weaknesses and fractures in our systems. They DO find them.
When third in the line of succession to the presidency, Speaker Nancy Pelosi calls President Trump and ‘insecure imposter’ and an ‘assassin’, it becomes one of many jumping off points for our adversaries to exploit. When the media calls Trump a liar, members of Congress use racist, unfit and unstable, the enemy takes delight.

So, taking out General Soleimani was long overdue and as for bad guys multiplying?

Source IISS report

Enter the cyber trolls, the deep fakes, the false news stories, hacks, ransomware, espionage, theft, plants, drones, terrorists embedded with migrants, illicit transfer of goods including weapons, money and people generated by rogue nations.

So, while there is little debate about the AUMF, there is a past due need to update and define all lanes of modern warfare and for a full new unanimous vote on military force which does now include cyber and space.
When Speaker Pelosi announced last week ‘NO WAR’ and the House passed a non-binding resolution to limit President Trump’s war powers against Iran, you can bet Russia was listening as were North Korea, Syria, China and even Iran.

This is a pre-911 mentality regarding foreign policy, United States doctrine and national security. Such was the case several days ago when Iran launched their cyber operation to begin brute force attacks against several targets inside the United States. The Department of Homeland Security’s CISA division (Cybersecurity and Infrastructure Security Agency) sent out several advanced warnings nationally for state and local governments as well as private business and corporations to be on the ready and harden systems with robust firewalls. They are asked for information regarding intrusions and attacks, Well, Texas Governor Abbot did respond. A few Texas state systems were the victims of of brute force cyber hits. The extent of that action appears to be rather minimal but no computer system network ever wants to reveal the damage such that it would or could invite more resulting in more ransomware.

Noted in the Gerasimov Doctrine, hard and soft power across many domains, past and over any boundaries, Russia collaborating with China, Iran and North Korea counter-balance conventional warfare with hybrid tactics and it is cheaper and often missed by experts and media until the real damage is noted.

Congress has held many hearings on what is an act of war against the United States and yet, here we are with a tired and outdated AUMF that does not address gray zone operations. Just ask Ukraine, East Europe and Crimea how Russia was successful in applying hybrid warfare tactics. Maybe we should just rename the Gerasimov Doctrine civilian military operations, perhaps the Democrats and Pelosi would better understand the burdens of the Commander in Chief and that of the Secretary of Defense along with the intelligence agencies. It is an ugly world.

DHS Website Hacked with Pro-Iranian Messages

Posted on by

Seems with the timing, that as I was publishing an article yesterday about Iran’s robust cyber operations, they or proxies were at work taking down our own Department of Homeland Security website. Another thought is a domestic Iranian sympathizer took down the site.

A website within the Department of Homeland Security was offline Sunday after a hacker uploaded photos onto the site that included an Iranian flag and an image depicting a bloodied President Donald Trump being punched in the face.

 

The images appeared on the Federal Depository Library Program program’s website late Saturday before the site was taken offline. The Cybersecurity and Infrastructure Security Agency, a division of the Department of Homeland Security, said it was monitoring the situation.

“We are aware the website of the Federal Depository Library Program was defaced with pro-Iranian, anti-US messaging,” the cybersecurity agency said in a statement. “At this time, there is no confirmation that this was the action of Iranian state-sponsored actors. The website was taken offline and is no longer accessible.”

The statement added that “in these times of increased threats” all organizations should increase cyber monitoring, back up IT systems, implement secure authentication and have an incident response plan ready should a hack take place.

DHS also issued a two-week National Terrorism System advisory noting the U.S. drone strike in Iraq last week that killed Iran commander Qassem Soleimani. That spurred Iran and several affiliated extremist organizations to state publicly they intend to retaliate against the U.S.

“Iran maintains a robust cyber program and can execute cyber attacks against the United States,” DHS warned. “Iran is capable, at a minimum, of carrying out attacks with temporary disruptive effects against critical infrastructure in the United States.”

The library program website essentially had been replaced with a page exclaiming “Iranian Hackers!” An image of Iran’s supreme leader Ayatollah Ali Khamenei also was posted, along with a message that “martyrdom was (Soleimani’s) reward for years of implacable efforts.

A graphic showed Trump being punched by a fist from Iran amid a flurry of missiles.

“With his departure and with God’s power, his work and path will not cease and severe revenge awaits those criminals who have tainted their filthy hands with his blood and blood of the other martyrs,” a message on the website read.

Another message claimed the hack was the work of an Iranian “security group,” adding that “this is only small part of Iran’s cyber ability!”

Iran has promised a military response to Soleimani’s killing. Trump has vowed that if Iran attacks an American base or any American, “which I would strongly advise them not to do, we will hit them harder than they have ever been hit before!”

I also received the following bulletin yesterday from the DHS email system.

Image

 

 

Iran Identifies 35 Targets to Avenge Soleimani’s Death

Posted on by

For reference, the United States has an estimated 65,000 military personnel deployed in various locations throughout the Middle East.
Afghanistan: 14,000
Bahrain: 7,000
Iraq: 5200
Jordan: 3000
Kuwait: 13000
Oman: 300
Qatar: 14,000
Saudi Arabia: 3000
Syria: 700
Turkey: 2000
United Arab Emirates: 5000
If the tensions continue to rise, the United States has approval of 120,000 total troops in the region.

Iran does not have the resources or infrastructure to compete, but they can cause chaos.

So, as the Democrats are predicting and wrongfully so the makings of the full military conflict with Iran, there just wont be one.

Iranians typically wont fight outside their own country and hardly would inside such that the fighters are desperate Arabs from all kinds of countries wiling to do so for any kind of paycheck. That is what Qassim Soleimani built with his political charm and promises.
This is not to say that the Supreme Leader of Iran along with his president Hassan Rouhani wont certainly continue with attacks and some terror targets, they will ensure that the new Quds leader Esmail Ghaani has his orders. Any more robust military action by Iran wont happen anytime soon but the West must prepare the potential battle-spaces and harden soft targets as well as collect all intelligence possible. The United States has for sometime collected information on Iran and the reach the country has across the globe including our homeland. We information share with Israel and where needed with other allies.

The death of Soleimani wont result in any ground war offensive. It would take on the normal uses of drones, short range missile launches and even counter-cyber measures.

The flag was unfurled on top of the Jamkaran Mosque, in Qom photo

The United States does expect more attacks and Iran has leaked out a general list along with their hoisting of the ‘red flag’ which indicates war above the Jamkaran Mosque in Qom.

Brigadier Ghulam Ali Abu Hamza, commander of the Iranian Revolutionary Guard Corps

The targets (35) can be anywhere that Iran has a footprint including Central and Latin America, Tel Aviv, Jordan, Lebanon, Syria, Lebanon, Cyprus, Thailand and even Africa. Military personnel, diplomatic staff and corporate civilian personnel have all been advised by both the U.S. State Department and the Department of Defense.

Based on previous attacks by Iran, they will likely continue to use limpets to strike oil tankers in the Straits of Hormuz. They may also use short or medium range missiles or drones to hit any of our naval fleet in the region including the Persian Gulf. Iran does have two classes of submarines, the Fateh Class and the Ghadir Class. The submarine fleet is a variation of Russian Kilo class ships equipped with Chinese EM-52 rocket assisted mines. Arming civilian fisherman with explosives such as those used to strike the USS Cole is an option. Iran does maintain anti-ship missiles launched from shore and it has a modest fleet of warships. Britain is said to ensure its commercial ships are escorted by at least two Royal Navy ships, the HMS Montrose and the HMS Defender.

Freighter ships and oil tankers are on alert for any of the above and have been given orders to report anything including waterway blockades.

 

Locked Shields Versus Iran

Posted on by

Since the death of several Iranian warlords including Qassim Soleimani, the United States has dispatched more military personnel to the Middle East. The Patriot missile batteries scattered in the region including in Bahrain are now at the ready. When it comes to cyber operations inside Iran, little is being discussed as a means of retribution against the United States. Iran does have cyber warfare capabilities and does use them.

It has been mentioned in recent days that President Trump has been quite measured in responding to Iran’s various attacks including striking Saudi oil fields, hitting oil tankers and shooting down one of the drones operated by the United States. In fact, the United States did respond directly after the downing of our drone by inserting an effective cyber-attack against Iran’s weapons systems by targeting the controls of the missile systems.

APT33 phishing Read details from Security Affairs.

Iran has an estimated 100,000 volunteer cyber trained operatives that has been expanding for the last ten years led by the Basij, a paramilitary network. The cyber unit known for controlling the Iranian missile launchers is Sepehr 110 is a large target of the United States and Israel. Iran also mobilizes cyber criminals and proxy networks including another one known as OilRig.

In 2018, the United States charged 9 Iranians (Mabna Hackers) for conducting massive cyber theft, wire fraud and identity theft that affected hundreds of universities, companies and other proprietary entities.

Due to a more global cyber threat by Iran known to collaborate with North Korea, China and Russia, NATO has been quite aggressive in cyber defense operations via the Cooperative Cyber Defense Center of Excellence applying the Locked Shields Program.

Not too be lost in the cyber threat conditions, Iran also uses their cyber team to blast out propaganda using social media platforms. If this sounds quite familiar, it is. The Russian propaganda operations manual is also being used by Iran. The bots and trolls are at work in Europe to keep France, Britain and Germany connected to the Iranian nuclear deal and to maintain trade operations with Iran including diplomatic operations. There are fake Iranian and Russian accounts still today all over Twitter and Facebook for which Europe is slow to respond if at all.

Meet APT33, which the West calls the Iranian hacking crew(s), the other slang name is Elfin. APT33 is not only hacking, but it is performing cyber-espionage as well. There are many outside government organizations researching and decoding Iran’s cyber operations that cooperate with inside U.S. government cyber operations located across the globe that also cooperate with NATO.

Recorded Future is one such non-government pro-active cyber operation working on Iran. These include attributions of cyber attacks by Iran against Saudi Arabia as well as the West by decoding phishing campaigns, relationships, malware and webshells and security breeches.

Recent published results include in part:

Nasr Institute and Kavosh Redux

In our previous report, “Iran’s Hacker Hierarchy Exposed,” we concluded that the exposure of one APT33 contractor, the Nasr Institute, by FireEye in 2017, along with our intelligence on the composition and motivations of the Iranian hacker community, pointed to a tiered structure within Iran’s state-sponsored offensive cyber program. We assessed that many Iranian state-sponsored operations were directed by the Iranian Revolutionary Guard Corps (IRGC) or the Ministry of Intelligence and Security (MOIS).

According to a sensitive Insikt Group source who provided information for previous research, these organizations employed a mid-level tier of ideologically aligned task managers responsible for the compartmentalized tasking of over 50 contracting organizations, who conducted activities such as vulnerability research, exploit development, reconnaissance, and the conducting of network intrusions or attacks. Each of these discrete components, in developing an offensive cyber capability, were purposefully assigned to different contracting groups to protect the integrity of overarching operations and to ensure the IRGC and/or MOIS retained control of operations and mitigated the risk from rogue hackers. Read more here in detail from a published summary of 6 months ago.

That Russian Spy Ship is Back to Lurking off our Coast

Posted on by

The speculation for this ship is:

There are new indications that the spying target this time also included SpaceX’s space launch capability.

On Monday, the private space launch company founded by tech entrepreneur Elon Musk conducted the 13th successful launch of its Falcon 9 booster from Cape Canaveral, Florida. The launcher placed a communications satellite into orbit and then returned to Earth by landing on a barge in the Atlantic eight minutes later.

Analysts speculate that the ship may have been observing the launch to gather data that could benefit reusable Russian space launchers.

U.S. Northern Command and the Coast Guard have been tracking a Russian spy ship equipped with electronic surveillance gear that has been lurking off the East Coast of the United States.

On Monday, the Coast Guard sent out a Maritime Safety Information Bulletin warning boaters of reports of the Viktor Leonov operating in an “unsafe manner” off the coast of South Carolina and Georgia.

On Tuesday, the Coast Guard said the Russian ship was operating in USCG’s Jacksonville, Florida, area of responsibility, which encompasses roughly 40,000 square miles of ocean and stretches nearly 190 miles of coast from Kings Bay, Georgia, to Port Malabar, Florida.

“This unsafe operation includes not energizing running lights while in reduced visibility conditions, not responding to hails by commercial vessels attempting to coordinate safe passage and other erratic movements,” the Coast Guard posted on its bulletin.

“Vessels transiting these waters should maintain a sharp lookout and use extreme caution when navigating in proximity to this vessel. Mariners should make reports of any unsafe situations to the United States Coast Guard,” the Coast Guard said in its safety message.

Adm. James Foggo III, the commander of U.S. Naval Forces Europe and U.S. Naval Forces Africa, told reporters Dec. 18 that the Russian spy ship was operating a “couple hundred” miles off the East Coast.

North American Aerospace Defense Command and U.S. Northern Command told Military Times that they were tracking the Russian ship.

“We are aware of Russia’s naval activities, including the deployment of these intelligence collection ships in the region,” Maj. Mark R. Lazane, a spokesman with NORTHCOM, told Military Times in an emailed statement.

Image result for Russian warship Viktor Leonov

It’s not the first time the Viktor Leonov has conducted intelligence operations off the East Coast off the U.S.

In 2017, the Pentagon announced the Leonov was being trailed by a Coast Guard vessel but was operating in international waters.

“They routinely deploy intelligence vessels worldwide to monitor the activities and particularly naval activities of other nations, but then again conducted lawfully in international waters and not unlike operations we conduct ourselves,” Davis said in 2017 about the Leonov operating near the East Coast of the U.S.

Foggo said that the Coast Guard reported that the Russian ship was not responding to signals or “bridge to bridge” radio communications and was running without lights on at sea.

Those actions, Foggo said Wednesday, are risky. More here.

This ship is part of Project 864. The Project 864, also known as the Vishnya and Meridian, is an electronic surveillance and intelligence gathering ship built by Stocznia Polnocna shipyard in Gdansk (Poland) for the Soviet Union’s Navy in the 1980s. The ship’s capabilities are built around the Communication Intelligence (COMINT) and Signals Intelligence (SIGINT) concepts. The Project 864 are equipped with two satellite communications antennas inside a radome. The propulsion system consists of two diesel engines developing 4,400-bhp and a top speed of 16 knots. The Project 864 weapon system is intended to counter airborne threats using two AK-630 30mm guns and two SA-N-8 surface-to-air missile systems. The Russian Navy operates seven Meridian-class vessels to be replaced by the Project 18280 intelligence ship by 2020.