Category Archives: Cyber War

Putin’s Think Tank Crafted 2016 U.S. election Interference – documents

Posted on by

Image result for Russian Institute for Strategic Studies  Image result for Russian Institute for Strategic Studies

Reuters: A Russian government think tank controlled by Vladimir Putin developed a plan to swing the 2016 U.S. presidential election to Donald Trump and undermine voters’ faith in the American electoral system, three current and four former U.S. officials told Reuters.

They described two confidential documents from the think tank as providing the framework and rationale for what U.S. intelligence agencies have concluded was an intensive effort by Russia to interfere with the Nov. 8 election. U.S. intelligence officials acquired the documents, which were prepared by the Moscow-based Russian Institute for Strategic Studies [en.riss.ru/], after the election.

The institute is run by retired senior Russian foreign intelligence officials appointed by Putin’s office.

The first Russian institute document was a strategy paper written last June that circulated at the highest levels of the Russian government but was not addressed to any specific individuals.

It recommended the Kremlin launch a propaganda campaign on social media and Russian state-backed global news outlets to encourage U.S. voters to elect a president who would take a softer line toward Russia than the administration of then-President Barack Obama, the seven officials said.

A second institute document, drafted in October and distributed in the same way, warned that Democratic presidential candidate Hillary Clinton was likely to win the election. For that reason, it argued, it was better for Russia to end its pro-Trump propaganda and instead intensify its messaging about voter fraud to undermine the U.S. electoral system’s legitimacy and damage Clinton’s reputation in an effort to undermine her presidency, the seven officials said.

The current and former U.S. officials spoke on the condition of anonymity due to the Russian documents’ classified status. They declined to discuss how the United States obtained them. U.S. intelligence agencies also declined to comment on them.

Putin has denied interfering in the U.S. election. Putin’s spokesman and the Russian institute did not respond to requests for comment.

The documents were central to the Obama administration’s conclusion that Russia mounted a “fake news” campaign and launched cyber attacks against Democratic Party groups and Clinton’s campaign, the current and former officials said.

“Putin had the objective in mind all along, and he asked the institute to draw him a road map,” said one of the sources, a former senior U.S. intelligence official.

Trump has said Russia’s activities had no impact on the outcome of the race. Ongoing congressional and FBI investigations into Russian interference have so far produced no public evidence that Trump associates colluded with the Russian effort to change the outcome of the election.

Four of the officials said the approach outlined in the June strategy paper was a broadening of an effort the Putin administration launched in March 2016. That month the Kremlin instructed state-backed media outlets, including international platforms Russia Today and Sputnik news agency, to start producing positive reports on Trump’s quest for the U.S. presidency, the officials said.

Russia Today did not respond to a request for comment. A spokesperson for Sputnik dismissed the assertions by the U.S. officials that it participated in a Kremlin campaign as an “absolute pack of lies.” “And by the way, it’s not the first pack of lies we’re hearing from ‘sources in U.S. official circles’,” the spokesperson said in an email.

PRO-KREMLIN BLOGGERS

Russia Today and Sputnik published anti-Clinton stories while pro-Kremlin bloggers prepared a Twitter campaign calling into question the fairness of an anticipated Clinton victory, according to a report by U.S. intelligence agencies on Russian interference in the election made public in January. [bit.ly/2kMiKSA]

Russia Today’s most popular Clinton video – “How 100% of the 2015 Clintons’ ‘charity’ went to … themselves” – accumulated 9 millions views on social media, according to the January report. [bit.ly/2os8wIt]

The report said Russia Today and Sputnik “consistently cast president elect-Trump as the target of unfair coverage from traditional media outlets.”

The report said the agencies did not assess whether Moscow’s effort had swung the outcome of the race in Trump’s favor, because American intelligence agencies do not “analyze U.S. political processes or U.S. public opinion.” [bit.ly/2kMiKSA]

CYBER ATTACKS

Neither of the Russian institute documents mentioned the release of hacked Democratic Party emails to interfere with the U.S. election, according to four of the officials. The officials said the hacking was a covert intelligence operation run separately out of the Kremlin.

The overt propaganda and covert hacking efforts reinforced each other, according to the officials. Both Russia Today and Sputnik heavily promoted the release of the hacked Democratic Party emails, which often contained embarrassing details.

Five of the U.S. officials described the institute as the Kremlin’s in-house foreign policy think tank.

The institute’s director when the documents were written, Leonid Reshetnikov, rose to the rank of lieutenant general during a 33-year-career in Russia’s foreign intelligence service, according to the institute’s website [bit.ly/2oVhiCF]. After Reshetnikov retired from the institute in January, Putin named as his replacement Mikhail Fradkov. The institute says he served as the director of Russia’s foreign intelligence service from 2007 to 2016. [bit.ly/2os4tvz]

Reuters was unable to determine if either man was directly involved in the drafting of the documents. Reshetnikov’s office referred questions to the Russian institute.

On its website, the Russian institute describes itself as providing “expert appraisals,” “recommendations,” and “analytical materials” to the Russian president’s office, cabinet, National Security Council, ministries and parliament. [bit.ly/2pCBGpR]

On Jan. 31, the websites of Putin’s office [bit.ly/2os9wMr] and the institute [bit.ly/2oLn9Kd] posted a picture and transcript of Reshetnikov and his successor Fradkov meeting with Putin in the Kremlin. Putin thanked Reshetnikov for his service and told Fradkov he wanted the institute to provide objective information and analysis.

“We did our best for nearly eight years to implement your foreign policy concept,” Reshetnikov told Putin. “The policy of Russia and the policy of the President of Russia have been the cornerstone of our operation.”

(Reporting by Ned Parker and Jonathan Landay, additional reporting by Warren Strobel and Arshad Mohammed; Editing by David Rohde and Ross Colvin)

*** In part:

The wide range of scientific work is ensured by the structural subdivision of the

RISS into the Research Center of CIS countries, Center for Asia and the Middle

East Research, the Center for Euro-Atlantic Studies (‘geographical departments’),

Center for Economic Research, Centre for Defense Studies as well as the Humanitarian

Research Center (functional departments).8 The latter represents a

new department, introduced almost simultaneously with the Presidential Decree

of 2009 and it is preoccupied with “the contentious issues of the foreign relations

history and the role of the religious factor.”9 Its introduction has added a new task

of “counteracting the falsification of history in the post-Soviet space”10 to RISS

scientific activities which are determined by the need of the Russian government

to provide strategic interests in the post-Soviet space. Here, there is a serious element

of propaganda for Russian state interests. Upon the whole, we can conclude

that the Presidential Decree of 2009 has turned the RISS into a useful tool providing

abundant data and research for an appropriate “articulation of the strategic

directions of the state policy in the sphere of national security.”  Read more here.

 

Russian Bombers Near Kodiak, Alaska, Deconfliction Line Busy?

Posted on by

Again and again…  There was no cockpit-to-cockpit radio communication between the US and Russian pilots. So that ‘deconfliction’ line between the United States and Russia apparently goes to voicemail.

It was just a few days ago that Hawaii formally requested military emergency response operations due to the North Korea threat. Likely, the manner of which Russia maintains aggressive messaging, those two bombers were dispatched to test U.S. response and air defense systems.

FNC: A pair of Russian nuclear-capable bombers flew near Alaska Monday night, two U.S. officials told Fox News, coming as close as 100 miles from Kodiak Island — the first time since President Trump took office that Moscow has sent bombers so close to the U.S.

The two Russian Tu-95 “Bear” bombers flew roughly 280 miles southwest of Elmendorf Air Force Base, within the Air Defense Identification Zone of the United States.

The U.S. Air Force scrambled two F-22 stealth fighter jets and an E-3 airborne early warning plane to intercept the Russian bombers.

The American jets flew alongside the Russian bombers for 12 minutes, before the Russian bombers reversed course and headed back to their base in eastern Russia.

Last week in Moscow, Secretary of State Rex Tillerson said U.S.-Russian relations were at a “low point” while sitting next to Russian Foreign Minister Sergey Lavrov.

While Tillerson was in Moscow, three Russian bombers flew near the east coast of Japan, forcing the Japanese military to scramble 14 fighter jets at various times to intercept the bombers. A Russian spy plane also flew along Japan’s west coast.

The last time Russian bombers flew near the U.S. was July 4, 2015, when a pair of Russian bombers flew off the coasts of Alaska and California, coming as close as 40 miles to Mendocino, Calif.

Russian President Vladimir Putin called then-President Barack Obama to wish him a happy Independence Day while the bombers cruised the California coastline.

***

WaPo: Gen. Paul Selva recently became the first Pentagon official to state publicly that Russia has deployed a land-based cruise missile in direct violation of its treaty obligations to the United States. Selva, who serves as vice chairman of the Joint Chiefs of Staff, said in testimony before the House Armed Services Committee: “We believe that the Russians have deliberately deployed it in order to pose a threat to NATO.” He also noted — to the best of his knowledge — that “they do not intend to return to compliance.”

In other words, the Russians have calculated that it costs them more to fulfill their treaty commitments than to break them. The only proper response to this provocation is to increase the costs and change Russia’s calculation.

The agreement in question is the Intermediate-Range Nuclear Forces Treaty, which the Soviet Union and the United States signed in 1987 to eliminate an entire class of land-based missiles with a range of 500 to 5,500 kilometers. Reasons for the treaty date back to the late 1970s, when the Soviet Union deployed intermediate-range nuclear missiles to Europe, reducing warning times and threatening to divide Europe from North America. NATO responded by deploying U.S. intermediate-range nuclear missiles in 1983. The increased tensions ultimately led to arms-control negotiations and the landmark INF Treaty.

***

The Tu-95 is the worlds fastest propeller driven aircraft in the world today. The Tupolev Tu-95 (Russian: Туполев Ту-95; NATO reporting name: “Bear”) is a large, four-engine turboprop-powered strategic bomber and missile platform. First flown in 1952, the Tu-95 entered service with the Soviet Union in 1956 and is expected to serve the Russian Air Force until at least 2040.[1] A development of the bomber for maritime patrol is designated Tu-142, while a passenger airliner derivative was called Tu-114.

The aircraft has four Kuznetsov NK-12 engines, each driving contra-rotating propellers. It is the only propeller-powered strategic bomber still in operational use today. The tips of the propeller-blades move faster than the speed of sound, making it one of the noisiest military aircraft.[2] Its distinctive swept-back wings are at a 35° angle.

Design and development[edit]

A Tu-95MS in 2007.

A Tu-95 showing its swept wing and anti-shock bodies
The design bureau led by Andrei Tupolev designed the Soviet Union’s first intercontinental bomber, the 1949 Tu-85, a scaled up version of the Tu-4, a Boeing B-29 Superfortress copy.[3]

A new requirement was issued to both Tupolev and Myasishchev design bureaus in 1950: the proposed bomber had to have an un-refueled range of 8,000 km (4,970 mi)—far enough to threaten key targets in the United States. Other goals included the ability to carry an 11,000 kg (12.1 ton) load over the target.[citation needed]

The big problem for Tupolev was the engine choice: the Tu-4 showed that piston engines were not powerful enough to fulfill that role, while the fuel-hungry AM-3 jet engines of the proposed T-4 intercontinental jet bomber did not provide adequate range.[4] Turboprops offered more power than the piston engines and better range than jets available for the new bomber’s development at the time, while offering a top speed in between these two alternative choices.

Tupolev’s proposal was selected and Tu-95 development was officially approved by the government on 11 July 1951. It featured four Kuznetsov[5] coupled turboprops, each fitted with two contra-rotating propellers of four blades each, producing a nominal 8,948 kW (12,000 eshp) power rating. The then-advanced engine was designed by a German team of ex-Junkers prisoner-engineers under Ferdinand Brandner. In contrast, the fuselage was conventional: a mid-wing cantilever monoplane with 35 degrees of sweep, an angle which ensured the main wing spar passed through the fuselage in front of the bomb bay. Retractable tricycle landing gear was fitted, with all three gear strut units retracting rearwards, with the main gear units retracting rearwards into extensions of the inner engine nacelles.[citation needed]

The Tu-95/I, with 2TV-2F engines, first flew in November 1952 with test pilot Alexey Perelet at the controls.[6] After six months of test flights this aircraft suffered a propeller gearbox failure and crashed, killing Perelet. The second aircraft, Tu-95/II featured four of the 12,000 ehp Kuznetsov NK-12 turboprops which proved more reliable than the coupled 2TV-2F. After a successful flight testing phase, series production of the Tu-95 started in January 1956.[5]

A Tu-95MS simulating aerial refueling with an Ilyushin Il-78 during the Victory Day Parade in Moscow on 9 May 2008.
For a long time, the Tu-95 was known to U.S./NATO intelligence as the Tu-20. While this was the original Soviet Air Force designation for the aircraft, by the time it was being supplied to operational units it was already better known under the Tu-95 designation used internally by Tupolev, and the Tu-20 designation quickly fell out of use in the USSR.[citation needed] Since the Tu-20 designation was used on many documents acquired by U.S. intelligence agents, the name continued to be used outside the Soviet Union.[citation needed]

Initially the United States Department of Defense evaluated the Tu-95 as having a maximum speed of 644 km/h (400 mph) with a range of 12,500 km (7,800 mi).[7] These numbers had to be revised upward numerous times.[citation needed]

Like its American counterpart, the Boeing B-52 Stratofortress, the Tu-95 has continued to operate in the Russian Air Force while several subsequent iterations of bomber design have come and gone. Part of the reason for this longevity was its suitability, like the B-52, for modification to different missions. Whereas the Tu-95 was originally intended to drop free-falling nuclear weapons, it was subsequently modified to perform a wide range of roles, such as the deployment of cruise missiles, maritime patrol (Tu-142), and even civilian airliner (Tu-114). An AWACS platform (Tu-126) was developed from the Tu-114. An icon of the Cold War, the Tu-95 has served not only as a weapons platform but as a symbol of Soviet and later Russian national prestige. Russia’s air force has received the first examples of a number of modernised strategic bombers Tu-95MSs following upgrade work.

Answer to Those Missile Failures of N. Korea

Posted on by

The author of this site has mentioned for several months the reason for the recent failed missile launches of North Korea. There are two distinct causes and both point to the United States. They are cyber operations and electronic warfare.

Over the past decade of conflict, the U.S. Army has deployed the most capable communications systems in its history. U.S. forces dominated cyberspace and the electromagnetic spectrum (EMS) in Afghanistan and Iraq against enemies and adversaries lacking the technical capabilities to challenge our superiority in cyberspace. However, regional peers have since demonstrated impressive capabilities in a hybrid operational environment that threaten the Army’s dominance in cyberspace and the EMS.

The Department of Defense information network-Army (DODIN-A) is an essential warfighting platform foundational to the success of all unified land operations. Effectively operating, securing, and defending this network and associated data is essential to the success of commanders at all echelons. We must anticipate that future enemies and adversaries will persistently attempt to infiltrate, exploit, and degrade access to our networks and data. A commander who loses the ability to access mission command systems, or whose operational data is compromised, risks the loss of lives and critical resources, or mission failure. In the future, as adversary and enemy capabilities grow, our ability to dominate cyberspace and the EMS will become more complex and critical to mission success.

Incorporating cyberspace electromagnetic activities (CEMA) throughout all phases of an operation is key to obtaining and maintaining freedom of maneuver in cyberspace and the EMS while denying the same to enemies and adversaries. CEMA synchronizes capabilities across domains and warfighting functions and maximizes complementary effects in and through cyberspace and the EMS. Intelligence, signal, information operations (IO), cyberspace, space, and fires operations are critical to planning, synchronizing, and executing cyberspace and electronic warfare (EW) operations. CEMA optimizes cyberspace and EW effects when integrated throughout Army operations. More here.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

You can be assured there is acute cooperation between the military and other Federal agencies including the CIA and NSA when it comes to North Korea. What do we know that media is not sharing?

North Korea’s proliferation of missile technology and expertise is another serious concern for the United States. Pyongyang has sold missile parts and/or technology to several countries, including Egypt, Iran, Libya, Burma, Pakistan, Syria, United Arab Emirates, and Yemen.53 Sales of missiles and telemetric information from missile tests have been a key source of hard currency for the Kim regime.

North Korea and Iran have cooperated on the technical aspects of missile development since the 1980s, exchanging information and components.54 Reportedly, scientific advisors from Iran’s ballistic missile research centers were seen in North Korea leading up to the December 2012 launch and may have been a factor in its success.55 There are also signs that China may be assisting the North Korean missile program, whether directly or through tacit approval of trade in sensitive materials. Heavy transport vehicles from Chinese entities were apparently sold to North Korea and used to showcase missiles in a military parade in April 2012, prompting a U.N. investigation of sanctions violations.56  More here.

Security experts and U.S. officials have voiced increasing concern about North Korea’s improving cyberattack capabilities. In March 2013, an attack on the computer systems of several South Korean media and financial institutions disrupted their functioning for days, in one of the most significant cyberattacks in the country’s history; cybersecurity analysts identified North Korean hackers as the culprit.68 The FBI determined that North Korean hackers were responsible for the November 2014 cyberattack on Sony Pictures Entertainment, an intrusion that disrupted the company’s communication systems, released employees’ personal information, and leaked yet-to-be released films. (Some reports speculate that the cyberattack on Sony Pictures could have been an attempt to punish the company for its production of a comedy in which American journalists assassinate Kim Jong-un at the instigation of the Central Intelligence Agency.) Perhaps in response to doubts about the attribution of the cyberattack to North Korea, U.S. officials revealed that the National Security Agency had penetrated North Korean computer networks years in advance of the Sony hacking.69

*** Much has been printed in recent months, the WikiLeaks release of the CIA/NSA toolkit that demonstrates abilities of both agencies ability to intrude and intercept adversaries and allies in the cyber realm. Due to private citizens fear of unauthorized and possible access to personal data and internet activities, many Americans are angry. That anger is not misplaced, however, consider, do we want our agencies to have cyber skills to penetrate such rogue regimes as North Korea, Syria, Iran or militant factions such as al Qaeda and Islamic State? The answer is likely yes.

The UK Sunday Times reports: ”

A missile test by North Korea that failed seconds after launch may have been sabotaged by a US cyber-attack, a former foreign secretary has said.

The US said a ballistic missile “blew up immediately” after firing near the port of Sinpo on the east coast early today.

“It could have failed because the system is not competent enough to make it work, but there is a very strong belief that the US through cyber methods has been successful on several occasions in interrupting these sorts of tests and making them fail,” Sir Malcolm Rifkind, the former foreign and defence secretary, told the BBC.”.

*** The UK Telegraph tells us in part: U.S. Pacific Command detected and tracked what it assessed to be a North Korean ballistic missile launch at 11:21 a.m. Hawaii time (2121 GMT) on Saturday, said U.S. Navy Commander Dave Benham, a spokesman for  Pacific Command.

“The missile blew up almost immediately. The type of missile is still being assessed,” he said.

It was launched  from a base at Sinpo, a port city on the North Korean east coast. The North’s previous attempted missile launch, on April 5, also suffered an in-flight failure before the weapon crashed into the Sea of Japan. Experts have suggested that the United States may be carrying out “left-of-launch” attacks on the missiles using electromagnetic propagation or cyber attacks, including through infected electronics aboard the weapon that confuse its command and control or targeting systems. More here.

*** So, while we tend to panic and push back on the cyber toolkit of Federal agencies which WikiLeaks tells us to do, perhaps we should look wider and deeper to the positive affects of those operations as Japan and S. Korea are most at risk if North Korea is remotely successful. Can and do Federal agencies exploit cyber tools and electronic warfare against American citizens and is there evidence of abuse? Not so much yet, but this site does invite readers to offer evidence.

*** Some other items of interest with regard to North Korea:

  1. Chinese troops are always stationed in the northeast near North Korea, and Yun Sun, a senior associate with the East Asia Program at the Stimson Center, told Business Insider that “Chinese troop movements happen often along that border” when North Korean nuclear and missile provocations seem imminent.

    “When North Korea acts up with some sort of provocation, the Chinese in the past have moved their troops to reinforce their deployments in the northeast for military preparedness,” Yun said.

    “On the other hand,” Yun said, “I think it does signal that the Chinese are concerned about a potential escalation, or even potential conflict” between the US and North Korea, as North Korea plans a nuclear test and the USS Carl Vinson aircraft carrier pulls up to Korea’s coast.

  2. North Korea forces citizens to work outside the country in often slave labor conditions and the regime keeps 85% of the revenue. “150,000 N.Koreans Sent to Slave Labor Abroad,” Chosun Ilbo, November 13, 2014.  This often amounts to $1 billion a year in revenue.
  3. North Korea selling arms to Hamas and advises on tunnel systems.
  4. North Korea has a sizeable inventory and robust program in both chemical and biological weapons. While the DPRK possesses considerable capabilities to deliver CW agents, it is unclear whether comparable munitions are available to deliver BW agents. Although the DPRK has advanced missile technology, the fragile nature of biological agents complicates the task of using missiles as a means of delivery and dispersal. While the ROK government has estimated that half of the DPRK’s long-range missiles and 30 percent of its artillery pieces are capable of delivering chemical or biological warheads, it is not known whether biological payloads would survive and be effectively dispersed by these missiles. More here.

 

 

 

CIA Director Spoke Truths and then got Trolled

Posted on by

CIA’s Pompeo rips WikiLeaks as ‘hostile intelligence service’ abetted by Russia

CIA Director Mike Pompeo, in his first speech since taking over the agency, lambasted WikiLeaks and its founder Julian Assange — calling the group a “non-state hostile intelligence service” that is often abetted by “state actors like Russia.”

Image result for cia pompeo YahooFinance

Speaking Thursday at the Center for Strategic and International Studies, Pompeo called Assange a “fraud,” someone with no “moral compass” and a “narcissist who has created nothing of value.”

He asserted that Assange and former National Security Agency staffer and famed leaker Edward Snowden “seek to use that information to make a name for themselves” and they “care nothing about the lives they put at risk or the damage they cause to national security.”

Asked why he would focus on WikiLeaks rather than other issues, Pompeo said he felt it was vital to inform the American people about the threat they pose.

In the case of Snowden, Pompeo said the detrimental impact of his leaks was expansive and that more than 1,000 foreign targets attempted to change their means of communication as a result of the Snowden disclosures.

“The bottom line is that it became harder for us in the intelligence community to keep Americans safe. It became harder to monitor the communications of terrorist organizations that are bent on bringing bloodshed to our shores.  Snowden’s disclosures helped these groups find ways to hide themselves in the crowded digital forest,” he said.

Last week, WikiLeaks released the latest chapter in its ongoing “Vault 7” series of cyber and hacking tools that it claims were stolen from the CIA.

According to its release, the new leaked information contains 27 documents from the CIA’s Grasshopper Framework, which is allegedly the software tools used by the CIA to infiltrate Microsoft’s Windows platform.  More here.

Image result for cia twitter wikileaks Baaghi

Enter the trolls:

The Hill reports:

WikiLeaks hit back at CIA Director Mike Pompeo on Thursday after he criticized the website.

Pompeo called WikiLeaks a “non-state hostile intelligence service” that had done “great harm to our nation’s national security.”

The site hit back by posting one of Pompeo’s now-deleted tweets from 2016 citing the group’s work publishing leaked documents from the Democratic National Committee.

“Need further proof that the fix was in from Pres. Obama on down? BUSTED: 19,252 Emails from DNC Leaked by Wikileaks,” Pompeo had tweeted.

WikiLeaks shared an image of that tweet, adding:”Tweet sent by CIA Director Mike Pompeo on 24 July 2016.” More here.

***

Okay, it is popular now to dislike James Comey, the Director of the FBI. Okay, but the rank and file agents at the FBI are the ones doing the hard work on investigations.

Associated Press reports:

WASHINGTON (AP) — FBI Director James Comey said Americans should be aware of foreign efforts to undermine confidence in U.S. elections and mindful of the possibility that what they’re reading might be part of an organized disinformation campaign.

U.S. adversaries, including Russia last year, have “used all kinds of vectors to try and influence and undermine our own faith in our democratic processes” and have relied on increasingly sophisticated tactics, the FBI director warned.

Speaking at a Newseum event Wednesday night, he said the FBI would be transparent in publicly calling out efforts to meddle in American politics and that the public also should take steps to guard against foreign influence.

“The most important thing to be done is people need to be aware of the possibility that what they’re reading has been shaped by troll farms looking to push a message on Twitter to undermine our confidence” about the electoral process, Comey said. More here.

*** Just in case you are still not a believer, this site published a summary of a two panel hearing before the Senate regarding ‘Active Measures’ and constant KGB tactic(s) used during the Cold War and especially now with the use of the internet and social media.

When is it Enough for Putin and Russia? This describes the Russian ‘botnet’ operation with testimony from 6 experts not employed by any Federal government agency. And in case you missed it, also from this site is FBI Global Hackers Sweeping Sting Arrests where most of those arrested were…yup Russian.

A believer yet? Maybe there just was and is a reason for several government investigations into the American infrastructure……right?

 

FBI Global Hackers Sweeping Sting Arrests

Posted on by

So many complain the FBI is slow-walking cyber and hacking operations especially when it comes to the Russian investigations. Well, the FBI rarely announces cases and prosecutions. When it comes to the recent Russian hacking scandal into the United States election and campaign infrastructure, perhaps the Department of Justice and the FBI are building a huge file for proof.

So, try this:

NBC/McClatchy

 

U.S. sweeping up Russian hackers in a broad global dragnet

BY TIM JOHNSON/WASHINGTON

McClatchy: The arrests caught the Russian hackers totally by surprise. One was at a Finnish border crossing. Another was arriving at an airport in Spain. A third was dining at a restaurant in Prague. Still others were at luxury resorts in the Maldives and Thailand.

Many have now turned up in U.S. courts. The long arm of U.S. law enforcement is spanning the globe like never before to bring criminal hackers to justice.

And it may not be just about crime. The Justice Department cites fuzzy and overlapping boundaries between criminal hackers and Russian intelligence agencies, the same ones the U.S. accuses of coordinating the hacking and subsequent disclosure of emails from the Democratic National Committee and the Hillary Clinton presidential campaign.

President Donald Trump dismisses allegations that Russia meddled in the election as “fake news,” but the FBI and congressional committees have launched probes and the Obama administration ordered the expulsion of 35 Russian diplomats in late December.

Rubio says Russian hackers targeted his presidential campaign

During a Senate committee hearing on Thursday, Florida Senator Marco Rubio stated that his 2016 presidential campaign staff members were the targets of Russian hackers in July 2016 and March 2017, but both efforts were unsuccessful.

The U.S. campaign leaves Russian hackers with a dilemma: If they leave the safe confines of Russia, which has no extradition treaty with the United States, or Russia’s most ardent allies, they may get picked up and sent to the U.S.

“They no longer travel, the high-profile hackers. They understand the danger,” said Arkady Bukh, a criminal defense lawyer in New York City who has defended numerous accused Russian cybercriminals.

Still, some Russian and Eastern European hackers do enjoy holidays abroad – and live to regret it. Just this week, Maxim Senakh, a 41-year-old Russian, pleaded guilty in a Minneapolis courtroom to operating a massive robotic network that generated tens of millions of spam emails a day in a zombie criminal enterprise that purportedly brought in millions in profits.

Senakh didn’t come voluntarily. He’d been visiting a sister in Finland before that country put him on a U.S.-bound plane in January, answering a U.S. extradition request.

“He fought it, the Russian government fought it, and the Russian government put political pressure on its neighbor, Finland,” federal prosecutor Kevin S. Ueland said at a Feb. 19 hearing.

Another Russian, Mark Vartanyan, 29, pleaded guilty March 20 to computer fraud in an Atlanta courtroom after reaching a deal with prosecutors to offer far-reaching cooperation that would limit a prison term to five years or less.

Norway extradited Vartanyan to the U.S. in December.

David Hickton, a former U.S. attorney in Pittsburgh who made the city a hub for prosecutions of foreign hackers, said such actions are a sign of the new dimensions of crime.

IT’S NO DIFFERENT THAN IF SOMEONE PULLED A TRUCK UP TO YOUR HOUSE AND STOLE VALUABLE MATERIAL. David Hickton, former federal prosecutor

“This is 21st century burglary. It’s no different than if someone pulled a truck up to your house and stole valuable material,” said Hickton, who now directs the Institute for Cyber Law, Policy and Security at the University of Pittsburgh.

But Hickton acknowledged that carrying off successful prosecutions is a challenge.

“These cyber investigations are very, very hard. You’re talking about evaporating evidence, borderless crimes and defendants who can hide behind the borders of countries that don’t have extradition treaties with us,” he said.

It is not easy to pigeonhole the accused and convicted hackers. Some are brainy but merely cogs in larger crime groups. Others flash their wealth and opulent lifestyles.

NOT ALL OF THEM ARE RICH. 

Arkady Bukh, criminal defense attorney in New York City

“Not all of them are rich,” Bukh said. “A lot of them are involved in computer intrusion and that does not bring much money.”

Bukh recalled one client, Aleksandr Panin, who was placed by authorities on a plane in the Dominican Republic to 2013 bound for Atlanta, put on trial and convicted.

“The guy couldn’t afford a car even with (having caused) a billion dollars in losses. He’s like a mad scientist geek,” Bukh said.

Then there are those on the opposite extreme, who pose for photos with piles of cash or at luxury beach resorts. One of them, Roman Seleznev, was convicted last year in Seattle on 38 counts related to cybercrime. His father is a deputy in the Russian parliament, or Duma. Prosecutors retrieved a photo from his cell phone of him standing next to a yellow Dodge Challenger muscle car in Red Square near the Kremlin.

The magnitude of damages that prosecutors have alleged can be mind-boggling.

Vartanyan, the young Russian hacker brought to Atlanta from Norway, was part of the development team that created Citadel, a “universal spyware system” sold on underground Russian criminal hacker forums that ended up lodged on 11 million infected computers around the world.

In their complaint against him, prosecutors cited industry estimates that Citadel caused “over $500 million in losses” in a three-year period.

The investigations can be incredibly complex, leading federal investigators to call in specialized cybersecurity firms to conduct forensics. In the probe of Senakh, whose guilty plea came last month, the feds turned to ESET, a cybersecurity firm with 18 offices around the world.

ESET analyzed the malicious code Senakh used, dubbed Ebury malware, and found that it had compromised 25,000 servers around the world, researcher Marc-Etienne Leveille said in an email.

Stanislav Lisov, a computer programmer from Taganrog, a town on Russia’s Black Sea coast, had arrived at Barcelona’s international airport with his wife on Jan. 13 when Spanish Civil Guard police arrested him on an FBI warrant issued through Interpol. The charges: electronic and computer fraud.

WE WERE DETAINED AT THE AIRPORT IN BARCELONA. 

Darya Lisova, wife of accused Russian hacker Stanislav Lisov

“We were detained at the airport in Barcelona, when we came to return a rented car before flying out to Lyon, to continue our trip and visit friends. When we were getting out of the car, two police officers approached, showed us the badge, and said they were detaining my husband,” Darya Lisova told the Russian state-operated RT network.

Spain has not yet extradited Lisov, who is blamed for being the architect of a sophisticated Trojan, NeverQuest, used in stealing log-in credentials for bank accounts.

Here is a rundown of some other recent cases:

Yevgeniy Nikulin, 29, was arrested by police while dining with his girlfriend in a hotel restaurant in Prague’s Old Town Oct. 5. He has been indicted by a federal grand jury in northern California on charges of computer intrusion, identity theft and other crimes for penetrating into the systems of high-tech companies LinkedIn, Dropbox and Formspring. Since then, Washington and Moscow have been in a tug-of-war over Nikulin’s extradition.

Olga Komova, a 26-year-old Uzbek, and Dmitry Ukrainsky, a Russian, were arrested in mid-2016 at beach resorts in Thailand and accused of stealing more than $28 million as part of a mega cyber bank fraud ring. Komova has turned up in U.S. custody and faces federal charges of wire fraud and money laundering. How she was brought to the United States is unclear. Her U.S. lawyer, Michael Soroka, declined to discuss the case.

When extradition isn’t an option, U.S. authorities lure alleged hackers to jurisdictions where they can be arrested. Such tactics have been decried by Moscow as “kidnapping.”

Seleznev, the identity thief who is the son of the Duma deputy, chose to vacation at a five-star resort in the Indian Ocean archipelago nation of the Maldives in 2014 precisely because it has no extradition treaty with the United States.

U.S. officials got word and persuaded Maldives authorities to intercept Seleznev at the airport, where in a fast-paced operation he was bundled on a private plane to Guam, a U.S. territory in the western Pacific, then flown to Seattle to face federal charges.

Upon his conviction last August, prosecutors said Seleznev had stolen millions of credit card numbers, causing 3,700 banks $169 million in losses. He faces a 40-year jail term.

No matter where the hackers travel, prosecutors say they will follow.

The U.S. attorney in Atlanta, John Horn, who has also made a name for himself in prosecuting Russian hackers, offered an unapologetic defense last year of the global reach of U.S. justice.

“Cybercrime is borderless, but increasingly, so too are our law enforcement capabilities,” Horn said.