Category Archives: Cyber War

The Other Items Complicating a China Trade Deal

Posted on by

Beyond the traditional trade talks between the U.S. Trade Representative and envoy with Beijing, there are complicating factors that enter into the debates and it is generally dealing with military aggression and espionage. So consider the following items:

  1. New Delhi: China has recently leased vast tracts of land along the coast of the Koh Kong province of Cambodia to turn into a seaside resort. An area of 45,000 hectares — 20 per cent of the coastline — has been leased for 40 years for a paltry annual rent of US $1 million.

    A Chinese private company called Union Development Group (UDG) is undertaking the project, named the Dara Sakor Seashore Resort Long Term Project.

    However, there has also been increased military cooperation between Beijing and Phnom Penh, and the US has raised concerns, with Vice-President Mike Pence writing to Cambodian PM Hun Sen that these facilities could be put to military use.

    Paul Chambers, professor of international affairs at the Naresuan University in Thailand, has claimed that senior Cambodian officials privately admitted that Hun Sen was considering approving a Chinese naval base at Kiri Sakor. The Chinese resort in Cambodia that can overnight be ...

    Hun Sen has claimed there are no foreign troops on Cambodian soil, but China has been accused of using debt traps to get its way. And according to satellite imagery accessed by ThePrint, there is a real possibility of the resort project currently under construction turning into a Chinese military base.

  2.   BRUSSELS (Reuters) – China’s ZTE opened a cybersecurity lab in Brussels on Wednesday, aiming to boost transparency four months after bigger telecoms equipment rival Huawei [HWT.UL] did the same to allay concerns about spying.Chinese vendors of network gear are being scrutinized by the United States and some of its allies who believe the equipment could be used by Beijing to spy on customers if deployed in 5G networks, which are beginning to be built around the world.

    Huawei, the world’s biggest maker of telecoms network gear, has been blacklisted by the U.S. government, meaning that U.S. companies need special approval – which they are unlikely to get – to export products to the Chinese company.

  3. The Chinese military has deployed military personnel and armored medical vehicles to Germany for joint drills, a first for the Chinese People’s Liberation Army as it attempts to forge closer ties with Europe.

    The joint exercise — Combined Aid 2019 — is focused on preparing troops with the medical service units of the Chinese and German armed forces to respond to humanitarian crises, such as mass casualty incidents and serious disease outbreaks, China’s Xinhua News Agency reported.

    The exercise follows a cooperative military medical training exercise in 2016 in Chongqing, where the PLA and the German Bundeswehr practiced responding to an imaginary earthquake scenario.

  4. Over one million Uyghurs and Muslims from other ethnic minority groups have been detained by the Chinese government and sent to “re-education” internment camps. Sources indicate that detainees are psychologically and physically abused. Uyghurs outside the camps in Xinjiang are also not free, as they are kept under constant surveillance, often using advanced technology. The Chinese government is increasingly testing this technology in Xinjiang and exporting it nationally and globally, with concerning implications for democracy and human rights.
  5. (UPI) China is condemning a recent U.S. decision to sell $2.2 billion worth of weapons to Taiwan, saying the “reckless” policy tampers with Chinese sovereignty.

    Beijing’s foreign ministry spokesman Geng Shuang said Tuesday at a regular press briefing China opposes U.S. weapons sales to Taiwan, a country China recognizes as a breakaway province.

    “The United States has recklessly interfered in Chinese domestic affairs,” Geng said. “It has undermined China’s sovereignty and security interests.”

    The U.S. State Department on Monday approved two potential arms sales to Taiwan, worth $2.2 billion.

    The weapons to be sold to Taiwan include 108 Abrams tanks, 250 Stinger missiles and related equipment.

    On Tuesday Geng reminded reporters Beijing does not recognize Taiwanese sovereignty.

    “Taiwan is an inseparable part of Chinese territory,” the foreign ministry spokesman said. “Do not underestimate the Chinese government and the people’s will to defend national sovereignty and territory.”

    Geng added the United States was in “severe violation” of Beijing’s “One-China” policy.

    Tensions have grown between Taiwan and China since President Tsai Ing-wen assumed office in 2016.

    Tsai’s recent decision to stay in the United States for four nights during a “layover” has angered China. Beijing, under its law, bans the Taiwanese leader from making contact with U.S. politicians.

 

Possible Details on Iran for Trump Briefings

Posted on by

Image result for un arms embargo iran photo/details

For context, here is the background on the UN Arms Embargo on Iran.

1. The rapidly expiring “sunset provisions” – which will lift existing restrictions on Iran’s military, missiles and nuclear programs – were a key factor in President Trump’s decision to withdraw from the flawed Joint Comprehensive Plan of Action (JCPOA) in May last year. The first of the sunset provisions, the arms embargo under U.N. Security Council Resolution (UNSCR) 2231, will expire by October 18, 2020.

In its report, JCPOA Sunset Alert, United Against Nuclear Iran (UANI) details the hazards once UNSCR 2231’s arms transfers provisions expire. Guns, howitzers, mortars, battle tanks, armored combat vehicles, combat aircraft, attack helicopters, warships and missiles or missile systems will proliferate throughout the region.

2. The European Union is skirting the Iran sanction architecture by launching INSTEX. Based in Paris, it is managed by Per Fischer a German banker and the UK is heading the supervisory board.

The channel, set up by Germany, France and the UK, is called INSTEX — short for “Instrument in Support of Trade Exchanges.”

“We’re making clear that we didn’t just talk about keeping the nuclear deal with Iran alive, but now we’re creating a possibility to conduct business transactions,” German Foreign Minister Heiko Maas told reporters Thursday after a meeting with European counterparts in Bucharest, Romania.

“This is a precondition for us to meet the obligations we entered into in order to demand from Iran that it doesn’t begin military uranium enrichment,” Maas said.

3. Zarif, Iran’s Foreign Minister has confirmed violations of stockpile limitations as well as uranium enrichment of 300kg. for low-enriched uranium. These two items are violations of the JCPOA and Europe considers this just a distraction.

4. The U.S. has sent an estimated 12 F-22 Raptor stealth fighters to Qatar, based at al Udeid Air Base to bolster defenses Iran threats. There is a B-52 bomber task force in the region. The U.S. has dispatched several army batteries that operate the Patriot Missile launchers. Much of this is due to and in preparation for the asymmetric warfare tactics in use by Iran.

5. Iran is aware they cannot match the United States militarily, so there are two other possibilities and they include attacking Israel and major cyber interruptions.

Speaking at a political conference of ultra-conservatives in Iran’s north, Mashaei said, “If the Zionist regime attacks Iran, the Zionists will have no longer than a week to live.” The semi-official Fars news agency quoted him as saying that the Islamic Republic would destroy Israel “in less than 10 days”. On the cyber front, Iran has the abilities to disrupt networks associated with power systems in the region as well as those connected to oil production and shipping. U.S. Cybercom has the authorization, by way of the NDAA to conduct what is known as TMA, traditional military activities where cyber operations are included. Last month, the NYT’s reported the U.S. did carry out cyberattacks on Iran.

6. Iran has established terror cells in Western allied countries including the United States as noted by this case reported by the FBI just last month. Additionally, Qassem Suleimani has set up terror sites in Africa prepared to strike oil fields, military installations and embassies. These operations are managed by a specialized department of the Quds Force known as Unit 400.

More Executive Action Against Iran

Posted on by

Due to timing, it is assumed rather than a U.S. military strike campaign against designated targets as a result of Iran shooting down a U.S. drone, Cyber Command initiated a cyber operation. The Iranian Revolutionary Guard maintains control of the rocket and missile systems and they have been disabled as the U.S. response. Iran has confirmed the cyber-attack but also says it failed. Iran expected a response by the United States and in advance shut down several radar sites.

The United States has been inside several cyber operations in Iran for a very long time and was ready for a go order. Meanwhile, The US Cybersecurity and Infrastructure Security Agency (CISA) is warning that Iran has been advancing their own cyber operations against select US targets. It is unclear what those targets are.

President Trump spent the weekend at Camp David while Secretary of State Mike Pompeo traveled to Saudi Arabia and to Abu Dhabi while NSC John Bolton is in Israel. Bolton has on his calendar meetings with the Israeli national security and atomic energy officials as the introduction of the coming peace plan proposal dealing with the Palestinians will be introduced in Bahrain.

President Donald Trump listens to a reporter's question after signing an executive order to increase sanctions on Iran, in the Oval Office of the White House, Monday, June 24, 2019, in Washington. Trump is accompanied by Treasury Secretary Steve Mnuchin, left, and Vice President Mike Pence. Photo: Alex Brandon, AP / Copyright 2019 The Associated Press. All rights reserved. Photo: Alex Brandon AP

Trump has signed yet another addition to the sanctions architecture on Iran. There is talk of sanctions relief if Iran is willing to negotiate on key topics including escalating uranium enrichment. So far, Iran has said they will not meet with the United States and will shoot down other aircraft if they impede Iran airspace. The FAA has ordered all U.S. commercial aircraft to reroute outside of the existing Iran airspace buffer zone.

There are now heavy decisions for Europe to make in their economic trade with Iran versus that of the United States and remaining in the JCPOA, the Obama nuclear deal with Iran.

The Executive Order signed by President Trump goes right to the top of the regime yet does not yet include Mohammad Javad Zarif, the top Iran diplomat, however it is said that could come later in the week.

The new round of sanctions is all about existing monies controlled by the IRGC and the Iran Supreme leader and his associates. This includes access to revenues from oil exports and freezes the financial assets of key officials where the Iran Central Bank is listed.

***

Additional Executive Order sanctions details:

Today’s action targets commanders of the IRGC’s Navy, Aerospace, and Ground Forces, in addition to the commanders of the IRGC Navy’s (IRGCN) five naval districts. These include the naval district commanders who are responsible for the IRGCN’s activities off the coast of the southern provinces of Khuzestan, Bushehr, and Hormozgan, which lie adjacent to the Persian Gulf and the Strait of Hormuz.

OFAC is designating IRGCN Commander Ali Reza Tangsiri pursuant to E.O. 13224 for acting for or on behalf of the IRGC. As recently as February 2019, Tangsiri threatened that the Iranian regime’s forces would close the Strait of Hormuz, an international waterway, if U.S. sanctions stopped Iran’s oil exports, and that the Iranian regime is prepared to target U.S. interests in the region. As the commander of the IRGCN, Tangsiri sits atop a structure—including those regional IRGCN commanders sanctioned today—that is responsible for the sabotage of vessels in the international waters.

Also designated today pursuant to E.O. 13224 for acting for or on behalf of the IRGC is Amirali Hajizadeh, commander of the IRGC Aerospace Force, whose bureaucracy was responsible for downing the U.S. unmanned aircraft on June 20, 2019. Hajizadeh oversees Iran’s provocative ballistic missile program.

OFAC is also designating pursuant to E.O. 13224 Mohammad Pakpour, commander of the IRGC’s Ground Forces, for acting for or on behalf of the IRGC. Under Pakpour’s command, the IRGC Ground Forces have deployed to fight in Syria in support of the IRGC-Qods Force (IRGC-QF) and the brutal Assad regime. In 2017, Pakpour said that the IRGC Ground Forces were in Syria to help the IRGC-QF.

OFAC is also designating the commanders of the IRGCN’s five naval districts pursuant to E.O. 13224 for acting for or on behalf of the IRGC. The IRGC is responsible for the Regime’s destabilizing and provocative naval actions in and around the Strait of Hormuz.
IRGCN commanders of five naval districts designated today are:

IRGCN 1st Naval District Commander Abbas Gholamshahi
IRGCN 2nd Naval District Commander Ramezan Zirahi
IRGCN 3rd Naval District Commander Yadollah Badin
IRGCN 4th Naval District Commander Mansur Ravankar
IRGCN 5th Naval District Commander Ali Ozma’i

The IRGC was designated pursuant to E.O. 13224 by OFAC on October 13, 2017 and it was designated as a Foreign Terrorist Organization by the Secretary of State on April 15, 2019.

Sanctions Implications

As a result of today’s action, all property and interests in property of these individuals that are in the United States or in the possession or control of U.S. persons must be blocked and reported to OFAC. OFAC’s regulations generally prohibit all dealings by U.S. persons or within (or transiting) the United States that involve any property or interests in property of blocked or designated persons.

In addition, persons that engage in certain transactions with the persons designated today may themselves be exposed to designation. Furthermore, any foreign financial institution that knowingly facilitates a significant transaction or provides significant financial services for any of the individuals designated today could be subject to U.S. correspondent account or payable-through sanctions.

Army’s Wish List Against China/Russia

Posted on by

It appears some real strategic thinking and application is happening here and that is a good thing. These lists for more reconnaissance aircraft is a good thing for sure.

Russia's Hybrid Warfare Strategy • Full Version

U.S. Army leaders revealed Tuesday that they are briefing top military commanders about new weapons being built specifically for “high-intensity conflict” against China and Russia, in a new effort to assure that they could provide vital firepower for those potential battlefields of the future.

Reconnaissance aircraft, team reach milestone > U.S. Air ...

Army Secretary Mark Esper said he wants to shift some money away from vehicles and aircraft more suited for conflicts in Afghanistan and Iraq and into “what I need to penetrate Russian or Chinese air defenses.”

Among the new weapons and technologies he said are critical: long-range artillery, attack and reconnaissance aircraft, air and missile defenses, and command-and-control networks. Esper said the artillery — known as Long-Range Precision Fires — could be used “to hold at bay Chinese ships.”

Army officials recently briefed Adm. Philip Davidson, commander of U.S. Indo-Pacific Command, who oversees all U.S. military personnel in the Asia-Pacific region. This comes as the Army plans to rotate thousands of soldiers on expeditionary deployments throughout the Pacific — an expansive region often associated with Navy and Air Force military operations.

“We want to talk to [U.S. European Command] as well,” Esper said. “What we’re trying to do is go out and tell them what we’re doing.”

Last year, the Army held a series of reviews that recommended cutting or reducing nearly 200 weapons projects, freeing up $25 billion for investment in higher-priority programs. Among the projects cut are upgrades to Boeing-made CH-47 Chinook helicopters and buys of Oshkosh-made Joint Light Tactical Vehicles, the Army’s replacement for Humvees. Esper said he needs to shift money into “Future Vertical Lift,” an effort to build faster helicopters and tilt-rotor aircraft — similar to the V-22 Osprey —  instead of upgrades to older, larger, and slower helicopters.

“What I don’t have right now is an attack/reconnaissance aircraft,” Esper said, Tuesday during a briefing at the Pentagon. “That’s what I need to penetrate Russian or Chinese air defenses. I’m not going to do that with a CH-47.”

The Army is evaluating prototypes built by Bell and a Lockheed Martin-Boeing team, as it determines the makeup of a new generation of military helicopters.

Army leaders plan to cut the number of Joint Light Tactical Vehicles they will buy from Oshkosh but the size of the reduction has not been finalized, Esper said. Army Undersecretary Ryan McCarthy has previously said the service plans to cut 1,900 vehicles.

“We are certainly cutting the total number. I know that much,” Esper said. “But whether it … finals out; right here today, I can’t tell you. In five years, I could maybe have a different number for you.”

The secretary said that they decision to buy Chinooks and JLTVs was made before the Trump administration’s January 2018 National Defense Strategy put the Pentagon on a path to preparing for great power competition with Russia and China. That strategy reduced the Defense Department’s priority on counterterrorism and counterinsurgency fights in Afghanistan, Iraq, and other spots like Syria, which had dominated much of the past two decades. In its wake, the Army is building new doctrine that will be evaluated over the next 12 to 18 months. The results of those wargames will determine how many soldiers and weapons are needed in the future.

“They were in many ways designed for a different conflict,” he said, of Chinooks and JLTVs. “It doesn’t mean we won’t use them in future conflicts, but now my emphasis has to be on rebuilding my armor, rebuilding my fighting vehicles, having aircraft that can penetrate Russia and Chinese air defenses, that can shoot down Russian and Chinese drones and missiles and helicopters and fixed-wing aircraft. We’re in this transition period and so some folks are caught in that transition.”

Meanwhile, where is the strategic thinking when it comes to hybrid warfare?

The Pentagon wants to develop a way to detect those signs by analyzing the myriad actions in what it calls the “gray zone”–behaviors in a variety of areas that, considered separately, may or may not mean anything but when examined together could indicate malicious intent–and is putting artificial intelligence (AI) to work on the problem.

The Defense Advanced Research Projects Agency (DARPA) has launched a new program intended to better understand and interpret an adversary’s gray zone engagement as potential signals of pending aggression. The Collection and Monitoring via Planning for Active Situational Scenarios (COMPASS) program will incorporate AI, game theory, modeling, and estimation technologies to decipher the often subtle signs that precede a full-scale attack.

“The ultimate goal of the program is to provide theater-level operations and planning staffs with robust analytics and decision-support tools that reduce ambiguity of adversarial actors and their objectives,” said Fotis Barlos, DARPA program manager. “As we see increasingly more sophistication in gray zone activity around the world, we need to leverage advanced AI and other technologies to help commanders make more effective decisions to thwart an enemy’s complex, multi-layered disruptive activity.”

The attention to gray zone activity reflects the multi-pronged tactics used in hybrid warfare, of the type employed by Russia in Georgia in 2008 and in Ukraine since 2014. Cyber attacks to shut down the power grid, conduct digital espionage, and sow economic disruption, along with social media campaigns aimed at manipulating public opinion, coincided with the covert movement of troops and equipment into Ukraine. Not only have these tactics proved to be effective, their subtle, sometimes untraceable methods can lend a level of plausible deniability to the attacks. And NATO has said that clandestine hybrid attacks can achieve their aims before being noticed, too late for an effective response.smilelaugh

Anyone Fretting over the Real Russian Hacking from the Mueller Report?

Posted on by

Remember the timeline, it was the Comey FBI, the Brennan CIA, the Lynch Department of Justice and the Obama White House. So, Obama only expelled a pile of Russians and closed 3 dachas. Remember? When the dust settles just a little, President Trump has some work to do to clean up this hacking mess via Russia. Congress has some work to do also by defining some kind of hacking legislation.

The Mueller Report’s conclusions about Russian operations are unambiguous: the GRU’s Unit 26165 did the hacking, and the Internet Research Agency managed the influence campaign. The Report also concluded that the GRU’s Unit 74455 retailed the results of the doxing through its subsidiaries DCLeaks and Guccifer 2.0, and through a sympathetic WikiLeaks.

What is Unit 26165, Russia's elite military hacking centre?

Boris Zilberman on Twitter: "DOJ indictment against the ...

At one point, the Russians used servers located in the U.S. to carry out the massive data exfiltration effort, the report confirms.

Much of the information was previously learned from the indictment of Viktor Borisovich Netyksho, the Russian officer in charge of Unit 26165. Netyksho is believed to be still at large in Russia.

The operatives working for the Russian intelligence directorate, the GRU, sent dozens of targeted spearphishing emails in just five days to the work and personal accounts of Clinton Campaign employees and volunteers, as a way to break into the campaign’s computer systems.

The GRU hackers also gained access to the email account of John Podesta, Clinton’s campaign chairman, of which its contents were later published.

Using credentials they stole along the way, the hackers broke into the networks of the Democratic Congressional Campaign Committee days later. By stealing the login details of a system administrator who had “unrestricted access” to the network, the hackers broke into 29 computers in the ensuing weeks, and more than 30 computers on the DNC.

The operatives, known collectively as “Fancy Bear,” comprised several units tasked with specific operations. Mueller formally blamed Unit 26165, a division of the GRU specializing in targeting government and political organizations, for taking on the “primary responsibility for hacking the DCCC and DNC, as well as email accounts of individuals affiliated with the Clinton Campaign,” said the Mueller report.

The hackers used Mimikatz, a hacking tool used once an intruder is already in a target network, to collect credentials, and two other kinds of malware: X-Agent for taking screenshots and logging keystrokes, and X-Tunnel used to exfiltrate massive amounts of data from the network to servers controlled by the GRU. Mueller’s report found that Unit 26165 used several “middle servers” to act as a buffer between the hacked networks and the GRU’s main operations. Those servers, Mueller said, were hosted in Arizona — likely as a way to obfuscate where the attackers were located but also to avoid suspicion or detection.

In all, some 70 gigabytes of data were exfiltrated from Clinton’s campaign servers and some 300 gigabytes of data were obtained from the DNC’s network.

Meanwhile, another GRU hacking unit, Unit 74455, which helped disseminate and publish hacked and stolen documents, pushed the stolen data out through two fictitious personas. DCLeaks was a website that hosted the hacked material, while Guccifer 2.0 was a hacker-like figure who had a social presence and would engage with reporters.

Under pressure from the U.S. government, the two GRU-backed personas were shut down by the social media companies. Later, tens of thousands of hacked files were funneled to and distributed by WikiLeaks .

Mueller’s report also found a cause-and-effect between Trump’s remarks in July 2016 and subsequent cyberattacks.

“I hope you’re able to find the 30,000 emails that are missing,” said then-candidate Trump at a press conference, referring to emails Clinton stored on a personal email server while she headed the State Department. Mueller’s report said “within approximately five hours” of those remarks, GRU officers began targeting for the first time Clinton’s personal office.

More than a dozen staffers were targeted by Unit 26165, including a senior aide. “It is unclear how the GRU was able to identify these email accounts, which were not public,” said Mueller.

Mueller said the Trump campaign made efforts to “find the deleted Clinton emails.” Trump is said to have privately asked would-be national security advisor Michael Flynn, since convicted following inquiries by the Special Counsel’s office, to reach out to associates to obtain the emails. One of those associates was Peter Smith, who died by suicide in May 2017, who claimed to be in contact with Russian hackers — claims which Mueller said were not true.

Does that implicate the Trump campaign in an illegal act? Likely not.

“Under applicable law, publication of these types of materials would not be criminal unless the publisher also participated in the underlying hacking conspiracy,” according to Elie Honig, a CNN legal analyst. “The special counsel’s report did not find that any person associated with the Trump campaign illegally participated in the dissemination of the materials.”