Category Archives: Cyber War

Russia Funds and Manages Conflict in Ukraine, 11,000 Dead

Posted on by

Ukraine, the forgotten war:

The situation in the ATO area remains controlled by Ukraine’s Army. Russian occupation forces shelled Ukrainian positions 21 times during the past 24 hours.

The epicenter of confrontation was Prymorsky area. Militants shelled Shyrokyne from 122 mm light portable rocket system Partyzan and IFV weaponry. The enemy shelled Mariinka from IFV, grenade launchers of different systems and heavy machine guns. Krasnohorivka positions were shelled from anti-tank grenade launchers and Vodyane – from IFV and heavy machine guns. Hnutove was shelled from small arms. Snipers were shooting in Mariinka.

In Donetsk region militants shelled Avdivka and Verkhnyotoretske from 82 mm mortars, anti-tank grenade launchers and heavy machine guns. Ukrainian positions near Troitske and Pisky were hit from anti-tank grenade launchers and small arms. More here.

Russia Funds and Manages Conflict in Ukraine, Leaks Show

Hacked emails show that the Kremlin directs and funds the ostensibly independent republics in eastern Ukraine and runs military operations there. In late 2016, Ukrainian hacker groups released emails purportedly taken from the office of Kremlin official Vladislav Surkov, who oversees Ukraine policy for Russian President Vladimir Putin. The Surkov leaks confirm what many have long suspected: the Kremlin has orchestrated and funded the supposedly independent governments in the Donbas, and seeks to disrupt internal Ukrainian politics, making the task of rebuilding modern Ukraine impossible. Russia has consistently denied accusations from Kyiv and the West that it is providing the separatists with troops, weapons, and other material support or meddling in Ukrainian affairs. The emails from Surkov’s office betray the official Kremlin line, revealing the extent of Russian involvement in the seizure of Ukrainian territory, the creation of puppet “people’s republics,” and the funding to ensure their survival.

There have been three tranches of information from Surkov’s account: a PDF document detailing plans to destabilize Ukraine, a dump of 2,337 emails, and a final dump of 1,000 emails. While the plot to destabilize Ukraine with its detailed plan to use energy tariffs to foment revolution has garnered attention, its veracity is disputed. The trove of 2,337 emails, released by the group called “Ukrainian Cyber Alliance,” including the hacker group Cyber Hunta and research collective InformNapalm, covers the period from September 2013 to November 2014, when Russia illegally annexed Crimea and deployed separatist proxies in eastern Ukraine to start a war. The final dump dates from September 2014 to September 2016. We have analyzed the overlooked second and third troves. Here’s what we found.

On May 16, 2014, a little-known Russian “political consultant” named Aleksandr Borodai was elected prime minister of the self-proclaimed Donetsk People’s Republic. At the time, many noted that Borodai was a friend and former employee of Russian billionaire Konstantin Malofeyev, the founder of Marshall Capital and, according to a separate set of leaked documents, a funder to far-right political organizations in Europe. While Malofeyev denied all connections to Borodai (“You can find a link between me and almost any Orthodox activist. But that doesn’t mean I’m paying them a salary or that we’re in the same business.”), the Surkov leaks show otherwise. Three days before the announcement of the government of the Donetsk People’s Republic, an employee from Malofeyev’s Marshall Capital emailed Surkov’s office a list of candidates for the separatist republic’s government. Some of these “candidates” had an asterisk by their name, signifying that they “are people who we have checked, and are especially recommended.”

20170419 haring 1

A portion of the document sent from the office of Konstantin Malofeyev to Vladislav Surkov, aide to President Putin.

The Kremlin also had a hand in maintaining the puppet government. On June 16, 2014, one of the candidates with an asterisk by his name—the “elected” Chairman of the Supreme Soviet, Denis Pushilin—sent Surkov’s office a spreadsheet with expenses for a new press center in Donetsk. The budget included estimated salaries for an editor, journalist, and other monthly expenses, along with the cost of a router and other pieces of office equipment. The Kremlin not just manages their puppet republic in eastern Ukraine, it is micromanaging and propping it up.

20170419 haring 2

Part of the expense list sent by the Donetsk People’s Republic official Denis Pushilin to Surkov, including the cost of a laptop, router, camera, and other pieces of office equipment.

But that’s not all. The Kremlin actively works to disrupt and slow down the reform process in Ukraine by promoting pro-Russian candidates and proposals. For example, Surkov has met with and assisted pro-Russian activists and leaders who live in Crimea, Dnipro, Kharkiv, Kyiv, and Slovyansk. The emails show that Surkov keeps lists of pro-Russian activists across the country that he can deploy when he needs a favor.

The leaks also show that Surkov actively monitors Ukraine’s reforms and works with editors to push a pro-Russian agenda in Ukrainian and Russian outlets. Surkov has significant influence on the media narrative in eastern Ukraine. For example, on August 25, 2014, he received an email asking for edits to a letter that was supposedly from local citizens living in eastern Ukraine; in it, they told of the horrors resulting from the Ukrainian military’s “Anti-Terrorist Operation” and its effect on women, the elderly, and children, supposedly from the perspective of a suffering civilian. The letter was published by Russian Reporter and RT a few days later with minor wording changes.

20170419 haring 3

Comparison of the letter sent from the “public representatives of the Donbass” to the Ukrainian government, with the original version sent to Surkov (left) and the version that was later posted online (right), after suggested edits.

Predictably, Kremlin officials have refuted the authenticity of these emails. However, cyber experts have pronounced these leaked emails genuine based on the routing information and some individuals have confirmed the authenticity of individual documents. The hackers published a nearly one-gigabyte Outlook data file that included the inbox, outbox, drafts, deleted email, spam, and other folders from prm_surkova@gov.ru ’s account. While it is easy to fake screenshots, PDF documents, and other files, faking email inboxes is difficult. Within the email files, every message in the second trove of emails contains the same header information — where it originated, which servers it moved through, and so on—which indicates the messages are likely genuine. Using basic digital forensics, which involves uncovering and examining electronic evidence located on digital storage, including computers, cell phones, and networks, we can verify specific details in the emails, suggesting that the leaks are authentic. A majority of the emails are copied and pasted information from news articles, brief summaries of current events in Abkhazia, Moldova, South Ossetia, and Ukraine, and emails related to business developments in Russia. This high ratio of “uninteresting to interesting” bolsters the authenticity of the leaks because nearly all genuine email account hacks have a similar profile. In other words, political officials’ inboxes look much like the average person’s work inbox: full of schedules and routine briefings, with only a handful of incriminating emails. Surkov’s inbox follows this pattern.

In his own words, the Surkov leaks show that the Kremlin directs and funds the ostensibly independent republics in eastern Ukraine and runs military operations there. Yet nearly all media in the West speak about the war in the Donbas as being run by Kremlin-backed separatists, but this isn’t a true characterization. Moscow is actively guiding and managing this breakaway state, down to paying invoices for office equipment. The leaks provides clear, irrefutable evidence that the Donetsk People’s Republic is not an independent actor; it is a creature of the Kremlin and should be treated as such. It’s time for the media and foreign governments to catch up and call it what it is: a Russian hybrid war.

China is Charged With Control of North Korea, Bad Idea?

Posted on by

President Trump has conferred to Asian leaders over the matter of North Korea’s missile tests and the threats of a nuclear strike. Many conversations have been filling the phone wires that put President Xi of China in charge of handling Kim Jung Un. Okay, but can or will China do all that is necessary and will it resolve the threat of an escalated war in the region? The answer is unknown.

In part from FNC: U.S. commercial satellite images indicated increased activity around North Korea’s nuclear test site, while Kim has said that the country’s preparation for an ICBM launch is in its “final stage.”

South Korea’s Defense Ministry has said the North appears ready to conduct such “strategic provocations” at any time. South Korean Acting Prime Minister Hwang Kyo-ahn has instructed his military to strengthen its “immediate response posture” in case North Korea does something significant on the April 25 anniversary of its military. North Korea often marks significant dates by displaying military capability.

In a statement released late Friday, North Korea’s Foreign Ministry accused Trump of driving the region into an “extremely dangerous phase” with his sending of the aircraft carrier and said the North was ready to stand up against any kind of threated posed by the United States.

With typical rhetorical flourish, the ministry said North Korea “will react to a total war with an all-out war, a nuclear war with nuclear strikes of its own style and surely win a victory in the death-defying struggle against the U.S. imperialists.”

*** So, China appears to have taken some steps to send North Korea a message like refusing a coal shipment. But was that just a one off tactic? Cutting off oil and gasoline shipments…was that too yet another gesture by China? How about access to banking and ATM machines?

PYONGYANG, North Korea (AP) — No modern airport terminal is complete without an ATM, and Pyongyang’s now has two. But they don’t work — because of new Chinese sanctions, according to bank employees — and it’s not clear when they will.

ATMs are an alien enough concept in North Korea that those in the capital’s shiny new Sunan International Airport have a video screen near the top showing how they work and how to set up an account to use them. The explanatory video is in Korean, but the machines, which are meant primarily for Chinese businesspeople and tourists, don’t give out cash in the North Korean currency.

Humm right? But can we really trust China to go the distance to stop North Korea? I offer this answer…NO.

China has been angry with the United States over deploying the THAAD missile defense system in S. Korea. China is one of the largest know hacking networks in the world…remember that? Alright, how about this lil gem?

***

Researchers claim China trying to hack South Korea missile defense efforts

Deployment of THAAD upsets China, seen as espionage tool.

Sean Gallagher: Chinese government officials have been very vocal in their opposition to the deployment of the Terminal High-Altitude Air Defense (THAAD) system in South Korea, raising concerns that the anti-ballistic missile system’s sensitive radar sensors could be used for espionage. And according to researchers at the information security firm FireEye, Chinese hackers have transformed objection to action by targeting South Korean military, government, and defense industry networks with an increasing number of cyberattacks. Those attacks included a denial of service attack against the website of South Korea’s Ministry of Foreign Affairs, which the South Korean government says originated from China.

FireEye’s director of cyber-espionage analysis John Hultquist told the Wall Street Journal that FireEye had detected a surge in attacks against South Korean targets from China since February, when South Korea announced it would deploy THAAD in response to North Korean missile tests. The espionage attempts have focused on organizations associated with the THAAD deployment. They have included “spear-phishing” e-mails carrying attachments loaded with malware along with “watering hole” attacks that put exploit code to download malware onto websites frequented by military, government, and defense industry officials.

FireEye claims to have found evidence that the attacks were staged by two groups connected to the Chinese military. One, dubbed Tonto Team by FireEye, operates from the same region of China as previous North Korean hacking operations. The other is known among threat researchers as APT10, or “Stone Panda”—the same group believed to be behind recent espionage efforts against US companies lobbying the Trump administration on global trade. These groups have also been joined in attacks by two “patriotic hacking” groups not directly tied to the Chinese government, Hultquist told the Journal—including one calling itself “Denounce Lotte Group” targeting the South Korean conglomerate Lotte. Lotte made the THAAD deployment possible through a land swap with the South Korean government.

APT = Advanced Persistent Threat 10 refers to China as noted here with this summary which was found as early as 2009.  In part it includes:

“Operation Cloud Hopper” uses internet addresses also used by the threat actor known in the cybersecurity community as “APT10.” Using a combination of unique hacking tools and open source software, it has attempted to gather information about diplomatic and political organizations, as well as intellectual property, according to the report.

APT10 was identified in a 2013 report by FireEye detailing its use of the Poison Ivy family of malware, which the new report says ceased after FireEye revealed its findings. Also in 2013, FireEye identified APT1, which appears to be Unit 61398 of China’s People’s Liberation Army. The PwC-BAE report notes that the “Operation Cloud Hopper” attacks tend to occur during business hours in China.

Since 2009, APT10 has been observed to target mostly government and U.S. defense organizations, but now “has almost certainly been undertaking a global operation of unprecedented size and scale targeting a number of MSPs,” the report says.

CIA WikiLeaks Mole a Russian or Defector?

Posted on by

The truth is often stranger than fiction and when it does finally come out, the twists and turns to the stories are shocking. So, it has been announced that the FBI and CIA are on a full blown mole search investigation to determine who within or as a contractor to the CIA is loyal or on the payroll of a foreign rogue nation such as Russia.

Schindler at the Observer wrote and explained that the last major Soviet penetration of NSA during the Cold War was Ron Pelton, a former agency analyst who started selling secrets to the KGB in 1980. Pelton betrayed highly sensitive signals intelligence programs to Moscow and was convicted of espionage in 1986 after Vitaly Yurchenko, a KGB officer who temporarily defected to the United States, tipped off the FBI about an NSA source selling secrets to the Kremlin.

Image result for ron pelton espionage Quazoo

So, could it be Bernie Sanders? After all, he honeymooned in Yaroslavl, Soviet Union…not modern day Russia. Anyone hear of Evgeny Buryakov who is alleged to have attempted to recruit Carter Page an early advisor to Donald Trump? Could it be John Kerry himself as part of a larger plot for Russian cooperation over Syria or Iran? It is thought that the mole is an insider or contractor, yet who could pass thumb drives or envelops via dead drops?

None of the above is real or proven, it is just suggested to think out of the box as we are only restrained by our own limits of imagination. We had never heard of Edward Snowden either right?

*** What about those ‘Shadow Brokers’? One must understand the world of espionage and how it has adjusted due to the internet and global communications with encryption.

A message from Vladimir Putin can take many forms.

It can be as heavy-handed as a pair of Russian bombers buzzing the Alaska coast, or as lethal as the public assassination of a defector on the streets of Kiev. Now Putin may be sending a message to the American government through a more subtle channel: an escalating series of U.S. intelligence leaks that last week exposed a National Security Agency operation in the Middle East and the identity of an agency official who participated.

The leaks by self-described hackers calling themselves “the Shadow Brokers” began in the final months of the Obama administration and increased in frequency and impact after the U.S. bombing of a Syrian airfield this month—a move that angered Russia. The group has not been tied to the Kremlin with anything close to the forensic certitude of last year’s election-related hacks, but security experts say the Shadow Brokers’ attacks fit the pattern established by Russia’s GRU during its election hacking. In that operation, according to U.S. intelligence findings, Russia created fictitious Internet personas to launder some of their stolen emails, including the fake whistleblowing site called DCLeaks and a notional Romanian hacker named “Guccifer 2.0.”

“I think there’s something going on between the U.S. and Russia that we’re just seeing pieces of,” said security technologist Bruce Schneier, chief technology officer at IBM Resilient. “What happens when the deep states go to war with each other and don’t tell the rest of us?”
The Shadow Brokers made their deubt in August, appearing out of nowhere to publish a set of secret hacking tools belonging to the “Equation Group”—the security industry’s name for the NSA’s elite Tailored Access Operations program, which penetrates foreign computers to gather intelligence. At that time, the Shadow Brokers claimed to be mercenary hackers trying to sell the NSA’s secrets to the highest bidder. But they went on to leak more files for free, seemingly timed with the public thrusts and parries between the Obama administration and the Russian government.

From the start, outside experts had little doubt that Russian intelligence was pulling the strings. “Circumstantial evidence and conventional wisdom indicates Russian responsibility,” exiled NSA whistleblower Edward Snowden tweeted last August. “Why did they do it? No one knows, but I suspect this is more diplomacy than intelligence, related to the escalation around the [Democratic National Committee] hack.”

The FBI started investigating, and in August agents arrested an NSA contractor named Hal Martin after discovering that Martin had been stockpiling agency secrets in his house for two decades. But even as Martin cooled his heels in federal custody, the Shadow Brokers continued to post messages and files.

Snowden and other experts speculated that the Russians obtained the code without the help of an insider. As a matter of tradecraft, intelligence agencies, including the NSA, secretly own, lease, or hack so-called staging servers on the public internet to launch attacks anonymously. By necessity, those machines are loaded up with at least some of the agency’s tools. Snowden theorized that the Russians penetrated one of those servers and collected an NSA jackpot. “NSA malware staging servers getting hacked by a rival is not new,” he wrote.
Whatever their origin, the leaks dried up on Jan. 12, when the Shadow Brokers announced their “retirement” 10 days before Donald Trump’s swearing-in. The group didn’t reemerge until this month, after the Syrian military’s deadly chemical-weapons attack in Ghouta. Reportedly moved by images of the Syrian children injured or killed in the attack, Trump responded by ordering the launch of 59 Tomahawk missiles at a Syrian government air base—departing drastically from the will of Putin, who considers Syrian President Bashar al-Assad a strategic ally.

The Russian government immediately condemned the U.S. response. Two days later, so did the Shadow Brokers. The group broke its months-long silence and released another tranche of NSA secrets along with a lengthy open letter to Trump protesting the Syrian missile strike. Abandoning any pretense of a profit motive, the Shadow Brokers claimed now to be disillusioned U.S. voters—“the peoples who getting you elected,” as they put in, using phrasing that holds dual meaning coming from a suspected Kremlin operation.

The Shadow Brokers have been playing hardball ever since. Their most recent release, on Friday, exposed the code for a sophisticated NSA toolkit targeting Windows machines, putting some of the agency’s capabilities, circa 2013, in the hands of every newbie hacker able to use a keyboard.

This time, the Shadow Brokers didn’t stop with code. For the first time in their short history, they also released internal NSA spreadsheets, documents, and slide decks, some bedecked with the insignia and “Top Secret” markings familiar to anyone who’s browsed the Snowden leaks.

The leak exposes in detail a 2013 NSA hacking operation called Jeep Flea Market that gained deep access to Dubai-based EastNets, a company that handles wire transfers for a number of Middle East banks, something of obvious interest to U.S. intelligence. (EastNets denies the breach.) But the Shadow Brokers exposed more than just an NSA operation. Metadata left in the files identified the full name of a 35-year-old NSA worker in San Antonio who was apparently involved in the hack. (The Daily Beast was unable to reach him for comment.)
NSA hackers don’t face the same danger as CIA officers working undercover in a foreign country, but the likelihood that Russia has begun exposing them by name, while linking them to specific operations, raises the stakes for the intelligence community. If nothing else, the San Antonio NSA worker could plausibly face criminal and civil charges in the United Arab Emirates, just as hackers working for Russian and Chinese intelligence have been indicted in the U.S.

It’s conceivable that the Shadow Brokers included the name by mistake. Groups like WikiLeaks and the journalists with the Snowden cache are accustomed to scrubbing identifying metadata from documents. But a less-experienced hand might overlook it. Schneier is doubtful. “If we’re assuming an intelligent and strategic actor, which I think we are, then you have to assume that they did that on purpose,” he said.

Nothing is certain; the Shadow Brokers are a puzzle with missing pieces. But Friday’s Shadow Brokers release obliterated one theory on the spot. The NSA would never have put classified spreadsheets and PowerPoint slides on a staging server. They could only have come from inside the NSA.

Which sets the stage for a revival of a storied Cold War intelligence ritual, with the declining agency morale that comes with it: the Russian mole hunt. “I think we’re most likely looking at someone who went rogue from within, or a contractor who had access to this information,” said Eric O’Neill, national-security strategist for Carbon Black. “Either way, we have someone in the intelligence community that’s a pretty high-placed spy.”

A former FBI surveillance specialist, in 2001 O’Neill helped bring down Robert Hannsen, a double agent in the bureau who’d been secretly spying for Russia. “The FBI must be scrambling right now,” he said. “There’s so many leaks going on: this leak, the CIA Vault7 leaks, and at the same time there’s the investigation into any administration ties to Russia, and the DNC intrusion, and all these leaks coming out of the White House. There’s only so much that the FBI’s national security agents can do.”

If Russia did have a mole inside the NSA in 2013, the most recent date of the documents, Schneier thinks it unlikely that it does now, or else the Shadow Brokers wouldn’t exist. “You only publish when it’s more useful as an embarrassment than as intelligence,” he said. “So if you have a human asset inside the NSA, you wouldn’t publish. That asset is too important.”

It’s also possible, though unprecedented in the public record, that Russia found a way into the NSA’s classified network. A competing theory focuses on the FBI’s early suspect, Hal Martin. He’s not the Shadow Brokers, but he reportedly worked in the NSA’s Tailored Access Operations program and had 50,000 gigabytes of classified material in his home. Might he himself have been hacked? Martin is charged in Maryland with 20 counts of willful retention of national defense information, but prosecutors have not made any accusation that his trove slipped into enemy hands.

As Snowden demonstrated when he walked out of the NSA with a thumb drive of secrets, it’s comparatively easy now to steal and smuggle classified information. But O’Neill says the FBI’s counterintelligence mission is easier too, because of the rampant audit trails and server logs in classified networks.

“It’s much easier getting the secrets out now, but on the flip side, it’s also easier for law enforcement and the FBI to track down who had access to the data,” he says. “I like to think this mole hunt is going to be a little easier than it was in the past.”

Until then, expect the Shadow Brokers to stick around. In their Friday dump, they hinted at more revelations this week: “Who knows what we having next time?”

*** WASHINGTON — Forget about spies. It’s rogue insiders that cause heartburn at U.S. intelligence agencies these days.

Few spy cases have broken in the past decade and a half. In contrast, a proliferation of U.S. intelligence and military insiders have gone rogue and spilled secrets to journalists or WikiLeaks, the anti-secrecy group.

The leaks are as damaging as any major spy case, perhaps more so. And they have underscored the ease of stealing secrets in the modern age, sometimes with a single stroke of a keyboard.

Since early March, WikiLeaks has published part of a trove of documents purportedly created by cyber units of the Central Intelligence Agency. WikiLeaks continues to upload the documents and hacking tools, dubbed Vault 7, to the internet for all to see.

For its part, a mysterious group that calls itself the Shadow Brokers has re-emerged and dumped a large catalog of stolen National Security Agency hacking tools on the internet, including evidence the agency had penetrated Middle Eastern banking networks.

“In the past, we’ve lost secrets to foreign adversaries,” retired Air Force Gen. Michael Hayden, a former director of both the CIA and the NSA, said in an interview. “Now we’ve got the self-motivated insider that is our most important counterintelligence challenge.”

Hayden cited the cases of Army Pfc. Chelsea Manning, convicted in 2013 for releasing three-quarters of a million classified or sensitive military and diplomatic documents to WikiLeaks. He also mentioned Edward Snowden, the former NSA contractor who shook public opinion with his disclosures to journalists in 2013 about U.S. surveillance practices. Hayden added the Vault 7 disclosures last month, which others presume were stolen by a contract employee at the CIA. Read more here.

 

 

 

CNN Reported Dossier Basis for Trump Surveillance, But…

Posted on by

The FBI last year used a dossier of allegations of Russian ties to Donald Trump’s campaign as part of the justification to win approval to secretly monitor a Trump associate, according to US officials briefed on the investigation.

The dossier has also been cited by FBI Director James Comey in some of his briefings to members of Congress in recent weeks, as one of the sources of information the bureau has used to bolster its investigation, according to US officials briefed on the probe.
This includes approval from the secret court that oversees the Foreign Intelligence Surveillance Act (FISA) to monitor the communications of Carter Page, two of the officials said. Last year, Page was identified by the Trump campaign as an adviser on national security. More here from CNN.
Okay, so everyone remains angry with James Comey right? Okay, well hold on….this could get complicated. We cant dismiss the notion that Obama and Susan Rice had a valid reason for their surveillance
actions, at least some as the below case was provided to the White House.
Enter Evigeniy Mikhailovich Bogachev.
Image result for evgeniy mikhailovich bogachev

U.S. v Evgeniy Mikhailovich Bogachev et al by Brian Ries on Scribd

Bogachev was a case from 2014 investigated by CrowdStrike and then later offered help to the FBI office in Omaha and later the FBI office in Pittsburgh finally after countless months, ran a global cyber operation and succeeded in stopping international bank thefts in the millions of dollars. Many Russian immigrants located in Brighton Beach were recruited to be mules going to domestic banks, opening accounts and later withdrawing funds, cleaning all traces of the stolen millions. It should be noted that CrowdStrike was the same firm the Hillary campaign hired to investigate intrusions.

Image result for evgeniy mikhailovich bogachev

Now it gets even more interesting.

The matter of Bogachev with his named operation of ‘Business Club’ and his global cyber operatives hacking with sophisticated bots, malware and remote servers came to the attention of the Russian Federation. They liked what the Bogachev Zeus operation had the ability to do. So, top Kremlin officials allowed the operation to continue without prosecution if they would work to gather intelligence on the global reaction to Putin annexing Crimea and moving in on Ukraine.

All of this came to the attention also of U.S. based private cyber professional where they studied the code, the IP addresses, the servers, the patterns, names and other common cyber traits. The DNC hack attributions are a dovetail to the ‘Business Club’ operation due to style, coding, networks, language and server locations.

In 2015, the Obama State Department issued sanctions and a $3 million dollar bounty on Bogachev who operated with the alias of ‘Slavik’. Russia of course is not only not cooperating but refuses to admit any such action was real and the evidence is not vetted. This is a usual response by top Russian officials.

An estimated $100 million was stolen via cyber operations by Slavik and computers infected with various versions of Zeus still exist while the FBI was able to seized all those known to their sting operation.

The FBI described the cyber sting operation as hand to hand combat with Bogachev and his operation on the Zeus case was deemed successful. It is unknown at this time who and where is he still operating. The summary of this operation was taken from the full article published by ‘Wired’ under the title ‘The Hunt for Russia’s Most Notorious Hacker’

Late last year, the DHS released a joint statement which read in part:

This activity by Russian intelligence services is part of a decade-long campaign of cyber-enabled operations directed at the U.S. Government and its citizens. These cyber operations have included spearphishing, campaigns targeting government organizations, critical infrastructure, think tanks, universities, political organizations, and corporations; theft of information from these organizations; and the recent public release of some of this stolen information.  In other countries, Russian intelligence services have also undertaken damaging and disruptive cyber-attacks, including on critical infrastructure, in some cases masquerading as third parties or hiding behind false online personas designed to cause victim to misattribute the source of the attack.  The Joint Analysis Report provides technical indicators related to many of these operations, recommended mitigations and information on how to report such incidents to the U.S. Government.

A great deal of analysis and forensic information related to Russian government activity has been published by a wide range of security companies.  The U.S. Government can confirm that the Russian government, including Russia’s civilian and military intelligence services, conducted many of the activities generally described by a number of these security companies.  The Joint Analysis Report recognizes the excellent work undertaken by security companies and private sector network owners and operators, and provides new indicators of compromise and malicious infrastructure identified during the course of investigations and incident response.  The U.S. Government seeks to arm network defenders with the tools they need to identify,, detect and disrupt Russian malicious cyber activity that is targeting our country’s and our allies’ networks.

 

Putin’s Think Tank Crafted 2016 U.S. election Interference – documents

Posted on by

Image result for Russian Institute for Strategic Studies  Image result for Russian Institute for Strategic Studies

Reuters: A Russian government think tank controlled by Vladimir Putin developed a plan to swing the 2016 U.S. presidential election to Donald Trump and undermine voters’ faith in the American electoral system, three current and four former U.S. officials told Reuters.

They described two confidential documents from the think tank as providing the framework and rationale for what U.S. intelligence agencies have concluded was an intensive effort by Russia to interfere with the Nov. 8 election. U.S. intelligence officials acquired the documents, which were prepared by the Moscow-based Russian Institute for Strategic Studies [en.riss.ru/], after the election.

The institute is run by retired senior Russian foreign intelligence officials appointed by Putin’s office.

The first Russian institute document was a strategy paper written last June that circulated at the highest levels of the Russian government but was not addressed to any specific individuals.

It recommended the Kremlin launch a propaganda campaign on social media and Russian state-backed global news outlets to encourage U.S. voters to elect a president who would take a softer line toward Russia than the administration of then-President Barack Obama, the seven officials said.

A second institute document, drafted in October and distributed in the same way, warned that Democratic presidential candidate Hillary Clinton was likely to win the election. For that reason, it argued, it was better for Russia to end its pro-Trump propaganda and instead intensify its messaging about voter fraud to undermine the U.S. electoral system’s legitimacy and damage Clinton’s reputation in an effort to undermine her presidency, the seven officials said.

The current and former U.S. officials spoke on the condition of anonymity due to the Russian documents’ classified status. They declined to discuss how the United States obtained them. U.S. intelligence agencies also declined to comment on them.

Putin has denied interfering in the U.S. election. Putin’s spokesman and the Russian institute did not respond to requests for comment.

The documents were central to the Obama administration’s conclusion that Russia mounted a “fake news” campaign and launched cyber attacks against Democratic Party groups and Clinton’s campaign, the current and former officials said.

“Putin had the objective in mind all along, and he asked the institute to draw him a road map,” said one of the sources, a former senior U.S. intelligence official.

Trump has said Russia’s activities had no impact on the outcome of the race. Ongoing congressional and FBI investigations into Russian interference have so far produced no public evidence that Trump associates colluded with the Russian effort to change the outcome of the election.

Four of the officials said the approach outlined in the June strategy paper was a broadening of an effort the Putin administration launched in March 2016. That month the Kremlin instructed state-backed media outlets, including international platforms Russia Today and Sputnik news agency, to start producing positive reports on Trump’s quest for the U.S. presidency, the officials said.

Russia Today did not respond to a request for comment. A spokesperson for Sputnik dismissed the assertions by the U.S. officials that it participated in a Kremlin campaign as an “absolute pack of lies.” “And by the way, it’s not the first pack of lies we’re hearing from ‘sources in U.S. official circles’,” the spokesperson said in an email.

PRO-KREMLIN BLOGGERS

Russia Today and Sputnik published anti-Clinton stories while pro-Kremlin bloggers prepared a Twitter campaign calling into question the fairness of an anticipated Clinton victory, according to a report by U.S. intelligence agencies on Russian interference in the election made public in January. [bit.ly/2kMiKSA]

Russia Today’s most popular Clinton video – “How 100% of the 2015 Clintons’ ‘charity’ went to … themselves” – accumulated 9 millions views on social media, according to the January report. [bit.ly/2os8wIt]

The report said Russia Today and Sputnik “consistently cast president elect-Trump as the target of unfair coverage from traditional media outlets.”

The report said the agencies did not assess whether Moscow’s effort had swung the outcome of the race in Trump’s favor, because American intelligence agencies do not “analyze U.S. political processes or U.S. public opinion.” [bit.ly/2kMiKSA]

CYBER ATTACKS

Neither of the Russian institute documents mentioned the release of hacked Democratic Party emails to interfere with the U.S. election, according to four of the officials. The officials said the hacking was a covert intelligence operation run separately out of the Kremlin.

The overt propaganda and covert hacking efforts reinforced each other, according to the officials. Both Russia Today and Sputnik heavily promoted the release of the hacked Democratic Party emails, which often contained embarrassing details.

Five of the U.S. officials described the institute as the Kremlin’s in-house foreign policy think tank.

The institute’s director when the documents were written, Leonid Reshetnikov, rose to the rank of lieutenant general during a 33-year-career in Russia’s foreign intelligence service, according to the institute’s website [bit.ly/2oVhiCF]. After Reshetnikov retired from the institute in January, Putin named as his replacement Mikhail Fradkov. The institute says he served as the director of Russia’s foreign intelligence service from 2007 to 2016. [bit.ly/2os4tvz]

Reuters was unable to determine if either man was directly involved in the drafting of the documents. Reshetnikov’s office referred questions to the Russian institute.

On its website, the Russian institute describes itself as providing “expert appraisals,” “recommendations,” and “analytical materials” to the Russian president’s office, cabinet, National Security Council, ministries and parliament. [bit.ly/2pCBGpR]

On Jan. 31, the websites of Putin’s office [bit.ly/2os9wMr] and the institute [bit.ly/2oLn9Kd] posted a picture and transcript of Reshetnikov and his successor Fradkov meeting with Putin in the Kremlin. Putin thanked Reshetnikov for his service and told Fradkov he wanted the institute to provide objective information and analysis.

“We did our best for nearly eight years to implement your foreign policy concept,” Reshetnikov told Putin. “The policy of Russia and the policy of the President of Russia have been the cornerstone of our operation.”

(Reporting by Ned Parker and Jonathan Landay, additional reporting by Warren Strobel and Arshad Mohammed; Editing by David Rohde and Ross Colvin)

*** In part:

The wide range of scientific work is ensured by the structural subdivision of the

RISS into the Research Center of CIS countries, Center for Asia and the Middle

East Research, the Center for Euro-Atlantic Studies (‘geographical departments’),

Center for Economic Research, Centre for Defense Studies as well as the Humanitarian

Research Center (functional departments).8 The latter represents a

new department, introduced almost simultaneously with the Presidential Decree

of 2009 and it is preoccupied with “the contentious issues of the foreign relations

history and the role of the religious factor.”9 Its introduction has added a new task

of “counteracting the falsification of history in the post-Soviet space”10 to RISS

scientific activities which are determined by the need of the Russian government

to provide strategic interests in the post-Soviet space. Here, there is a serious element

of propaganda for Russian state interests. Upon the whole, we can conclude

that the Presidential Decree of 2009 has turned the RISS into a useful tool providing

abundant data and research for an appropriate “articulation of the strategic

directions of the state policy in the sphere of national security.”  Read more here.