Category Archives: Cyber War

Possible Details on Iran for Trump Briefings

Posted on by

Image result for un arms embargo iran photo/details

For context, here is the background on the UN Arms Embargo on Iran.

1. The rapidly expiring “sunset provisions” – which will lift existing restrictions on Iran’s military, missiles and nuclear programs – were a key factor in President Trump’s decision to withdraw from the flawed Joint Comprehensive Plan of Action (JCPOA) in May last year. The first of the sunset provisions, the arms embargo under U.N. Security Council Resolution (UNSCR) 2231, will expire by October 18, 2020.

In its report, JCPOA Sunset Alert, United Against Nuclear Iran (UANI) details the hazards once UNSCR 2231’s arms transfers provisions expire. Guns, howitzers, mortars, battle tanks, armored combat vehicles, combat aircraft, attack helicopters, warships and missiles or missile systems will proliferate throughout the region.

2. The European Union is skirting the Iran sanction architecture by launching INSTEX. Based in Paris, it is managed by Per Fischer a German banker and the UK is heading the supervisory board.

The channel, set up by Germany, France and the UK, is called INSTEX — short for “Instrument in Support of Trade Exchanges.”

“We’re making clear that we didn’t just talk about keeping the nuclear deal with Iran alive, but now we’re creating a possibility to conduct business transactions,” German Foreign Minister Heiko Maas told reporters Thursday after a meeting with European counterparts in Bucharest, Romania.

“This is a precondition for us to meet the obligations we entered into in order to demand from Iran that it doesn’t begin military uranium enrichment,” Maas said.

3. Zarif, Iran’s Foreign Minister has confirmed violations of stockpile limitations as well as uranium enrichment of 300kg. for low-enriched uranium. These two items are violations of the JCPOA and Europe considers this just a distraction.

4. The U.S. has sent an estimated 12 F-22 Raptor stealth fighters to Qatar, based at al Udeid Air Base to bolster defenses Iran threats. There is a B-52 bomber task force in the region. The U.S. has dispatched several army batteries that operate the Patriot Missile launchers. Much of this is due to and in preparation for the asymmetric warfare tactics in use by Iran.

5. Iran is aware they cannot match the United States militarily, so there are two other possibilities and they include attacking Israel and major cyber interruptions.

Speaking at a political conference of ultra-conservatives in Iran’s north, Mashaei said, “If the Zionist regime attacks Iran, the Zionists will have no longer than a week to live.” The semi-official Fars news agency quoted him as saying that the Islamic Republic would destroy Israel “in less than 10 days”. On the cyber front, Iran has the abilities to disrupt networks associated with power systems in the region as well as those connected to oil production and shipping. U.S. Cybercom has the authorization, by way of the NDAA to conduct what is known as TMA, traditional military activities where cyber operations are included. Last month, the NYT’s reported the U.S. did carry out cyberattacks on Iran.

6. Iran has established terror cells in Western allied countries including the United States as noted by this case reported by the FBI just last month. Additionally, Qassem Suleimani has set up terror sites in Africa prepared to strike oil fields, military installations and embassies. These operations are managed by a specialized department of the Quds Force known as Unit 400.

More Executive Action Against Iran

Posted on by

Due to timing, it is assumed rather than a U.S. military strike campaign against designated targets as a result of Iran shooting down a U.S. drone, Cyber Command initiated a cyber operation. The Iranian Revolutionary Guard maintains control of the rocket and missile systems and they have been disabled as the U.S. response. Iran has confirmed the cyber-attack but also says it failed. Iran expected a response by the United States and in advance shut down several radar sites.

The United States has been inside several cyber operations in Iran for a very long time and was ready for a go order. Meanwhile, The US Cybersecurity and Infrastructure Security Agency (CISA) is warning that Iran has been advancing their own cyber operations against select US targets. It is unclear what those targets are.

President Trump spent the weekend at Camp David while Secretary of State Mike Pompeo traveled to Saudi Arabia and to Abu Dhabi while NSC John Bolton is in Israel. Bolton has on his calendar meetings with the Israeli national security and atomic energy officials as the introduction of the coming peace plan proposal dealing with the Palestinians will be introduced in Bahrain.

President Donald Trump listens to a reporter's question after signing an executive order to increase sanctions on Iran, in the Oval Office of the White House, Monday, June 24, 2019, in Washington. Trump is accompanied by Treasury Secretary Steve Mnuchin, left, and Vice President Mike Pence. Photo: Alex Brandon, AP / Copyright 2019 The Associated Press. All rights reserved. Photo: Alex Brandon AP

Trump has signed yet another addition to the sanctions architecture on Iran. There is talk of sanctions relief if Iran is willing to negotiate on key topics including escalating uranium enrichment. So far, Iran has said they will not meet with the United States and will shoot down other aircraft if they impede Iran airspace. The FAA has ordered all U.S. commercial aircraft to reroute outside of the existing Iran airspace buffer zone.

There are now heavy decisions for Europe to make in their economic trade with Iran versus that of the United States and remaining in the JCPOA, the Obama nuclear deal with Iran.

The Executive Order signed by President Trump goes right to the top of the regime yet does not yet include Mohammad Javad Zarif, the top Iran diplomat, however it is said that could come later in the week.

The new round of sanctions is all about existing monies controlled by the IRGC and the Iran Supreme leader and his associates. This includes access to revenues from oil exports and freezes the financial assets of key officials where the Iran Central Bank is listed.

***

Additional Executive Order sanctions details:

Today’s action targets commanders of the IRGC’s Navy, Aerospace, and Ground Forces, in addition to the commanders of the IRGC Navy’s (IRGCN) five naval districts. These include the naval district commanders who are responsible for the IRGCN’s activities off the coast of the southern provinces of Khuzestan, Bushehr, and Hormozgan, which lie adjacent to the Persian Gulf and the Strait of Hormuz.

OFAC is designating IRGCN Commander Ali Reza Tangsiri pursuant to E.O. 13224 for acting for or on behalf of the IRGC. As recently as February 2019, Tangsiri threatened that the Iranian regime’s forces would close the Strait of Hormuz, an international waterway, if U.S. sanctions stopped Iran’s oil exports, and that the Iranian regime is prepared to target U.S. interests in the region. As the commander of the IRGCN, Tangsiri sits atop a structure—including those regional IRGCN commanders sanctioned today—that is responsible for the sabotage of vessels in the international waters.

Also designated today pursuant to E.O. 13224 for acting for or on behalf of the IRGC is Amirali Hajizadeh, commander of the IRGC Aerospace Force, whose bureaucracy was responsible for downing the U.S. unmanned aircraft on June 20, 2019. Hajizadeh oversees Iran’s provocative ballistic missile program.

OFAC is also designating pursuant to E.O. 13224 Mohammad Pakpour, commander of the IRGC’s Ground Forces, for acting for or on behalf of the IRGC. Under Pakpour’s command, the IRGC Ground Forces have deployed to fight in Syria in support of the IRGC-Qods Force (IRGC-QF) and the brutal Assad regime. In 2017, Pakpour said that the IRGC Ground Forces were in Syria to help the IRGC-QF.

OFAC is also designating the commanders of the IRGCN’s five naval districts pursuant to E.O. 13224 for acting for or on behalf of the IRGC. The IRGC is responsible for the Regime’s destabilizing and provocative naval actions in and around the Strait of Hormuz.
IRGCN commanders of five naval districts designated today are:

IRGCN 1st Naval District Commander Abbas Gholamshahi
IRGCN 2nd Naval District Commander Ramezan Zirahi
IRGCN 3rd Naval District Commander Yadollah Badin
IRGCN 4th Naval District Commander Mansur Ravankar
IRGCN 5th Naval District Commander Ali Ozma’i

The IRGC was designated pursuant to E.O. 13224 by OFAC on October 13, 2017 and it was designated as a Foreign Terrorist Organization by the Secretary of State on April 15, 2019.

Sanctions Implications

As a result of today’s action, all property and interests in property of these individuals that are in the United States or in the possession or control of U.S. persons must be blocked and reported to OFAC. OFAC’s regulations generally prohibit all dealings by U.S. persons or within (or transiting) the United States that involve any property or interests in property of blocked or designated persons.

In addition, persons that engage in certain transactions with the persons designated today may themselves be exposed to designation. Furthermore, any foreign financial institution that knowingly facilitates a significant transaction or provides significant financial services for any of the individuals designated today could be subject to U.S. correspondent account or payable-through sanctions.

Army’s Wish List Against China/Russia

Posted on by

It appears some real strategic thinking and application is happening here and that is a good thing. These lists for more reconnaissance aircraft is a good thing for sure.

Russia's Hybrid Warfare Strategy • Full Version

U.S. Army leaders revealed Tuesday that they are briefing top military commanders about new weapons being built specifically for “high-intensity conflict” against China and Russia, in a new effort to assure that they could provide vital firepower for those potential battlefields of the future.

Reconnaissance aircraft, team reach milestone > U.S. Air ...

Army Secretary Mark Esper said he wants to shift some money away from vehicles and aircraft more suited for conflicts in Afghanistan and Iraq and into “what I need to penetrate Russian or Chinese air defenses.”

Among the new weapons and technologies he said are critical: long-range artillery, attack and reconnaissance aircraft, air and missile defenses, and command-and-control networks. Esper said the artillery — known as Long-Range Precision Fires — could be used “to hold at bay Chinese ships.”

Army officials recently briefed Adm. Philip Davidson, commander of U.S. Indo-Pacific Command, who oversees all U.S. military personnel in the Asia-Pacific region. This comes as the Army plans to rotate thousands of soldiers on expeditionary deployments throughout the Pacific — an expansive region often associated with Navy and Air Force military operations.

“We want to talk to [U.S. European Command] as well,” Esper said. “What we’re trying to do is go out and tell them what we’re doing.”

Last year, the Army held a series of reviews that recommended cutting or reducing nearly 200 weapons projects, freeing up $25 billion for investment in higher-priority programs. Among the projects cut are upgrades to Boeing-made CH-47 Chinook helicopters and buys of Oshkosh-made Joint Light Tactical Vehicles, the Army’s replacement for Humvees. Esper said he needs to shift money into “Future Vertical Lift,” an effort to build faster helicopters and tilt-rotor aircraft — similar to the V-22 Osprey —  instead of upgrades to older, larger, and slower helicopters.

“What I don’t have right now is an attack/reconnaissance aircraft,” Esper said, Tuesday during a briefing at the Pentagon. “That’s what I need to penetrate Russian or Chinese air defenses. I’m not going to do that with a CH-47.”

The Army is evaluating prototypes built by Bell and a Lockheed Martin-Boeing team, as it determines the makeup of a new generation of military helicopters.

Army leaders plan to cut the number of Joint Light Tactical Vehicles they will buy from Oshkosh but the size of the reduction has not been finalized, Esper said. Army Undersecretary Ryan McCarthy has previously said the service plans to cut 1,900 vehicles.

“We are certainly cutting the total number. I know that much,” Esper said. “But whether it … finals out; right here today, I can’t tell you. In five years, I could maybe have a different number for you.”

The secretary said that they decision to buy Chinooks and JLTVs was made before the Trump administration’s January 2018 National Defense Strategy put the Pentagon on a path to preparing for great power competition with Russia and China. That strategy reduced the Defense Department’s priority on counterterrorism and counterinsurgency fights in Afghanistan, Iraq, and other spots like Syria, which had dominated much of the past two decades. In its wake, the Army is building new doctrine that will be evaluated over the next 12 to 18 months. The results of those wargames will determine how many soldiers and weapons are needed in the future.

“They were in many ways designed for a different conflict,” he said, of Chinooks and JLTVs. “It doesn’t mean we won’t use them in future conflicts, but now my emphasis has to be on rebuilding my armor, rebuilding my fighting vehicles, having aircraft that can penetrate Russia and Chinese air defenses, that can shoot down Russian and Chinese drones and missiles and helicopters and fixed-wing aircraft. We’re in this transition period and so some folks are caught in that transition.”

Meanwhile, where is the strategic thinking when it comes to hybrid warfare?

The Pentagon wants to develop a way to detect those signs by analyzing the myriad actions in what it calls the “gray zone”–behaviors in a variety of areas that, considered separately, may or may not mean anything but when examined together could indicate malicious intent–and is putting artificial intelligence (AI) to work on the problem.

The Defense Advanced Research Projects Agency (DARPA) has launched a new program intended to better understand and interpret an adversary’s gray zone engagement as potential signals of pending aggression. The Collection and Monitoring via Planning for Active Situational Scenarios (COMPASS) program will incorporate AI, game theory, modeling, and estimation technologies to decipher the often subtle signs that precede a full-scale attack.

“The ultimate goal of the program is to provide theater-level operations and planning staffs with robust analytics and decision-support tools that reduce ambiguity of adversarial actors and their objectives,” said Fotis Barlos, DARPA program manager. “As we see increasingly more sophistication in gray zone activity around the world, we need to leverage advanced AI and other technologies to help commanders make more effective decisions to thwart an enemy’s complex, multi-layered disruptive activity.”

The attention to gray zone activity reflects the multi-pronged tactics used in hybrid warfare, of the type employed by Russia in Georgia in 2008 and in Ukraine since 2014. Cyber attacks to shut down the power grid, conduct digital espionage, and sow economic disruption, along with social media campaigns aimed at manipulating public opinion, coincided with the covert movement of troops and equipment into Ukraine. Not only have these tactics proved to be effective, their subtle, sometimes untraceable methods can lend a level of plausible deniability to the attacks. And NATO has said that clandestine hybrid attacks can achieve their aims before being noticed, too late for an effective response.smilelaugh

Anyone Fretting over the Real Russian Hacking from the Mueller Report?

Posted on by

Remember the timeline, it was the Comey FBI, the Brennan CIA, the Lynch Department of Justice and the Obama White House. So, Obama only expelled a pile of Russians and closed 3 dachas. Remember? When the dust settles just a little, President Trump has some work to do to clean up this hacking mess via Russia. Congress has some work to do also by defining some kind of hacking legislation.

The Mueller Report’s conclusions about Russian operations are unambiguous: the GRU’s Unit 26165 did the hacking, and the Internet Research Agency managed the influence campaign. The Report also concluded that the GRU’s Unit 74455 retailed the results of the doxing through its subsidiaries DCLeaks and Guccifer 2.0, and through a sympathetic WikiLeaks.

What is Unit 26165, Russia's elite military hacking centre?

Boris Zilberman on Twitter: "DOJ indictment against the ...

At one point, the Russians used servers located in the U.S. to carry out the massive data exfiltration effort, the report confirms.

Much of the information was previously learned from the indictment of Viktor Borisovich Netyksho, the Russian officer in charge of Unit 26165. Netyksho is believed to be still at large in Russia.

The operatives working for the Russian intelligence directorate, the GRU, sent dozens of targeted spearphishing emails in just five days to the work and personal accounts of Clinton Campaign employees and volunteers, as a way to break into the campaign’s computer systems.

The GRU hackers also gained access to the email account of John Podesta, Clinton’s campaign chairman, of which its contents were later published.

Using credentials they stole along the way, the hackers broke into the networks of the Democratic Congressional Campaign Committee days later. By stealing the login details of a system administrator who had “unrestricted access” to the network, the hackers broke into 29 computers in the ensuing weeks, and more than 30 computers on the DNC.

The operatives, known collectively as “Fancy Bear,” comprised several units tasked with specific operations. Mueller formally blamed Unit 26165, a division of the GRU specializing in targeting government and political organizations, for taking on the “primary responsibility for hacking the DCCC and DNC, as well as email accounts of individuals affiliated with the Clinton Campaign,” said the Mueller report.

The hackers used Mimikatz, a hacking tool used once an intruder is already in a target network, to collect credentials, and two other kinds of malware: X-Agent for taking screenshots and logging keystrokes, and X-Tunnel used to exfiltrate massive amounts of data from the network to servers controlled by the GRU. Mueller’s report found that Unit 26165 used several “middle servers” to act as a buffer between the hacked networks and the GRU’s main operations. Those servers, Mueller said, were hosted in Arizona — likely as a way to obfuscate where the attackers were located but also to avoid suspicion or detection.

In all, some 70 gigabytes of data were exfiltrated from Clinton’s campaign servers and some 300 gigabytes of data were obtained from the DNC’s network.

Meanwhile, another GRU hacking unit, Unit 74455, which helped disseminate and publish hacked and stolen documents, pushed the stolen data out through two fictitious personas. DCLeaks was a website that hosted the hacked material, while Guccifer 2.0 was a hacker-like figure who had a social presence and would engage with reporters.

Under pressure from the U.S. government, the two GRU-backed personas were shut down by the social media companies. Later, tens of thousands of hacked files were funneled to and distributed by WikiLeaks .

Mueller’s report also found a cause-and-effect between Trump’s remarks in July 2016 and subsequent cyberattacks.

“I hope you’re able to find the 30,000 emails that are missing,” said then-candidate Trump at a press conference, referring to emails Clinton stored on a personal email server while she headed the State Department. Mueller’s report said “within approximately five hours” of those remarks, GRU officers began targeting for the first time Clinton’s personal office.

More than a dozen staffers were targeted by Unit 26165, including a senior aide. “It is unclear how the GRU was able to identify these email accounts, which were not public,” said Mueller.

Mueller said the Trump campaign made efforts to “find the deleted Clinton emails.” Trump is said to have privately asked would-be national security advisor Michael Flynn, since convicted following inquiries by the Special Counsel’s office, to reach out to associates to obtain the emails. One of those associates was Peter Smith, who died by suicide in May 2017, who claimed to be in contact with Russian hackers — claims which Mueller said were not true.

Does that implicate the Trump campaign in an illegal act? Likely not.

“Under applicable law, publication of these types of materials would not be criminal unless the publisher also participated in the underlying hacking conspiracy,” according to Elie Honig, a CNN legal analyst. “The special counsel’s report did not find that any person associated with the Trump campaign illegally participated in the dissemination of the materials.”

N Korea Test Fires Tactical Weapon

Posted on by

(Reuters) – Satellite images from last week show movement at North Korea’s main nuclear site that could be associated with the reprocessing of radioactive material into bomb fuel, a U.S. think tank said on Tuesday. The U.S. State Department declined to comment on intelligence matters, but a source familiar with U.S. government assessments said that while U.S. experts thought the movements could possibly be related to reprocessing, they were doubtful it was significant nuclear activity.

***

SEOUL, April 18 (Yonhap) — North Korean leader Kim Jong-un has supervised a test-firing of a new tactical guided weapon, calling its development an “event of very weighty significance” in beefing up its military power, state media reported Thursday.

The Korean Central News Agency said the test happened Wednesday but did not specify what the newly developed weapon was. It was the first time since November the North’s leader has overseen a weapons testing.

“Saying that the completion of the development of the weapon system serves as an event of very weighty significance in increasing the combat power of the People’s Army, he noted that it is a very good thing that the field of national defense science has waged a dynamic struggle for attaining core research goals,” Kim was quoted as saying by the KCNA.

North Korean leader Kim Jong-un inspects a flight drill of the North's Air and Anti-aircraft Force on April 17, 2019, in this photo released by the Korean Central News Agency on April 18. As is customary, the agency didn't provide the location. (For Use Only in the Republic of Korea. No Redistribution) (Yonhap) North Korean leader Kim Jong-un inspects a flight drill of the North’s Air and Anti-aircraft Force on April 17, 2019, in this photo released by the Korean Central News Agency on April 18. As is customary, the agency didn’t provide the location. (For Use Only in the Republic of Korea. No Redistribution) (Yonhap)

“After watching the power of the new-type tactical guided weapon, he pointed out that our national defense scientists and workers in the field of the munitions industry performed another great work in increasing the country’s defense capabilities,” the KCNA said.

Kim also set the “phased and strategic goals” for maintaining his country’s munitions production, putting national defense science and technology on a “cutting edge level,” and ordering “detailed tasks and ways to attain them.”

The test-firing came after Kim suggested a year-end deadline for denuclearization negotiations with the United States following the breakdown of his February summit with U.S. President Donald Trump.

On Wednesday, Pyongyang’s media said that the North Korean leader visited an air force unit and reviewed a flight exercise in his first public inspection of military activities in five months.